Skip to main content

Basic Concepts

Understanding how Overmind works starts with grasping a few core concepts that underpin everything the platform does. These concepts form the foundation for how Overmind helps teams make safer infrastructure changes.

Infrastructure Discovery and Mapping​

Real-Time Topology​

Overmind builds a live map of your infrastructure by connecting to your cloud providers through read-only APIs. Unlike static scanning tools that capture snapshots, Overmind maintains an up-to-date view of your resources and their relationships.

This real-time approach means Overmind can detect:

  • Resources created outside of Terraform
  • Dependencies that span multiple AWS accounts
  • Relationships between services that aren't explicitly defined in your code

Resource Types and Sources​

A source defines how Overmind connects to your infrastructure. Each source can discover multiple resource types:

  • AWS Source: Discovers EC2 instances, RDS databases, load balancers, and 100+ other AWS resource types
  • Kubernetes Source: Maps pods, services, deployments, and other Kubernetes objects
  • Stdlib Source: Provides publicly available information like DNS records and certificates

Resources discovered through these sources become the building blocks for dependency analysis.

Changes and Analysis​

What Constitutes a Change​

In Overmind, a change represents any modification to your infrastructure that you want to analyze. This typically aligns with:

  • A Terraform plan showing proposed infrastructure modifications
  • A deployment that will affect multiple interconnected resources
  • Any infrastructure modification where you need to understand the potential impact

Change Analysis Steps​

When you create a change, Overmind performs a multi-step analysis:

  1. Mapping Resources: Terraform resources are matched to actual cloud resources
  2. Simulating Blast Radius: Dependencies are discovered and impact scope is calculated
  3. Recording Observations: Infrastructure state and relationships are captured
  4. Forming Hypotheses: AI identifies potential risk scenarios based on the observations
  5. Investigating Hypotheses: Each hypothesis is validated and risks are classified by severity

After analysis, if you apply the change, Overmind tracks the deployment and validates the outcome.

Blast Radius and Dependencies​

Understanding Blast Radius​

The blast radius of a change represents all infrastructure resources that could potentially be affected by your modification. This includes:

  • Direct dependencies: Resources you're explicitly changing
  • Indirect dependencies: Resources that depend on what you're changing
  • Cross-service relationships: Connections between different AWS services or accounts

For example, changing a security group might directly affect the instances using it, but could also impact load balancers, auto-scaling groups, and databases that rely on network connectivity.

Dependency Types​

Overmind identifies several types of dependencies:

  • Creation Dependencies: Resource A must exist before Resource B can be created
  • Runtime Dependencies: Resource A needs Resource B to function properly
  • Network Dependencies: Resources communicate with each other over the network
  • Configuration Dependencies: Resource A references Resource B in its configuration

Blast Radius Configuration​

You can configure how thoroughly Overmind analyzes dependencies:

  • Quick Scan (10 minutes): Fast analysis for immediate feedback
  • Detailed Scan (15 minutes): Balanced approach for most use cases
  • Full Scan (30 minutes): Comprehensive analysis for critical changes

Risk Prediction​

Overmind uses LLM-powered analysis to predict risks before you deploy. It goes beyond terraform plan to identify potential failure points, configuration issues, and downstream impacts.

Risk Categories​

Risks are categorized into three severity levels:

  • High: Issues that could cause significant outages or data loss
  • Medium: Issues that might affect performance or availability
  • Low: Minor issues or configuration concerns

What Risks Cover​

LLM-powered risk analysis identifies patterns including:

  • Configuration Mismatches: Settings that could block traffic or prevent services from communicating
  • Resource Constraints: Modifications that could exceed capacity or cause under-provisioning
  • Security Vulnerabilities: Changes that might expose sensitive resources
  • Dependency Conflicts: Hidden relationships that could cause cascading failures

Health and Status Indicators​

Source Health​

Sources can be in various states:

  • Healthy: Successfully discovering resources and providing current data
  • Degraded: Experiencing some issues but still functional
  • Unhealthy: Unable to discover resources or provide reliable data

Change Status​

Changes display status indicators throughout their lifecycle:

  • In Progress: Analysis is currently running
  • Completed: Analysis finished successfully
  • Failed: Analysis encountered errors
  • Partial: Some analysis steps completed, others failed

Data Flow and Processing​

The Analysis Pipeline​

When you create a change, Overmind follows this process:

  1. Parse: Extract resource information from your Terraform plan
  2. Map: Match planned changes to actual cloud resources
  3. Simulate: Calculate blast radius by discovering dependencies in real-time
  4. Observe: Record infrastructure state and relationships
  5. Hypothesize: AI forms hypotheses about potential risks
  6. Investigate: Validate hypotheses and classify risks by severity
  7. Present: Display identified risks and actionable insights

Data Security​

Throughout this process, Overmind maintains security by:

  • Using read-only access to your infrastructure
  • Stripping sensitive values from Terraform plans
  • Processing data without storing long-term infrastructure details
  • Encrypting all data in transit and at rest

User Workflows​

Developer Workflow​

  1. Make infrastructure changes locally
  2. Run overmind terraform plan to analyze impact
  3. Review blast radius and risks
  4. Adjust changes based on insights
  5. Deploy with overmind terraform apply for tracking

Team Workflow​

  1. Create pull request with infrastructure changes
  2. Overmind automatically analyzes changes via CI/CD
  3. Team reviews risk assessment in PR comments
  4. Deployment proceeds with full impact visibility
  5. Post-deployment validation confirms expected outcomes

Enterprise Workflow​

  1. Changes flow through approval pipeline
  2. Overmind provides risk context at each stage
  3. Deployment tracking captures before/after state
  4. Analysis results inform organizational learning

Getting Started​

With these concepts in mind, you're ready to start using Overmind. The key is understanding that Overmind doesn't just show you what will changeβ€”it helps you understand whether those changes are safe to make right now, in your specific environment, with your current configuration.

This foundation enables you to move from reactive fire-fighting to proactive risk management, making infrastructure changes with confidence rather than fear.