diagram {
  title = "Webapp"

  /* Some comment about this... */
  description = `
    No *particular* threats to consider at this point.

    It's **extremely** safe.`

  threats = [
    "csrf",
    "mitm"
  ]

  boundary browser {
    title = "Browser"

    function client {
      title = "Client"
    }
  }

  boundary aws {
    title = "Amazon AWS"

    function server {
      title = "Web Server"
    }
    database logs {
      title = "Logs"
    }
  }
  io analytics {
    title = "Google Analytics"
  }

  client -> server {
    operation = "Request /"
    description = `User navigates with a browser to see some content.`
  }
  server -> logs {
    operation = "Log"
    data = [
      "IP Address<sub>user</sub>",
      "Timestamp<sub>request</sub>",
      "Geolocation"
    ]
    description = `Logged to a ELK stack.`
  }
  server -> client {
    operation = "Response"
    data = ["User Profile"]
    description = `The server responds with some HTML.`
  }
  analytics <- client {
    operation = "Log"
    data = ["Page Navigation"]
    description = `The Google Analytics plugin sends navigation
                   data to Google.`
  }
}