Infra Made Clear
Replace stale docs with diagrams that stay current and answer questions before they're asked.
Change impact
See a change before it ships
Cora highlights blast radius automatically so reviews focus on risk, not archaeology.
Preview: blast radius
Live- Upstream/downstream dependencies
- Cross-account edges surfaced
- Networking context inferred
Autoplay - pause on hover
Onboard faster with a map everyone trusts
Build shared context from your Terraform state so teams can explore, review, and onboard without guesswork.
Diagrams that stay accurate
Generate architecture, networking, and blast-radius diagrams automatically - embed them in docs or export as images whenever plans change.
Compliance handled in-line
Policy checks, drift detection, and audit-ready evidence run with every state update so security stays ahead of the rollout.
Shared context for every team
Product, platform, and security teams review the same live state history, diffs, and annotations without hunting through Terraform logs.
Understand infrastructure in minutes, not days
Drop in your Terraform state or try a seeded environment. Cora anonymizes values in-browser and renders diagrams you can explore, filter, and export.
Preview environment ready
We preloaded the AWS Networking Blueprint sample so you can explore networking, shared services, and blast radius visuals instantly.
Production-grade 3-tier architecture with multi-AZ deployment, including VPC, public/private subnets, NAT gateways, Application Load Balancer, ECS Fargate services, and RDS database.
Visualize your own infrastructure
Upload a terraform.tfstate file to generate a live diagram.
Safe & Ephemeral
- Sensitive data (IPs, secrets) is anonymized locally in your browser before upload.
- This session is temporary; all data is automatically deleted when you leave.
Tip: we seed the anonymization with a deterministic hash so diagrams stay recognizable without exposing secrets.
See your entire multi-account platform in one graph with cross-account edges inferred automatically.
Filter by Terraform address, tags, or resource type in seconds - no manual graph edits required.
Export or embed diagrams with one click so platform reviews stay visual and current.
Guardrails catch drift before auditors do
Every new state version evaluates your Terraform configuration against policy packs and your custom rules, then overlays findings directly on the diagram so the blast radius is obvious.
- Start with a library of AWS policies adapted from HashiCorp Sentinel, with more packages arriving soon.
- Create custom internal policies to enforce your organization's specific security requirements.
- Findings surface alongside the diagram so teams see blast radius and remediation paths instantly.
Live guardrail findings
StreamingPublic read access detected across two policies.
Storage encryption disabled with internet-facing subnet.
0.0.0.0/0 allows SSH on port 22 for 14 days.
Join a small cohort shaping the roadmap
Design Partners get white-glove onboarding, direct access to the product team, and early access to features before GA.
Become a Design PartnerKnow who changed what and why
Cora versions every state update you send (snapshot, S3 history, or CI uploads), captures guardrail decisions, and keeps annotations tied to the exact resources that changed.
- Compare any two Terraform state versions to see exactly when resources changed.
- Pinpoint the exact change that caused an incident in seconds during post-mortems.
- Export versioned diffs for incident timelines and compliance reviews in minutes.
aws_rds_cluster.payments
State version comparison
Diff between State v129 and State v128 captured automatically from your state history.
State v129
terraform apply (platform-oncall)
- instance_class
- db.r6g.2xlarge
- storage_encrypted
- true
- kms_key_id
- arn:aws:kms:us-east-1:123456789012:key/cora-payments
- rotation_window
- 7 days
State v128
terraform apply (ci/deploy)
- instance_class
- db.r5.large
- storage_encrypted
- false
- kms_key_id
- (none)
- performance_insights_enabled
- true
instance_class
db.r5.largedb.r6g.2xlargestorage_encrypted
falsetruekms_key_id
(none)arn:aws:kms:us-east-1:123456789012:key/cora-payments
rotation_window
New value7 days
performance_insights_enabled
Removedtrue
Review Terraform plan impact before you merge
When a pull request changes infrastructure, you can open the PR Change Impact Graph to see what's changing and what it touches. It's a fast way to spot hidden dependencies and catch risky edits early.
- See created, modified, and deleted resources side-by-side.
