If you’re familiar with Terraform then there’s a good chance you’ve used the Terraform plan command. It compares your current state to your desired state. Building a ‘plan’ that contains a ‘diff’ between both. The output gives us what resources will be created and destroyed along with any modifications before then executing the apply command.
Within the Terraform CLI you’ll see a plan output looking something like this:
And there’s some great tools out there to help you both format and visualise the output so that it is easier to interpret:
So what’s the problem? Terraform plan will tell you about the things it’s going to change:
It’ll even tell you if it’s going to change multiple things:
But it won’t tell you the context of those things within the wider application/infrastructure:
You need to be told which pieces you’re touching, sure, and terraform plan is a brilliant way to do that. But you also need to know where those pieces sit in the Jenga tower that is your infrastructure, and what effect removing them might have. That’s what Overmind’s blast radius does.
Overmind
Unlike the visualisation tools covered above, Overmind takes a different approach to understanding Terraform changes. Rather than focusing solely on generating visual representations, Overmind combines real-time infrastructure analysis with risk assessment to help teams understand not just what will change, but whether those changes are safe to deploy.
How it works
Overmind operates by analyzing your Terraform plan output alongside the current state of your infrastructure. Using read-only access to your AWS account, it queries your infrastructure in real-time through the AWS API to build a complete dependency map that includes resources created outside of Terraform - whether through the console, CloudFormation, or other tools.
The process works as follows:
- Run `
overmind terraform plan`in your Terraform workspace - Overmind analyses the plan and queries your live infrastructure
- It maps dependencies across 100+ AWS resource types and Kubernetes objects to create the changes blast radius
- Using this dependency map (blast radius) and pattern analysis, it identifies potential risks
- Results are provided as human-readable risk assessments
Installation and Setup
Installing Overmind CLI is straightforward:
To install on Mac with homebrew use:
brew install overmindtech/overmind/overmind-cli
Install using winget:
winget install Overmind.OvermindCLI
Or find other installation methods here.
Next run `overmind terraform plan` in your Terraform workspace and you'll need to configure read only access to your AWS / K8s access along with creating an Overmind account.
Example Output
When running against our example Kubernetes cluster change, Overmind provides both visual and textual risk analysis:
Change page
Blast Radius
Key Differences
Where traditional visualisation tools show you the structure of your changes, Overmind adds context about the safety and timing of those changes. It addresses several common challenges:
- Hidden Dependencies: Discovers relationships that don't exist in your Terraform state
- Timing Awareness: Considers when changes are being made (peak hours vs. maintenance windows)
- Cross-Account Resources: Maps dependencies across multiple AWS accounts
- Historical Patterns: Learns from previous deployments to identify risky patterns
Integration Options
Overmind can be integrated into existing workflows through:
- GitHub Actions for automatic PR comments
- GitLab CI integration
- Direct CLI usage in any CI/CD pipeline
- Terraform Enterprise/Cloud run tasks
The tool provides risk information where teams need it most, during code review and before applying changes. This approach helps teams move beyond asking "what will change?" to understanding "is it safe to change this now?"
When to Use Overmind
Overmind is particularly useful when:
- Your infrastructure includes resources created outside Terraform
- You need to understand cross-service dependencies
- Team members have varying levels of infrastructure knowledge
- You want to reduce reliance on "tribal knowledge" for safe deployments
- Deployment timing matters for your application availability
By combining dependency mapping with risk analysis, Overmind helps teams make more informed decisions about when and how to deploy infrastructure changes, reducing the likelihood of unexpected outages from seemingly simple modifications.
We want to make it as easy as possible to get started, because of this we have created an example repository. It shows how to run terraform on GitHub Actions and automatically submit each PR's changes to Overmind and report back the blast radius as a comment on the PR. This way you can get started easily with either your personal or org AWS account.
.gif)
