ArchitectureDiagram.ai logoArchitectureDiagram.ai
Back to blog

Serverless Architecture Diagrams: AWS Lambda, Azure Functions & Cloud Run (2026)

How to create serverless architecture diagrams for AWS Lambda, Azure Functions, and Google Cloud Run. Covers event triggers, cold starts, VPC integration, fan-out patterns, and AI prompt templates.

R
Ryan·Senior AI Engineer
·

Serverless architecture diagrams visualize systems where compute is provided by functions-as-a-service (FaaS) platforms — AWS Lambda, Azure Functions, or Google Cloud Run — rather than always-on servers. Serverless diagrams need to show more than traditional architectures: they must capture event sources (what triggers a function), the function execution environment, downstream integrations, concurrency and scaling behavior, and cold-start paths. Because serverless systems are inherently event-driven and ephemeral, a clear diagram is often the only way to reason about the system as a whole.

This guide covers the essential components of a serverless architecture diagram, the most common serverless patterns, and ready-to-use prompt templates for generating diagrams with AI.

Core components of a serverless architecture diagram

A complete serverless architecture diagram should make the following components explicit:

  • Event sources / triggers: The services or events that invoke a function — HTTP requests (API Gateway, ALB), object storage events (S3 PutObject), queue messages (SQS, EventBridge), scheduled rules (CloudWatch Events / Cron), database stream records (DynamoDB Streams, Kinesis), or direct invocations from other functions
  • Function execution environment: The FaaS runtime (Lambda, Cloud Functions, Azure Functions), memory/timeout configuration, runtime language (Node.js, Python, Go), and any Lambda Layers or custom container images
  • Downstream integrations: Services the function writes to or reads from — databases (RDS, DynamoDB, Firestore), object stores (S3, GCS), caches (ElastiCache, Redis), message queues (SQS, Pub/Sub), or downstream APIs
  • VPC and network boundaries: Whether functions run inside a VPC (needed to access RDS, ElastiCache) or outside it, and how VPC endpoints or NAT Gateways enable internet access from VPC-attached functions
  • Concurrency and scaling limits: Reserved concurrency, provisioned concurrency (for cold-start-sensitive paths), and account-level concurrency limits that affect the scaling ceiling
  • Error handling and DLQs: Dead letter queues (SQS DLQ, SNS) that capture failed invocations, retry policies, and destinations for both success and failure outcomes
  • Observability hooks: CloudWatch Logs, X-Ray tracing, Lambda Insights, or third-party APM integrations (Datadog, Lumigo) that are attached to each function

Common serverless architecture patterns

API-backed serverless web app

The most common pattern: a static frontend served from a CDN routes API calls to a managed API gateway that invokes Lambda functions, which query a managed database. The entire compute layer scales to zero when idle.

"A React SPA is hosted on CloudFront + S3. All API calls go to Amazon API Gateway (HTTP API). API Gateway routes to three Lambda functions: get-user (queries DynamoDB with a GSI on userId), create-order (writes to DynamoDB and publishes an event to EventBridge), and get-order-history (queries DynamoDB and returns paginated results). Lambda functions use the DynamoDB SDK and have 512 MB memory and 30-second timeouts. A Cognito User Pool authenticates requests — API Gateway validates the JWT before invoking Lambda. CloudWatch Logs captures all function output. Lambda runs outside a VPC."

Event-driven processing pipeline (S3 → Lambda → downstream)

"Users upload files to an S3 input bucket. An S3 PutObject event triggers a Lambda processor function. The function reads the file, transforms it (CSV to JSON), and writes the result to an S3 output bucket. A second S3 PutObject event on the output bucket triggers a Lambda indexer function that writes a record to DynamoDB with the file metadata. A CloudWatch alarm monitors Lambda error rates and publishes to an SNS topic that emails the on-call engineer. Failed invocations are sent to an SQS dead letter queue with 14-day retention. All functions use provisioned concurrency to avoid cold starts on the first invocation after a deploy."

Fan-out / scatter-gather with SQS and Lambda

"An orchestrator Lambda function is triggered by EventBridge on a schedule (every 5 minutes). It reads a batch of pending jobs from DynamoDB and writes one SQS message per job to a standard SQS queue. A worker Lambda function has an SQS event source mapping with a batch size of 10 and a concurrency limit of 50. Each worker reads its record, calls a third-party API, and writes the result back to DynamoDB. On failure, messages are retried up to 3 times and then routed to an SQS DLQ. A separate monitor Lambda reads the DLQ on a cron and pages PagerDuty if depth exceeds 100."

Serverless with VPC — Lambda accessing RDS

"Lambda functions run inside a VPC in two private subnets across us-east-1a and us-east-1b. They connect to RDS PostgreSQL (Multi-AZ, db.t3.medium) via RDS Proxy, which manages the connection pool. A NAT Gateway in the public subnet allows functions to call external APIs (Stripe, SendGrid) while remaining in the VPC. Secrets Manager stores the database credentials and is accessed via a VPC endpoint to avoid the NAT Gateway. API Gateway sits outside the VPC and invokes Lambda via the VPC integration. Provisioned concurrency is set to 5 on the order-service Lambda to eliminate cold starts on the critical path."

Serverless platforms reference

PlatformTrigger typesMax timeoutCold start mitigation
AWS LambdaHTTP, SQS, S3, DynamoDB Streams, Kinesis, EventBridge, SNS15 minProvisioned concurrency, SnapStart (Java)
Azure FunctionsHTTP, Service Bus, Event Hub, Blob Storage, Timer, CosmosDBUnlimited (Premium/Dedicated)Always Ready instances (Premium)
Google Cloud RunHTTP, Pub/Sub, Eventarc, Cloud Scheduler60 minMin instances setting
Cloudflare WorkersHTTP, Cron, Durable Objects, Queue30 s (CPU time)V8 isolates (near-zero cold start)
Vercel FunctionsHTTP (Next.js API routes, Edge Functions)5 min (Pro)Edge runtime (near-zero cold start)

What makes serverless diagrams different

Serverless architectures introduce diagram challenges that traditional server-based diagrams don't have:

  • No persistent servers to anchor the diagram: Instead of showing servers as boxes, show the event → function → downstream integration chain for each logical flow
  • Cold start paths need annotation: Show which functions have provisioned concurrency and which may cold-start, since this affects the latency profile for different traffic patterns
  • Concurrency limits are architectural constraints: Account-level Lambda concurrency (default 1000) and per-function reserved concurrency are real scaling ceilings — show them in the diagram notes or as annotations
  • Event source mappings create implicit dependencies: When a function is connected to an SQS queue or DynamoDB Stream, draw the event source mapping explicitly — it's as important as an API call
  • VPC placement changes the latency and network topology: Show VPC boundaries, NAT Gateways, and VPC endpoints clearly — a Lambda inside a VPC behaves very differently from one outside it

Using Expert Chat to review serverless designs

After generating a serverless architecture diagram, the Expert Chat feature lets you attach the diagram and get feedback from an AI senior architect. Useful questions for serverless reviews:

  • "What are the cold start risks on the critical path in this architecture?"
  • "How does this design behave under a traffic spike that hits the Lambda concurrency limit?"
  • "What's missing from the error handling and retry strategy?"
  • "How much would this architecture cost at 1M requests/day?"
  • "Should these Lambda functions be inside or outside the VPC?"

Related guides: cloud architecture best practices, AWS architecture diagrams, event sourcing and CQRS, and serverless architecture use cases.

Ready to try it yourself?

Start Creating - Free