Getting Started

Welcome to the Blast Radius Beta. The following page will contain all the information you need to get up and running.
Dylan Ratcliffe
Dylan Ratcliffe
CEO, Founder, Overmind

1. Creating Account

To get started with Overmind you'll need to activate your account. If you are reading this there's a good chance you've already received the email if not you can sign up again on the here.

2. Adding a Source

Before you can start calculating your Blast Radius you will need to configure your AWS source so that you can discover on your own data. Overmind uses a read-only role to query the AWS api to generate the Blast Radius.

It's worth remembering we only ever ask for read-only access, Overmind does / will not have the capabilities to make any changes to your AWS configurations.

There are two ways of creating a source:
Using Cloud Formation (Automatic)

Click 'Deploy with Cloud Formation' to be taken to the AWS console. You may need to sign in and reload the page.

You will then be redirected to the AWS console where you may need to login.

Once you are in the AWS console, you don't need to change anything. It has already been configured with the correct details via our template which can be found here for further details:

https://s3.eu-west-2.amazonaws.com/overmind-public-cloudformation/template

After click create wait a couple minutes for your stack to create. Once it is created the information will be poulated in the right hand menu. Select 'Outputs' and then copy the value.

Navigate back to the Overmind app. Give your source a unique name of your choosing. Select the regions you would like to discover assets in. Before finally pasting in your value copied from the AWS cloud formation stack.

Click 'Create source' and check the source creates successfully. If you do not see the above message recheck that you have filled out all boxes.

Your new source should appear in available sources in the source menu. It will take around 30 seconds to finish configuring. After that you are free to start discovering your AWS infrastructure.

Using IAM role (Manual)

(AWS Console) Configure AWS Third Party access for Overmind

To allow Overmind to access your infrastructure safely, you need to first configure a role and trust relationship that the Overmind AWS account can assume.

This role will be protected by an external ID following the AWS recommendations on how to set up such a role and trust relationship.

Delegate permissions to the Overmind IAM user by following the official AWS user guide, with the following notes:

Select "Another AWS Account" and provide 944651592624 as the account that is allowed to use this role.

Select "Require external ID" and provide 784ed602-d385-4bb3-b28a-4fee8ce3cfeb as value.

When adding permissions, create a new trust policy with the following contents, to allow Overmind read-only access to the supported services. After the role is created, provide the ARN of the role below and save the form.

    
{  "Version": "2012-10-17",  "Statement": [    {      "Effect": "Allow",      "Action": [        "autoscaling:Describe*",        "dynamodb:Describe*",        "dynamodb:List*",        "ec2:Describe*",        "ecs:Describe*",        "ecs:List*",        "eks:Describe*",        "eks:List*",        "elasticloadbalancing:Describe*",        "iam:Get*",        "iam:List*",        "lambda:Get*",        "lambda:List*",        "rds:Describe*",        "route53:Get*",        "route53:List*",        "s3:Get*",        "s3:List*"      ],      "Resource": "*"    }  ]}

Finish creating your source by giving it a name and description. You can now find your ARN number by clicking into the role's summary page.

(Overmind) Update source

Navigate back to the Overmind app. Give your source a unique name of your choosing. Select the regions you would like to discover assets in. Before finally pasting in your value copied from the AWS cloud formation stack.

Click 'Create source' and check the source creates successfully. If you do not see the above message recheck that you have filled out all boxes.

Your new source should appear in available sources in the source menu. It will take around 30 seconds to finish configuring. After that you are free to start discovering your AWS infrastructure.

3. Creating a Change

Changes are where you will be able to use Blast Radius and see if the impact of your infrastructure changes.

Changes require:

- Name

- Description

Optional

- Ticket link

- Owner

- CC emails

Now you’ve added the context of the change select the resources that are going to be changed. Do this by selecting one or more resource types from the list.

We have just released a github action that will parse Terraform plan outputs into Overmind.

Please refer to the github actions readme for further details on how to configure it: https://github.com/overmindtech/actions

Once you’ve selected your types you can then select the individual items you are going to change. Overmind populates these from your AWS source that you configured earlier.

When you’re done selecting the items the final step is to then calculate the blast radius.

Blast Radius

Blast radius queries your AWS infrastructure understanding the relationships and dependencies between different resources and items. From this it can then calculate the impact of your change (or the blast radius).

Once you’ve got the blast radius you can then have a look and see if your change unintentionally impacts anything. By navigating the calculated graph you can explore the links and dive into the meta data to get some context on its configuration.

4. Need help?

If you require any help, demo1s, feedback or would like some assistance with Blast Radius then please feel free to get in touch.

Join our Discord!
team@overmind.tech