If you’ve ever needed to document an Azure network — especially one you didn’t build yourself — you know the pain:
Hunting through the Azure portal
Clicking into each vNet, peering, subnet, NSG, UDR
Recreating it all manually in Draw.io or Visio
It’s tedious. And error-prone.
I wanted something better.
So I built CloudNetDraw.
🚀 What It Does
CloudNetDraw is a tool that automatically generates Azure network diagrams by querying your environment and exporting editable .drawio files.
You can use it in two ways:
Hosted version: Just sign in with your Azure account (or use a Service Principal)
Self-host: Deploy it yourself as an Azure Function from the GitHub repo
No agents, no install, no need to reverse-engineer infrastructure.
You get instant diagrams with:
✅ Hub & Spoke visualization
✅ All vNets and subnets (with CIDRs)
✅ NSG and UDR indicators
✅ Editable output (Draw.io)
✅ HLD and MLD versions
🔧 How it works
Data Collection
Using the Azure Python SDK, the tool authenticates via Entra ID (Azure AD) and pulls:
All vNets
Peering relationships
Subnets (with address ranges)
Network Security Groups
Route tables (UDRs)
Topology Mapping
The script identifies:
Which vNet is acting as the hub
All spokes peered to the hub
Additional peerings (mesh setups)
Subnets with NSG or UDRs attached
Diagram Generation
The result is passed into a layout engine that outputs a .drawio file, which opens cleanly in https://app.diagrams.net. Or Drawio Desktop
🧠 Why I Built It
I’m a cloud security architect — so I constantly review Azure environments. But I kept hitting the same wall:
There was no quick and accurate way to get an overview of network architecture.
Exporting from Terraform didn’t help in live environments. Defender for Cloud and Network Watcher is a mess. Visio stencils were slow and brittle.
I didn’t need another Cloud Security Posture Management (CSPM) tool. I just wanted a visual, editable, and scriptable map of the actual network.
🔐 What About Security?
This was a key design goal:
We don’t store any network data
The diagrams are generated in memory
Everything is wiped after download
Only basic telemetry (errors, usage counts) is collected
Fully open-source if you want to audit it or self-host
More details in the privacy policy.
🛠 Tech Stack
Azure Functions (Python backend)
Azure SDK (Python: azure-mgmt-*)
lxml for Draw.io XML generation
GitHub Actions for deployment
Draw.io viewer (optional for preview)
🌐 Try It Now
Website: CloudNetDraw
GitHub: CloudNet-Draw
No signup required. Just log in with Azure or use a service principal.
💬 Feedback?
I’d love to hear your thoughts — especially if you’re working in large-scale Azure environments or want to see support for:
AWS or GCP?
More detailed subnet-level LLD diagrams?
Additional resource types?
Let me know in the comments or open an issue on GitHub!
Thanks for reading —
Kristoffer
Top comments (0)