Cloudcraft in Datadog

Cloudcraft in Datadog is not supported on this site.

Overview

Cloudcraft offers a powerful, live read-only visualization tool for cloud architecture, enabling you to explore, analyze, and manage your infrastructure with ease. Not to be confused with the Standalone Cloudcraft documentation, this guide outlines the functionality, setup, and use cases of Cloudcraft in Datadog, detailing its benefits for various user personas, and highlighting key features and capabilities.

This documentation applies to the Cloudcraft in Datadog product. For information on the standalone Cloudcraft product, please refer to the Cloudcraft (Standalone) documentation.

Cloudcraft’s core functionality is its ability to generate detailed architecture diagrams. These diagrams visually represent AWS cloud resources, allowing you to explore and analyze your environments. Cloudcraft’s diagrams are optimized for clarity and performance, providing an intuitive interface for navigating large-scale deployments. This helps teams to:

  • Trace incidents back to their root causes through infrastructure dependencies.
  • Determine if infrastructure is the cause of an incident, such as cross-region traffic causing latency or increased costs.
  • Analyze and address the most relevant security misconfigurations.
  • Onboard new team members.
  • Accelerate incident MTTR and proactive governance tasks by simplifying infrastructure navigation.
Cloudcraft in Datadog is currently only available for AWS accounts.

Prerequisites

Note: Cloudcraft adapts to restrictive permissions by excluding inaccessible resources. For example, if you opt to not grant permission to list S3 buckets, the diagram will simply exclude those buckets. If permissions block certain resources, an alert is displayed in the user-interface(UI).

Getting started

To get started using Cloudcraft, select one or more accounts, regions, and resources. The diagram automatically displays the Infrastructure diagram.

Note: The account name in the Account dropdown originates from your AWS account tags in the AWS integration tile.

Group by

With Group By, Cloudcraft divides your diagram into distinct sections based on different group types. This feature offers a clear and organized perspective of your resources, making it especially helpful for visualizing complex cloud environments.

Enable the Show All Controls toggle to display the available Group By options. You can also remove specific groupings by unchecking options like VPC and Region. To view the current nesting structure and add the Network ACL (Network Access Control List) layer, click the More dropdown.

Presets

Presets offer a convenient way to apply predefined sets of group-bys and filters, allowing you to view your resources from different perspectives. This feature simplifies the process of applying groupings and filters to your diagrams, allowing you to focus on specific aspects of your architecture.

Cloudcraft provides three built-in presets: Infrastructure, Network, and Security. These views are designed to address different operational needs.

Screenshot of the three available presets in Cloudcraft

Infrastructure diagram

The infrastructure view provides a broad overview, grouping resources by Account, Region and VPC. This view is ideal for generating architecture diagrams for troubleshooting or high-level review.

The infrastructure diagram excludes components like EBS, NAT Gateway, and Transit Gateway, among others, to give you an uncluttered diagram, showing you the most important parts of your architecture.

Screenshot of the Infrastructure diagram in Cloudcraft

Network diagram

The network view adds granularity by introducing Subnet grouping, making it especially useful for network teams seeking to identify latency sources and traffic patterns. In addition, a component may appear multiple times if they belong to multiple subnets.

This diagram excludes components such as EBS, S3, and SNS.

Screenshot of the Network diagram in Cloudcraft

Security diagram

The security view focuses on potential security exposures, grouping resources by Region, VPC, and Security Group. This view is essential for identifying security risks and understanding rules governing inbound and outbound service communications, and is perfect for mapping attack surfaces during penetration testing or security audits.

This diagram excludes EBS, NAT Gateway, and other components that might clutter the security view.

Note: By default, when you select the Security diagram view, the Overlay feature defaults to Security Findings.

Screenshot of the Security diagram in Cloudcraft

Saved views

To apply a saved view to your diagram:

  • Navigate to Infrastructure > Cloudcraft. Select one or more accounts, regions, and resources. Apply any desired filters to your saved view, then click +Save as new view.
  • Select the desired saved view from the menu at the top of the diagram view. The diagram automatically updates to reflect the chosen view.
Screenshot of the saved views

Explore resources

In any of the Cloudcraft presets, you utilize the zoom and hover features to pinpoint the most critical resources. As you zoom in, additional resource names become visible. Hovering over a resource reveals a hover panel with basic information. Clicking on a resource opens a side panel that displays its Datadog observability, cost information, and security data, with cross-links to other Datadog products where relevant.

Diagrams can be filtered by tags, such as team, application, or service, allowing you to concentrate on relevant resources while maintaining context through connected resources. Additionally, Cloudcraft provides a powerful search and highlight feature, enabling ease of location of specific resources or groups of resources.

Click the +Filter menu to quickly filter your resources by commonly used tags such as service, team, region, and more. Additionally, click the More Filters option to filter by AWS tags, custom tags, and terraform tags. The filter option reloads the diagram to display only the infrastructure that matches the filter criteria.

Search and highlight

Use the search bar to locate resources on the diagram by name, ID, or tag. This feature is highly effective for finding specific resources within your cloud architecture. It highlights the search criteria in the diagram, without creating a new diagram, by greying out the elements that do not match the search criteria.

Overlays

Cloudcraft supports overlays that integrate various data sources and display them on top of the infrastructure diagram.

Screenshot of the overlay section in Cloudcraft

Security findings

The security findings overlay in Cloudcraft provides an overlay from CSM misconfigurations, allowing you to quickly identify CSM findings. This allows you to:

  • Identify security issues in infrastructure diagrams.
  • View misconfigurations in context to analyze their impact and prioritize remediation
  • Assess security posture before deploying applications.

By default, the security overlay shows Critical, High, and Medium misconfigurations, but can be filtered at the bottom of the screen:

Screenshot of the CSM Misconfigurations hover in the Cloudcraft overlay section

Agent Overlay

The Agent overlay indicates whether the Agent is installed on your EC2 hosts using a collapsible legend. A green dot signifies the Agent is installed, while a red dot indicates it is not installed on that resource.

Screenshot of the Agent overlay in the Cloudcraft

FAQ

Why are there two Cloudcraft’s and which one is right for me ? Add Copy here

Further reading

Additional helpful documentation, links, and articles:

Plan new architectures and track your cloud footprint with Cloudcraft (Standalone)BLOG more more
PREVIEWING: aliciascott/DOCS-9725-Cloudcraft