Skip to content

Lucidchart Support

What is Lucidchart?

From official Lucidchart page:

Lucidchart is the intelligent diagramming application that brings teams together to make better decisions and build the future.

Parsing particularities

Lucidchart does not have its own extension for exporting. Instead of that, it enables their users to download their diagrams in several ways. One of them is VSDX, which is the Microsoft Visio format supported by StartLeft. All the Visio documentation about mapping and parsing logic applies for Lucidchart. However, there are a couple of considerations that are important to know.

About the mappings:

  • The structure of the mapping file is exactly the same that for the Microsoft Visio files.
  • The stencils are different in Microsoft Visio and Lucidchart, so you need to compose different mappings for each of them.
  • The internal name of the Lucidchart stencil shapes does not match the one shown in the application. In the mapping file provided in the StartLeft examples folder, you can find a list of AWS components' internal names.
  • LucidChart stencil libraries are versioned by year, but you don't need to take care of it. At building the mapping file, ignore the year suffix (2017, AWS19, AWS19_v2, or AWS2021).

About the parsing logic:

  • Boundary TrustZones are not currently supported for Lucidchart.
  • Dataflows are calculated based on their position, what means that they do not necessarily need to touch origin or target shapes, but they have some tolerance.

Catch All Configuration

This processor includes an exclusive functionality to activate the mapping for all the shapes not included in the components' mapper section. All the unknown shapes will be mapped to the type defined under the catch_all property

configuration:
  catch_all: empty-component

Skip

This configuration defines a list of resources that will never be mapped.

configuration:
  skip:
    - AmazonCloudWatch
    - AmazonDynamoDB
    - AmazonRoute53
    - DataSharesAzure2021

An example

In this example, we can see a Lucidchart diagram which includes different types of elements.

  • Generic shapes like the Internet TrustZone or the Custom VPC.
  • Generic stencil shapes like the Client and the Mobile client.
  • AWS stencil shapes like the Amazon CloudWatch or the Amazon EC2.
  • Azure stencil shapes like the SQLDatabaseAzure2021.
  • Several dataflows among the shapes.

Notice also that all the components in the diagram are nested inside others. All of them belong to a TrustZone, but, for example, the Amazon EC2 is also nested inside the Custom VPC. This hierarchy, as is done for Microsoft Visio, will be respected in the resultant OTM.

img_1.png

If we compose a default mapping file for all the stencil shapes:

default-mapping.yaml
trustzones:
  - default: true
    label: Internet (default)
    type: f0ba7722-39b6-4c81-8290-a30a248bb8d9

  - label: Public Cloud
    type: b61d6911-338d-46a8-9f39-8dcd24abfe91

  - label: Private Secured Cloud
    type: 2ab4effa-40b7-4cd2-ba81-8247d29a6f2d

  - label: [ AWSCloud, AWSCloudAlt, AWSCloudalt, AWSCloudContainer ]
    type: b61d6911-338d-46a8-9f39-8dcd24abfe91

