James Lane
Last Updated
Overmind
What’s the difference between Terraform Plan and Overmind Blast Radius?

What’s the difference between Terraform Plan and Overmind Blast Radius?

Blast radius is not another Terraform plan visualisation tool

If you’re familiar with Terraform then there’s a good chance you’ve used the Terraform plan command. It compares your current state to your desired state. Building a ‘plan’ that contains a ‘diff’ between both. The output gives us what resources will be created and destroyed along with any modifications before then executing the apply command.

Within the Terraform CLI you’ll see a plan output looking something like this:

And there’s some great tools out there to help you both format and visualise the output so that it is easier to interpret:

Pluralith, Runalantis & Scenery are just some of the great tools out there you can use.

So what’s the problem? Terraform plan will tell you about the things it’s going to change:

It’ll even tell you if it’s going to change multiple things:

But it won’t tell you the context of those things within the wider application/infrastructure:

You need to be told which pieces you’re touching, sure, and terraform plan is a brilliant way to do that. But you also need to know where those pieces sit in the Jenga tower that is your infrastructure, and what effect removing them might have. That’s what Overmind’s blast radius does.

Overmind blast radius

With Overmind's risks you can surface incident-causing config changes as part of your pull request. When a pull request is opened and a Terraform plan is executed you can calculate the potential impact (or blast radius) of your change. By parsing the Terraform plan output and then using only read-only AWS credentials it can map out your infrastructure. It queries AWS directly and discovers relationships automatically, working out what the actual impact of your change is. Even for things not managed under Terraform.

From this you are then able to check the affected items to see if there is anything unexpected. If you notice that the change might affect more than you thought, you can modify either your code, or the way you plan to roll out and monitor the change to account for it. You can then share this change or graph with your team or the change advisory board.

From the blast radius it also provides a list of human readable risks that can be reviewed prior to running Terraform apply. These risks can either be commented back as part of your CI / CD pipeline or viewed in the app. Using our Github action you can combine this as part of your workflow. The action will comment back on the pull request telling you the blast radius (everything that might be affected by the given change).

Overmind Risks

Inside the app you can see the full blast radius in a interactive graph along with any metadata Overmind was able to get from AWS. When you're ready to start the change, Overmind will take a snapshot before and after to validate that the change went through as intended.

Don’t just take our word for it…

We want to make it as easy as possible to get started, because of this we have created an example repository. It shows how to run terraform on GitHub Actions and automatically submit each PR's changes to Overmind and report back the blast radius as a comment on the PR. This way you can get started easily with either your personal or org AWS account.

  • Check out the example Terraform example repo here.
  • Get started with Overmind for free here.
  • Or join our Discord to take part in the next wave of Devops tools.
We support the tools you use most

Prevent Outages from Config Changes

Try out the new Overmind CLI today for free.
No agents, 3 minute deployment.