top | item 42712522

Show HN: Anyshift.io – Terraform "Superplan"

35 points| fasten | 1 year ago |app.anyshift.io

Hello Hacker News! We're Roxane, Julien, Pierre, Mawen and Stephane from Anyshift.io. We are building a GitHub app (and platform) that detects Terraform complex dependencies (hardcoded values, intricated-modules, shadow IT…), flags potential breakages, and provides a Terraform ‘Superplan’ for your changes. To do that we create and maintain a digital twin of your infrastructure using Neo4j.

- 2 min demo : https://app.guideflow.com/player/dkd2en3t9r - try it now: https://app.anyshift.io/ (5min setup).

We experienced how dealing with IaC/Terraform is complex and opaque. Terraform ‘plans’ are hard to navigate and intertwined dependencies are error prone: one simple change in a security group, firewall rules, subnet CIDR range... can lead to a cascading effect of breaking changes.

I’ve dealt in production with those issues since Terraform’s early days. In 2016, I wrote a book about Infrastructure-as-code and created driftctl based on those experiences (open source tool to manage drifts which was acquired by Snyk).

Our team is building Anyshift because we believe this problem of complex dependencies is unresolved and is going to explode with AI-generated code (more legacy, weaker sense of ownership). Unlike existing tools (Terraform Cloud/Stacks, Terragrunt, etc...), Anyshift uses a graph-based approach that references the real environment to uncover hidden, interlinked changes.

For instance, changing a subnet can force an ENI to switch IP addresses, triggering an EC2 reconfiguration and breaking DNS referenced records. Our GitHub app identifies these hidden issues, while our platform uncovers unmanaged “shadow IT” and lets you search any cloud resource to find exactly where it’s defined in your Terraform code.

To do so, one of our key challenges was to achieve a frictionless setup, so we created an event-driven reconciliation system that unifies AWS resources, Terraform states, and code in a Neo4j graph database. This “time machine” of your infra updates automatically, and for each PR, we query it (via Cypher) to see what might break.

Thanks to that, the onboarding is super fast (5 min): 1. Install the Github app 2. Grant AWS read only access to the app

The choice of a graph database was a way for us to avoid scale limitations compared to relational databases. We already have a handful of enterprise customers running it in prod and can query hundreds of thousands of relationships with linear search times. We'd love you to try our free plan to see it in action

We're excited to share this with you, thanks for reading! Let us know your thoughts or questions here or in our future Slack discussions. Roxane, Julien, Pierre, Mawen and Stephane!

42 comments

kestane|1 year ago

Hi Stephane, You might run into scale or cost issues soon with Neo4J. Check out https://kuzudb.com/ instead for your graph database.

wg337|1 year ago

This is such a cool idea! I’ve run into the pain of navigating Terraform dependencies before, and your graph-based approach feels really promising.

I’m especially intrigued by the "time machine", how does it manage historical state changes in larger environments without requiring you to start a side-business in cloud storage? ^^

Excited to give this a spin. Amazing work!

fasten|1 year ago

This mean searching through time and changes. Imagine prod is on fire and api returns 500. Often you need to check through logs, git, cloud consoles, kub configs etc... with the time machine, Anyshift will directly return the list of 5 changes that occured during the week, including the autoscaler and who did the change

RobertCrumbs|1 year ago

Congrats on Anyshift.io—it looks amazing! Quick question: how does the GitHub app handle complex pull requests with multiple Terraform files? Does it flag dependencies across modules in real-time?

Looking forward to trying it out!

fasten|1 year ago

We can handle multiple changes in the same PR thanks to our graph, a digital twin of your infra. We will query each changes separately, so it can support Terraform files. But you're right on one point : if multiple PR are open, we don't have a chronological way to treat them (to take into account the first PR and its impact and based on that do the analysis on the second PR etc..).

estellebotbol|1 year ago

Amazing product addressing a truly real pain point—such a game-changer. The team is also stellar. Been hoping to see something like this for a while. Excited to see the impact, this will definitely be big!

fasten|1 year ago

Thanks for your kind words!!

emmtold|1 year ago

Cool post, thank you for sharing, it could be a useful use case indeed.

You mention AI-generated code causing dependency issues. Are there plans to integrate AI-driven recommendations?

fasten|1 year ago

Thanks for the feedback! We already use AI in the PR to explain whats happening and the best practices to adopt. As for the code remediation part: most LLMs fail to generate the right IaC code thats adapted to your infra because they miss its general context (config, dependencies..). We are building first the deterministic part (the context) and once we have the context our plan is to add the fix/recommendation in the change.

gastonv|1 year ago

Sounds amazing! Very smart approach to solve the complex Terraform dependency issues. The T1 team behind the projet makes it very exciting!

fasten|1 year ago

thanks for your feedback!

ericmahe|1 year ago

Outstanding solution for gaining a holistic view of your cloud infrastructure and accelerate change and remediation

lauraac|1 year ago

Super exciting and well thought out! The team looks amazing, can’t wait to follow your progress!

geraldC13|1 year ago

Terraform plan on steroids? Love it Do you have plans to interlink with other observability platforms?

fasten|1 year ago

we are thinking to add live monitoring data to it such as datadog or prometheus. What do you use ?

jtol|1 year ago

Do you provide insights on cost optimization as part the dependency analysis?

willydouhard|1 year ago

This looks great! Any plan to support other languages like bicep?

MichaLevy|1 year ago

Congrats! Sounds amazing and could be very useful!

gregvers|1 year ago

Super interesting! This will save my time

gfaivre|1 year ago

how seamless is the onboarding process for heavily customized workflows (Terraform + scripts)

fasten|1 year ago

Most IaC setups will generate a terraform state, wheter in a directory (s3 bucket, hcp...) or on the fly. As long as we are able to access them we will be able to create a reconciliation at some point. which framework do you use?

benjipick|1 year ago

sounds cool but how do you prevent it from false positives? What’s the accuracy rate so far?

fasten|1 year ago

In our Pull Request bot, we provide more information with a clear sumup of whats gonna be impacted. One of our next feature is to configure what type of information is more critical to you: by type of resources, owner (git blame) and tags. Do you have one that you would prefer in particular ?

NatachaBrm|1 year ago

Such a cool product, congrats!

supersamsam|1 year ago

Super cool ! Can we test this ?

fasten|1 year ago

yes directly by signing up on our app https://app.anyshift.io/sign-in

joeyagreco|1 year ago

almost all of the positive responses on here are from brand new accounts...

zoemohl|1 year ago

Very cool product!!

tact_boy|1 year ago

Pretty epic product!

PampelDee|1 year ago

So cool!

ELIOTOS|1 year ago

very cool release !

skandere-sahli|1 year ago

[deleted]

likewisetelecon|1 year ago

[deleted]

villqrd|1 year ago

[deleted]

mikefromkuli|1 year ago

[deleted]