components:
  - label: ACAzureAutomationBlock
    type: CD-MICROSOFT-AZURE-AUTOMATION
  - label: [ ACMcertificatemanager, AWSCertificateManager, CertificateManager ]
    type: CD-ACM
  - label: ACMediaServicesBlock
    type: CD-MICROSOFT-AZURE-MEDIA-SERVICES
  - label: AWSAmplify
    type: CD-AMPLIFY
  - label: AWSAppMesh
    type: CD-APP-MESH
  - label: [ AWSAppSync, AWSAppSync_red ]
    type: CD-APPSYNC
  - label: AWSApplicationDiscoveryService
    type: CD-APP-DISC-SERVICE
  - label: [ AWSArtifact, Artifact ]
    type: CD-ARTIFACT
  - label: AWSBackup
    type: CD-BACKUP
  - label: AWSBatch
    type: CD-BATCH
  - label: AWSCLI
    type: CD-CLI
  - label: AWSChatbot
    type: CD-CHATBOT
  - label: AWSClientVPN
    type: client-vpn
  - label: AWSCloud9
    type: CD-CLOUD9
  - label: AWSCloudAWS
    type: empty-component
  - label: AWSCloudFormation
    type: CD-CLOUDFORMATION
  - label: AWSCloudHSM
    type: CD-CLOUDHSM
  - label: AWSCloudMap
    type: CD-CLOUD-MAP
  - label: AWSCloudTrail
    type: cloudtrail
  - label: AWSCodeArtifact
    type: CD-AWS-CODEARTIFACT
  - label: AWSCodeBuild
    type: CD-CODEBUILD
  - label: AWSCodeCommit
    type: CD-CODECOMMIT
  - label: AWSCodeDeploy
    type: CD-CODEDEPLOY
  - label: AWSCodePipeline
    type: CD-CODEPIPELINE
  - label: AWSCodeStar
    type: CD-CODESTAR
  - label: AWSComputeOptimizer
    type: CD-COMP-OPT
  - label: AWSConfig
    type: CD-CONFIG
  - label: [ AWSContainersFargate, AWSFargate ]
    type: fargate
  - label: AWSControlTower
    type: CD-CONTROL-TOWER
  - label: AWSDMS
    type: CD-DMS
  - label: AWSDataExchange
    type: CD-DATA-EXCHANGE
  - label: AWSDataPipeline
    type: CD-DATA-PIPELINE
  - label: AWSDataSync
    type: CD-DATASYNC
  - label: AWSDeviceFarm
    type: CD-DEV-FARM
  - label: AWSDirectConnect
    type: direct-connect
  - label: [ AWSDirectoryService, DirectoryService ]
    type: CD-DIR-SERVICE
  - label: AWSElasticBeanstalk
    type: CD-ELASTIC-BEANSTALK
  - label: [ AWSFirewallManager, FirewallManager ]
    type: firewall-manager
  - label: AWSGeneral_GenericDatabase
    type: rds
  - label: [ AWSGeneral_User, AWSGeneral_Users ]
    type: empty-component
  - label: AWSGlobalAccelerator
    type: CD-GLOBAL-ACC
  - label: AWSGlue
    type: CD-GLUE
  - label: AWSGroundStation
    type: CD-GROUND-STATION
  - label: [ AWSIdentityandAccessManagement_IAM, IAM ]
    type: iam
  - label: AWSIoT1Click
    type: CD-IOT-1-CLICK
  - label: AWSIoTAWSGreengrass
    type: CD-IOT-GREENGRASS
  - label: AWSIoTCore
    type: CD-IOT-CORE
  - label: AWSIoTEvents
    type: CD-IOT-EVENTS
  - label: AWSIoTSiteWise
    type: CD-IOT-SITEWISE
  - label: AWSIoTThingsGraph
    type: CD-IOT-THINGS-GRAPH
  - label: [ AWSIoTlambdafunction, AWSLambda, AWSLambdaLambdaFunction, AWSLambda_LambdaFunction,
