Generating 20+ Architecture Diagrams in Minutes: A Batch-Generation Pattern

When a CTO needs architecture documentation for a 350-person enterprise running 15 systems with zero existing diagrams, the timeline rarely permits weeks of Visio work. The traditional manual approach yields maybe five diagrams before the deadline, and they are outdated before the ink dries.

The batch-generation approach: define the system as code, render diagrams programmatically, and iterate visual quality through automated checks. The same definition produces 20 or more diagrams in the time it takes to draw one by hand.

Enterprise integration map showing API Management as the central hub connecting Power Platform, backend services, legacy Oracle, and Dataverse

The Running Example: Cascade Dynamics

Cascade Dynamics is the canonical az365 fictional company used across multiple articles. The architecture is designed to be plausible and complete enough to exercise every diagram category, while staying entirely synthetic. None of it maps to a specific real engagement.

The setup: a 350-person firm modernizing its case-management platform. The fictional environment inherits an Oracle 19c database that has been running for 15 years, and is building a hybrid platform on Azure plus Power Platform while keeping the legacy system alive during the transition.

The stack spans:

Legacy: Oracle 19c on-prem, SFTP batch feeds, Windows Server VMs
Azure: AKS, App Services, Cosmos DB, Azure SQL, API Management, Service Bus, Azure OpenAI
Power Platform: Dataverse for case management, Power Automate for approvals, Power BI for dashboards
Security: Entra ID with Conditional Access, Key Vault, Sentinel

This is the kind of environment where architecture documentation is not optional. It is a compliance requirement. And it is the kind of environment where nobody has time to draw diagrams by hand.

How Do You Generate 20+ Diagrams from Code?

The pattern is straightforward. A TypeScript script contains helper functions for common diagram elements (icons, rectangles, containers, edges) and a specification array where each diagram is a function that returns Draw.io XML.

// Helper: Azure icon with label
function iconBlock(x, y, iconPath, label) {
  const id = addIcon(x, y, iconPath);
  addLabel(x - 20, y + 60, 90, 20, label);
  return id;
}

// One diagram = one function
{ name: 'cascade-cicd-pipeline', fn: () => {
  const ado = iconBlock(30, 70, 'devops/Azure_DevOps.svg', 'Azure DevOps');
  const build = step(140, 80, 140, 55, 'Build', 'Compile + unit tests', blue);
  const test = step(320, 80, 140, 55, 'Test', 'Integration + security', amber);
  addEdge(ado, build, 'push');
  addEdge(build, test);
  // ...
}}

Run the script. It generates 20+ .drawio files, exports each to SVG (with Azure icons embedded, transparent backgrounds), and validates against the quality gate. The whole batch completes in minutes.

The 5 Categories Every Enterprise Architecture Needs

Every complex system needs at least these five diagram categories. Skip any of them and there will be blind spots that cost time during incident response, audits, or onboarding.

Category	Diagrams	Who Reads Them
Data Architecture	ERDs, data flows, event architecture, state machines	Developers, DBAs, compliance
Infrastructure + Security	Network topology, zero trust, identity, monitoring	Platform engineers, security, auditors
DevOps + Deployment	CI/CD, environment topology, IaC, container architecture	DevOps, release managers
Integration + AI	Integration map, AI pipelines, RAG architecture, migration path	Architects, data engineers, AI team
Power Platform + Governance	Platform footprint, approval flows, environments, governance	CoE team, admins, business owners

Data Architecture: ERDs, Flows, Events, and State Machines

The Core ERD

This is always diagram #1. Before anyone writes a line of code, they need to see the data model. The Cascade Dynamics Dataverse schema has 6 core tables across 3 domains: clinical (blue), provider (green), and administrative (amber/purple/gray).

Entity Relationship Diagram showing 6 Dataverse tables: Patient, Clinical Case, Clinician, Appointment, Document, and Audit Log with relationship arrows — Core ERD for Cascade Dynamics. Color-coded by domain: clinical (blue), provider (green), scheduling (amber), documents (purple), audit (gray). All relationships labeled with cardinality.

What makes this ERD useful: column-level detail (not just table names), color coding by domain, and relationship cardinality on every edge. The ai_summary column on the Document table signals immediately that AI processing is happening at the data layer.

For a deeper look at generating beautiful ERDs from Dataverse schemas, see Generate a Beautiful Dataverse ERD in 5 Minutes.

Data Ingestion Pipeline

The Oracle-to-Azure migration runs nightly batch feeds through SFTP. This diagram shows the flow from legacy to cloud, splitting structured data to Azure SQL and documents to Cosmos DB.

Data flow pipeline from Oracle 19c through SFTP and Blob Storage to Data Factory, splitting to Azure SQL for structured data and Cosmos DB for documents — Nightly data ingestion from legacy Oracle. SFTP batch upload to Blob Storage triggers Data Factory, which routes structured data to SQL and documents to Cosmos.

