AWS Infrastructure Intelligence Engine — Scan, Understand, Transform
Project description
RepliMap
AWS Infrastructure Intelligence Engine
Reverse-engineer any AWS account. Visualize dependencies. Generate Terraform. Optimize costs.
Quick Start • Features • Use Cases • Installation • Docs
The Problem
You inherited an AWS account. Or maybe you built it yourself over 3 years of "just one more click."
Now you have:
- 🤷 500+ resources and no idea what connects to what
- 😰 No Terraform — everything was ClickOps
- 💸 Oversized instances burning money 24/7
- 📋 SOC2 audit next month — good luck
Sound familiar?
The Solution
RepliMap scans your AWS, builds a dependency graph, and gives you superpowers.
┌─────────────────────────────────────────────────────────────────────────┐
│ │
│ $ replimap -p prod scan │
│ │
│ ✓ Scanned 847 resources in 23.4s │
│ ✓ Mapped 1,203 dependencies │
│ ✓ Found 12 compliance issues │
│ ✓ Identified $2,847/month in savings │
│ │
│ Your infrastructure graph is ready. │
│ │
└─────────────────────────────────────────────────────────────────────────┘
Features
🔍 Scan & Understand
See your infrastructure like never before.
RepliMap builds a complete dependency graph of your AWS account using a sophisticated graph engine. Finally understand what connects to what — and what breaks if you touch it.
# Scan your AWS account
replimap -p prod -r ap-southeast-2 scan
# Visualize dependencies
replimap -p prod -r us-east-1 graph -o architecture.html
# "What happens if I delete this security group?"
replimap -p prod -r us-east-1 deps sg-0a1b2c3d4e
📸 See example dependency graph
┌─────────────┐
│ ALB │
│ (public) │
└──────┬──────┘
│
┌────────────┼────────────┐
│ │ │
┌─────▼─────┐ ┌────▼────┐ ┌─────▼─────┐
│ EC2 #1 │ │ EC2 #2 │ │ EC2 #3 │
│ (web) │ │ (web) │ │ (web) │
└─────┬─────┘ └────┬────┘ └─────┬─────┘
│ │ │
└────────────┼────────────┘
│
┌──────▼──────┐
│ RDS │
│ (primary) │
└──────┬──────┘
│
┌──────▼──────┐
│ ElastiCache │
│ (redis) │
└─────────────┘
🏗️ Generate Infrastructure as Code
From ClickOps to Terraform in minutes, not months.
Turn any AWS account into version-controlled Terraform. No manual terraform import. No guesswork. Generates 90% of the HCL boilerplate so you can focus on the logic.
# Generate Terraform from your AWS account
replimap -p prod -r us-east-1 clone --mode generate -o ./terraform
# Output structure
terraform/
├── main.tf # All resources
├── variables.tf # Extracted variables
├── outputs.tf # Useful outputs
├── providers.tf # AWS provider config
├── data.tf # Data sources
└── terraform.tfvars.example
Supported IaC formats:
- ✅ Terraform (HCL)
- ✅ CloudFormation (YAML/JSON)
- 🔜 Pulumi (TypeScript)
- 🔜 CDK (TypeScript)
💰 Optimize Costs
Stop paying production prices for dev environments.
RepliMap's Right-Sizer analyzes your resources and recommends optimizations. Clone production to staging with automatic downsizing — save 40-60% on non-prod environments.
# Clone prod to staging with cost optimization
replimap -p prod -r us-east-1 clone --dev-mode --mode generate -o ./staging
# See what you'll save
replimap -p prod -r us-east-1 cost
┌─────────────────────────────────────────────────────────────────────────┐
│ 💰 Right-Sizer Report │
├─────────────────────────────────────────────────────────────────────────┤
│ │
│ Resource Current Recommended Monthly Savings │
│ ───────────────────────────────────────────────────────────────────── │
│ web-server-1 m5.2xlarge t3.large $198.56 │
│ web-server-2 m5.2xlarge t3.large $198.56 │
│ api-server m5.xlarge t3.medium $124.10 │
│ analytics-db db.r5.2xlarge db.r5.large $365.00 │
│ cache-cluster r6g.xlarge r6g.large $131.40 │
│ │
│ ───────────────────────────────────────────────────────────────────── │
│ TOTAL MONTHLY SAVINGS $1,017.62 │
│ ANNUAL SAVINGS $12,211.44 │
│ │
└─────────────────────────────────────────────────────────────────────────┘
✅ Audit Compliance
Find compliance gaps before your auditor does.
Built-in security and compliance scanning powered by industry-standard rules. Get actionable findings with auto-generated remediation code.
