Hey, First things - I used to work for AWS, unless your job is more of an evangelist thing, or unless the policy is changed, you need get approval to share side projects. So don't get in trouble over this!
Personally, I am not comfortable with cross-account access from a stranger, even if it's read only. I feel like I should be able to run something locally on my side to gather the data so I can pick and choose what actually needs diagrams
Hey! I did get approval, so fingers-crossed I'm good here :)
Yea, that cross-account trust is a good call out. I'll need to spend time thinking more about it. Is there anything i could do such that you could say: 'Well, in this case I'm fine with cross-account access from a stranger like you'?
Curious why you have to have permission to share something done on your own time... certainly that is only related to programming but if you do your own thing on your own hardware on your own time how do they have any say in what you do or don't do?
Thanks for this. Another tool in the box is always welcome. We desperately need more competitors in this arena.
Please take this as loving feedback. We need more of this! This use case is very dear to my heart. I have tracked over a dozen products that claim to do what Atlasphere is offering to do, and they all seem to fall short.
The most common issues are:
- They rely on https://github.com/mingrammer/diagrams which has simply not gotten any attention for a long time. It's too out-of-date to be useful, and any issue with rendering gets a response to "go use graphviz instead"
- When pointing these tools to anything moderately complicated, they implode or create non-nonsensical diagrams. Think: VPC Peering, VPC Security Groups, multi-account resources.
- They get the cloud resources OK, but neglect primitives like routing and policies that are just as important.
Just looking at the examples on the website: Claude Code can do this natively. Just a consideration.
I will also echo what others have said: allowing another account access to ours is a non-starter, even if Read-Only. It needs to use a security principal we have complete control over.
I can't tell from the project page what IAM permissions are in your "Read-only IAM role". That's something I would also need to know, regardless of how it is deployed.
I can tell from this post and the site that this is a labor of love, and I hope you keep up the good work. Like I said, this is an area where we need more, better tools. I want projects like this to succeed.
> I will also echo what others have said: allowing another account access to ours is a non-starter, even if Read-Only. It needs to use a security principal we have complete control over.
You own and control the IAM role, not us. You allow Atlasphere to assume that role, and then Atlasphere's discovery service uses it to discover your resources.
Technically, Atlasphere doesn't need a ton of permissions. If you create a role that can only list, say, Lambda functions, then Atlasphere will only find Lambda functions.
IAM provides a default ReadOnly policy that can be attached to any role. This was the simplest way for me to get things going. But ReadOnly is indeed way too broad. I could generate an IAM policy based on the AWS services that Atlasphere can work with.
> I can tell from this post and the site that this is a labor of love, and I hope you keep up the good work. Like I said, this is an area where we need more, better tools. I want projects like this to succeed.
Thanks a ton! There are mind-blowing features in the roadmap. I want Atlasphere to succeed.
Yes I realized after reading the response that we would control the permissions. What may not be obvious is many organizations have gatekeepers that don't understand IAM and would just not permit this at all.
On the technical side, you are probably underestimating the access you need to accurately gather the information the tool needs. For example, last time I reviewed the AWS-Managed ReadOnly role it does not allow you to read some important things like Managed Prefix Lists.
I completely understand you need a starting point and you picked a good one. Anxious to see how this proceeds. Best of luck.
I was one click from downloading it and was happily surprised that the page did not talk about Pricing so I assumed it was free - went back here to check if I missed something and seems like I did...
Hey, thanks for the feedback. I do agree with you and that was not intentional. Do you actually see the pricing table in the app? I thought it's matching the website. I might have missed dropping the "upgrade" badge. I haven't fully figured the pricing model yet, so i thought hiding everything billing related for now is the simplest path forward.
This is brilliant. I've been really excited about Jack Dorsey's "From Hierarchy to Intelligence"[0] and I think what you've got here is a pretty important piece of the puzzle.
Hello, is the source available for inspecting somewhere? It looks interesting but I wouldn't trust running something with this level of access that I couldn't inspect the source of / run myself.
Hey, First things - I used to work for AWS, unless your job is more of an evangelist thing, or unless the policy is changed, you need get approval to share side projects. So don't get in trouble over this!
Personally, I am not comfortable with cross-account access from a stranger, even if it's read only. I feel like I should be able to run something locally on my side to gather the data so I can pick and choose what actually needs diagrams
Sounds fun though!