             IoT_LambdaFunction, LambdaLambdaFunction ]
    type: aws-lambda-function
  - label: AWSKMS
    type: kms
  - label: AWSLakeFormation
    type: CD-LAKE-FORMATION
  - label: AWSLicenseManager
    type: CD-LICENSE-MGR
  - label: AWSManagedServices
    type: CD-AWS-MS
  - label: AWSManagementConsole
    type: CD-AWS-MANAGEMENT-CONSOLE
  - label: AWSMarketplace
    type: CD-MARKETPLACE
  - label: AWSMigrationHub
    type: CD-MIGRATION-HUB
  - label: [ AWSNetworkFirewall, NetworkFirewall ]
    type: CD-AWS-NETWORK-FIREWALL
  - label: AWSOpsWorks
    type: CD-OPSWORKS
  - label: AWSOpsWorks_Instances
    type: ec2
  - label: AWSOrganizations
    type: CD-AWS-ORGANIZATIONS
  - label: AWSOutposts
    type: CD-OUTPOSTS
  - label: [ AWSPrivateLink, AmazonVPCPrivateLink ]
    type: privatelink
  - label: AWSRoboMaker
    type: CD-ROBOMAKER
  - label: [ AWSSecretsManager,SecretsManager ]
    type: CD-SECRETS-MANAGER
  - label: [ AWSSecurityHub, SecurityHub ]
    type: CD-SECURITY-HUB
  - label: AWSServerlessApplicationRepository
    type: CD-SERVERLESS-APP-REPO
  - label: AWSServiceCatalog
    type: CD-SERVICE-CATALOG
  - label: [ AWSShield, Shield ]
    type: CD-SHIELD
  - label: AWSSitetoSiteVPN
    type: site-to-site-vpn
  - label: [ AWSSnowball, AWSSnowball_green ]
    type: CD-SNOWBALL
  - label: [ AWSStepFunction, AWSStepFunctions ]
    type: step-functions
  - label: AWSStorageGateway
    type: CD-STORAGE-GATEWAY
  - label: AWSSystemsManager
    type: CD-SYSTEMS-MANAGER
  - label: AWSTransferFamily
    type: CD-TRANSFER-FML
  - label: AWSTransitGateway
    type: CD-AWS-TRANSIT-GW
  - label: AWSTrustedAdvisor
    type: trusted-advisor
  - label: [ AWSWAF, WAF ]
    type: CD-WAF
  - label: AWSWellArchitectedTool
    type: CD-WA-TOOL
  - label: AWSXRay
    type: CD-XRAY
  - label: AlexaForBusiness
    type: CD-ALEXA-FOR-BUSINESS
  - label: [ AmazonAPIGateway, AmazonAPIGateway_purple ]
    type: api-gateway
  - label: AmazonAthena
    type: athena
  - label: AmazonAurora
    type: CD-AURORA
  - label: AmazonChime
    type: CD-CHIME
  - label: AmazonCloudFront
    type: cf-cloudfront
  - label: AmazonCloudSearch
    type: CD-CLOUDSEARCH
  - label: AmazonCloudWatch
    type: cloudwatch
  - label: [ AmazonCognito, Cognito ]
    type: cognito
  - label: AmazonComprehend
    type: CD-COMPREHEND
  - label: AmazonConnect
    type: CD-CONNECT
  - label: [ AmazonContainersElasticContainerRegistry, AmazonEC2ContainerRegistry,
             AmazonECR, AmazonElasticContainerRegistry ]
    type: elastic-container-registry
  - label: [ AmazonContainersElasticContainerService, AmazonECS, AmazonECSECScontainer,
             AmazonECSECScontainerAlt1, AmazonECSECScontainerAlt2, AmazonElasticContainerService,
             AmazonElasticContainerService_Container1, AmazonElasticContainerService_Container2,