# Run compliance audit
replimap -p prod -r us-east-1 audit
# Generate fix code (from audit JSON output)
replimap -p prod -r us-east-1 audit --format json -o audit_report.json
replimap remediate audit_report.json -o ./fixes
┌─────────────────────────────────────────────────────────────────────────┐
│ 🔒 Compliance Report │
├─────────────────────────────────────────────────────────────────────────┤
│ │
│ Framework: SOC2 Type II │
│ Resources Scanned: 847 │
│ Findings: 12 │
│ │
│ ┌────────────────────────────────────────────────────────────────────┐ │
│ │ 🔴 CRITICAL (2) │ │
│ │ • S3 bucket 'logs-prod' has public access enabled │ │
│ │ • RDS instance 'main-db' not encrypted at rest │ │
│ │ │ │
│ │ 🟡 HIGH (4) │ │
│ │ • Security group sg-xxx allows 0.0.0.0/0 on port 22 │ │
│ │ • IAM user 'deploy-bot' has inline policies │ │
│ │ • CloudTrail not enabled in ap-southeast-2 │ │
│ │ • EBS volumes not encrypted by default │ │
│ │ │ │
│ │ 🟢 MEDIUM (6) │ │
│ │ • [View full report: ./audit-report.html] │ │
│ └────────────────────────────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────────────┘
🔄 Detect Drift
Know when reality diverges from your Terraform.
Compare your actual AWS state against your Terraform code. Catch ClickOps changes before they cause incidents.
# Detect drift from local state file
replimap -p prod -r us-east-1 drift --state ./terraform.tfstate
# Detect drift from remote S3 state
replimap -p prod -r us-east-1 drift --state-bucket my-tf-state --state-key prod/terraform.tfstate
# Output
Drift detected in 3 resources:
• aws_security_group.web: ingress rule added (port 8080)
• aws_instance.api: instance_type changed (t3.large → t3.xlarge)
• aws_s3_bucket.logs: versioning disabled
Use Cases
🚀 Startup Scale-Up
"We built everything in the console. Now we need Terraform."
Stop the painful manual migration. RepliMap reverse-engineers your entire infrastructure and generates production-ready IaC. From ClickOps to GitOps in an afternoon, not a quarter.
🧪 Test & Staging Environments
"I need a copy of prod for testing. By tomorrow."
Spin up production-identical environments in minutes, not days:
- Legacy Project Handoff — Inherited a mess? Scan it, clone it, understand it.
- Ephemeral Test Environments — Replicate prod, run tests, destroy. Rinse and repeat.
- Chaos Engineering — Clone prod for Chaos Monkey experiments without risking the real thing.
- DR Drills — Quarterly disaster recovery exercises? One command to duplicate your entire stack.
# Clone prod to staging with cost-optimized instances
replimap -p prod -r us-east-1 clone --dev-mode --mode generate -o ./staging
# Test complete? Destroy with confidence
cd staging && terraform destroy
💸 FinOps & Cost Optimization
"We're spending $50k/month but don't know where it goes."
RepliMap maps every resource, identifies waste, and shows exactly where to cut. Right-size instances, find unused resources, optimize reserved capacity. See savings before you commit.
🔒 SOC2 / ISO27001 Preparation
"Audit is in 30 days. We have no documentation."
RepliMap generates architecture diagrams, compliance reports, and remediation code. Turn audit prep from months to days. Auditors love the dependency graphs.
🏢 M&A Due Diligence
"We're acquiring a company. What does their AWS look like?"
RepliMap gives you complete visibility into any AWS account in minutes. Understand architecture quality, compliance posture, and cost structure — before signing the term sheet.
🌍 Disaster Recovery
"We need to replicate prod to another region. Yesterday."
Clone your entire infrastructure to a DR region with one command. All dependencies mapped, all configurations preserved. Test your DR plan without the drama.
Quick Start
Installation
# Using pipx (recommended - isolated environment)
pipx install replimap
# Using pip
pip install replimap
# From source (latest development version)
pip install git+https://github.com/RepliMap/replimap.git
# Verify installation
replimap --version
Your First Scan
# 1. Configure AWS credentials (if not already done)
aws configure --profile myaccount
# 2. Scan your infrastructure
replimap -p myaccount -r us-east-1 scan
# 3. Explore the results
replimap -p myaccount -r us-east-1 graph -o architecture.html
open architecture.html
Generate Terraform
# Generate Terraform from scanned infrastructure
replimap -p myaccount -r us-east-1 clone --mode generate -o ./terraform
# Review and apply
cd terraform
terraform init
terraform plan
📖 Commands
| Command | Description |
|---|---|
replimap scan |
Scan AWS resources and build dependency graph |
replimap clone |
Clone AWS environment to Infrastructure-as-Code |
replimap analyze |
Analyze graph for critical resources, SPOFs, blast radius |
replimap graph |
Generate visual dependency graph |
replimap deps |
Explore dependencies for a resource |
replimap cost |
Estimate monthly AWS costs |
replimap audit |
Run security audit on AWS infrastructure |
replimap drift |
Detect infrastructure drift between Terraform state and AWS |
replimap remediate |
Generate Terraform remediation code from audit JSON |
View all commands
replimap --help
Usage: replimap [OPTIONS] COMMAND [ARGS]...
