Amazon Web Services (AWS) shapes
Summarize
Summarized using AI
This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.
Summary of Amazon Web Services (AWS) shapes
The AWS shapes library in the Enterprise Architecture (EA) Workspace enables ServiceNow customers to visually model and design cloud architectures using standardized AWS components. These shapes help architects create future-state cloud diagrams aligned with the Configuration Management Database (CMDB) and Common Service Data Model (CSDM) standards, improving clarity and consistency in cloud infrastructure documentation.
Show less
Using AWS Shapes in Enterprise Modeling
Users can add AWS shapes to diagrams by selecting or dragging them onto the canvas. Shapes are resizable by dragging their edges or corners, and connector ports on AWS shapes are bi-directional, allowing flexible linking from any side. This supports precise representation of AWS architecture components and relationships.
Key AWS Shape Categories and Their Practical Use
- AWS Group Shapes: Represent logical groupings such as AWS Accounts, Regions, Availability Zones, VPCs, subnets, security groups, auto scaling groups, and EC2 instances. These shapes help model resource isolation, fault tolerance, security boundaries, and scalability within AWS environments.
- AWS Analytics Shapes: Illustrate streaming and analytics services including Kinesis (data streams, Firehose, video streams), OpenSearch Service, and Redshift. These are essential for depicting real-time data processing, search, and data warehousing workflows.
- AWS Containers Shapes: Show container orchestration elements such as ECS Tasks, Amazon Elastic Kubernetes Service (EKS), and Elastic Container Service (ECS). Useful for representing containerized workload deployments and management.
- AWS Compute Shapes: Include EC2 instances and Lambda functions, representing on-demand virtual servers and serverless compute capabilities respectively, critical for modeling compute resource allocation and event-driven architectures.
- AWS Database Shapes: Cover managed database services like MemoryDB, RDS, ElastiCache, Keyspaces, DynamoDB, and RDS Instances. These shapes enable visualization of various database types and caching layers supporting application data storage and retrieval.
- AWS Networking and Content Delivery Shapes: Encompass components such as VPN Gateway, API Gateway, Customer Gateway, Route 53, Network ACLs, Internet Gateway, Load Balancers, NAT Gateway, Route Tables, and Elastic Network Interfaces. These shapes are vital for modeling connectivity, security, traffic routing, and hybrid network architectures.
- AWS Security, Identity, and Compliance Shapes: Include WAF, Certificate Manager (ACM), and Cognito. These represent security layers, certificate management, and identity services, enhancing security and access control visualization.
- AWS Storage Shapes: Represent storage solutions such as Amazon S3 (object storage), EBS Volumes, and Volume Gateway for hybrid cloud storage. These shapes help depict data persistence and integration between cloud and on-premises environments.
Benefits for ServiceNow Customers
- Facilitates alignment of AWS cloud architecture diagrams with ServiceNow CMDB and CSDM standards, improving governance and operational insight.
- Enables clear, standardized visual documentation of complex AWS environments, aiding communication between architects, engineers, and stakeholders.
- Supports detailed modeling of multi-account, multi-region, and hybrid cloud setups, enhancing planning for scalability, availability, and security.
- Improves understanding of AWS service interdependencies and data flows through visual representation of compute, storage, networking, security, analytics, and container services.
Next Steps
ServiceNow customers can start leveraging these AWS shapes within the Enterprise Modeling and Visualization workspace to create accurate and standards-aligned AWS cloud architecture diagrams. This empowers teams to effectively plan, communicate, and manage AWS cloud resources within their enterprise architecture initiatives.
The AWS shapes library in EA Workspace helps in modeling cloud architectures. These shapes allow architects to design future-state cloud diagrams aligned with CMDB and CSDM standards.
AWS shapes in Enterprise Modeling and Visualization
You can add a shape to the canvas by either selecting the shape or by dragging the shape from the Shapes
You can also adjust the size of shapes by selecting a shape and then drag any of its edges or corner handles. Pulling outward increases the shape's dimensions, while dragging inward reduces its size.
