Generate interactive architecture diagrams from Terraform configurations
Project description
terraformgraph
Generate interactive architecture diagrams from your Terraform configurations. Supports AWS resources with automatic service grouping, relationship detection, and beautiful SVG/HTML output.
Features
- Automatic parsing of Terraform HCL files with state integration
- Smart resource grouping into logical services (ECS, RDS, S3, etc.)
- Relationship detection based on resource references
- VPC structure visualization with subnets and availability zones
- VPC endpoint visualization with service-specific icons (S3, DynamoDB, ECR, etc.)
- Accurate resource positioning using Terraform state
- Interactive HTML output with:
- Drag-and-drop repositioning of service icons
- Click-to-highlight connections between services
- Click-to-highlight source and target endpoints
- Save/Load layout persistence
- Zoom and pan navigation
- PNG/JPG export directly from the browser
- Customizable via YAML configuration files
- No cloud credentials required - works entirely offline
Prerequisites
Required
- Python 3.9+ (3.9, 3.10, 3.11, or 3.12)
- pip (Python package manager)
- Terraform CLI - Required for generating state JSON
Optional
- AWS Architecture Icons - For beautiful service icons (see With AWS Icons)
Terraform Setup
Before using terraformgraph, initialize and apply your Terraform configuration:
cd ./infrastructure
terraform init
terraform apply # or terraform plan for undeployed infrastructure
This creates the state data that terraformgraph uses for accurate diagram generation.
Installation
From PyPI
pip install terraformgraph
From Source
git clone https://github.com/ferdinandobons/terraformgraph.git
cd terraformgraph
pip install -e .
Development Installation
For contributing or running tests:
git clone https://github.com/ferdinandobons/terraformgraph.git
cd terraformgraph
pip install -e ".[dev]"
This installs additional development dependencies:
pytest- Testing frameworkpytest-cov- Code coverageblack- Code formattingruff- Lintingmypy- Type checking
Quick Start
Basic Usage
Generate a diagram from a Terraform directory:
terraformgraph -t ./infrastructure
This creates terraformgraph.html in the current directory.
Note: The tool automatically generates state JSON from terraform show -json if no cached state exists. Make sure your Terraform is initialized (terraform init) before running.
With Environment Subdirectories
If your Terraform is organized by environment:
terraformgraph -t ./infrastructure -e prod -o prod-diagram.html
With Pre-generated State File
If you want to generate the state file manually (useful for CI/CD):
# Generate state JSON
cd ./infrastructure
terraform show -json > state.json
# Use it with terraformgraph
terraformgraph -t ./infrastructure --state-file state.json
Force State Refresh
To regenerate the cached state file:
terraformgraph -t ./infrastructure --refresh-state
With AWS Icons
For beautiful AWS service icons, download the AWS Architecture Icons and extract them:
terraformgraph -t ./infrastructure -i ./AWS_Icons
The tool also auto-discovers icons in these locations:
./aws-official-icons~/aws-official-icons~/.terraformgraph/icons
Command Line Options
| Option | Short | Required | Description |
|---|---|---|---|
--terraform |
-t |
Yes | Path to Terraform directory |
--environment |
-e |
No | Environment subdirectory (dev, staging, prod) |
--icons |
-i |
No | Path to AWS icons directory |
--output |
-o |
No | Output HTML file path (default: terraformgraph.html) |
--verbose |
-v |
No | Enable debug output |
--state-file |
-s |
No | Path to pre-generated state JSON file |
--refresh-state |
No | Force regeneration of cached state file |
Examples
# Basic usage (auto-generates state)
terraformgraph -t ./infrastructure
# With environment
terraformgraph -t ./infrastructure -e prod
# With custom output
terraformgraph -t ./infrastructure -o my-diagram.html
# With AWS icons
terraformgraph -t ./infrastructure -i ~/Downloads/AWS_Icons
# With pre-generated state file
terraformgraph -t ./infrastructure -s state.json
# Force state refresh
terraformgraph -t ./infrastructure --refresh-state
# Full options with verbose output
terraformgraph -t ./infrastructure -e prod -i ./icons -o prod.html -v
How It Works
- State Acquisition: terraformgraph reads Terraform state (from cached file, provided file, or auto-generated via
terraform show -json) - HCL Parsing: Parses
.tffiles to understand resource structure and relationships - Resource Aggregation: Groups resources into logical services (e.g., all ECS-related resources into an "ECS" service)
- VPC Structure: Builds VPC topology with availability zones, subnets, and endpoints
