dev_arc_aws/docs/aws-architecture/generate_diagram.py

from diagrams import Diagram, Cluster, Edge
from diagrams.aws.security import Cognito, SecretsManager
from diagrams.aws.storage import S3
from diagrams.aws.network import Route53
from diagrams.aws.compute import Lambda
from diagrams.aws.engagement import SES
from diagrams.onprem.container import Docker
from diagrams.onprem.compute import Server
from diagrams.onprem.database import PostgreSQL
from diagrams.onprem.inmemory import Redis
from diagrams.onprem.network import Nginx
from diagrams.onprem.client import User
from diagrams.generic.storage import Storage

with Diagram("ArchNest SaaS - Hybrid Architecture", show=False, filename="/tmp/archnest-hybrid", direction="TB", outformat="png"):

    users = User("Tenants")

    with Cluster("Akamai Cloud"):
        lb = Nginx("NodeBalancer\nHTTPS/WSS")

        with Cluster("G7 Dedicated (4GB, 2 vCPU, ARM)"):
            backend = Server("Fastify\nBackend API")
            websocket = Server("Fastify\nWebSocket Service")
            guacd = Docker("guacd\n(RDP/VNC)")

            with Cluster("Data (Self-Managed)"):
                postgres = PostgreSQL("PostgreSQL\n(RLS Enabled)")
                redis = Redis("Redis\n(Sessions/Cache)")

        static = Storage("Object Storage\n(React SPA)")

    with Cluster("AWS (Managed Services Only)"):
        cognito = Cognito("Cognito\nUser Pools + SSO")
        pre_token = Lambda("Pre-Token\nLambda")
        secrets = SecretsManager("Secrets Manager\nSSH Keys")
        s3 = S3("S3\nBackups + Logs")
        route53 = Route53("Route 53")
        ses = SES("SES\nEmail")
        stripe_lambda = Lambda("Stripe\nWebhook Lambda")

    with Cluster("Tenant Infrastructure"):
        host1 = Server("SSH Host A")
        host2 = Server("SSH Host B")
        docker_host = Docker("Docker Host")

    # User flow
    users >> route53 >> lb
    lb >> static
    lb >> backend
    lb >> websocket

    # Backend connections
    backend >> postgres
    backend >> redis
    backend >> secrets
    backend >> s3
    websocket >> redis
    websocket >> guacd

    # Auth
    cognito >> pre_token
    backend >> cognito
    stripe_lambda >> cognito

    # Outbound to tenant hosts (direct, no NAT needed)
    backend >> host1
    backend >> host2
    websocket >> host1
    websocket >> docker_host

    # Email
    backend >> ses
System design, CloudFormation, theming assets (#3) 2026-06-24 13:55:04 +00:00			`from diagrams import Diagram, Cluster, Edge`
			`from diagrams.aws.security import Cognito, SecretsManager`
			`from diagrams.aws.storage import S3`
			`from diagrams.aws.network import Route53`
			`from diagrams.aws.compute import Lambda`
			`from diagrams.aws.engagement import SES`
			`from diagrams.onprem.container import Docker`
			`from diagrams.onprem.compute import Server`
			`from diagrams.onprem.database import PostgreSQL`
			`from diagrams.onprem.inmemory import Redis`
			`from diagrams.onprem.network import Nginx`
			`from diagrams.onprem.client import User`
			`from diagrams.generic.storage import Storage`

			`with Diagram("ArchNest SaaS - Hybrid Architecture", show=False, filename="/tmp/archnest-hybrid", direction="TB", outformat="png"):`

			`users = User("Tenants")`

			`with Cluster("Akamai Cloud"):`
			`lb = Nginx("NodeBalancer\nHTTPS/WSS")`

			`with Cluster("G7 Dedicated (4GB, 2 vCPU, ARM)"):`
			`backend = Server("Fastify\nBackend API")`
			`websocket = Server("Fastify\nWebSocket Service")`
			`guacd = Docker("guacd\n(RDP/VNC)")`

			`with Cluster("Data (Self-Managed)"):`
			`postgres = PostgreSQL("PostgreSQL\n(RLS Enabled)")`
			`redis = Redis("Redis\n(Sessions/Cache)")`

			`static = Storage("Object Storage\n(React SPA)")`

			`with Cluster("AWS (Managed Services Only)"):`
			`cognito = Cognito("Cognito\nUser Pools + SSO")`
			`pre_token = Lambda("Pre-Token\nLambda")`
			`secrets = SecretsManager("Secrets Manager\nSSH Keys")`
			`s3 = S3("S3\nBackups + Logs")`
			`route53 = Route53("Route 53")`
			`ses = SES("SES\nEmail")`
			`stripe_lambda = Lambda("Stripe\nWebhook Lambda")`

			`with Cluster("Tenant Infrastructure"):`
			`host1 = Server("SSH Host A")`
			`host2 = Server("SSH Host B")`
			`docker_host = Docker("Docker Host")`

			`# User flow`
			`users >> route53 >> lb`
			`lb >> static`
			`lb >> backend`
			`lb >> websocket`

			`# Backend connections`
			`backend >> postgres`
			`backend >> redis`
			`backend >> secrets`
			`backend >> s3`
			`websocket >> redis`
			`websocket >> guacd`

			`# Auth`
			`cognito >> pre_token`
			`backend >> cognito`
			`stripe_lambda >> cognito`

			`# Outbound to tenant hosts (direct, no NAT needed)`
			`backend >> host1`
			`backend >> host2`
			`websocket >> host1`
			`websocket >> docker_host`

			`# Email`
			`backend >> ses`