Infrastructure Catalog

Discover unmanaged cloud resources

Gap Analysis compares what's running in your cloud against what Terraform manages—then generates the HCL to close the gap. Browse states, explore instances, query everything with SQL, build dashboards.

States Browser Instance Explorer SQL Queries Dashboards Gap Analysis Modules Resource Types

UNIQUE TO STATEGRAPH

Gap Analysis

Compare Terraform state against what's actually running in your cloud—AWS and GCP today. Find the ClickOps debt: the EC2 instances, S3 buckets, and security groups nobody remembers creating.

Actual Cloud Resources

api-prod-1

db-primary

logs-bucket

test-vm-42

staging-sg

tmp-bucket

6 resources

In Terraform State

api-prod-1

db-primary

logs-bucket

3 resources

3 Unmanaged Resources

test-vm-42 · staging-sg · tmp-bucket

close the gap

$ stategraph tenant gaps import --tenant $TENANT_ID unmanaged.json

✓ Terraform import blocks generated

✓ Resource HCL generated — review, commit, apply

Discovery is half the job. Stategraph also writes the import blocks and starter HCL that bring unmanaged resources under Terraform—so the finding becomes a pull request, not a backlog ticket.

SQL for Infrastructure

Every resource attribute is queryable across 18 tables—resources, instances, outputs, transactions and their logs, cost snapshots, even the HCL itself. Find compliance gaps, audit configurations, answer any question about your infrastructure. How SQL inventory works →

stategraph sql query

-- Find all publicly accessible S3 buckets across all states

SELECT

i.address,

s.name AS state,

i.attributes->>'bucket' AS bucket_name,

i.attributes->>'region' AS region

FROM instances AS i

JOIN resources AS r ON i.resource_address = r.address AND i.state_id = r.state_id

JOIN states AS s ON i.state_id = s.id

WHERE r.type = 'aws_s3_bucket'

AND i.attributes->>'acl' = 'public-read'

address	state	bucket_name	region
aws_s3_bucket.legacy_uploads	production	acme-legacy-uploads	us-east-1
aws_s3_bucket.temp_storage	staging	acme-temp-files	us-west-2
aws_s3_bucket.public_assets	production	acme-public-cdn	eu-west-1

3 publicly accessible buckets · Security risk detected

Scanned 4 states · 2,847 resources · 19ms

Instance Explorer

type: aws_instance

state: production

+ Add filter

aws_instance.api-prod-1

t3.large · us-east-1a

RUNNING

aws_instance.api-prod-2

t3.large · us-east-1b

RUNNING

Showing 2 of 47 instances

Resource Types & Modules

Resource Types

aws_instance

aws_s3_bucket

aws_lb

aws_rds_instance

Modules

module.networking

module.database

module.compute

module.monitoring

Dashboards

Total Resources

1,345

↑ 12% this month

Compliance

94%

847 resources tagged

Unmanaged

Gap analysis

States

Across 3 workspaces

Resource Growth (30 days)

+158 resources added

Resources by Provider

AWS (847) GCP (342) Azure (156)

Start Querying Your Infrastructure

Import your Terraform state files. Query resources with SQL. Understand your infrastructure in minutes.

Get started Read the docs