             AmazonElasticContainerService_Service ]
    type: elastic-container-service
  - label: AmazonDocumentDB
    type: CD-DOCUMENTDB
  - label: AmazonDynamoDB
    type: dynamodb
  - label: [ AmazonEBS, AmazonElasticBlockStoreEBS, ElasticBlockStore ]
    type: elastic-block-store
  - label: AmazonEC2
    type: ec2
  - label: [ AmazonEC2_M5Instance, AmazonEC2_R5Instance ]
    type: ec2
  - label: [ AmazonEFS, AmazonElasticFileSystem_EFS, EFS file system, EFS ]
    type: elastic-file-system
  - label: AmazonEMR
    type: CD-EMR
  - label: AmazonElastiCache
    type: elasticache
  - label: AmazonElasticCacheRedis
    type: CD-ELASTICACHE-FOR-REDIS
  - label: [ AmazonElasticContainerKubernetes, AmazonElasticContainerServiceforKubernetes ]
    type: elastic-container-kubernetes
  - label: AmazonElasticTranscoder
    type: CD-ELASTIC-TRANSCODER
  - label: AmazonElasticsearchService
    type: elasticsearch
  - label: AmazonEventBridge
    type: eventbridge
  - label: AmazonFSxforWindowsFileServer
    type: fsx-windows-file-server
  - label: [ AmazonForecast, Forecast ]
    type: CD-FORECAST
  - label: AmazonGameLift
    type: CD-GAMELIFT
  - label: AmazonGlacier
    type: glacier
  - label: [ AmazonGuardDuty, GuardDuty ]
    type: CD-GUARDDUTY
  - label: [ AmazonInspector, Inspector ]
    type: CD-INSPECTOR
  - label: [ AmazonKinesis, AmazonKinesisDataAnalytics ]
    type: kinesis-data-analytics
  - label: AmazonKinesisDataFirehose
    type: kinesis-data-firehose
  - label: AmazonKinesisDataStreams
    type: kinesis-data-streams
  - label: [ AmazonKinesisVideoStreams, AmazonKinesisVideoStreamsMedia, AmazonKinesisVideoStreams_orange ]
    type: kinesis-video-streams
  - label: [ AmazonLex, Lex ]
    type: CD-LEX
  - label: AmazonLightsail
    type: CD-LIGHTSAIL
  - label: AmazonMQ
    type: CD-MQ
  - label: [ AmazonMacie, Macie ]
    type: CD-MACIE
  - label: AmazonManagedBlockchain
    type: CD-MANAGEDBLOCKCHAIN
  - label: AmazonNeptune
    type: CD-NEPTUNE
  - label: [ AmazonPersonalize,Personalize ]
    type: CD-PERSONALIZE
  - label: [ AmazonPinpoint, AmazonPinpoint_red ]
    type: CD-PINPOINT
  - label: AmazonPolly
    type: CD-POLLY
  - label: AmazonQuickSight
    type: CD-QUICKSIGHT
  - label: [ AmazonRDS, AmazonRDSDBinstance, AmazonRDSinstancestandby, Database, Generic database, genericdatabase ]
    type: rds
  - label: [ AmazonRedshift, AmazonRedshift_blue ]
    type: redshift
  - label: [ AmazonRekognition, Rekognition ]
    type: CD-REKOGNITION
  - label: AmazonRoute53
    type: route-53
  - label: [ AmazonS3, AmazonS3bucket, AmazonS3bucketwithobjects, AmazonSimpleStorageServiceS3,  AmazonSimpleStorageServiceS3_Bucket,
             AmazonSimpleStorageServiceS3_BucketwithObjects, S3 bucket, S3 bucket with objects,
             SimpleStorageService, Storage ]
