security

$27

mxgraph.aws4.<icon> "Label" as <alias>

Identity & Access Stencils

Category

Stencils

Purpose

IAM

identity_and_access_management, identity_access_management_iam_roles_anywhere

Identity policies & roles

SSO/Directory

cognito, ad_connector, directory_service, cloud_directory

User authentication & federation

STS

sts, sts_alternate

Temporary security credentials

Organizations

organizations, organizations_account, organizations_organizational_unit

Multi-account governance

Encryption & Secrets Stencils

Category

Stencils

Purpose

KMS

key_management_service, key_management_service_external_key_store

Key management & encryption

Secrets

secrets_manager

Secrets rotation & storage

Certificates

certificate_manager, private_certificate_authority

TLS certificate lifecycle

HSM

cloudhsm

Hardware security module

Encryption

encrypted_data

Encrypted data at rest

Network Security Stencils

Category

Stencils

Purpose

Firewall

network_firewall, network_firewall_endpoints, firewall_manager

Network traffic filtering

WAF

generic_firewall

Web application firewall

Shield

shield, shield_shield_advanced, shield2

DDoS protection

Security Group

security_group, group_security_group

Instance-level firewall

Threat Detection & Compliance Stencils

Category

Stencils

Purpose

Detection

guardduty, detective, inspector

Threat detection & investigation

Data Protection

macie

Sensitive data discovery

Compliance

security_hub, security_hub_finding, audit_manager, config

Compliance posture & audit

Logging

cloudtrail, cloudtrail_cloudtrail_lake, security_lake

Audit trail & log aggregation

Governance

control_tower, organizations

Multi-account governance

Incident

security_incident_response

Incident management

Connection Types

Syntax

Meaning

Use Case

A --> B

Solid arrow

Auth flow / access request

A ..> B

Dashed arrow

Audit event / async detection

A -- B

Solid line

Trust relationship

A --> B : "label"

Labeled connection

Describe protocol or credential

Quick Example

@startuml

left to right direction

mxgraph.aws4.users "Users" as users

mxgraph.aws4.cognito "Cognito" as auth

mxgraph.aws4.identity_and_access_management "IAM" as iam

rectangle "Protected Resources" {

  mxgraph.aws4.s3 "Data (S3)" as s3

  mxgraph.aws4.encrypted_data "Encrypted" as enc

}

users --> auth : "login"

auth --> iam : "token"

iam --> s3

s3 --> enc

@enduml

Security Architecture Types

Type

Purpose

Key Stencils

Example

IAM & AuthN

Identity and authentication

cognito, identity_and_access_management, sts

iam-authn.md

Encryption Pipeline

Data encryption at rest/in-transit

key_management_service, certificate_manager, secrets_manager

encryption-pipeline.md

Network Security

Perimeter defense & firewalls

network_firewall, shield, security_group

network-security.md

Threat Detection

Automated threat response

guardduty, detective, security_hub

threat-detection.md

Compliance Audit

Governance & audit trail

config, audit_manager, cloudtrail, security_lake

compliance-audit.md

Zero Trust

Zero-trust access model

cognito, identity_and_access_management, network_firewall

zero-trust.md

Data Protection

Sensitive data classification

macie, encrypted_data, key_management_service

data-protection.md

Multi-account Gov

Organization-wide security

organizations, control_tower, security_hub

multi-account-governance.md