Hacker News: fasten

New comment by fasten in "Show HN: Anyshift.io – Terraform "Superplan""

fasten — Thu, 16 Jan 2025 10:11:25 +0000

thats the first one we are thinking about, thats great thanks

New comment by fasten in "Show HN: Anyshift.io – Terraform "Superplan""

fasten — Wed, 15 Jan 2025 18:18:46 +0000

Most IaC setups will generate a terraform state, wheter in a directory (s3 bucket, hcp...) or on the fly. As long as we are able to access them we will be able to create a reconciliation at some point. which framework do you use?

New comment by fasten in "Show HN: Anyshift.io – Terraform "Superplan""

fasten — Wed, 15 Jan 2025 17:39:00 +0000

thanks for your feedback!

New comment by fasten in "Show HN: Anyshift.io – Terraform "Superplan""

fasten — Wed, 15 Jan 2025 17:38:42 +0000

We can handle multiple changes in the same PR thanks to our graph, a digital twin of your infra. We will query each changes separately, so it can support Terraform files. But you're right on one point : if multiple PR are open, we don't have a chronological way to treat them (to take into account the first PR and its impact and based on that do the analysis on the second PR etc..).

New comment by fasten in "Show HN: Anyshift.io – Terraform "Superplan""

fasten — Wed, 15 Jan 2025 17:28:08 +0000

super interesting thanks! for having config combined

New comment by fasten in "Show HN: Anyshift.io – Terraform "Superplan""

fasten — Wed, 15 Jan 2025 17:23:03 +0000

This mean searching through time and changes. Imagine prod is on fire and api returns 500. Often you need to check through logs, git, cloud consoles, kub configs etc... with the time machine, Anyshift will directly return the list of 5 changes that occured during the week, including the autoscaler and who did the change

New comment by fasten in "Show HN: Anyshift.io – Terraform "Superplan""

fasten — Wed, 15 Jan 2025 17:21:19 +0000

we are thinking to add live monitoring data to it such as datadog or prometheus. What do you use ?

New comment by fasten in "Show HN: Anyshift.io – Terraform "Superplan""

fasten — Wed, 15 Jan 2025 17:00:06 +0000

The tools we are aware of will create a 1-to-1 mapping to some code, but very often with hardcoded values because they lack the full context of your infrastructure. This can lead to potential incidents in the future (broken dependencies / visibility). This is at least the way we are approaching it, and why we want to build this "deterministic" part first and then use it as context to the LLMs.

New comment by fasten in "Show HN: Anyshift.io – Terraform "Superplan""

fasten — Wed, 15 Jan 2025 16:56:50 +0000

About having differents models challenging each other, I haven’t seen anything useful yet but I understand where you are going. Might be a future direction

New comment by fasten in "Show HN: Anyshift.io – Terraform "Superplan""

fasten — Wed, 15 Jan 2025 16:50:36 +0000

yes directly by signing up on our app https://app.anyshift.io/sign-in

New comment by fasten in "Show HN: Anyshift.io – Terraform "Superplan""

fasten — Wed, 15 Jan 2025 16:49:51 +0000

Agreed 100%. LLMs are doing solid job at generating IaC but in a context where the person who use them knows what he/she's doing. In our case, remediaiton means an extra level of trust, where your infra is already super sensitive.

New comment by fasten in "Show HN: Anyshift.io – Terraform "Superplan""

fasten — Wed, 15 Jan 2025 16:22:37 +0000

In our Pull Request bot, we provide more information with a clear sumup of whats gonna be impacted. One of our next feature is to configure what type of information is more critical to you: by type of resources, owner (git blame) and tags. Do you have one that you would prefer in particular ?

New comment by fasten in "Show HN: Anyshift.io – Terraform "Superplan""

fasten — Wed, 15 Jan 2025 16:21:43 +0000

Thanks for the feedback! We already use AI in the PR to explain whats happening and the best practices to adopt. As for the code remediation part: most LLMs fail to generate the right IaC code thats adapted to your infra because they miss its general context (config, dependencies..). We are building first the deterministic part (the context) and once we have the context our plan is to add the fix/recommendation in the change.