    type: s3
  - label: [ AmazonSES, AmazonSimpleEmailServiceSES_Email ]
    type: CD-SES
  - label: [ AmazonSNS, AmazonSimpleNotificationService, AmazonSimpleNotificationServiceSNS ]
    type: sns
  - label: [ AmazonSQS, AmazonSQSqueue, AmazonSimpleQueueService, AmazonSimpleQueueServiceSQS,
             AmazonSimpleQueueServiceSQS_Queue, SQS queue ]
    type: sqs-simple-queue-service
  - label: AmazonSWF
    type: swf-simple-workflow-service
  - label: [ AmazonSageMaker, SageMaker ]
    type: CD-SAGEMAKER
  - label: AmazonTextract
    type: CD-TEXTRACT
  - label: AmazonTimestream
    type: CD-AWS-TIMESTREAM
  - label: [ AmazonTranscribe, Transcribe ]
    type: CD-TRANSCRIBE
  - label: AmazonTranslate
    type: CD-TRANSLATE
  - label: [ AmazonVPC, VirtualPrivateCloudContainer, VirtualPrivateCloudVPC, virtualprivatecloud ]
    type: vpc
  - label: [ AmazonVPC_Endpoints, AmazonVPCendpoints ]
    type: empty-component
  - label: AmazonWorkDocs
    type: CD-WORKDOCS
  - label: AmazonWorkMail
    type: CD-WORKMAIL
  - label: AmazonWorkSpaces
    type: CD-WORKSPACES
  - label: AvailabilityZone
    type: empty-component
  - label: AzureMediaServicesAzure2019
    type: CD-MICROSOFT-AZURE-MEDIA-SERVICES
  - label: [ Client, client ]
    type: generic-client
  - label: DataShareInvitationsAzure2021
    type: CD-MICROSOFT-AZURE-DATA-SHARE
  - label: DataSharesAzure2021
    type: CD-MICROSOFT-AZURE-DATA-SHARE
  - label: DatabaseBlock
    type: other-database
  - label: [ DefaultSquareBlock, FreehandBlock ]
    type: empty-component
  - label: [ Elastic Load Balancing Application Load Balancer, Elastic Load Balancing
    Classic Load Balancer, ElasticLoadBalancing, ElasticLoadBalancingApplicationLoadBalancer,
    ElasticLoadBalancingClassicLoadBalancer ]
    type: load-balancer
  - label: [ ElasticLoadBalancingELB, ElasticLoadBalancingELLoadBalancer, ElasticLoadBalancing_Applicationloadbalancer,
             ElasticLoadBalancing_Classicloadbalancer, ElasticLoadBalancing_Networkloadbalancer ]
    type: load-balancer
  - label: GenericGroup1
    type: empty-component
  - label: GenericGroup2
    type: empty-component
  - label: Kendra
    type: CD-KENDRA
  - label: PrivateSubnet
    type: empty-component
  - label: PublicSubnet
    type: empty-component
  - label: Region
    type: empty-component
  - label: SQLDatabaseAzure2021
    type: CD-MICROSOFT-AZURE-SQL-DB
  - label: SimpleEmailServiceEmail
    type: CD-SES
  - label: Translate
    type: CD-TRANSLATE
  - label: [ User, Users, user, users ]
    type: empty-component
  - label: VPC endpoints
    type: empty-component
  - label: VPCSubnet
    type: empty-component
  - label: VirtualprivatecloudVPC
    type: vpc
  - label: { $regex: "^(AmazonEC2_?|EC2)a-zA-Z?[0-9]?a-z?(Instance|instance)s?$" }
    type: ec2

