Skip to main content

Sufficient visibility into cloud infrastructure failures โ€” live AWS topology + Terraform drift in one CLI.

Project description

๐Ÿ”ฌ sudiviz

Website PyPI License

X-ray vision for your cloud infrastructure

sudiviz visualizes your live AWS infrastructure as an interactive graph โ€” across multiple regions. Auto-detects misconfigurations, unhealthy targets, and orphan resources โ€” then fixes them with one command.

๐Ÿš€ Zero AI tokens | ๐Ÿ’ธ Zero cost | ๐Ÿ Pure Python | ๐ŸŒ Multi-region

Web Graph


๐Ÿ“ฆ Quick Start

pip install 'sudiviz[all]'

# Diagnose your infrastructure
sudiviz diagnose

# Interactive web visualization
sudiviz graph --output web --open

# Auto-fix issues
sudiviz fix --apply

Auth: Uses standard boto3 credentials (~/.aws/credentials, env vars, SSO, or instance profile)


โœจ Features

Feature Description
Live Topology Real-time graph of ALB โ†’ Target Groups โ†’ EC2 โ†’ Security Groups
AWS Resource Icons Each node displays a colour-coded AWS-style icon (ALB, EC2, RDS, S3, ECS, EKS, Lambda, SGโ€ฆ)
Multi-Region Switch between AWS regions (us-east-1, us-west-2, eu-west-1, ap-northeast-1โ€ฆ) from a dropdown โ€” no restart needed
Health Detection Unhealthy targets, failing health checks, orphan resources
Auto-Fix One-click remediation with sudiviz fix --apply
Traffic Animation Visualize request flow with animated pulses
Health Heatmaps Color-code infrastructure by health status
Cost Heatmap FinOps view โ€” visualize estimated monthly costs per resource
Security Group Flows Visualize ingress/egress rules between security groups (blue = ingress, purple = egress)
CloudWatch Integration One-click links to metrics and logs for each resource
Dark/Light Mode Toggle theme in web UI
Cluster Grouping Group resources by service type (Load Balancers, ECS, Security, etc.)
Terraform Drift Compare live AWS vs Terraform state
Multi-Service ALB, EC2, ECS, EKS, RDS, Lambda, S3, Security Groups
MCP Server AI agents can discover, diagnose, and fix infrastructure via natural language

๐ŸŽจ Visualization Modes

Terminal

sudiviz diagnose --region us-east-1

TUI (Interactive Terminal)

sudiviz tui

Web (Cytoscape.js)

sudiviz graph --output web --port 8000 --open

# Specify a default region (switch regions live from the UI dropdown)
sudiviz graph --output web --region us-east-1 --port 8000 --open

PNG Export

sudiviz graph --output png --file topology.png

๐Ÿ”ง Auto-Fix

sudiviz fix                    # Preview fixes (dry-run)
sudiviz fix --apply            # Apply all fixes
sudiviz fix 1 --apply          # Apply specific fix
sudiviz fix --apply --force    # Include destructive operations

Supported fixes:

  • Security group missing ingress rules
  • S3 public access / encryption
  • RDS public accessibility
  • Orphan target groups (with --force)
  • Unused security groups (with --force)

๐Ÿค– MCP Server (Agentic AI)

sudiviz ships an MCP server so AI agents (Claude Desktop, Claude Code, Cursor, etc.) can discover, diagnose, and remediate your infrastructure via natural language.

pip install 'sudiviz[mcp]'

# Start the MCP server (stdio transport)
sudiviz-mcp

Add to Claude Desktop (~/Library/Application Support/Claude/claude_desktop_config.json):

{
  "mcpServers": {
    "sudiviz": {
      "command": "sudiviz-mcp",
      "env": { "AWS_PROFILE": "production" }
    }
  }
}

Add to Claude Code (.mcp.json in your project root):

{
  "mcpServers": {
    "sudiviz": {
      "command": "sudiviz-mcp"
    }
  }
}

Available MCP tools:

Tool Description
sudiviz_discover Discover live AWS resources (ALB, EC2, RDS, Lambda, S3, โ€ฆ)
sudiviz_diagnose Discover + analyze for issues (orphans, unhealthy, misconfig)
sudiviz_graph Generate Cytoscape.js topology JSON
sudiviz_fix Generate or apply remediation commands
sudiviz_drift Compare Terraform state vs live AWS
sudiviz_costs Estimate monthly costs by service and resource
sudiviz_list_resources List resources by type (alb, instance, rds, โ€ฆ)

MCP Resources (read live data without calling a tool):

Resource URI Description
infra://aws/{region}/topology Live topology graph as Cytoscape JSON
infra://aws/{region}/health Health status summary with issue counts
infra://aws/{region}/costs Estimated monthly cost breakdown

MCP Prompts (guided multi-step workflows):

Prompt Description
diagnose-infrastructure Discover, diagnose, and recommend fixes
cost-optimization Find cost-saving opportunities
security-audit Check for open SGs, public DBs, unencrypted storage
incident-triage Trace unhealthy resources through dependency chain

Example conversations with your AI agent:

  • "Show me all orphan resources in us-east-1"
  • "What's our estimated monthly spend?"
  • "Fix the unhealthy targets on my ALB"
  • "Check for Terraform drift against my state file"
  • "Run a security audit on eu-west-1"

๐Ÿ”’ Security

sudiviz is built with security in mind. Every release is scanned for vulnerabilities.