Hey! I did get approval, so fingers-crossed I'm good here :)
Yea, that cross-account trust is a good call out. I'll need to spend time thinking more about it. Is there anything i could do such that you could say: 'Well, in this case I'm fine with cross-account access from a stranger like you'?
Curious why you have to have permission to share something done on your own time... certainly that is only related to programming but if you do your own thing on your own hardware on your own time how do they have any say in what you do or don't do?
Why would AWS have any say in what someone does in their own time?
Thanks for this. Another tool in the box is always welcome. We desperately need more competitors in this arena. Please take this as loving feedback. We need more of this! This use case is very dear to my heart. I have tracked over a dozen products that claim to do what Atlasphere is offering to do, and they all seem to fall short.
The most common issues are:
- They rely on https://github.com/mingrammer/diagrams which has simply not gotten any attention for a long time. It's too out-of-date to be useful, and any issue with rendering gets a response to "go use graphviz instead"
- When pointing these tools to anything moderately complicated, they implode or create non-nonsensical diagrams. Think: VPC Peering, VPC Security Groups, multi-account resources.
- They get the cloud resources OK, but neglect primitives like routing and policies that are just as important.
Just looking at the examples on the website: Claude Code can do this natively. Just a consideration.
I will also echo what others have said: allowing another account access to ours is a non-starter, even if Read-Only. It needs to use a security principal we have complete control over.
I can't tell from the project page what IAM permissions are in your "Read-only IAM role". That's something I would also need to know, regardless of how it is deployed.
I can tell from this post and the site that this is a labor of love, and I hope you keep up the good work. Like I said, this is an area where we need more, better tools. I want projects like this to succeed.
PS: Awesome name
Thanks for your extremely useful feedback.
> I will also echo what others have said: allowing another account access to ours is a non-starter, even if Read-Only. It needs to use a security principal we have complete control over.
You own and control the IAM role, not us. You allow Atlasphere to assume that role, and then Atlasphere's discovery service uses it to discover your resources.
Technically, Atlasphere doesn't need a ton of permissions. If you create a role that can only list, say, Lambda functions, then Atlasphere will only find Lambda functions.
IAM provides a default ReadOnly policy that can be attached to any role. This was the simplest way for me to get things going. But ReadOnly is indeed way too broad. I could generate an IAM policy based on the AWS services that Atlasphere can work with.
> I can tell from this post and the site that this is a labor of love, and I hope you keep up the good work. Like I said, this is an area where we need more, better tools. I want projects like this to succeed.
Thanks a ton! There are mind-blowing features in the roadmap. I want Atlasphere to succeed.
Yes I realized after reading the response that we would control the permissions. What may not be obvious is many organizations have gatekeepers that don't understand IAM and would just not permit this at all.
On the technical side, you are probably underestimating the access you need to accurately gather the information the tool needs. For example, last time I reviewed the AWS-Managed ReadOnly role it does not allow you to read some important things like Managed Prefix Lists.
I completely understand you need a starting point and you picked a good one. Anxious to see how this proceeds. Best of luck.
Showing the pricing section after downloading the app and signing up is a dark pattern, I suggest including a pricing section on the website.
I was one click from downloading it and was happily surprised that the page did not talk about Pricing so I assumed it was free - went back here to check if I missed something and seems like I did...
The application is free. But I apologize, where is the confusion coming from?
Second this
Hey, thanks for the feedback. I do agree with you and that was not intentional. Do you actually see the pricing table in the app? I thought it's matching the website. I might have missed dropping the "upgrade" badge. I haven't fully figured the pricing model yet, so i thought hiding everything billing related for now is the simplest path forward.
The UI looks incredibly sharp and the core problem you are solving is very real. Excited to see how the roadmap evolves!
This is brilliant. I've been really excited about Jack Dorsey's "From Hierarchy to Intelligence"[0] and I think what you've got here is a pretty important piece of the puzzle.
[0] block.xyz/inside/from-hierarchy-to-intelligence
Cartography[0] might be of interest to you. It creates a graph of Cloud resources.
[0] https://github.com/cartography-cncf/cartography
Hello, is the source available for inspecting somewhere? It looks interesting but I wouldn't trust running something with this level of access that I couldn't inspect the source of / run myself.
I really like the UI. Great work on that dude!