Sufficient visibility into cloud infrastructure failures โ live AWS topology + Terraform drift in one CLI.
Project description
๐ฌ sudiviz
X-ray vision for your cloud infrastructure
sudiviz visualizes your live AWS infrastructure as an interactive graph โ across multiple regions. Auto-detects misconfigurations, unhealthy targets, and orphan resources โ then fixes them with one command.
๐ Zero AI tokens | ๐ธ Zero cost | ๐ Pure Python | ๐ Multi-region
๐ฆ Quick Start
pip install 'sudiviz[all]'
# Diagnose your infrastructure
sudiviz diagnose
# Interactive web visualization
sudiviz graph --output web --open
# Auto-fix issues
sudiviz fix --apply
Auth: Uses standard boto3 credentials (
~/.aws/credentials, env vars, SSO, or instance profile)
โจ Features
| Feature | Description |
|---|---|
| Live Topology | Real-time graph of ALB โ Target Groups โ EC2 โ Security Groups |
| AWS Resource Icons | Each node displays a colour-coded AWS-style icon (ALB, EC2, RDS, S3, ECS, EKS, Lambda, SGโฆ) |
| Multi-Region | Switch between AWS regions (us-east-1, us-west-2, eu-west-1, ap-northeast-1โฆ) from a dropdown โ no restart needed |
| Health Detection | Unhealthy targets, failing health checks, orphan resources |
| Auto-Fix | One-click remediation with sudiviz fix --apply |
| Traffic Animation | Visualize request flow with animated pulses |
| Health Heatmaps | Color-code infrastructure by health status |
| Cost Heatmap | FinOps view โ visualize estimated monthly costs per resource |
| Security Group Flows | Visualize ingress/egress rules between security groups (blue = ingress, purple = egress) |
| CloudWatch Integration | One-click links to metrics and logs for each resource |
| Dark/Light Mode | Toggle theme in web UI |
| Cluster Grouping | Group resources by service type (Load Balancers, ECS, Security, etc.) |
| Terraform Drift | Compare live AWS vs Terraform state |
| Multi-Service | ALB, EC2, ECS, EKS, RDS, Lambda, S3, Security Groups |
| MCP Server | AI agents can discover, diagnose, and fix infrastructure via natural language |
๐จ Visualization Modes
Terminal
sudiviz diagnose --region us-east-1
TUI (Interactive Terminal)
sudiviz tui
Web (Cytoscape.js)
sudiviz graph --output web --port 8000 --open
# Specify a default region (switch regions live from the UI dropdown)
sudiviz graph --output web --region us-east-1 --port 8000 --open
PNG Export
sudiviz graph --output png --file topology.png
๐ง Auto-Fix
sudiviz fix # Preview fixes (dry-run)
sudiviz fix --apply # Apply all fixes
sudiviz fix 1 --apply # Apply specific fix
sudiviz fix --apply --force # Include destructive operations
Supported fixes:
- Security group missing ingress rules
- S3 public access / encryption
- RDS public accessibility
- Orphan target groups (with
--force) - Unused security groups (with
--force)
๐ค MCP Server (Agentic AI)
sudiviz ships an MCP server so AI agents (Claude Desktop, Claude Code, Cursor, etc.) can discover, diagnose, and remediate your infrastructure via natural language.