Check Status
Bandit SAST โœ… No issues
XSS Protection โœ… HTML sanitization enabled
Dependency CVEs โœ… All patched
Hardcoded Secrets โœ… None
Shell Injection โœ… No shell=True
Code Injection โœ… No eval()

Run security scan locally:

pip install bandit[toml]
bandit -c pyproject.toml -r sudiviz/

๐Ÿ”„ Terraform Drift

terraform show -json > tfstate.json
sudiviz drift --tfstate tfstate.json

๐Ÿ“Š CI Integration

# Fail CI on critical issues
sudiviz diagnose --json | jq '.diagnosis.fixes[] | select(.severity=="critical")'

# Drift detection gate
sudiviz drift --tfstate tfstate.json --json
Exit Code Meaning
0 No issues
1 Drift detected
2 Critical issues found

๐Ÿ“ธ More Screenshots

Click to expand

AWS Resource Icons + Multi-Region Topology

Web Graph

Each node shows a colour-coded AWS icon. Switch regions live from the dropdown in the top bar (us-east-1, us-east-2, eu-west-1, us-west-2 and more).

Security Group Ingress/Egress Flows (Dark Mode)

Ingress Traffic

Terminal TUI

TUI

Diagnose Output

Diagnose

Auto-Fix Preview

Fix

Traffic Flow Animation (Dark Mode)

Traffic

Health Heatmap

Heatmap

Cluster Grouping (Dark Mode)

Cluster

Cost Heatmap (FinOps)

Cost


๐Ÿ†š Comparison

Feature sudiviz Hava.io Cloudcraft
Live data โœ… โŒ โŒ
AWS resource icons โœ… โœ… โœ…
Multi-region switcher โœ… โœ… โœ…
Auto-fix โœ… โŒ โŒ
Traffic animation โœ… โŒ โŒ
Health heatmaps โœ… โŒ โŒ
Cost heatmap โœ… โŒ โŒ
Cluster grouping โœ… โŒ โŒ
Terraform drift โœ… โŒ โŒ
Orphan detection โœ… โŒ โŒ
MCP / AI agent โœ… โŒ โŒ
Free & open source โœ… GPL-3.0 $29/mo $49/mo

๐Ÿ” IAM Permissions

Read-only (sudiviz diagnose):

  • ReadOnlyAccess AWS managed policy

Write (sudiviz fix --apply):

  • AmazonEC2FullAccess
  • ElasticLoadBalancingFullAccess
  • AmazonS3FullAccess
  • AmazonRDSFullAccess

๐Ÿ“– Documentation

AWS Services Discovered
Service What's collected
ALB / NLB Load balancers, listeners, rules
Target Groups Health status per target
EC2 State, IPs, security groups
Security Groups Ingress/egress rules
ECS Clusters, services, task counts
EKS Clusters, node groups
RDS Instances, encryption, public access
Lambda Functions, VPC config
S3 Buckets, encryption, public access
Diagnostic Rules
Check Severity
Unhealthy targets critical
SG missing port from ALB critical
S3 public access open critical
RDS publicly accessible warning
Storage not encrypted warning
Orphan target group warning
Unused security group info
Architecture
sudiviz/
โ”œโ”€โ”€ cli.py           # Typer commands
โ”œโ”€โ”€ mcp_server.py    # MCP server for AI agents
โ”œโ”€โ”€ tui.py           # Textual TUI
โ”œโ”€โ”€ web.py           # FastAPI + WebSocket
โ”œโ”€โ”€ discovery/       # AWS discovery (boto3)
โ”œโ”€โ”€ graph/           # NetworkX + analyzers
โ”œโ”€โ”€ remediation/     # Auto-fix engine
โ””โ”€โ”€ web_templates/   # Cytoscape.js UI

๐Ÿ“ License

GPL-3.0-or-later โ€” see LICENSE


Built by @pydevsg

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sudiviz-1.6.1.tar.gz (95.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sudiviz-1.6.1-py3-none-any.whl (94.5 kB view details)

Uploaded Python 3

File details

Details for the file sudiviz-1.6.1.tar.gz.

File metadata

  • Download URL: sudiviz-1.6.1.tar.gz
  • Upload date:
  • Size: 95.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for sudiviz-1.6.1.tar.gz
Algorithm Hash digest
SHA256 e8807b06aebfb8cb0eff2fbd0164e4c63961c9152fd468967bcdb74c6340e6a3
MD5 b09ee753c4e5450d7f71707da0c923c1
BLAKE2b-256 b4c87f622aa5fedb6966f17402fbcad7e99047a3cf29dcd8b34a6d2b51b0ff65

See more details on using hashes here.

Provenance

The following attestation bundles were made for sudiviz-1.6.1.tar.gz:

Publisher: publish.yml on pydevsg/sudiviz

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file sudiviz-1.6.1-py3-none-any.whl.

File metadata

  • Download URL: sudiviz-1.6.1-py3-none-any.whl
  • Upload date:
  • Size: 94.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for sudiviz-1.6.1-py3-none-any.whl
Algorithm Hash digest
SHA256 a70f6dc5a16d60459e7616fa67c6ee3ecfb3de33998bcaef5c8b8af93bbcc2a5
MD5 de4da253ecc1f447fcb805c391dcd6e5
BLAKE2b-256 f857e63e9a4a9757c0c1bfec38d68c4743ad9226b46b718ca6e589857bf988de

See more details on using hashes here.

Provenance

The following attestation bundles were made for sudiviz-1.6.1-py3-none-any.whl:

Publisher: publish.yml on pydevsg/sudiviz

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page