New comment by fasten in "Show HN: Anyshift.io – Terraform "Superplan""

fasten — Wed, 15 Jan 2025 16:20:42 +0000

Thanks for your kind words!!

Show HN: Anyshift.io – Terraform "Superplan"

fasten — Wed, 15 Jan 2025 16:00:49 +0000

Hello Hacker News! We're Roxane, Julien, Pierre, Mawen and Stephane from Anyshift.io. We are building a GitHub app (and platform) that detects Terraform complex dependencies (hardcoded values, intricated-modules, shadow IT…), flags potential breakages, and provides a Terraform ‘Superplan’ for your changes. To do that we create and maintain a digital twin of your infrastructure using Neo4j.

- 2 min demo : https://app.guideflow.com/player/dkd2en3t9r - try it now: https://app.anyshift.io/ (5min setup).

We experienced how dealing with IaC/Terraform is complex and opaque. Terraform ‘plans’ are hard to navigate and intertwined dependencies are error prone: one simple change in a security group, firewall rules, subnet CIDR range... can lead to a cascading effect of breaking changes.

I’ve dealt in production with those issues since Terraform’s early days. In 2016, I wrote a book about Infrastructure-as-code and created driftctl based on those experiences (open source tool to manage drifts which was acquired by Snyk).

Our team is building Anyshift because we believe this problem of complex dependencies is unresolved and is going to explode with AI-generated code (more legacy, weaker sense of ownership). Unlike existing tools (Terraform Cloud/Stacks, Terragrunt, etc...), Anyshift uses a graph-based approach that references the real environment to uncover hidden, interlinked changes.

For instance, changing a subnet can force an ENI to switch IP addresses, triggering an EC2 reconfiguration and breaking DNS referenced records. Our GitHub app identifies these hidden issues, while our platform uncovers unmanaged “shadow IT” and lets you search any cloud resource to find exactly where it’s defined in your Terraform code.

To do so, one of our key challenges was to achieve a frictionless setup, so we created an event-driven reconciliation system that unifies AWS resources, Terraform states, and code in a Neo4j graph database. This “time machine” of your infra updates automatically, and for each PR, we query it (via Cypher) to see what might break.

Thanks to that, the onboarding is super fast (5 min): 1. Install the Github app 2. Grant AWS read only access to the app

The choice of a graph database was a way for us to avoid scale limitations compared to relational databases. We already have a handful of enterprise customers running it in prod and can query hundreds of thousands of relationships with linear search times. We'd love you to try our free plan to see it in action

We're excited to share this with you, thanks for reading! Let us know your thoughts or questions here or in our future Slack discussions. Roxane, Julien, Pierre, Mawen and Stephane!

Comments URL: https://news.ycombinator.com/item?id=42712522

Points: 35

# Comments: 42

New comment by fasten in "Show HN: Boulette - Protect you from yourself (even as root)."

fasten — Tue, 14 Jan 2025 15:01:20 +0000

nice approach. highlighting key info like hostname can definitely help prevent mistakes

New comment by fasten in "Show HN: Stagehand – an open source browser automation framework powered by AI"

fasten — Tue, 14 Jan 2025 14:58:51 +0000

cool extension to playwright! how effective are the ai methods in handling dynamic ui changes?

New comment by fasten in "Show HN: Kate's App"

fasten — Tue, 14 Jan 2025 14:58:01 +0000

how are you ensuring data privacy and security? excited to see it go GA

New comment by fasten in "Show HN: Ultra-portable Gantt chart tool for very regulated environments"

fasten — Tue, 14 Jan 2025 14:57:16 +0000

sounds cool! ->how do you handls larger projects or integrates with existing workflows such as jira

New comment by fasten in "Show HN: TubePen – My attempt to get more out of YouTube learning"

fasten — Tue, 14 Jan 2025 14:55:46 +0000

nice!-> how well does the url replacement work across different browsers and devices?