pip install 'sudiviz[mcp]'
# Start the MCP server (stdio transport)
sudiviz-mcp
Add to Claude Desktop (~/Library/Application Support/Claude/claude_desktop_config.json):
{
"mcpServers": {
"sudiviz": {
"command": "sudiviz-mcp",
"env": { "AWS_PROFILE": "production" }
}
}
}
Add to Claude Code (.mcp.json in your project root):
{
"mcpServers": {
"sudiviz": {
"command": "sudiviz-mcp"
}
}
}
Available MCP tools:
| Tool | Description |
|---|---|
sudiviz_discover |
Discover live AWS resources (ALB, EC2, RDS, Lambda, S3, โฆ) |
sudiviz_diagnose |
Discover + analyze for issues (orphans, unhealthy, misconfig) |
sudiviz_graph |
Generate Cytoscape.js topology JSON |
sudiviz_fix |
Generate or apply remediation commands |
sudiviz_drift |
Compare Terraform state vs live AWS |
sudiviz_costs |
Estimate monthly costs by service and resource |
sudiviz_list_resources |
List resources by type (alb, instance, rds, โฆ) |
MCP Resources (read live data without calling a tool):
| Resource URI | Description |
|---|---|
infra://aws/{region}/topology |
Live topology graph as Cytoscape JSON |
infra://aws/{region}/health |
Health status summary with issue counts |
infra://aws/{region}/costs |
Estimated monthly cost breakdown |
MCP Prompts (guided multi-step workflows):
| Prompt | Description |
|---|---|
diagnose-infrastructure |
Discover, diagnose, and recommend fixes |
cost-optimization |
Find cost-saving opportunities |
security-audit |
Check for open SGs, public DBs, unencrypted storage |
incident-triage |
Trace unhealthy resources through dependency chain |
Example conversations with your AI agent:
- "Show me all orphan resources in us-east-1"
- "What's our estimated monthly spend?"
- "Fix the unhealthy targets on my ALB"
- "Check for Terraform drift against my state file"
- "Run a security audit on eu-west-1"
๐ Security
sudiviz is built with security in mind. Every release is scanned for vulnerabilities.
| Check | Status |
|---|---|
| Bandit SAST | โ No issues |
| XSS Protection | โ HTML sanitization enabled |
| Dependency CVEs | โ All patched |
| Hardcoded Secrets | โ None |
| Shell Injection | โ
No shell=True |
| Code Injection | โ
No eval() |
Run security scan locally:
pip install bandit[toml]
bandit -c pyproject.toml -r sudiviz/
๐ Terraform Drift
terraform show -json > tfstate.json
sudiviz drift --tfstate tfstate.json
๐ CI Integration
# Fail CI on critical issues
sudiviz diagnose --json | jq '.diagnosis.fixes[] | select(.severity=="critical")'
# Drift detection gate
sudiviz drift --tfstate tfstate.json --json
| Exit Code | Meaning |
|---|---|
0 |
No issues |
1 |
Drift detected |
2 |
Critical issues found |
๐ธ More Screenshots
Click to expand
AWS Resource Icons + Multi-Region Topology
Each node shows a colour-coded AWS icon. Switch regions live from the dropdown in the top bar (us-east-1, us-east-2, eu-west-1, us-west-2 and more).
Security Group Ingress/Egress Flows (Dark Mode)
Terminal TUI
Diagnose Output
Auto-Fix Preview
Traffic Flow Animation (Dark Mode)
Health Heatmap
Cluster Grouping (Dark Mode)
Cost Heatmap (FinOps)
๐ Comparison
| Feature | sudiviz | Hava.io | Cloudcraft |
|---|---|---|---|
| Live data | โ | โ | โ |
| AWS resource icons | โ | โ | โ |
| Multi-region switcher | โ | โ | โ |
| Auto-fix | โ | โ | โ |
| Traffic animation | โ | โ | โ |
| Health heatmaps | โ | โ | โ |
| Cost heatmap | โ | โ | โ |
| Cluster grouping | โ | โ | โ |
| Terraform drift | โ | โ | โ |
| Orphan detection | โ | โ | โ |