Note:
Connector ports on AWS shapes, including AWS Group shapes, are bi-directional. You can use any connector port—top, bottom, left, or right—as either an input or an output when connecting shapes in a
diagram.
| Shape name | Description |
|---|---|
AWS Account  |
Represents a single AWS account, which acts as an isolated container for resources, billing, and security policies. Use this shape to group all resources belonging to one account, especially in multi-account architectures. |
Availability Zone  |
A physically separate data center within an AWS Region, designed for fault isolation. Place inside a Region shape to show redundancy and high availability. |
| Private Subnet |
A subnet within a VPC that does not have direct internet access. Used for backend services or databases. Nest inside a VPC shape and indicate routing through NAT Gateway for outbound traffic. |
Amazon Virtual Private Cloud  |
A logically isolated section of the AWS cloud where you define IP addressing, subnets, and routing. Acts as the primary network boundary. Group subnets, gateways, and security components inside this shape. |
Security Group  |
A virtual firewall that controls inbound and outbound traffic for AWS resources. Attach to EC2 instances or other resources to indicate security controls. |
Auto Scaling Group  |
A collection of EC2 instances managed together for scaling based on demand. Represent elasticity and resilience for compute workloads. Often linked to load balancers. |
EC2 Instance Contents  |
Represents the internal components or applications running on an EC2 instance. Use this shape to detail what is deployed inside the instance (for example, web server, app server). |
Region  |
A geographical area that contains multiple Availability Zones. Acts as the top-level grouping for all resources deployed in a specific location. |
| Shape | Description |
|---|---|
Kinesis  |
A suite of services for real-time data streaming and processing. It enables ingesting, analyzing, and storing streaming data at scale. Use the general Kinesis shape when referring to the overall streaming platform or architecture. |
Kinesis Data Firehouse  |
A fully managed service for delivering real-time streaming data to destinations like Amazon S3, Redshift, OpenSearch Service, and third-party tools. Represented as the delivery pipeline for streaming data. |
Kinesis Video Streams  |
A service for securely streaming video from connected devices to AWS for analytics, machine learning, and storage. Shown in IoT or media architectures for video ingestion. |
Kinesis Data Streams  |
A core service for ingesting and processing real-time data streams. Represented as the main streaming data source feeding analytics or applications. |
Opensearch Service  |
A managed service for deploying and operating OpenSearch (formerly Elasticsearch) clusters for search and analytics. Shown as the search and indexing layer for logs and structured data. |
Redshift  |
A fully managed, petabyte-scale data warehouse for analytics and BI workloads. Represented as the central analytics engine for structured data. |
| Shape | Description |
|---|---|
Task  |
Represents a single unit of work in Amazon ECS (Elastic Container Service). A task is the instantiation of a task definition, which specifies the container images, CPU/memory requirements, and networking settings. Use this shape to show individual workloads running inside ECS clusters. Tasks can include one or more containers. |
Amazon Elastic Kubernetes Service  |
A managed Kubernetes service that simplifies running Kubernetes clusters on AWS without managing the control plane. Represented as the orchestration layer for containerized workloads. Often shown with worker nodes, pods, and integrated with IAM, VPC, and EBS for storage. |
Elastic Container Service (Amazon ECS)  |
A fully managed container orchestration service for running Docker containers on AWS. Shown as the orchestration layer for ECS clusters, managing tasks and services. |
| Shape | Description |
|---|---|
Amazon Elastic Compute Cloud  |
Amazon EC2 provides resizable compute capacity in the cloud. It allows you to run virtual servers (instances) on-demand, enabling flexible scaling for applications. |
Lambda Function  |
AWS Lambda is a serverless compute service that runs code in response to events without provisioning or managing servers. Represented as a function icon, often linked to API Gateway, S3, DynamoDB, or event sources. It’s used in microservices and event-driven architectures. |
| Shape | Description |
|---|---|
MemoryDB  |
