Show HN: Atlasphere – Live Infrastructure Diagrams

[andreygrehov]

Hi HN. My name is Andrey. On a regular business day, I'm a software engineer working at AWS. Outside of work hours, I spend time on my hobby - writing code.

I was once building a pet project that allowed customers to spin up fully synchronized blockchain nodes within just a few minutes. The backend was split into a control plane and a data plane, each with its own AWS account. Later I added two more AWS accounts. One for shared RPC nodes. One for the Analytics Service.

Since I love to visualize things, I used drawio to visualize the architecture.

With time, I noticed a pattern. I'd write some code, add a few lambda functions, update my drawio diagram, write more code, introduce a few more resources, test things, see that everything works fine and go to sleep with a smile on my face. Next week I'd check my diagram, and shockingly, it's missing some of the resources! This kept happening for a few more weeks until I decided to fully abandon the project until my infrastructure diagrams could stay in sync with my cloud account.

That's how Atlasphere.io was born. I've been working on it for the past 6 months and I think the product is ready for some feedback :)

A few notes:

- Atlasphere uses a ReadOnly IAM role to scan your AWS account (my account reaches your account through a trust relationship).

- The number of services is currently limited (WIP)

- It's a macOS app

- It's NOT an Electron app, i use Rust + Webview

What am I looking for? All I really need is for someone to try the app and tell me what they like about it and what they absolutely hate about it, haha!

The website is https://atlasphere.io/

[sudosteph]

Hey, First things - I used to work for AWS, unless your job is more of an evangelist thing, or unless the policy is changed, you need get approval to share side projects. So don't get in trouble over this!

Personally, I am not comfortable with cross-account access from a stranger, even if it's read only. I feel like I should be able to run something locally on my side to gather the data so I can pick and choose what actually needs diagrams

Sounds fun though!

[andreygrehov]

Hey! I did get approval, so fingers-crossed I'm good here :)

Yea, that cross-account trust is a good call out. I'll need to spend time thinking more about it. Is there anything i could do such that you could say: 'Well, in this case I'm fine with cross-account access from a stranger like you'?

[leetrout]

Curious why you have to have permission to share something done on your own time... certainly that is only related to programming but if you do your own thing on your own hardware on your own time how do they have any say in what you do or don't do?

[UltraSane]

Why would AWS have any say in what someone does in their own time?

[washbasin]

Thanks for this. Another tool in the box is always welcome. We desperately need more competitors in this arena. Please take this as loving feedback. We need more of this! This use case is very dear to my heart. I have tracked over a dozen products that claim to do what Atlasphere is offering to do, and they all seem to fall short.

The most common issues are:

- They rely on https://github.com/mingrammer/diagrams which has simply not gotten any attention for a long time. It's too out-of-date to be useful, and any issue with rendering gets a response to "go use graphviz instead"

- When pointing these tools to anything moderately complicated, they implode or create non-nonsensical diagrams. Think: VPC Peering, VPC Security Groups, multi-account resources.

- They get the cloud resources OK, but neglect primitives like routing and policies that are just as important.

Just looking at the examples on the website: Claude Code can do this natively. Just a consideration.

I will also echo what others have said: allowing another account access to ours is a non-starter, even if Read-Only. It needs to use a security principal we have complete control over.

I can't tell from the project page what IAM permissions are in your "Read-only IAM role". That's something I would also need to know, regardless of how it is deployed.

I can tell from this post and the site that this is a labor of love, and I hope you keep up the good work. Like I said, this is an area where we need more, better tools. I want projects like this to succeed.

PS: Awesome name

[andreygrehov]

Thanks for your extremely useful feedback.

> I will also echo what others have said: allowing another account access to ours is a non-starter, even if Read-Only. It needs to use a security principal we have complete control over.

You own and control the IAM role, not us. You allow Atlasphere to assume that role, and then Atlasphere's discovery service uses it to discover your resources.

Technically, Atlasphere doesn't need a ton of permissions. If you create a role that can only list, say, Lambda functions, then Atlasphere will only find Lambda functions.

IAM provides a default ReadOnly policy that can be attached to any role. This was the simplest way for me to get things going. But ReadOnly is indeed way too broad. I could generate an IAM policy based on the AWS services that Atlasphere can work with.

> I can tell from this post and the site that this is a labor of love, and I hope you keep up the good work. Like I said, this is an area where we need more, better tools. I want projects like this to succeed.

Thanks a ton! There are mind-blowing features in the roadmap. I want Atlasphere to succeed.

[washbasin]

Yes I realized after reading the response that we would control the permissions. What may not be obvious is many organizations have gatekeepers that don't understand IAM and would just not permit this at all.

On the technical side, you are probably underestimating the access you need to accurately gather the information the tool needs. For example, last time I reviewed the AWS-Managed ReadOnly role it does not allow you to read some important things like Managed Prefix Lists.

I completely understand you need a starting point and you picked a good one. Anxious to see how this proceeds. Best of luck.

[overflowy]

Showing the pricing section after downloading the app and signing up is a dark pattern, I suggest including a pricing section on the website.

[tom1337]

I was one click from downloading it and was happily surprised that the page did not talk about Pricing so I assumed it was free - went back here to check if I missed something and seems like I did...

[andreygrehov]

The application is free. But I apologize, where is the confusion coming from?

[fathermarz]

Second this

[andreygrehov]

Hey, thanks for the feedback. I do agree with you and that was not intentional. Do you actually see the pricing table in the app? I thought it's matching the website. I might have missed dropping the "upgrade" badge. I haven't fully figured the pricing model yet, so i thought hiding everything billing related for now is the simplest path forward.

[NickNaraghi]

This is brilliant. I've been really excited about Jack Dorsey's "From Hierarchy to Intelligence"[0] and I think what you've got here is a pretty important piece of the puzzle.

[0] block.xyz/inside/from-hierarchy-to-intelligence

[themantri]

Cartography[0] might be of interest to you. It creates a graph of Cloud resources.

[0] https://github.com/cartography-cncf/cartography

[smcleod]

Hello, is the source available for inspecting somewhere? It looks interesting but I wouldn't trust running something with this level of access that I couldn't inspect the source of / run myself.

[m1rsh0]

I really like the UI. Great work on that dude!