Then, we can map the generic shapes by name in a custom mapping file:

custom-mapping.yaml
trustzones: 
  - label:  Internet
    type:   internet
    id:     f0ba7722-39b6-4c81-8290-a30a248bb8d9

components:

  - label: Web browser
    type: generic-client

  - label: Android
    type: android-device-client

The expected result for this case should be an OTM like this:

lucidchart.otm
{
  "otmVersion": "0.1.0",
  "project": {
      "name": "Lucid Example",
      "id": "lucid-example"
  },
  "representations": [{
      "name": "Visio",
      "id": "Visio",
      "type": "diagram",
      "size": {
          "width": 1000,
          "height": 1000
      }
  }],
  "trustZones": [{
      "id": "b61d6911-338d-46a8-9f39-8dcd24abfe91",
      "name": "Public Cloud",
      "risk": {
          "trustRating": 10
      }
  }, {
      "id": "2ab4effa-40b7-4cd2-ba81-8247d29a6f2d",
      "name": "Private Secured Cloud",
      "risk": {
          "trustRating": 10
      }
  }, {
      "id": "f0ba7722-39b6-4c81-8290-a30a248bb8d9",
      "name": "Internet",
      "risk": {
          "trustRating": 10
      }
  }],
  "components": [{
      "id": "7",
      "name": "Custom VPC",
      "type": "empty-component",
      "parent": {
          "trustZone": "b61d6911-338d-46a8-9f39-8dcd24abfe91"
      }
  }, {
      "id": "9",
      "name": "My EC2",
      "type": "ec2",
      "parent": {
          "component": "7"
      }
  }, {
      "id": "12",
      "name": "My CloudWatch",
      "type": "cloudwatch",
      "parent": {
          "trustZone": "b61d6911-338d-46a8-9f39-8dcd24abfe91"
      }
  }, {
      "id": "17",
      "name": "My API Gateway",
      "type": "api-gateway",
      "parent": {
          "trustZone": "b61d6911-338d-46a8-9f39-8dcd24abfe91"
      }
  }, {
      "id": "26",
      "name": "My CloudTrail",
      "type": "cloudtrail",
      "parent": {
          "trustZone": "b61d6911-338d-46a8-9f39-8dcd24abfe91"
      }
  }, {
      "id": "29",
      "name": "My Simple Storage Service (S3)",
      "type": "s3",
      "parent": {
          "trustZone": "b61d6911-338d-46a8-9f39-8dcd24abfe91"
      }
  }, {
      "id": "38",
      "name": "Web browser",
      "type": "generic-client",
      "parent": {
          "trustZone": "f0ba7722-39b6-4c81-8290-a30a248bb8d9"
      }
  }, {
      "id": "44",
      "name": "Android",
      "type": "android-device-client",
      "parent": {
          "trustZone": "f0ba7722-39b6-4c81-8290-a30a248bb8d9"
      }
  }, {
      "id": "47",
      "name": "SQL Database",
      "type": "CD-MICROSOFT-AZURE-SQL-DB",
      "parent": {
          "trustZone": "2ab4effa-40b7-4cd2-ba81-8247d29a6f2d"
      }
  }, {
      "id": "53",
      "name": "My DynamoDB",
      "type": "dynamodb",
      "parent": {
          "trustZone": "2ab4effa-40b7-4cd2-ba81-8247d29a6f2d"
      }
  }],
  "dataflows": [{
      "id": "32",
      "name": "EC2 Logs",
      "source": "9",
      "destination": "12"
  }, {
      "id": "33",
      "name": "GW/EC2",
      "source": "17",
      "destination": "9"
  }, {
      "id": "34",
      "name": "Log trace",
      "source": "17",
      "destination": "26"
  }, {
      "id": "35",
      "name": "Customer data",
      "source": "17",
      "destination": "29"
  }, {
      "id": "43",
      "name": "f7ef1b0f-2a7a-4822-9aa8-59affc9bf309",
      "source": "38",
      "destination": "17"
  }, {
      "id": "46",
      "name": "114deaf6-bb2d-407a-a68a-1fccb3d56ed7",
      "source": "44",
      "destination": "17"
  }, {
      "id": "56",
      "name": "User data",
      "source": "17",
      "destination": "53"
  }, {
      "id": "57",
      "name": "App data",
      "source": "17",
      "destination": "47"
  }]
} 

That imported in a tool like IriusRisk looks like this: img_2.png

cURL

To try this example on your machine, first, you need to put in place the necessary files:

  • Download the Lucidchart example above from here.
  • Save the default mapping above with the name default-mapping.yaml.
  • Save the custom mapping above with the name custom-mapping.yaml.

Finally, execute the following command to retrieve the OTM file:

curl --location --request POST localhost:5000/api/v1/startleft/diagram \
--header "Content-Type: multipart/form-data" \
--header "Accept: application/json" \
--form diag_type="LUCID" \
--form diag_file=@"./lucid-aws-with-tz-and-vpc.vsdx" \
--form default_mapping_file=@"./default-mapping.yaml" \
--form custom_mapping_file=@"./custom-mapping.yaml" \
--form id="my-lucidchart-example" \
--form name="My Lucidchart Example"

Command line usage

You can also use the Command Line option for this example, with the files downloaded in the previous section.

Make sure StartLeft is properly installed and execute the following command:

startleft parse \
--diagram-type LUCID \
--default-mapping-file ./default-mapping.yaml \
--custom-mapping-file ./custom-mapping.yaml \
--output-file my-lucidchart-cli-example.otm \
--project-name "My Lucidchart CLI Example" \
--project-id "my-lucidchart-cli-example" \
./lucid-aws-with-tz-and-vpc.vsdx