Terraform Governance for AWS Cloud

Impact analysis, against runtime,
before deployment.

Prevent Security, Cost and Availability misconfigurations.
Terraform AWS IAM change impact
See how changes to an IAM policy can impact a K8s pod that is already running.
Terraform change impact
tfRails mimics AWS behavior and simulates all resources that will be created post apply,
such as EC2 instances, ENIs, and EBS volumes for an ASG created with a launch template.
Terraform change topology visualization
Observe the effects of the modification with a topology graph.
terraform aws change simulation
Identify deviations from best practices before they become harder to remedy.
When using traditional static Scanners and Terraform Plan you are missing critical aspects:

The context and potential impact on the live environment.

Dont Scan. Simulate.

Now you can fully understand
the impact of any change.

  • Discover the dependencies of the things you’re going to change.

  • Identify the entire blast radius that are otherwise hard to predict from a Terraform plan.

  • Predict potential availability issues that may break things and cause downtime.

  • Test each change against best practices for security, compliance, cost, availability and collective knowledge.

  • Understand how the change is going to impact on reachability and costs, validate that it meets your intent.

Terraform visualization
Cover your terraform PRs with context-aware governance
terraform aws security validation
Security & Compliance
Shift left Compliance, CSPM and CIEM to the PR stages, the only tool that merges your runtime state to the build stage with the full posture.
terraform aws cost validation
Cloud Costs
Validate each change is optimized for cost best practices and your organizational standards.
terraform aws resilience validation
Make sure your architecture is resilient before deployment while Terraform changes are still easy to fix.
Easily tune controls and enforce custom-made posture based policies.
AWS guardrails
aws custom policies
Example #1

Expect only billing microservice to access billing DynamoDB table.

aws best practicies
Example #2

Connectivity across regions should be via TGW and not VPC Peering.

Terraform Impact Simulation

How does it work?

Lightlytics simulation engine merges the run-time configuration state of your cloud, including resources not managed by terraform,  with the Terraform code proposed change, to determine how your cloud is going to be impacted if the code gets deployed.

Integrate into any workflow in under 5min

Easily connect Lightlytics terraform analysis into your existing IaC deployment flow or run it as you develop in your favorite IDE.
We support Github, Gitlab, Bitbucket, Terraform Cloud, Atlantis Jenkins and many more out of the box.

terraform code scan
Free webinar

Real-time Simulation with Lightlytics on Hashicorp Terraform

hashicorp terraformlightlytics

Frequently asked questions:

How does Lightlytics Simulation differ from Terraform Plan?

Terraform plan reveals upcoming changes but lacks context or impact details on the wider application/infrastructure.

How does Lightlytics Simulation differ from static code analysis tools?

Lightlytics is a context-aware tool that creates advanced models of your live environment infrastructure states along with the proposed change. With these models, Lightlytics can predict the impact of IaC changes and enforce standards at the posture level before deployment.

How does the integration process take place?

Lightlytics quickly integrates into your cloud account using read-only IAM permissions. Lightlytics integrates with CloudTrail using a CloudWatch event rule to maintain a genuinely up-to-date posture on each configuration change. IaC is integrated via a webhook that can be connected with various methods such as Github action, Jenkins, Terraform Cloud, and the like.

Which cloud providers do you support?

We currently support AWS.
Azure and GCP will be supported in the near future.

Which IaC formats do you support?

We currently support Terraform.
Helm, Pulumi and CloudFormation will be supported in the near future.

How much does Lightlytics cost?

For more information about Lightlytics subscriptions plans, visit our pricing page

Can I run Lightlytics in my own environment?

No. Lightlytics is a SaaS platform that can't be self-hosted currently.

How can I be sure that my data is secure?

At Lightlytics, security is our number one priority. We take security into consideration at every level and with every aspect of our engineering workflow. We are proud to be a SoC2 Type2 certified.

Which of my team members would benefit from Lightlytics?

Lightlytics primarily benefits those working on infrastructure configuration. Anyone involved with changing infrastructure configuration will benefit from Lightlytics to deploy changes faster and more securely.Lightlytics also benefits SecOps teams by analyzing their cloud environment exposure to external threats and enforcing organization-wide context-driven security standards both before deployment and in real-time.

Deploy cloud infrastructure changes with confidence. Troubleshoot faster with the complete context of your cloud environment.
Announcing Lightlytics $30M Series A Fundraising Round ->