When making changes understanding the output from your Terraform plan is critical to ensuring that there is no unintentional impact from your changes. Because of this Terraform uses terraform graph that helps users to visualise these changes.
What is Terraform Graph?
The terraform graph command is used to generate a visual representation of either a configuration or execution plan. The output is in the DOT format, which can then be used to generate charts.
The recommended program that can read this format is GraphViz, but many web services are also available to read this format. Some add extra formatting to the outputs so that
These are some of the online services:
- http://www.webgraphviz.com/
- https://dreampuf.github.io/GraphvizOnline/
- https://github.com/mdaines/viz.js → emscripten → http://viz-js.com/
- https://sketchviz.com/new ### Usage
First thing install graphviz (example on Mac OS):
brew install graphviz
Then generate a graph output using:
terraform graph [options]
The -type
flag can be used to control the type of graph shown. Terraform creates different graphs for different operations. The default type is "plan" if a configuration is given, and "apply" if a plan file is passed as an argument.
Generating Images
The output of terraform graph is in the DOT format, which can easily be converted to an image by making use of dot provided by GraphViz:
$ terraform graph | dot -Tsvg > graph.svg
Here is an example graph output using graphviz:
As mentioned above, there are other services that can convert the provided dot. With these you typically upload the output to the online service and can modify it within the interface.
Heres an example from dreampuf.github..
What is Overmind?
Overmind is a SaaS Terraform impact analysis tool. It discovers your AWS infrastructure so that it can calculate the blast radius of a change including those resources outside of Terraform.
Usage
To get started with Overmind you need to create a account by signing up on the website. Once signed up you'll need to configure a AWS source. Overmind uses a read-only role to query the AWS api to generate the blast radius.
There are two ways of creating a source:
- Using Cloud Formation (Automatic):
- Using IAM role (Manual):
Once your source is configured you are ready to create your first change.
Now you’ve added the context of the change you need to select the resources that you will be changing. Currently you can do this manually by selecting one or more resource types. A GitHub action is planned to be released soon that will allow you to parse the plan output automatically into Overmind.
Once you’ve selected your types you can then select the individual items you are going to change. Overmind populates these from your AWS source that you configured earlier.
When you’re done selecting the items the final step is to then calculate the blast radius.
Blast Radius
Blast radius queries your AWS infrastructure understanding the relationships and dependencies between different resources and items. From this it can then calculate the impact of your change (or the blast radius).
Once you’ve got the blast radius you can then have a look and see if your change unintentionally impacts anything. By navigating the calculated graph you can explore the links and dive into the meta data to get some context on its configuration.
Terraform Graph vs Overmind?
Before jumping into a comparison of the two it is worth providing some context to the application we are going to be making changes to. It is Kubernetes cluster that manages some API gateways using AWS services such as EKS, EFS & Route53.
Let’s take a look at what this change would look like as a Terraform Graph output. Due to image dimension restrictions the below is a screenshot of a much larger Terraform Graph output.
Within Overmind, by selecting the resource/s that we will be changing, we get the following blast radius.
Conclusion
In this example the output was a 3.5mb svg file or a image with the dimensions 256925px by 3802px. If you were to convert pixels to cm's it's about as it's about as wide as The Wingspan of a 747 (68 metres). Dealing with such a large file is not easy and as you can see from the above screenshot it is not easily readable.
However, Terraform graph can still be a great tool when working with smaller, more manageable changes or if you simply want something to run on CLI. But when you ultimately need to make some larger, more complex changes it is when Overmind would come in to its own. Allowing you to only see the affected resources.
Both tools are freely available:
Terrafrom Graph - docs here.
Overmind - You can sign up here.
Top comments (0)