MemoryDB is a fully managed, Redis-compatible, in-memory database service designed for ultra-fast performance and durability. Use this shape to represent caching or real-time data processing layers in applications requiring microsecond latency. |
Relational Database Service (Amazon RDS)  |
RDS is a managed service for relational databases, supporting engines like MySQL, PostgreSQL, MariaDB, Oracle, and SQL Server. Represents the managed database layer for transactional workloads. |
Elasticache  |
ElastiCache provides managed in-memory caching using Redis or Memcached. Shown as a caching layer between application and database tiers to reduce latency. |
Keyspaces (for Apache
Cassandra)  |
A scalable, managed database service compatible with Apache Cassandra for wide-column data models. Represents NoSQL workloads requiring high throughput and low latency. |
DynamoDB  |
A fully managed NoSQL database service for key-value and document data. Commonly used for serverless applications, microservices, and real-time data access. |
RDS Instance  |
Represents an individual database instance within Amazon RDS. Used to show specific database nodes in multi-AZ or read replica configurations. |
| Shape | Description |
|---|---|
VPN Gateway  |
A Virtual Private Network (VPN) Gateway enables secure connectivity between your AWS Virtual Private Cloud (VPC) and on-premises networks over an IPsec VPN tunnel. Place inside the VPC boundary to show hybrid connectivity. |
API Gateway  |
Amazon API Gateway is a fully managed service for creating, publishing, and securing APIs at scale. Represented as the entry point for REST, HTTP, or WebSocket APIs, often linked to Lambda or backend services. |
Customer Gateway  |
Represents the on-premises endpoint for a VPN connection to AWS. Shown outside the AWS cloud, connected to VPN Gateway. |
Route 53  |
AWS Route 53 is a scalable DNS and domain name management service. Typically placed at the edge for routing traffic to AWS resources or external endpoints. |
Network ACL  |
A Network Access Control List provides stateless filtering of inbound and outbound traffic at the subnet level. Attach to subnets inside a VPC to indicate additional security. |
Internet Gateway  |
Enables communication between resources in a VPC and the internet.Shown at the VPC edge for public connectivity |
VPN Connection  |
Represents the secure IPsec tunnel between AWS VPN Gateway and Customer Gateway. Connects hybrid environments for secure data transfer. |
Application Load Balancer  |
Distributes HTTP/HTTPS traffic across multiple targets (EC2, containers, Lambda). Shown in front of application tiers for high availability. |
Route Table  |
Defines how traffic is directed within a VPC. Attach to subnets to show routing logic. |
NAT Gateway  |
Enables instances in private subnets to access the internet without exposing them publicly. Placed in a public subnet, linked to private subnets via route tables. |
Elastic Network Interface  |
A virtual network interface that can be attached to an EC2 instance. Represented as a component of EC2 for network connectivity |
| Shape | Description |
|---|---|
WAF  |
AWS WAF protects web applications from common exploits and attacks such as SQL injection and cross-site scripting. It enables you to define custom security rules to filter HTTP(S) traffic. Represented as a security layer in front of Amazon CloudFront, Application Load Balancer, or API. |
Certificate Manager (ACM)  |
SACM simplifies the provisioning, management, and deployment of SSL/TLS certificates for AWS services and internal resources. Typically shown alongside Elastic Load Balancers, CloudFront, or API Gateway to indicate encrypted communication. |
Cognito  |
Cognito provides user authentication, authorization, and user management for web and mobile apps. It supports social identity providers and enterprise federation. Represented as an identity layer for applications, often linked to API Gateway or Lambda. |
| Shape | Description |
|---|---|
Simple Storage Service (Amazon S3)  |
Amazon S3 is an object storage service designed for storing and retrieving any amount of data from anywhere on the web. It’s highly durable, scalable, and secure. Use this shape to represent object storage buckets in AWS architecture diagrams. |
Volume  |
Represents an Amazon Elastic Block Store (EBS) volume, which is a block-level storage device that can be attached to EC2 instances. Use this shape to indicate persistent storage for compute resources. |
Volume Gateway  |
Represents the AWS Storage Gateway Volume Gateway, which provides hybrid cloud storage by exposing cloud-backed volumes to on-premises applications. Use this shape to show integration between on-premises environments and AWS storage. |