When using Terraform the output from terraform plan can be used to help understand the impact your infrastructure changes. Terraform has terraform graph to help visualise these changes however when dealing with large or complex infrastructures this can quickly become difficult to navigate. Because of this several visualisation tools have emerged both open source and enterprise.
What is Rover?
Rover is an example of a open source tool that enables users to visualise their Terraform plan. Rover is a interactive Terraform Plan visualiser that helps users explore their state and configuration. Rover is open source and runs locally on your machine. This means that your Terraform state stays local and isn't sent to a remote server for processing. In addition, Rover uses the plan file to generate the state. So in addition to visualising the current infrastructure state, you're able to view any changes to the resources (creation, modification, or deletion).
Usage
Rover does this by:
- Generating a plan file and parsing the configuration in the user’s root directory.
- Parsing the plan and configuration files to generate three items: the resource overview (RSO), the resource map (map), and the resource graph (graph).
- Rover then consumes the RSO, map, and graph to generate an interactive configuration and state visualisation hosted on localhost:9000
- The quickest way to get up and running with Rover is by using Docker.
Run the following command in any Terraform workspace to generate a visualisation. This command copies all the files in your current directory to the Rover container and exposes port :9000
docker run --rm -it -p 9000:9000 -v $(pwd)/plan.json:/src/plan.json im2nguyen/rover:latest -planJSONPath=plan.json
Once Rover is running on localhost:9000, navigate to it in a browser to find the visualisation.
From here you can then explore the visualisation of your terraform plan output. The legend on the left hand side shows you the different categorisations of resources and other items. With rover you are able to export the generated graph as .SVG file.
What is Overmind?
Overmind is a SaaS Terraform impact analysis tool. It understands all of the dependencies across your AWS infrastructure which means it can calculate the blast radius of a change, even for those resources outside of Terraform.
Usage
To get started with Overmind you need to create a account by signing up on the website. Once signed up you need to add a AWS source. Overmind uses a read-only role to query the AWS api to generate the blast radius.
There are two ways of creating a source:
- Using Cloud Formation (Automatic):
- Using IAM role (Manual):
Once your source is configured you are ready to create your first change.
You will need to give your change a:
- Name
- Description
- Ticket link
- Owner
- CC emails (Optional)
Now you’ve added the context of the change you need to select the resources that you will be changing. Currently you can do this manually by selecting one or more resource types. A GitHub action is planned to be released soon that will allow you to parse the plan output automatically into Overmind.
Once you’ve selected your types you can then select the individual items you are going to change. Overmind populates these from your AWS source that you configured earlier.
When you’re done selecting the items the final step is to then calculate the blast radius.
Blast Radius
Blast radius queries your AWS infrastructure understanding the relationships and dependencies between different resources and items. From this it can then calculate the impact of your change (or the blast radius).
Once you’ve got the blast radius you can then have a look and see if your change unintentionally impacts anything. By navigating the calculated graph you can explore the links and dive into the meta data to get some context on its configuration.
Rover vs Overmind?
Before jumping into a comparison of the two it is worth providing some context to the application we are going to be making changes to. It is Kubernetes cluster that manages some API gateways using AWS services such as EKS, EFS & Route53.
Let’s take a look at what this change would look like within Rover. By taking that same Terraform plan output and running it through Rover we get the below.
Within Overmind, by selecting the resource that we will be changing, we get the following blast radius. We are able to see the items related to this resource that we are changing, meaning that we are informed on the impact of this change.
Conclusion
To compare the two, Rover does a great job at visually showing you the output of your Terraform plan. However it can be quite complex to understand with the various dependencies. As Overmind only shows what you will be impacted it is easier to navigate therefore you’re more likely to identify any issues ahead of time.
Both tools are freely available:
Rover - you can find the github repo here.
Overmind - You can sign up here.
Top comments (0)