Event-Driven Architecture

Service Bus handles the async event distribution. Three topic categories (case events, document events, audit events) feed into Function App consumers. This is the backbone. Every state change in the system flows through here.

Case Lifecycle State Machine

Cases move through 7 states with a decision gateway. The rejection loop (Returned to Draft) is the one that causes the most bugs. State transitions that go backward need careful handling in Power Automate.

State machine showing case lifecycle: Draft to Submitted to In Review with decision gateway to Approved/Returned, then Active and Closed — Case lifecycle state machine. The 'Returned' state loops back to Draft. This backward transition is where most workflow bugs live.

Infrastructure + Security: Network, Zero Trust, Identity, and Observability

Network Topology

Hub-spoke VNet design. The hub hosts the firewall, bastion, and DNS. App and data spokes are peered to the hub. On-premises Oracle connects through VPN/ExpressRoute. This is the diagram the network team and auditors ask for first.

Hub-spoke VNet topology with Hub VNet containing Firewall, Bastion, and DNS, connected to App Spoke with AKS and App Service, Data Spoke with SQL and Cosmos, and on-premises Oracle via VPN — Hub-spoke network topology. Hub VNet (10.0.0.0/16) peers to app and data spokes. On-premises connection via VPN/ExpressRoute to the legacy Oracle environment.

Zero Trust Security Model

Entra ID at the center, four pillars radiating out: Conditional Access (MFA), Key Vault (managed identities), Sentinel (SIEM), and NSG Rules (micro-segmentation). Each pillar maps to a concrete implementation below it.

Identity Architecture

The authentication flow from end to end. Users authenticate through Entra ID, pass Conditional Access (MFA + device compliance), receive a JWT, hit API Management, and get routed to the appropriate backend API. This is the diagram to hand to the penetration testing team.

Identity flow from Users through Entra ID and Conditional Access to API Management, routing to Clinical API and Document API backends — End-to-end identity flow. Every request passes through 4 checkpoints before reaching backend services.

Monitoring and Observability

Three telemetry sources (App Services, AKS, Functions) feed into Application Insights and Log Analytics, which converge on Azure Monitor. From there, security events go to Sentinel and operational metrics go to dashboards. This is how a team answers “what broke at 3 AM.”

Monitoring stack showing App Services, AKS, and Functions feeding into Application Insights and Log Analytics, converging on Azure Monitor with outputs to Sentinel and dashboards — Observability stack. Three telemetry sources converge on Azure Monitor, which routes security alerts to Sentinel and operational metrics to Power BI dashboards.

DevOps + Deployment: CI/CD, Topology, IaC, and Containers

CI/CD Pipeline

Azure DevOps runs the pipeline. Code push triggers build and unit tests, then integration and security testing, then an approval gate, then staging with smoke tests, and finally production with blue-green deployment. The ACR (Container Registry) stores the images.

Deployment Topology

Three environments, each with identical resource sets. Dev (blue), Test/UAT (amber), Production (green). The promote/approve edges show the one-way flow. Nothing goes backward from prod to dev.

Three deployment environments (Development, Test/UAT, Production) each containing App Service, SQL Database, and Cosmos DB with promote and approve edges between them — Deployment topology. Each environment has identical resource types (App Service, SQL, Cosmos) with promotion gates between them.

Infrastructure as Code

Bicep templates in git, committed to an Azure DevOps pipeline that runs ARM what-if validation, then deploys to resource groups. Azure Policy validates compliance at every deployment. No manual portal clicks allowed.

IaC pipeline from Bicep Templates through Azure DevOps to ARM Deploy, splitting to Resource Groups and Azure Policy validation — Infrastructure as Code pipeline. Bicep templates are the single source of truth. Azure Policy validates every deployment against compliance rules.

Container Architecture

The AKS cluster hosts 4 workloads: Clinical API, Document API, Event Processor, and an Auth Sidecar (DaemonSet). ACR provides container images, Application Gateway handles ingress, and Key Vault provides secrets through the auth sidecar.

AKS cluster containing Clinical API, Document API, Event Processor, and Auth Sidecar deployments, with ACR, Application Gateway, and Key Vault connected externally — AKS cluster architecture. The Auth Sidecar (DaemonSet) handles secret rotation from Key Vault so application pods never touch secrets directly.

Integration + AI: APIs, Document Processing, RAG, and Migration

Enterprise Integration Map

API Management sits at the center. On the left: consumer systems (Power Platform, Power Pages portal, mobile app). On the right: backend services (App Services, Functions). Below: legacy Oracle and Dataverse. Every system-to-system call routes through APIM.

AI Document Processing Pipeline

Documents flow through 6 steps: upload, blob storage, AI Document Intelligence (form extraction), Azure OpenAI (summarization), Cosmos DB (storage), and a Power App (display). A reviewer uploads a scanned form and gets a structured summary in the case management app.

