James Lane
Last Updated
February 15, 2024
aws
Why you can't use Chatgpt to tell you if your next Terraform or AWS change will break something

Why you can't use Chatgpt to tell you if your next Terraform or AWS change will break something

Making infrastructure changes

When deploying to production you need to know the impact of your changes. As Loom found out in their March 2023 incident, even deploying a change to dev, test & staging for 10 days doesn’t guarantee that when you press deploy to prod it all goes smoothly.

Terraform Plan output

If you are using IaC tools like Terraform, then a plan output will tell you what it’s going to change, but it’s still on you to work out what that impact could be. Looking through your CMDB / docs may help you to get a more detailed picture of the impact, provided that they’re up-to-date…

Could the explosion in popularity in AI & LLM tools be used to give you that much needed context? Let’s take a look.

Without context

Firstly lets look at a example of just pasting in a Terraform plan output of a AWS infra change in a ChatGPT playground session and see if it can give us any useful context.

Output with little context

Just asking what the impact will be doesn’t give us anything not already in the plan.

Output with not much context

Asking for specific resource names gives us a little more context but we are still missing what other related resources will be impacted. This makes sense though because ChatGPT is only going off whats in the provided Terraform plan so it’s not a limitation of the tool but rather the plan output.

What we need to do is give it some further context of whats in your AWS, it’s links and dependencies and see if that helps to improve the output.

With context (Overmind)

With Overmind it’s possible to get this context as a output. It parses the Terraform plan output and then using read-only AWS credentials can calculate the impact (blast radius) of your change. Even for resources not managed under Terraform.

Overmind also parses any sensitive data from your Terraform plan and doesn't store any of your AWS config in a database or cache as it queries the API in real-time

Have a go yourself…

We’d love for you to have a go yourself and let us know what you think. Is this something you would use or like to see added as a feature in Overmind?

The best way to get started is using the Overmind example repository. It shows how to run terraform on GitHub Actions and automatically submit each PR's changes to Overmind, reporting back the blast radius as a comment on the PR which you can then provide to ChatGPT.

We support the tools you use most

Prevent Outages from Config Changes

Try out the new Overmind CLI today for free.
No agents, 3 minute deployment.

Get started with our CLI

Latest blogs

announcement
Announcing Overmind's Integration with HashiCorp Terraform Enterprise

Today, we're excited to introduce Overmind's integration with HashiCorp HCP Terraform & Terraform Enterprise. This integration allows users to automate risk detection and dependency mapping directly within their Terraform pipelines.

James Lane
August 22, 2024
Tech
CrowdStrike Root Cause Analysis: Have they done enough?

Crowdstrike have released the Root Cause Analysis for their massive July 19th outage, but does it go far enough?

Dylan Ratcliffe
August 7, 2024
playground
How to see if you're affected by the DigiCert revocation incident

Instructions to check if you're going to be affected by the DigiCert Revocation Incident

Dylan Ratcliffe
July 31, 2024
Tech
Inside Crowdstrike's Deployment Process

On July 19th, Crowdstrike created the biggest outage in history. Find out the what the deployment process looked like that made this possible.

Dylan Ratcliffe
July 30, 2024