AWS Infrastructure Intelligence Engine
Scan, understand, and transform your cloud.
Global Options:
-p, --profile TEXT AWS profile name (inherited by subcommands)
-r, --region TEXT AWS region (inherited by subcommands)
-q, --quiet Suppress verbose output
-V, --version Show version and exit
-h, --help Show help and exit
Commands:
scan Scan AWS resources and build dependency graph
clone Clone AWS environment to Infrastructure-as-Code
analyze Analyze graph for critical resources, SPOFs, blast radius
graph Generate visual dependency graph of AWS infrastructure
deps Explore dependencies for a resource
cost Estimate monthly AWS costs for your infrastructure
audit Run security audit on AWS infrastructure
drift Detect infrastructure drift between Terraform state and AWS
remediate Generate Terraform remediation code from audit JSON
snapshot Infrastructure snapshots for change tracking
dr Disaster Recovery readiness assessment
unused Detect unused and underutilized resources
trends Analyze AWS cost trends and detect anomalies
license Manage RepliMap license
🔧 Configuration
AWS Credentials
RepliMap uses standard AWS credential chain:
# Option 1: AWS CLI profile (recommended)
replimap -p my-profile scan
# Option 2: Environment variables
export AWS_ACCESS_KEY_ID=xxx
export AWS_SECRET_ACCESS_KEY=xxx
replimap scan
# Option 3: IAM role (EC2/ECS/Lambda)
replimap scan # Auto-detects instance role
Required IAM Permissions
RepliMap only needs read-only access. See IAM_POLICY.md for the minimal policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:Describe*",
"rds:Describe*",
"elasticache:Describe*",
"s3:GetBucket*",
"s3:ListBucket*",
"lambda:List*",
"lambda:GetFunction*"
],
"Resource": "*"
}
]
}
🏗️ Architecture
RepliMap is built around a Graph Engine powered by NetworkX. This isn't just a CLI wrapper around AWS APIs — it's an infrastructure intelligence platform.
The Graph Engine is the secret sauce: it transforms discrete cloud resources into a connected dependency graph, enabling impact analysis, visualization, and intelligent code generation that understands relationships.
┌──────────────────────────────────────────────────────────────────┐
│ RepliMap Architecture │
├──────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ Scanners │────▶│ ⭐ Graph │────▶│ Renderers │ │
│ │ (AWS API) │ │ Engine ⭐ │ │ (Terraform)│ │
│ └─────────────┘ └──────┬──────┘ └─────────────┘ │
│ │ │
│ ┌────────────────────┼────────────────────┐ │
│ │ │ │ │
│ ▼ ▼ ▼ │
│ ┌───────────┐ ┌─────────────┐ ┌───────────┐ │
│ │ Audit │ │ Right-Sizer │ │ Drift │ │
│ │ Engine │ │ Engine │ │ Detector │ │
│ └───────────┘ └─────────────┘ └───────────┘ │
│ │
└──────────────────────────────────────────────────────────────────┘
Core Components
| Component | Description |
|---|---|
| Graph Engine | NetworkX-based dependency graph with Tarjan's SCC for cycle detection |
| Scanners | Async AWS API clients for 20+ resource types |
| Renderers | Jinja2 templates for Terraform/CloudFormation generation |
| Right-Sizer | Rule-based + API cost optimization engine |
| Audit Engine | Compliance scanning with Checkov integration |
Supported Resources
View all 24 supported resource types
| Category | Resources |
|---|---|
| Compute | EC2, Lambda, ECS, EKS |
| Database | RDS, Aurora, DynamoDB, ElastiCache |
| Network | VPC, Subnet, Security Group, Route Table, NAT Gateway, Internet Gateway, ALB/NLB |
| Storage | S3, EBS, EFS |
| Security | IAM Role, IAM Policy, KMS Key, Secrets Manager |
| Other | CloudWatch, SNS, SQS |
📊 Comparison
RepliMap vs Terraformer
| Feature | RepliMap | Terraformer |
|---|---|---|
| Dependency Graph | ✅ Full graph with cycle detection | ❌ No dependency tracking |
| Code Quality | ✅ Clean, modular, variables extracted | ⚠️ Verbose, hardcoded values |
| Cost Optimization | ✅ Built-in Right-Sizer | ❌ None |
| Compliance Audit | ✅ SOC2/CIS built-in | ❌ None |
