Architecture diagrams that
never go stale.

How InfraSketch works

From IaC code to architecture diagram in seconds

InfraSketch reads your infrastructure-as-code files and generates a visual architecture diagram automatically. There is no compilation step, no cloud account connection, and no data upload. The entire process runs in your browser using JavaScript parsers that extract resource definitions from your code and a layout engine that positions them into a readable diagram.

The parser detects the IaC format automatically from the syntax — Terraform HCL uses resource "aws_..." "name" blocks, Kubernetes YAML has apiVersion and kind fields, CloudFormation has AWSTemplateFormatVersion. You don't need to select the format manually.

VPC containment and connection routing

One of the most useful things InfraSketch does automatically is place resources inside their VPC or VNet boundaries. When a Terraform resource has a vpc_id or subnet_id attribute referencing another resource, InfraSketch draws that resource inside the VPC or subnet boundary. The result looks like the classic AWS architecture diagrams — grouped boxes with resources nested inside their network boundaries.

Connection arrows are drawn between resources that reference each other. An EKS cluster that references a subnet, a Lambda function that references an RDS instance's endpoint, an ALB that references a target group — all of these become arrows on the diagram. The layout engine groups resources into functional zones (Internet → Ingress → Compute → Data → Messaging) and routes arrows to minimize crossings.

Terraform plan JSON: the most accurate input

While InfraSketch works with raw HCL source files, the most accurate diagrams come from Terraform plan JSON. Run terraform plan -out=tfplan && terraform show -json tfplan and paste the output. The plan JSON contains fully resolved resource addresses — including resources created by count and for_each expressions — and the complete dependency graph Terraform computed.

Plan JSON also carries change action metadata: each resource is annotated with whether it will be created, updated, replaced, or deleted. InfraSketch uses this to add change badges to each resource node — green + for creates, amber ~ for updates, orange ↺ for replacements, red × for deletes. When you're reviewing a Terraform PR, this gives you an instant visual summary of what the plan will do to your infrastructure.

Security and cost overlays

InfraSketch integrates with Checkov and Infracost to add security and cost context directly to the architecture diagram. Run checkov -d . -o json to get a list of misconfigured resources, then paste the JSON into the Security panel. Resources that fail security checks get red borders and a badge showing the number of failures. Click the badge to see the specific check IDs.

For cost analysis, run infracost breakdown --path . --format json and paste the output into the Cost panel. Each billable resource gets a color-coded monthly cost label: grey for free-tier resources, green for under $10/month, amber for $10–$100, orange for $100–$500, and red for over $500/month. Expensive resources are immediately obvious on the diagram without reading a text report.

Export formats

Diagrams can be exported as PNG (2× retina resolution), SVG (with icons inlined as base64 data URIs, fully self-contained), draw.io XML (opens directly in draw.io with all elements editable), or Mermaid code (for embedding in GitHub READMEs, Notion, GitLab, or any Mermaid-compatible renderer).

The Share button generates a URL that encodes the diagram state. The URL contains the compressed IaC input and all layout positions — no server required. Anyone with the link can open the exact diagram in their browser. For teams, paste the share link into a Jira ticket, Confluence page, or Slack message and colleagues can view and interact with the full diagram without any account or installation.