| MCP / AI agent | โ | โ | โ |
| Free & open source | โ GPL-3.0 | $29/mo | $49/mo |
๐ IAM Permissions
Read-only (sudiviz diagnose):
ReadOnlyAccessAWS managed policy
Write (sudiviz fix --apply):
AmazonEC2FullAccessElasticLoadBalancingFullAccessAmazonS3FullAccessAmazonRDSFullAccess
๐ Documentation
AWS Services Discovered
| Service | What's collected |
|---|---|
| ALB / NLB | Load balancers, listeners, rules |
| Target Groups | Health status per target |
| EC2 | State, IPs, security groups |
| Security Groups | Ingress/egress rules |
| ECS | Clusters, services, task counts |
| EKS | Clusters, node groups |
| RDS | Instances, encryption, public access |
| Lambda | Functions, VPC config |
| S3 | Buckets, encryption, public access |
Diagnostic Rules
| Check | Severity |
|---|---|
| Unhealthy targets | critical |
| SG missing port from ALB | critical |
| S3 public access open | critical |
| RDS publicly accessible | warning |
| Storage not encrypted | warning |
| Orphan target group | warning |
| Unused security group | info |
Architecture
sudiviz/
โโโ cli.py # Typer commands
โโโ mcp_server.py # MCP server for AI agents
โโโ tui.py # Textual TUI
โโโ web.py # FastAPI + WebSocket
โโโ discovery/ # AWS discovery (boto3)
โโโ graph/ # NetworkX + analyzers
โโโ remediation/ # Auto-fix engine
โโโ web_templates/ # Cytoscape.js UI
๐ License
GPL-3.0-or-later โ see LICENSE
Built by @pydevsg
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file sudiviz-1.6.1.tar.gz.
File metadata
- Download URL: sudiviz-1.6.1.tar.gz
- Upload date:
- Size: 95.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e8807b06aebfb8cb0eff2fbd0164e4c63961c9152fd468967bcdb74c6340e6a3
|
|
| MD5 |
b09ee753c4e5450d7f71707da0c923c1
|
|
| BLAKE2b-256 |
b4c87f622aa5fedb6966f17402fbcad7e99047a3cf29dcd8b34a6d2b51b0ff65
|
Provenance
The following attestation bundles were made for sudiviz-1.6.1.tar.gz:
Publisher:
publish.yml on pydevsg/sudiviz
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
sudiviz-1.6.1.tar.gz -
Subject digest:
e8807b06aebfb8cb0eff2fbd0164e4c63961c9152fd468967bcdb74c6340e6a3 - Sigstore transparency entry: 1997802769
- Sigstore integration time:
-
Permalink:
pydevsg/sudiviz@b53b9ec8cecf0d905ff14d845144a8a9efd091ce -
Branch / Tag:
refs/tags/v1.6.1 - Owner: https://github.com/pydevsg
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@b53b9ec8cecf0d905ff14d845144a8a9efd091ce -
Trigger Event:
push
-
Statement type:
File details
Details for the file sudiviz-1.6.1-py3-none-any.whl.
File metadata
- Download URL: sudiviz-1.6.1-py3-none-any.whl
- Upload date:
- Size: 94.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a70f6dc5a16d60459e7616fa67c6ee3ecfb3de33998bcaef5c8b8af93bbcc2a5
|
|
| MD5 |
de4da253ecc1f447fcb805c391dcd6e5
|
|
| BLAKE2b-256 |
f857e63e9a4a9757c0c1bfec38d68c4743ad9226b46b718ca6e589857bf988de
|
Provenance
The following attestation bundles were made for sudiviz-1.6.1-py3-none-any.whl:
Publisher:
publish.yml on pydevsg/sudiviz
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
sudiviz-1.6.1-py3-none-any.whl -
Subject digest:
a70f6dc5a16d60459e7616fa67c6ee3ecfb3de33998bcaef5c8b8af93bbcc2a5 - Sigstore transparency entry: 1997802907
- Sigstore integration time:
-
Permalink:
pydevsg/sudiviz@b53b9ec8cecf0d905ff14d845144a8a9efd091ce -
Branch / Tag:
refs/tags/v1.6.1 - Owner: https://github.com/pydevsg
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@b53b9ec8cecf0d905ff14d845144a8a9efd091ce -
Trigger Event:
push
-
Statement type: