Your Terraform is complex.
Understanding it shouldn't be.
Cora turns Terraform state into a living map of your infrastructure — so you can see blast radius before you merge, onboard engineers in hours, and answer "what depends on this?" in seconds.
No credit card. No sales call. Connect your first workspace and see your infrastructure.
Preview environment ready
We preloaded the AWS Networking Blueprint sample so you can explore networking, shared services, and blast radius visuals instantly.
Production-grade 3-tier architecture with multi-AZ deployment, including VPC, public/private subnets, NAT gateways, Application Load Balancer, ECS Fargate services, and RDS database.
Visualize your own infrastructure
Upload a terraform.tfstate file to generate a live diagram.
Safe & Ephemeral
- Sensitive data (IPs, secrets) is anonymized locally in your browser before upload.
- This session is temporary; all data is automatically deleted when you leave.
Tip: we seed the anonymization with a deterministic hash so diagrams stay recognizable without exposing secrets.
You have been here
Every platform team hits the same walls when infrastructure grows past a few workspaces.
A deploy breaks production and nobody can trace why.
You page through Terraform state in a text editor trying to figure out which resource depends on which. Two hours later you find the security group — but the incident report was due an hour ago.
A PR touches shared networking and you approve it blind.
You review the plan output, see a subnet change, and merge. What you could not see: three workspaces depend on that subnet. Blast radius is invisible in plan output.
A new engineer asks what a module does and the answer takes an hour.
Someone digs through HCL, another person checks the console, a third person finds a stale diagram from last quarter. Three people, three different answers, zero confidence.
You get paged at 2am for a system you did not build.
The runbook references a VPC that was renamed. The state file has 200 resources. You need to understand what changed — yesterday.
From state to clarity in three steps
No backend change. No platform migration. One CI step is all it takes.
Connect your state
Upload a snapshot or add one CI step after terraform apply. Takes under a minute.
See your infrastructure as a living map
Cora renders your dependency graph with cross-account edges inferred automatically. No manual drawing.
Review changes with full context
Every PR and state version shows what changed, what it affects, and whether it passes your policies.
Catch risky changes before they hit production
The PR Change Impact Graph shows every dependency a Terraform plan touches before you merge. No more approving subnet changes without knowing which workspaces they affect.
PR Change Impact Graph
Know the blast radius before merge
Changed
14
Create + update + delete
Impacted
43
Dependencies & callers
Workspaces
3
Cross-workspace context
Stop surprise outages.
Catch cross-workspace dependencies (shared VPCs, subnets, IAM roles) and validate the full change impact in one place.
Pinpoint the exact change that caused the incident
Every state update is versioned. Compare any two versions to see what changed, when, and who applied it. Turn hours of log archaeology into a two-click diff.
aws_rds_cluster.payments
State version comparison
Diff between State v129 and State v128 captured automatically from your state history.
State v129
terraform apply (platform-oncall)
- instance_class
- db.r6g.2xlarge
- storage_encrypted
- true
- kms_key_id
- arn:aws:kms:us-east-1:123456789012:key/cora-payments
- rotation_window
- 7 days
State v128
terraform apply (ci/deploy)
- instance_class
- db.r5.large
- storage_encrypted
- false
- kms_key_id
- (none)
- performance_insights_enabled
- true
instance_class
db.r5.largedb.r6g.2xlargestorage_encrypted
falsetruekms_key_id
(none)arn:aws:kms:us-east-1:123456789012:key/cora-payments
rotation_window
New value7 days
performance_insights_enabled
Removedtrue
Onboard engineers in hours, not weeks
Your multi-workspace, multi-account graph lives in one place. New hires search by resource name, tag, or address and see upstream and downstream dependencies instantly.
Preview environment ready
We preloaded the AWS Networking Blueprint sample so you can explore networking, shared services, and blast radius visuals instantly.
Production-grade 3-tier architecture with multi-AZ deployment, including VPC, public/private subnets, NAT gateways, Application Load Balancer, ECS Fargate services, and RDS database.
Visualize your own infrastructure
Upload a terraform.tfstate file to generate a live diagram.
Safe & Ephemeral
- Sensitive data (IPs, secrets) is anonymized locally in your browser before upload.
- This session is temporary; all data is automatically deleted when you leave.
Tip: we seed the anonymization with a deterministic hash so diagrams stay recognizable without exposing secrets.
Jump from any resource straight to the AWS console
Select a node, click a deep link, and you are on the exact console page. No hunting through the AWS UI for the right resource in the right account.
aws_lb.app-main
Application Load Balancer
- •Account: production-network
- •VPC: core-platform
- •Targets: aws_ecs_service.web
aws_rds_cluster.payments
Aurora PostgreSQL
- •Account: production-data
- •Subnet group: private-data
- •Security group: aws_security_group.database
Guardrails catch drift before auditors do
Every new state version evaluates your configuration against policy packs and your custom rules. Findings overlay the diagram so the blast radius is obvious and remediation is immediate.
- Start with a library of AWS policies adapted from HashiCorp Sentinel, with more packages arriving soon.
- Create custom internal policies to enforce your organization's specific security requirements.
- Findings surface alongside the diagram so teams see blast radius and remediation paths instantly.
Live guardrail findings
StreamingPublic read access detected across two policies.
Storage encryption disabled with internet-facing subnet.
0.0.0.0/0 allows SSH on port 22 for 14 days.
Your state never leaves your control
Sensitive values — passwords, API keys, credentials — are filtered in your browser before any data reaches our servers. The CLI applies the same filters. You choose what gets stripped, and you can enforce org-wide rules.
- Browser-side anonymization strips secrets before upload.
- CLI filters match server filters — consistent by default.
- No AWS permissions needed. Optional deep links use resource identifiers, not API calls.
Zero AWS permissions required
Cora reads Terraform state. It does not call AWS APIs. Deep links are generated from identifiers in state, not from live infrastructure queries.
One step in your existing pipeline
Cora stays current automatically. Add one step after terraform apply and your graph, diffs, and guardrails update on every deploy.
Join a small cohort shaping the roadmap
Design Partners get white-glove onboarding, direct access to the product team, and early access to features before GA.
Become a Design PartnerTrusted by infrastructure teams
Platform and DevOps teams use Cora to understand, review, and onboard across their Terraform workspaces.
"Before Cora, our onboarding docs were 6 months out of date. Now a new engineer can search for any resource and see exactly what it connects to in seconds."
Platform Engineer
Series B startup, 80+ workspaces
"We review every Terraform PR that touches networking through Cora now. The blast radius graph catches dependencies that plan output completely misses."
DevOps Lead
FinTech, multi-account AWS
Frequently asked questions
Common questions about setup, security, and how Cora fits into your workflow.
Stop guessing what your Terraform built.
Connect your first workspace and see your infrastructure in under two minutes.