from diagrams import Diagram, Cluster, Edge from diagrams.aws.security import Cognito, SecretsManager from diagrams.aws.storage import S3 from diagrams.aws.network import Route53 from diagrams.aws.compute import Lambda from diagrams.aws.engagement import SES from diagrams.onprem.container import Docker from diagrams.onprem.compute import Server from diagrams.onprem.database import PostgreSQL from diagrams.onprem.inmemory import Redis from diagrams.onprem.network import Nginx from diagrams.onprem.client import User from diagrams.generic.storage import Storage with Diagram("ArchNest SaaS - Hybrid Architecture", show=False, filename="/tmp/archnest-hybrid", direction="TB", outformat="png"): users = User("Tenants") with Cluster("Akamai Cloud"): lb = Nginx("NodeBalancer\nHTTPS/WSS") with Cluster("G7 Dedicated (4GB, 2 vCPU, ARM)"): backend = Server("Fastify\nBackend API") websocket = Server("Fastify\nWebSocket Service") guacd = Docker("guacd\n(RDP/VNC)") with Cluster("Data (Self-Managed)"): postgres = PostgreSQL("PostgreSQL\n(RLS Enabled)") redis = Redis("Redis\n(Sessions/Cache)") static = Storage("Object Storage\n(React SPA)") with Cluster("AWS (Managed Services Only)"): cognito = Cognito("Cognito\nUser Pools + SSO") pre_token = Lambda("Pre-Token\nLambda") secrets = SecretsManager("Secrets Manager\nSSH Keys") s3 = S3("S3\nBackups + Logs") route53 = Route53("Route 53") ses = SES("SES\nEmail") stripe_lambda = Lambda("Stripe\nWebhook Lambda") with Cluster("Tenant Infrastructure"): host1 = Server("SSH Host A") host2 = Server("SSH Host B") docker_host = Docker("Docker Host") # User flow users >> route53 >> lb lb >> static lb >> backend lb >> websocket # Backend connections backend >> postgres backend >> redis backend >> secrets backend >> s3 websocket >> redis websocket >> guacd # Auth cognito >> pre_token backend >> cognito stripe_lambda >> cognito # Outbound to tenant hosts (direct, no NAT needed) backend >> host1 backend >> host2 websocket >> host1 websocket >> docker_host # Email backend >> ses