User Guide
Learn how to use CloudMapper to visualize AWS network topology and manage user access across regions
Prerequisites: Ensure CloudMapper is installed and accessible via your web browser. CloudMapper automatically uses the EC2 instance's IAM role for read-only access to your AWS account. See the
Installation Guide if needed.
Getting Started
First Login
Access CloudMapper through your web browser using the URL provided during installation:
# HTTP access (automatically redirects to HTTPS)
http://your-cloudmapper-instance-ip
# Direct HTTPS access
https://your-cloudmapper-instance-ip
Automatic HTTPS Redirect: CloudMapper automatically redirects all HTTP traffic to HTTPS for secure communication. You can use either HTTP or HTTPS URLs - both will result in a secure HTTPS connection.
Default Credentials:
Username: admin
Password: admin
⚠️ You must change these credentials immediately after first login for security.
After logging in with the default credentials, you can configure OIDC integration or continue using internal user management.
Region Configuration
CloudMapper automatically discovers your AWS account using the EC2 instance's IAM role. You only need to specify which regions contain your workloads:
Configure regions containing your AWS workloads
- Region Selection: Choose AWS regions that contain your infrastructure
- Automatic Discovery: CloudMapper uses the instance's IAM role for read-only access
- No Account Setup: No additional AWS account configuration required
- Single Account: CloudMapper operates within the current AWS account only
Select Active Regions
Select the specific regions where your workloads are deployed:
Select regions for network topology discovery
- Navigate to the Settings → Regions
- Select regions containing your AWS resources
- CloudMapper will automatically discover network topology
- View real-time network diagrams and relationships
- Export diagrams for documentation and compliance
Network Dashboard
The CloudMapper dashboard provides a comprehensive view of your AWS network topology and infrastructure across selected regions.
Interactive network topology diagram showing AWS infrastructure relationships
Dashboard Features
Select and filter VPCs across regions for focused analysis
Detailed VPC network topology with subnets and connectivity
Network Topology
- Real-time network diagrams
- VPC and subnet relationships
- Cross-region connectivity
- Interactive visual exploration
Multi-Region View
- Unified cross-region topology
- Region-specific resource filtering
- Automatic resource discovery
- Read-only access via IAM role
Pro Tip
Use the dashboard filters to focus on specific regions, resource types, or time periods. Save frequently used filter combinations as custom views.
Network Discovery
CloudMapper automatically discovers and maps your AWS network infrastructure across selected regions, creating detailed topology diagrams using the EC2 instance's read-only IAM permissions.
Automatic Discovery: CloudMapper continuously discovers network resources across your selected regions without requiring manual scans or account configuration.
Supported AWS Components
Complete Component List: For the full list of supported AWS components including Core Networking, Gateways & Connectivity, and VPC Endpoints, see the
CloudMapper Overview page.
Network-Focused Discovery
CloudMapper specializes in AWS network topology visualization, focusing on:
- VPC architecture and relationships
- Subnet configurations and routing
- Gateway and connectivity components
- Cross-region network topology
- VPC endpoints and private connectivity
- Network traffic flow visualization
Automatic Network Discovery
How It Works:
- CloudMapper uses the EC2 instance's IAM role for read-only access
- Automatically discovers network resources in selected regions
- Continuously updates topology diagrams as resources change
- No manual scanning or account configuration required
- Single AWS account operation - no cross-account support
Regional Network Mapping
CloudMapper provides comprehensive network topology across your selected AWS regions:
- Real-time Discovery: Continuous network resource discovery and mapping
- Cross-Region Topology: Unified view of network connections across regions
- Read-Only Access: Uses instance IAM role for secure, read-only resource access
- No Configuration: Automatic discovery without manual setup or scanning
Topology Visualization
CloudMapper provides multiple visualization options to help you understand your infrastructure architecture.
Network Topology View
Interactive network topology diagram
- Interactive drag-and-drop interface
- Hierarchical resource grouping
- Connection flow visualization
- Real-time status indicators
Export & Reports
Export network diagrams as PDF documents for documentation, compliance reporting, and sharing with your team.
CloudMapper provides a simple and effective way to export your network diagrams as PDF documents using your browser's print functionality.
Features:
- High-quality PDF output optimized for printing and sharing
- Preserves diagram layout, colors, and detailed network information
- Professional format suitable for documentation and compliance reports
- Works with any modern web browser's built-in PDF capabilities
PDF Export via Browser Print
Export Process:
- Navigate to the network diagram you want to export
- Click the "Print" button in the CloudMapper interface
- A new browser window will open with the print-optimized diagram
- Use your browser's print function (Ctrl+P or Cmd+P)
- Select "Save as PDF" as the destination
- Choose your preferred PDF settings and save the file
Pro Tip: For best results, use landscape orientation and ensure your browser's print settings are configured to include background graphics for full diagram visibility.
User Management & Authentication
CloudMapper supports both OIDC integration with external identity providers and internal user management with strong password policies and two-factor authentication.
OIDC integration configuration interface
Internal user management with role-based access
Authentication Options
- Strong password policies
- Two-factor authentication (2FA)
- Role-based access control
- Session management
- Audit logging
- Azure AD / Entra ID
- Google Workspace
- Okta
- Auth0
- Any OIDC-compliant provider
Internal User Management
Create Users
User creation with role assignment and security settings
- Navigate to Settings → User Management
- Click "Add User" to create new accounts
- Set strong passwords meeting policy requirements
- Assign appropriate roles and permissions
- Enable two-factor authentication for enhanced security
OIDC Configuration
{
"client_id": "your-client-id",
"client_secret": "your-client-secret",
"discovery_url": "https://your-provider.com/.well-known/openid-configuration",
"redirect_uri": "https://your-cloudmapper.com/auth/callback",
"scopes": ["openid", "profile", "email"]
}
- Register CloudMapper as an OIDC application in your provider
- Configure the OIDC settings in CloudMapper
- Map user attributes and roles appropriately
Security Features
- Password Policies: Minimum length, complexity, and expiration requirements
- Two-Factor Authentication: TOTP support for additional security
- Session Management: Configurable session timeouts and concurrent session limits
- Audit Logging: Complete authentication and authorization event logging
- Role-Based Access: Granular permissions for different user types