- Layout Computation: Calculates optimal positions for services in the diagram
- HTML Generation: Creates interactive SVG diagram with pan, zoom, and drag capabilities
Configuration
Custom Aggregation Rules
Create ~/.terraformgraph/aggregation_rules.yaml to customize how resources are grouped:
compute:
my_custom_service:
primary: ["aws_my_resource"]
secondary: ["aws_my_helper"]
in_vpc: true
Custom Connections
Create ~/.terraformgraph/logical_connections.yaml to define service relationships:
connections:
- source: my_service
target: another_service
label: "Custom Connection"
type: data_flow
Supported Resources
The tool supports 100+ AWS resource types including:
Compute
- ECS (Clusters, Services, Task Definitions)
- EC2 (Instances, Auto Scaling Groups, Launch Templates)
- Lambda (Functions, Layers, Event Source Mappings)
- EKS (Clusters, Node Groups)
- Batch (Compute Environments, Job Queues)
Networking
- VPC (VPCs, Subnets, Route Tables, Internet Gateways)
- VPC Endpoints (Gateway and Interface types)
- Load Balancers (ALB, NLB, Target Groups)
- Route53 (Zones, Records)
- CloudFront (Distributions)
- API Gateway (REST and HTTP APIs)
Storage
- S3 (Buckets, Bucket Policies)
- EBS (Volumes, Snapshots)
- EFS (File Systems, Mount Targets)
Database
- RDS (Instances, Clusters, Parameter Groups)
- DynamoDB (Tables, Global Tables)
- ElastiCache (Clusters, Replication Groups)
- DocumentDB, Neptune, Redshift
Messaging & Integration
- SQS (Queues)
- SNS (Topics, Subscriptions)
- EventBridge (Rules, Event Buses)
- Step Functions (State Machines)
- Kinesis (Streams, Firehose)
Security
- IAM (Roles, Policies, Users, Groups)
- KMS (Keys, Aliases)
- Secrets Manager (Secrets)
- WAF (Web ACLs, Rules)
- Security Groups
Monitoring & Management
- CloudWatch (Alarms, Log Groups, Dashboards)
- CloudTrail
- Config Rules
And many more...
See the full list in the aggregation_rules.yaml configuration file.
Output
The generated HTML file includes:
Interactive Features
- Pan and Zoom - Navigate large diagrams easily
- Drag-and-drop - Reposition service icons within their containers
- Click connections - Click any connection line to highlight the data flow
- Click services - Click any service to see all its connections highlighted
- Save layout - Persist your custom icon positions to browser storage
- Load layout - Restore previously saved positions
Export Options
- PNG Export - High-quality raster image
- JPG Export - Compressed raster image
Visual Elements
- VPC containers with subnet boundaries
- Availability zone indicators
- Service icons (with AWS icons or colored fallbacks)
- Connection lines showing relationships
- Resource counts for grouped resources
- Legend with interaction instructions
Project Structure
terraformgraph/
├── terraformgraph/
│ ├── __init__.py # Package init with version
│ ├── __main__.py # Entry point for python -m
│ ├── main.py # CLI entry point
│ ├── parser.py # Terraform HCL parser
│ ├── aggregator.py # Resource grouping logic
│ ├── layout.py # Diagram layout engine
│ ├── renderer.py # SVG/HTML renderer
│ ├── icons.py # AWS icon mapper
│ ├── terraform_tools.py # Terraform CLI integration
│ ├── variable_resolver.py # Variable resolution
│ └── config/ # Default configuration files
├── tests/ # Test suite
├── example/ # Example Terraform configs
└── docs/ # Documentation
Running Tests
# Run all tests
pytest
# Run with coverage
pytest --cov=terraformgraph
# Run specific test file
pytest tests/test_parser.py
# Run with verbose output
pytest -v
Contributing
Contributions are welcome! Please see CONTRIBUTING.md for guidelines.
Development Workflow
- Fork the repository
- Create a feature branch
- Make your changes
- Run tests:
pytest - Format code:
black terraformgraph/ - Lint code:
ruff check terraformgraph/ - Submit a pull request
Changelog
See CHANGELOG.md for version history and changes.
License
MIT License - see LICENSE for details.
Author
Ferdinando Bonsegna - GitHub
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file terraformgraph-1.0.4.tar.gz.
File metadata
- Download URL: terraformgraph-1.0.4.tar.gz
- Upload date:
- Size: 82.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f0fca68462691b7340e8b92948669c84626ba8266d6fae48f1083ae56bbf340f
|
|
| MD5 |
d49aff129b8b0b9fff6c3637422d10a4
|
|
| BLAKE2b-256 |
fcfff4c6ac19daa8f72abfaa3339666798ce511f4097b31d164991015f1aa352
|
File details
Details for the file terraformgraph-1.0.4-py3-none-any.whl.
File metadata
- Download URL: terraformgraph-1.0.4-py3-none-any.whl
- Upload date:
- Size: 72.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
526a998730bb9e687df1e40126142f6a3f0bbe851ab0098663032255c9711b55
|
|
| MD5 |
975f837c74808b3a7cc015e11c49a701
|
|
| BLAKE2b-256 |
02bd7248bfa7cbb1493389e44368144bc356af593292bf7740d3a61fe43aa4ab
|
