Hello Hacker News! We're Roxane, Julien, Pierre, Mawen and Stephane from Anyshift.io. We are building a GitHub app (and platform) that detects Terraform complex dependencies (hardcoded values, intricated-modules, shadow IT…), flags potential breakages, and provides a Terraform ‘Superplan’ for your changes.
To do that we create and maintain a digital twin of your infrastructure using Neo4j.<p>- 2 min demo : <a href="https://app.guideflow.com/player/dkd2en3t9r" rel="nofollow">https://app.guideflow.com/player/dkd2en3t9r</a>
- try it now: <a href="https://app.anyshift.io/" rel="nofollow">https://app.anyshift.io/</a> (5min setup).<p>We experienced how dealing with IaC/Terraform is complex and opaque. Terraform ‘plans’ are hard to navigate and intertwined dependencies are error prone: one simple change in a security group, firewall rules, subnet CIDR range... can lead to a cascading effect of breaking changes.<p>I’ve dealt in production with those issues since Terraform’s early days. In 2016, I wrote a book about Infrastructure-as-code and created driftctl based on those experiences (open source tool to manage drifts which was acquired by Snyk).<p>Our team is building Anyshift because we believe this problem of complex dependencies is unresolved and is going to explode with AI-generated code (more legacy, weaker sense of ownership). Unlike existing tools (Terraform Cloud/Stacks, Terragrunt, etc...), Anyshift uses a graph-based approach that references the real environment to uncover hidden, interlinked changes.<p>For instance, changing a subnet can force an ENI to switch IP addresses, triggering an EC2 reconfiguration and breaking DNS referenced records. Our GitHub app identifies these hidden issues, while our platform uncovers unmanaged “shadow IT” and lets you search any cloud resource to find exactly where it’s defined in your Terraform code.<p>To do so, one of our key challenges was to achieve a frictionless setup, so we created an event-driven reconciliation system that unifies AWS resources, Terraform states, and code in a Neo4j graph database. This “time machine” of your infra updates automatically, and for each PR, we query it (via Cypher) to see what might break.<p>Thanks to that, the onboarding is super fast (5 min):
1. Install the Github app
2. Grant AWS read only access to the app<p>The choice of a graph database was a way for us to avoid scale limitations compared to relational databases. We already have a handful of enterprise customers running it in prod and can query hundreds of thousands of relationships with linear search times. We'd love you to try our free plan to see it in action<p>We're excited to share this with you, thanks for reading! Let us know your thoughts or questions here or in our future Slack discussions.
Roxane, Julien, Pierre, Mawen and Stephane!