Basic Concepts
Understanding how Overmind works starts with grasping a few core concepts that underpin everything the platform does. These concepts form the foundation for how Overmind helps teams make safer infrastructure changes.
Infrastructure Discovery and Mapping
Real-Time Topology
Overmind builds a live map of your infrastructure by connecting to your cloud providers through read-only APIs. Unlike static scanning tools that capture snapshots, Overmind maintains an up-to-date view of your resources and their relationships.
This real-time approach means Overmind can detect:
- Resources created outside of Terraform
- Dependencies that span multiple AWS accounts
- Relationships between services that aren't explicitly defined in your code
Resource Types and Sources
A source defines how Overmind connects to your infrastructure. Each source can discover multiple resource types:
- AWS Source: Discovers EC2 instances, RDS databases, load balancers, and 100+ other AWS resource types
- Kubernetes Source: Maps pods, services, deployments, and other Kubernetes objects
- Stdlib Source: Provides publicly available information like DNS records and certificates
Resources discovered through these sources become the building blocks for dependency analysis.
Changes and Analysis
What Constitutes a Change
In Overmind, a change represents any modification to your infrastructure that you want to analyze. This typically aligns with:
- A Terraform plan showing proposed infrastructure modifications
- A deployment that will affect multiple interconnected resources
- Any infrastructure modification where you need to understand the potential impact
Change States
Changes move through several states during their lifecycle:
- Created: Change has been submitted for analysis
- Mapped: Terraform resources have been matched to actual infrastructure
- Analyzed: Blast radius has been calculated
- Risk Assessed: Potential issues have been identified
- Started: Deployment has begun (if applying changes)
- Validated: Post-deployment verification has completed
Blast Radius and Dependencies
Understanding Blast Radius
The blast radius of a change represents all infrastructure resources that could potentially be affected by your modification. This includes:
- Direct dependencies: Resources you're explicitly changing
- Indirect dependencies: Resources that depend on what you're changing
- Cross-service relationships: Connections between different AWS services or accounts
For example, changing a security group might directly affect the instances using it, but could also impact load balancers, auto-scaling groups, and databases that rely on network connectivity.
Dependency Types
Overmind identifies several types of dependencies:
- Creation Dependencies: Resource A must exist before Resource B can be created
- Runtime Dependencies: Resource A needs Resource B to function properly
- Network Dependencies: Resources communicate with each other over the network
- Configuration Dependencies: Resource A references Resource B in its configuration
Blast Radius Configuration
You can configure how thoroughly Overmind analyzes dependencies:
- Quick Scan: Fast analysis for immediate feedback
- Detailed Scan: Balanced approach for most use cases
- Full Scan: Comprehensive analysis for critical changes
- Custom Scan: Tailored parameters for specific requirements
Risk Assessment
Risk Categories
Overmind categorizes risks into three levels:
- High 🔥: Issues that could cause significant outages or data loss
- Medium !: Problems that might affect performance or availability
- Low ⁉: Minor issues or configuration concerns
Risk Types
Common risk patterns include:
- Configuration Mismatches: Settings that could block traffic or prevent services from communicating
- Timing Issues: Changes that might cause problems during peak traffic hours
- Resource Constraints: Modifications that could exceed capacity limits
- Security Vulnerabilities: Changes that might expose sensitive resources
Health and Status Indicators
Source Health
Sources can be in various states:
- Healthy: Successfully discovering resources and providing current data
- Degraded: Experiencing some issues but still functional
- Unhealthy: Unable to discover resources or provide reliable data
Change Status
Changes display status indicators throughout their lifecycle:
- In Progress: Analysis is currently running
- Completed: Analysis finished successfully
- Failed: Analysis encountered errors
- Partial: Some analysis steps completed, others failed
Data Flow and Processing
The Analysis Pipeline
When you create a change, Overmind follows this process:
- Parse: Extract resource information from your Terraform plan
- Map: Match planned changes to actual infrastructure resources
- Discover: Query your infrastructure to understand current state
- Analyze: Calculate blast radius and identify dependencies
- Assess: Evaluate potential risks using pattern recognition
- Present: Provide actionable insights and recommendations
Data Security
Throughout this process, Overmind maintains security by:
- Using read-only access to your infrastructure
- Stripping sensitive values from Terraform plans
- Processing data without storing long-term infrastructure details
- Encrypting all data in transit and at rest
User Workflows
Developer Workflow
- Make infrastructure changes locally
- Run
overmind terraform planto analyze impact - Review blast radius and risks
- Adjust changes based on insights
- Deploy with
overmind terraform applyfor tracking
Team Workflow
- Create pull request with infrastructure changes
- Overmind automatically analyzes changes via CI/CD
- Team reviews risk assessment in PR comments
- Deployment proceeds with full impact visibility
- Post-deployment validation confirms expected outcomes
Enterprise Workflow
- Changes flow through approval pipeline
- Overmind provides risk context at each stage
- Deployment tracking captures before/after state
- Analysis results inform organizational learning
Getting Started
With these concepts in mind, you're ready to start using Overmind. The key is understanding that Overmind doesn't just show you what will change—it helps you understand whether those changes are safe to make right now, in your specific environment, with your current configuration.
This foundation enables you to move from reactive fire-fighting to proactive risk management, making infrastructure changes with confidence rather than fear.