Introduction
RepliMap - AWS Infrastructure Intelligence Engine
Welcome to RepliMap
RepliMap is an AWS Infrastructure Intelligence Engine that reverse-engineers your AWS infrastructure into Terraform code. Visualize dependencies, audit security, and optimize costs in minutes.
100% Local Execution: RepliMap runs entirely on your machine. Your AWS credentials and infrastructure data never leave your environment.
The Problem
You inherited an AWS account. Or maybe you built it yourself over 3 years of "just one more click."
Now you have:
- Hundreds of resources and no idea what connects to what
- No Terraform — or a state file that covers half of what's really there
- A hand-off (or an audit) coming — and no way to prove what exists
The Solution
RepliMap scans your AWS, builds a dependency graph, and gives you superpowers:
$ replimap -p prod scan
✓ Found 1,584 resources
✓ Mapped 1,470 dependencies
✓ Graph cached — next: replimap graph / codify(That's real output from a 1,584-resource production account — the same account where we found the entire data layer, all 27 RDS instances, in no Terraform state at all.)
Key Features
Generate IaC
From ClickOps to Terraform in minutes. No manual import required.
Visualize Dependencies
Understand what connects to what. Avoid breaking prod.
IaC Coverage
Match live resources against your state files. See what nobody manages.
Audit Compliance
Run a SOC 2-mapped audit against live AWS and export the evidence.
Core Principles
| Principle | Description |
|---|---|
| 🔒 Read-Only | We only require read permissions. We never modify your resources. |
| 📍 Local Processing | All data stays on your machine. No SaaS cloud to trust. |
| ⚡ Resilient Scanning | Parallel scanners with per-item retries — 1,500+ resource accounts in minutes. |
| 📦 Self-Contained Output | Reports and graphs are single files that load nothing from the internet. |
Supported Resources
RepliMap scans 30+ AWS resource types — the core of a typical production account:
| Category | Resources |
|---|---|
| Compute | EC2, Auto Scaling Groups, Launch Templates, EBS, EIP |
| Database | RDS (+ subnet & parameter groups), ElastiCache (+ subnet groups) |
| Network | VPC, Subnet, Security Group, Route Table, NACL, IGW, NAT Gateway, VPC Endpoint, ALB/NLB (+ listeners & target groups) |
| Storage | S3 buckets & bucket policies |
| Security | IAM Roles, IAM Policies, Instance Profiles |
| Messaging & Monitoring | SQS, SNS, CloudWatch log groups & alarms |
New types are added based on what real scans encounter — if your account leans on something we don't cover yet, tell us.