How to generate an Azure architecture diagram from a description
A sentence like "a serverless API on Azure with Azure Functions, API Management, and Cosmos DB" can become far more than a picture. With ArchGenie, that one description produces a clean Azure architecture diagram and everything that normally comes after it: validated Bicep (or Terraform or Pulumi), an A–F security grade with automated fixes, a per-resource cost estimate, observability as code, and documentation — ready to export to a pull request and deploy. This guide walks through that full path, starting with the diagram.
The diagram is the fastest way to see and refine the architecture, so we start there — but it is the entry point, not the destination. By the end you will have a complete, deployable Azure solution built from the same description. You do not need a diagramming tool, a schema, or an Azure subscription to begin.
What you'll need
An ArchGenie account (free to start, no credit card) and a rough idea of the system. No Azure subscription or credentials are required to generate the diagram, the code, the security grade, or the cost estimate.
Step 1 — Describe the system in plain language
Name the moving parts and how they connect — the compute model, the data stores, the entry point, and anything about availability. For example:
- "A serverless API on Azure with API Management, Azure Functions, and Cosmos DB, a Service Bus queue for async work, and Application Insights for monitoring."
- "A three-tier web app on Azure: Application Gateway in front of Azure Container Apps, an Azure Database for PostgreSQL Flexible Server across availability zones, and Blob Storage for static assets."
Be as terse or detailed as you like. Anything you leave out gets a sensible default you can correct in the next step. You can also start from a whiteboard photo, a screenshot, or a template instead of text.
Step 2 — Get the diagram, mapped to real Azure services
ArchGenie maps each component to a specific Azure managed service rather than a generic box. An "application server" resolves to App Service, Container Apps, AKS, or Azure Functions depending on the workload; a "database" resolves to Azure SQL, PostgreSQL Flexible Server, Cosmos DB, or Cache for Redis; and networking, identity (Entra ID), and observability (Azure Monitor, Application Insights) nodes are placed where they belong. The result is an Azure diagram with real service names on every node — the shared source of truth for everything that follows.
Step 3 — Refine the diagram interactively
Every node is interactive. Click a service to remove it, swap it for a different managed equivalent, or add high availability such as zone redundancy, replicas, or failover — or jump straight to that resource's infrastructure code, security finding, or cost line item. Keep the conversation going: ask for a read replica, a private virtual network with subnets, or Azure Front Door in front, and the diagram updates, re-deriving only the parts that depend on the change.
Step 4 — From the diagram to a complete Azure solution
Here the diagram stops being the product and becomes the source. Every deliverable below is derived from the same architecture — no re-describing the system in a second tool.
Validated infrastructure code (Bicep, Terraform, or Pulumi)
Pick a format and ArchGenie generates the full infrastructure code for the architecture, organized into a sensible file and module structure rather than one giant file. Every file is validated and security-hardened before you see it, so you are not starting from a draft that fails on the first deployment. Bicep, Terraform, and Pulumi (TypeScript or Python) are each first-class, so you can match your team's existing stack.
An A–F security grade with automated fixes
Every architecture is scored A–F, with per-resource findings that point to the exact resource and the exact issue — public network access, missing encryption, over-broad role assignments, and the like. Most findings can be fixed directly from the security report, and the grade updates as you harden the design. You see the security posture before anything is deployed.
A per-resource cost estimate
ArchGenie estimates the monthly cost per resource across the architecture, with on-demand, reserved, and spot comparisons and a savings calculator, so you can see what it will cost — and where to cut — before you commit. GPU and accelerator pricing is included for AI and ML workloads.
Observability as code
Alongside the infrastructure code, ArchGenie can generate observability as code — Azure Monitor dashboards, alerts, and Action Groups wired to the resources in your architecture — plus Grafana dashboard JSON on demand. Monitoring ships with the system from day one.
Documentation
Documentation is generated with the code: a README covering the architecture, how the Bicep is organized, and the steps to deploy it. It reflects the design you actually shipped, and regenerating it after changes keeps it current.
Export to a pull request, then deploy
When the architecture is ready, export the diagram, Bicep, and README to a GitHub, GitLab, or Bitbucket pull request — it lands next to your existing GitHub or Azure DevOps flow — or open a Jira issue with the diagram attached. Run your normal review and deployment from there.
On the free plan you get the diagram, Terraform, the A–F security grade, the cost estimate, and documentation, plus a couple of Git and Jira exports each month. Bicep and Pulumi, observability as code, unlimited exports, and line-level security navigation are on the paid plans.
Tips for a good description
- Name the compute model (serverless, containers, or VMs) so the diagram and code pick the right Azure service.
- Say whether you want zone redundancy or multiple regions if high availability matters — it changes the diagram, the Bicep, and the cost.
- Mention data stores by type (relational, document, cache, object) if you are unsure — ArchGenie picks a fit and you can change it.
- Include the entry point (Application Gateway, Front Door, or API Management) and any async pieces (Service Bus, Event Grid, or storage queues).
Example — a three-tier web app on Azure
Take the three-tier web app from Step 1. From that one description, ArchGenie draws the diagram, then hands you: the Bicep for the virtual network, Application Gateway, Container Apps environment, zone-redundant PostgreSQL Flexible Server, and storage account; an A–F security grade flagging, say, a public network rule or an unencrypted storage account, most fixable right from the report; a monthly cost estimate broken down per resource with reserved options; Azure Monitor dashboards and alerts for the service; a README and a deployment guide; and a pull request you can open in your repo. What started as a sentence is now a reviewed, costed, documented, deployable stack.
Frequently asked questions
Does ArchGenie only make diagrams, or the infrastructure code too?
The diagram is the first output. From the same architecture you also get validated Bicep, Terraform, or Pulumi, an A–F security grade, a per-resource cost estimate, observability as code, and documentation — and you can export the whole thing to a pull request.
Can I trust the generated Bicep?
Every file is validated and security-hardened before you see it, and you get an A–F security grade with per-resource findings, most of them fixable right from the report. You still run your own review and deployment — ArchGenie gets you to a reviewed, hardened starting point far faster.
How do I get the result into my repo?
Export the diagram, Bicep, and README as a GitHub, GitLab, or Bitbucket pull request so it lands next to your existing pipelines for review — or attach the diagram to a Jira issue to plan the work.
Is it free to start?
Yes — start free without a credit card and generate the diagram, Terraform, the security grade, and the cost estimate from the same description. Bicep and Pulumi are on the paid plans.
Does it work for AWS and Google Cloud too?
Yes. Describe the system for AWS or Google Cloud, or describe it once and compare the diagram, code, and cost across all three providers.
Turn your description into a complete Azure solution
Diagram, validated Bicep, security grade, cost, observability, and docs — from one description.