AI document pipeline from upload through Blob Storage, Doc Intelligence, Azure OpenAI, Cosmos DB to Power App display — AI document processing pipeline. Documents go from PDF to structured summary in seconds. Doc Intelligence extracts fields, OpenAI generates the summary, Cosmos stores the results.

RAG Architecture

The Retrieval-Augmented Generation pattern. A user asks a question, Azure OpenAI sends a vector search to AI Search, which fetches relevant documents from Cosmos DB. The documents flow back to OpenAI as context for a grounded response with citations.

RAG architecture. The feedback loop (OpenAI to Search to Cosmos to OpenAI) ensures every response is grounded in actual documents, not hallucinated.

Legacy Modernization Path

The migration from Oracle to Azure is a 6-month project. Data Migration Service handles the schema and data transfer, with structured records going to Azure SQL and documents to Cosmos DB. A parallel run period validates data consistency before the Oracle cutover.

Power Platform + Governance: Landscape, Approvals, Environments, and CoE

Power Platform Footprint

The complete Power Platform map. Dataverse is the center of gravity. Power Apps drives the case management UI, Power Automate handles workflow, Power BI powers dashboards, and Copilot Studio provides the AI assistant. API Management bridges the Power Platform to Azure backend services.

Approval Flow Architecture

Cases need 3 approval steps: manager review, specialist review, and compliance check. Power Automate orchestrates the multi-step approval with parallel notifications at each stage.

Approval flow from Case Submit through Manager Review, Specialist Review, and Compliance check to Approved status — Multi-step approval flow. Three sequential gates, each with different reviewers and criteria. The compliance check at the end is the one that catches policy violations.

Environment Strategy

The standard Dev to Test/UAT to Production promotion path. Solutions export as unmanaged from Dev, import as managed into Test, and deploy to Production only after approval. Connection references and environment variables handle the per-environment configuration.

Governance Model

The Center of Excellence toolkit sits at the middle. DLP policies block risky connectors, CoE Starter Kit provides inventory and compliance tracking, and Environment Groups handle routing rules. Below: Solution Checker gates code quality, Approval Gates control prod promotion, and Azure Policy enforces infrastructure compliance.

Why Not Use Visio, Lucidchart, or Miro?

The table below contrasts a typical manual Visio workflow against the script-based approach. Times are illustrative, not measured benchmarks.

Capability	Manual Tools	Batch Generation
Time for 20 diagrams	Days to weeks	Minutes per batch
Version control	Binary files, no diffs	XML in git, meaningful diffs
Consistency	Manual, varies by author	Code-enforced palette and layout
Update cost	Redraw from scratch	Change one line, regenerate
Azure icons	Download, import, position	648 icons referenced by path
Quality assurance	Eyeball it	Automated quality gate + visual QA
License cost	Per-seat license required	Open source toolchain

The real advantage is not speed. It is the fact that these diagrams are code. When the architecture changes, change the script and regenerate. The diagrams stay current because updating them costs nothing.

The Visual QA Loop That Catches What Code Reviews Miss

Automated quality gates check structure: grid alignment, color palette compliance, edge routing, icon usage. They catch the mechanical errors. But they miss the aesthetic problems that make a diagram confusing: tangled routing, clipped labels, poor spacing, crossed edges.

The fix: export each diagram to PNG, read it visually, critique, fix, and regenerate. The PNG review catches what the structural check cannot. Both checks together give full coverage.

For every diagram in this article, the pipeline was:

Generate .drawio XML from the TypeScript spec
Run the quality gate (grid, palette, edges, icons), which must pass
Export to PNG at 2x scale
Visually review the PNG for aesthetic issues
Fix any coordinate issues in the script
Re-generate and re-verify
Export final SVG with transparent background and embedded icons

The result: 20+ diagrams that are structurally correct AND visually clean. No tangled arrows. No clipped text. No crossed edges.

For more on the diagramming pipeline, see Architecture Diagrams with Draw.io MCP and Claude Code. For the broader argument about keeping documentation alive in git, see Living Documentation in Git.

Recommended Starting Point

Start with 5 diagrams, not 20. Every enterprise needs at minimum: an ERD, a network topology, an integration map, a CI/CD pipeline, and an environment strategy. Those five cover 80% of the questions stakeholders will ask.

Build the batch script incrementally. Add one diagram at a time, verify it looks right, commit. Avoid trying to design all 20 at once.

Use the visual QA loop from day one. Diagrams ship with broken icons, dark backgrounds, and tangled arrows often enough that the export-to-PNG-and-look step is non-negotiable. Every time.

The goal is not perfect diagrams. The goal is diagrams that exist, that are accurate, and that update when the architecture changes. If a documentation strategy requires someone to manually update Visio files, the documentation will be wrong by next week.

Code-generated diagrams are living documentation. That is the entire point.

Building architecture documentation that stays current? Check out how agentic development works in practice and the full diagramming pipeline with Draw.io MCP.