- Expand to 1-hop or 2-hop dependencies with Incoming, Outgoing, or Both directions.
- Relationships come from the same infrastructure graph you use for diagrams - no guessed edges.
PR Change Impact Graph
Know the blast radius before merge
Changed
14
Create + update + delete
Impacted
43
Dependencies & callers
Workspaces
3
Cross-workspace context
aws_security_group.alb_ingress
Affected by: ALB listeners, target groups, ECS service
aws_subnet.private_app[3]
Connected to: NAT gateways, route tables, node groups
aws_iam_role.task_execution
Depends on: policy attachments, secrets, ECR
Direction
Depth
Stop surprise outages.
Catch cross-workspace dependencies (shared VPCs, subnets, IAM roles) and validate the full change impact in one place.
Search and jump to any resource across accounts
Type a resource name, tag, or Terraform address and watch the graph filter in real time. Deep links open the exact AWS console page so engineers can confirm changes without hunting.
- Search by resource name, tag, Terraform address, or AWS ARN with instant filtering.
- Select any node to highlight upstream and downstream dependencies instantly.
- Group results by workspace, account, or service so platform reviews stay structured.
- Jump from any node to the AWS console in one click with scoped deep links.
aws_lb.app-main
Application Load Balancer
- •Account: production-network
- •VPC: core-platform
- •Targets: aws_ecs_service.web
aws_rds_cluster.payments
Aurora PostgreSQL
- •Account: production-data
- •Subnet group: private-data
- •Security group: aws_security_group.database
aws_vpc.core-platform
VPC
- •Region: us-east-1
- •Subnets: 6 active
- •Connected accounts: 4
Shape how teams run Terraform with Cora
Join a small cohort building the workflow that keeps Cora up to date in your environment - from CI uploads to workspace rollouts.
- White-glove onboarding for CI uploads and workspace setup.
- Private feedback sessions with product and engineering every sprint.
- Early access to visualization, compliance, and drift features before GA.
What we build together
Gain early access to the full platform. Get hands-on support rolling out CI uploads and setting up your workspace.
Directly influence the feature set. Your feedback drives our engineering priorities, ensuring we build the specific tools your team needs.
Partner on the rollout. We provide white-glove onboarding support and dedicated channels so you can successfully adopt and advocate for the platform.
Frequently asked questions
Common questions about setup, security, and working with our design partner program.
How do you handle sensitive values in Terraform state?
Honestly, we don't want your secrets. The Cora CLI filters them out by default, and our server applies the same filters to every upload - whether it comes from the CLI, Terraform Cloud, or the web UI. Passwords, API keys, and credentials never reach our platform. You can customize what gets filtered with a .cora.yaml file or set org-wide rules in account settings. See our sensitive data filtering guide for details.
How does Cora integrate with CI/CD and other IaC workflows?
Start with a snapshot upload. To stay current automatically, add a small step after `terraform apply` (Atlantis, GitHub Actions, GitLab CI, Jenkins, Terraform Cloud/Enterprise, and similar) that uploads the updated state into Cora. Cora doesn't replace your workflow - it reads state outputs.
What's on the roadmap?
We're building toward deeper integrations, richer history and diff workflows, and expanded compliance coverage. See what we're actively planning and shipping on our roadmap.
What permissions does Cora need in AWS?
None by default. Cora builds diagrams from Terraform state. If you enable optional deep links, we generate console URLs from resource identifiers in state instead of calling AWS APIs.
Does Cora support multi-account AWS environments?
Yes. We aggregate state from multiple workspaces and accounts into a single graph, automatically inferring edges between resources like peered VPCs or Transit Gateways for a complete platform view.
How long does it take to get value?
Most teams start with a single snapshot upload and see an initial diagram in minutes. CI uploads are an optional next step when you want diagrams and diffs to stay current automatically.
Why is this better than `terraform graph`?
Native graphs display raw dependency trees that are often unreadable. Cora renders logical infrastructure maps - grouping by VPC, subnet, and region - so you can intuitively debug networking and architecture.
Ready to make infrastructure clear?
Start with interactive diagrams. Add CI uploads when you want them to stay current automatically.