security
This skill helps you create professional security architecture diagrams using PlantUML syntax. It provides rich icons for identity, encryption, firewall, and compliance, making it ideal for designing IAM flows, zero-trust architectures, encryption pipelines, compliance auditing, and threat detection scenarios, clarifying complex systems at a glance.
npx skills add markdown-viewer/skills --skill securityBefore / After Comparison
1 组Without a standardized tool, security architects spent significant time manually drawing complex security flowcharts using generic graphic tools, leading to inconsistent iconography, inefficient communication, and frequent misunderstandings or omissions during reviews.
With this skill, architects can quickly leverage predefined security icons and PlantUML syntax to efficiently generate clear, standardized security architecture diagrams, significantly boosting design efficiency and team collaboration accuracy.
description SKILL.md
Security Architecture Diagram Generator
Quick Start: Define trust boundaries → Place identity/encryption/firewall icons → Connect with access flows → Group into security zones → Wrap in ```plantuml fence.
⚠️ IMPORTANT: Always use
```plantumlor```pumlcode fence. NEVER use```text— it will NOT render as a diagram.
Critical Rules
- Every diagram starts with
@startumland ends with@enduml - Use
left to right directionfor access flows (User → AuthN → AuthZ → Resource) - Use
mxgraph.aws4.*stencil syntax for security service icons - Default colors are applied automatically — you do NOT need to specify
fillColororstrokeColor - Use
rectangle "Trust Boundary" { ... }for security zones - Directed flows use
-->, audit/async flows use..>(dashed)
Full stencil reference: See stencils/README.md for 9500+ available icons.
Mxgraph Stencil Syntax
mxgraph.aws4.<icon> "Label" as <alias>
Identity & Access Stencils
| Category | Stencils | Purpose |
|---|---|---|
| IAM | identity_and_access_management, identity_access_management_iam_roles_anywhere | Identity policies & roles |
| SSO/Directory | cognito, ad_connector, directory_service, cloud_directory | User authentication & federation |
| STS | sts, sts_alternate | Temporary security credentials |
| Organizations | organizations, organizations_account, organizations_organizational_unit | Multi-account governance |
Encryption & Secrets Stencils
| Category | Stencils | Purpose |
|---|---|---|
| KMS | key_management_service, key_management_service_external_key_store | Key management & encryption |
| Secrets | secrets_manager | Secrets rotation & storage |
| Certificates | certificate_manager, private_certificate_authority | TLS certificate lifecycle |
| HSM | cloudhsm | Hardware security module |
| Encryption | encrypted_data | Encrypted data at rest |
Network Security Stencils
| Category | Stencils | Purpose |
|---|---|---|
| Firewall | network_firewall, network_firewall_endpoints, firewall_manager | Network traffic filtering |
| WAF | generic_firewall | Web application firewall |
| Shield | shield, shield_shield_advanced, shield2 | DDoS protection |
| Security Group | security_group, group_security_group | Instance-level firewall |
Threat Detection & Compliance Stencils
| Category | Stencils | Purpose |
|---|---|---|
| Detection | guardduty, detective, inspector | Threat detection & investigation |
| Data Protection | macie | Sensitive data discovery |
| Compliance | security_hub, security_hub_finding, audit_manager, config | Compliance posture & audit |
| Logging | cloudtrail, cloudtrail_cloudtrail_lake, security_lake | Audit trail & log aggregation |
| Governance | control_tower, organizations | Multi-account governance |
| Incident | security_incident_response | Incident management |
Connection Types
| Syntax | Meaning | Use Case |
|---|---|---|
A --> B | Solid arrow | Auth flow / access request |
A ..> B | Dashed arrow | Audit event / async detection |
A -- B | Solid line | Trust relationship |
A --> B : "label" | Labeled connection | Describe protocol or credential |
Quick Example
@startuml
left to right direction
mxgraph.aws4.users "Users" as users
mxgraph.aws4.cognito "Cognito" as auth
mxgraph.aws4.identity_and_access_management "IAM" as iam
rectangle "Protected Resources" {
mxgraph.aws4.s3 "Data (S3)" as s3
mxgraph.aws4.encrypted_data "Encrypted" as enc
}
users --> auth : "login"
auth --> iam : "token"
iam --> s3
s3 --> enc
@enduml
Security Architecture Types
| Type | Purpose | Key Stencils | Example |
|---|---|---|---|
| IAM & AuthN | Identity and authentication | cognito, identity_and_access_management, sts | iam-authn.md |
| Encryption Pipeline | Data encryption at rest/in-transit | key_management_service, certificate_manager, secrets_manager | encryption-pipeline.md |
| Network Security | Perimeter defense & firewalls | network_firewall, shield, security_group | network-security.md |
| Threat Detection | Automated threat response | guardduty, detective, security_hub | threat-detection.md |
| Compliance Audit | Governance & audit trail | config, audit_manager, cloudtrail, security_lake | compliance-audit.md |
| Zero Trust | Zero-trust access model | cognito, identity_and_access_management, network_firewall | zero-trust.md |
| Data Protection | Sensitive data classification | macie, encrypted_data, key_management_service | data-protection.md |
| Multi-account Gov | Organization-wide security | organizations, control_tower, security_hub | multi-account-governance.md |
forumUser Reviews (0)
Write a Review
No reviews yet
Statistics
User Rating
Rate this Skill