RepliMap Docs

Introduction

RepliMap - AWS Infrastructure Intelligence Engine

Welcome to RepliMap

RepliMap is an AWS Infrastructure Intelligence Engine that reverse-engineers your AWS infrastructure into Terraform code. Visualize dependencies, audit security, and optimize costs in minutes.

100% Local Execution: RepliMap runs entirely on your machine. Your AWS credentials and infrastructure data never leave your environment.

The Problem

You inherited an AWS account. Or maybe you built it yourself over 3 years of "just one more click."

Now you have:

  • Hundreds of resources and no idea what connects to what
  • No Terraform — or a state file that covers half of what's really there
  • A hand-off (or an audit) coming — and no way to prove what exists

The Solution

RepliMap scans your AWS, builds a dependency graph, and gives you superpowers:

$ replimap -p prod scan

 Found 1,584 resources
 Mapped 1,470 dependencies
 Graph cached next: replimap graph / codify

(That's real output from a 1,584-resource production account — the same account where we found the entire data layer, all 27 RDS instances, in no Terraform state at all.)

Key Features

Core Principles

PrincipleDescription
🔒 Read-OnlyWe only require read permissions. We never modify your resources.
📍 Local ProcessingAll data stays on your machine. No SaaS cloud to trust.
⚡ Resilient ScanningParallel scanners with per-item retries — 1,500+ resource accounts in minutes.
📦 Self-Contained OutputReports and graphs are single files that load nothing from the internet.

Supported Resources

RepliMap scans 30+ AWS resource types — the core of a typical production account:

CategoryResources
ComputeEC2, Auto Scaling Groups, Launch Templates, EBS, EIP
DatabaseRDS (+ subnet & parameter groups), ElastiCache (+ subnet groups)
NetworkVPC, Subnet, Security Group, Route Table, NACL, IGW, NAT Gateway, VPC Endpoint, ALB/NLB (+ listeners & target groups)
StorageS3 buckets & bucket policies
SecurityIAM Roles, IAM Policies, Instance Profiles
Messaging & MonitoringSQS, SNS, CloudWatch log groups & alarms

New types are added based on what real scans encounter — if your account leans on something we don't cover yet, tell us.

Next Steps

On this page