| Drift Detection | ✅ Yes | ❌ No |
| Visualization | ✅ Interactive HTML graphs | ❌ None |
| Active Development | ✅ Yes | ⚠️ Slow |
RepliMap vs Former2
| Feature | RepliMap | Former2 |
|---|---|---|
| Architecture | CLI (local) | Browser-based |
| Large Environments | ✅ Handles 1000+ resources | ⚠️ Browser memory limits |
| Dependency Analysis | ✅ Full graph | ⚠️ Limited |
| Cost Analysis | ✅ Yes | ❌ No |
| Data Privacy | ✅ Data stays local | ⚠️ Runs in browser |
💼 Pricing
Community (Free)
- ✅ Unlimited scans
- ✅ Preview generated Terraform
- ✅ Basic compliance audit
- ✅ 7-day history retention
- 📊 Exports with watermark
Pro ($29/mo)
- ✅ Everything in Community
- ✅ Download Terraform code
- ✅ Cost Diff comparison
- ✅ 30-day history retention
- ✅ No watermark on exports
- ✅ 3 AWS accounts
- ✅ Email support (48h SLA)
Team ($99/mo)
- ✅ Everything in Pro
- ✅ Drift detection & alerts
- ✅ CI/CD integration (
--fail-on-drift) - ✅ Trust Center compliance
- ✅ PDF audit reports
- ✅ 10 AWS accounts
- ✅ Priority support (24h SLA)
Sovereign ($2,500/mo)
- ✅ Everything in Team
- ✅ Offline activation
- ✅ Digital signatures
- ✅ APRA/RBNZ compliance
- ✅ White-label option
- ✅ Unlimited AWS accounts
- ✅ Dedicated support (4h SLA)
🔒 Security & Privacy
Your data never leaves your machine.
- ✅ RepliMap runs entirely client-side
- ✅ No cloud account required
- ✅ Read-only AWS access (no modifications)
- ✅ Sensitive data (passwords, keys) automatically redacted
- ✅ SOC2-compliant design
See SECURITY.md for details.
🤝 Contributing
We welcome contributions! See CONTRIBUTING.md for guidelines.
# Clone the repo
git clone git@github.com:RepliMap/replimap.git
# Install dev dependencies
cd replimap
pip install -e ".[dev]"
# Run tests
pytest
💬 Ready to See Your Infrastructure Clearly?
pip install replimap && replimap -r us-east-1 scan
Run your first scan in 2 minutes. See what you've been missing.
Get Pro License → | Book a Demo →
Documentation
Support & Contact
| Purpose | Contact |
|---|---|
| General inquiries | hello@replimap.com |
| Technical support | support@replimap.com |
| Enterprise & Sales | david@replimap.com |
| Bug reports | GitHub Issues |
| Discussions | GitHub Discussions |
Links
- Website: replimap.com
- Documentation: replimap.com/docs
- Pricing: replimap.com/pricing
📄 License
RepliMap is licensed under the Business Source License 1.1.
Community Tier (Free):
- ✅ Unlimited scans
- ✅ Visualize infrastructure (
graph) with watermark - ✅ Preview Terraform output
- ✅ Basic cost estimates
- ✅ Audit summary (titles only)
- ✅ 7-day history
Pro ($29/mo) adds:
- 📥 Download generated Terraform code
- 💰 Cost Diff comparison
- 📊 Full audit reports (HTML/JSON)
- 💵 30-day history, no watermark
Team ($99/mo) adds:
- 🔄 Drift detection & alerts
- 🔧 CI/CD integration (
--fail-on-drift) - 📋 Trust Center compliance
- 📑 PDF export
Sovereign ($2,500/mo) adds:
- 🔐 Offline activation & signatures
- 🏛️ APRA/RBNZ compliance frameworks
- 🏷️ White-label option
📈 Star History
From chaos to clarity. From ClickOps to GitOps.
Made with ☕ in New Zealand
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file replimap-0.3.22.tar.gz.
File metadata
- Download URL: replimap-0.3.22.tar.gz
- Upload date:
- Size: 1.8 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
bbaf7d7bcc47de20f3ede16e840a2c6615acedd3e377226dc50719cfbff70451
|
|
| MD5 |
2ad582516cd45658969c3a57daa3a01f
|
|
| BLAKE2b-256 |
b2af93bdafcb456e659ea22b5c735767146ce7b4f5a9a2a40cead52d33133cbf
|
File details
Details for the file replimap-0.3.22-py3-none-any.whl.
File metadata
- Download URL: replimap-0.3.22-py3-none-any.whl
- Upload date:
- Size: 1.2 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8968ee44c1dbb1edf830b900030c7bff902e2e61ae07e3b319dbf737536ec60a
|
|
| MD5 |
22a00bcf11ab03b442fb26ce4255b1f3
|
|
| BLAKE2b-256 |
f457f17bf9bd0a8f2566f2ff9263e007e9436b6c157aa5d3774c430d141d74bb
|
