Blast Radius is a tool for reasoning about Terraform dependency graphs with interactive visualizations.
Use Blast Radius to:
- Learn about Terraform or one of its providers through real examples
- Document your infrastructure
- Reason about relationships between resources and evaluate changes to them
- Interact with the diagrams below (and many others) in the docs
- Graphviz
Note: For macOS you can
brew install graphviz
- Python 3.7 or newer
- Go 1.12.16 or newer
- Terraform 0.12.x or newer
For fastest way to get up and running with blast-radius is as follows:
-
Download and install the wheel files from the release
copy the blastradius/server/static folder to the terraform directory
easy_install blastradius-0.1.25.4-py3-none-any.whl
or
pip3 blastradius-0.1.25.4-py3-none-any.whl
-
Once installed just point Blast Radius at any initialized Terraform directory:
blast-radius --serve /path/to/terraform/directory
-
Go to the browser link http://127.0.0.1:5000/ to view the Blast Radius diagram for the terraform file.
-
Enrich the Blast Radius diagrams with the outcome of Terraform plan & apply actions:
terraform plan --out tfplan.binary terraform show -json tfplan.binary > tfplan.json terraform apply
for including cost and policy information into blast-radius cost.json and policy.json file need to be stored into the working directory.
blast-radius --serve /path/to/terraform/directory
-
Go to the browser link http://127.0.0.1:5000/ to view the Blast Radius extended diagram
The enrichments include - information from the Plan file, State file , cost file and time file . Click the columns adjacent to the Resource Names to view these enrichment in the side panel view.
- Create wheel file of this repo
python3 setup.py sdist bdist_wheel
To launch Blast Radius for a local directory by manually running:
-
create a dockerhub account
docker build -t <dockerhub_username>/blast-radius:v1 . docker push <dockerhub_username>/blast-radius:v1
docker run --cap-add=SYS_ADMIN -dit -p 5000:5000 -v <path>:/data:ro <dockerhub_username>/blast-radius:v1
Terraform module links are saved as absolute paths in relative to the
project root (note .terraform/modules/<uuid>
). Given these paths will vary
betwen Docker and the host, we mount the volume as read-only, assuring we don't ever interfere with your real environment.
However, in order for Blast Radius to actually work with Terraform, it needs to be initialized as well as planned compulsory. To accomplish this, the container creates an overlayfs that exists within the container, overlaying your own, so that it can operate
independently. To do this, certain runtime privileges are required --
specifically --cap-add=SYS_ADMIN
.
If you organized your Terraform project using stacks and modules,
Blast Radius must be called from the project root and reference them as
subdirectories -- don't forget to prefix --serve
!
For example, let's create a Terraform project
with the following:
$ tree -d
`-- project/
|-- modules/
| |-- foo
| |-- bar
| `-- dead
`-- stacks/
`-- beef/
`-- .terraform
It consists of 3 modules foo
, bar
and dead
, followed by one beef
stack.
To apply Blast Radius to the beef
stack, you would want to run the container
with the following:
$ cd project
$ docker run --cap-add=SYS_ADMIN -dit -p 5000:5000 -v <pathofdirectory>:/data:ro <dockerhub_username>/blast-radius:v1
You may wish to embed figures produced with Blast Radius in other documents. You will need the following:
- An
svg
file andjson
document representing the graph and its layout. javascript
andcss
found in.../blastradius/server/static
- A uniquely identified DOM element, where the
<svg>
should appear.
You can read more details in the documentation
Blast Radius uses the [Graphviz][] package to layout graph diagrams, [hcl] to parse Terraform configuration, and d3.js to implement interactive features and animations.
The development of Blast Radius is documented in a series of blog posts:
- part 1: motivations, d3 force-directed layouts vs. vanilla graphviz.
- part 2: d3-enhanced graphviz layouts, meaningful coloration, animations.
- part 3: limiting horizontal sprawl, supporting modules.
- part 4: search, pan/zoom, prune-to-selection, docker.
A catalog of example Terraform configurations, and their dependency graphs can be found here.
- AWS two-tier architecture
- AWS networking (featuring modules)
- Google two-tier architecture
- Azure load-balancing with 2 vms
These examples are drawn primarily from the examples/
directory distributed
with various Terraform providers, and aren't necessarily ideal. Additional
examples, particularly demonstrations of best-practices, or of multi-cloud
configurations strongly desired.