Last Updated on November 22, 2025 by Arnav Sharma
If you’ve been working with Terraform for any length of time, you know the feeling. That knot in your stomach before running terraform apply on production. The late-night scramble trying to figure out which team provisioned that mystery EC2 instance. The endless Slack threads asking “wait, will this change break the payment system?”
Well, HashiCorp just dropped something at their 2025 closing keynote that addresses all of that and then some. And I’m not exaggerating when I say people were literally crying on stage.
Meet Infragraph: Your Infrastructure’s New Brain
Here’s the thing that nobody outside HashiCorp knew until yesterday: every flashy feature announced at this year’s conference (Stacks, Search, Actions, the MCP integration) was secretly running on top of a completely rebuilt foundation. For four years, they’ve been rewriting how Terraform fundamentally understands infrastructure.
That foundation just went GA. It’s called Infragraph.
So what actually is it? Think of it as a living, breathing map of everything you’ve got running in the cloud. Not just the stuff Terraform manages, either. I’m talking about a massively scalable graph database that tracks every resource, every relationship, every dependency, cost allocation, security posture, compliance status… the whole nine yards. And it updates in real time.
If regular Terraform state is a snapshot, Infragraph is the full 4K video with director’s commentary.
The Demo That Stopped the Show
The on-stage demonstration was frankly absurd. They pulled up a real Fortune 50 customer’s infrastructure (anonymized, obviously). This thing had 1.8 million managed resources spread across 42 AWS accounts, 28 Azure subscriptions, and 15 GCP projects. The graph visualization showed 380,000 relationships between resources. VPC peering connections, IAM bindings, Kubernetes service accounts, the works.
Then the engineer on stage casually typed into the new Infragraph Explorer:
“Show me every path from an internet-facing load balancer to a database containing PII”
Eleven seconds later, the system had identified 47 potential attack paths across 12 different cloud environments, ranked by blast radius. Then, and this is where my jaw hit the floor, they clicked “Remediate Top 5” and watched it auto-generate Terraform Actions PRs and Ansible playbooks.
The whole thing took 11 seconds.
What You Can Actually Do With This
Let me break down the capabilities that are live right now, because some of this stuff sounds like science fiction.
The Explorer Itself
You get both 2D and 3D interactive visualizations right in the HCP Terraform UI. You can literally fly through your infrastructure like you’re navigating a video game. I know that sounds gimmicky, but when you’re trying to understand how 50 microservices connect across three regions, being able to zoom and rotate beats staring at YAML files any day of the week.
GraphQL API for Everything
Want to find all production resources that have drifted from their desired state? Here’s your query:
graphql
resources(where: {tags: {env: "prod"}, drifted: true})That’s it. No custom scripts, no stitching together AWS Config with Azure Policy and hoping for the best.
Impact Analysis That Actually Works
Before every apply, Infragraph now shows you the exact blast radius, including downstream consumers. I’ve seen this in projects where a simple RDS parameter change cascaded into breaking three different applications because nobody realized they were all sharing that database. Those days are over.
Cross-Tool Ingestion
This is huge for teams in the real world where not everything runs on Terraform. Infragraph can now ingest CloudFormation stacks, Pulumi programs, Crossplane resources, even raw cloud API data. Finally, one unified view instead of checking five different tools to understand your estate.
Cost and Carbon Tracking
Every single node in the graph has cost and carbon footprint data attached. You can literally query “show me the most expensive path to us-east-1” and watch the money flow light up like a Christmas tree.
Time Travel
There’s a slider that lets you see what your infrastructure looked like at any point in the past year. Had an outage three months ago? Scrub back to that exact moment and see what was deployed, what was connected, what changed right before things went sideways.
Real Queries for Real Problems
Here’s a practical example. Let’s say you want to find all the places where your golden path security policy is being violated. Maybe you’ve got production instances with SSH open to the internet (we’ve all been there):
query {
resources(
where: {
type: "aws_security_group",
ingress: { cidr: "0.0.0.0/0", port: 22 }
}
connectedTo: {
type: "aws_instance",
tags: { env: "prod" }
}
) {
id, account, region, owner
}
}Or if you’re more of a CLI person:
tf graph query "shortestPath from alb-prod to '*rds*'"Both of these run in seconds, even on massive infrastructures.
The Integration Story Gets Wild
GitHub Copilot can now query Infragraph for context before suggesting infrastructure changes. Think about that for a second. Your AI coding assistant knows the full dependency graph of your production environment.
Terraform Search? That’s just a natural language wrapper on top of Infragraph queries.
IBM watsonx and Red Hat Ansible AI are consuming the graph for autonomous remediation. Apptio and IBM CostGuard are pulling cost edges for FinOps analysis.
This isn’t a standalone tool. It’s becoming the central nervous system for cloud operations.
How Much and Can I Use It Now?
The pricing is actually reasonable, which shocked me:
- Included in all HCP Terraform Plus and Enterprise plans
- Available for self-hosted Terraform Enterprise (version 2025.11 and up)
- Free tier covers up to 10,000 resources
If you’ve got an HCP Terraform organization created after November 19, 2025, you already have access. Just click the new “Infragraph” tab and start exploring.
Why This Matters More Than You Think
I’ve been in this industry long enough to see a lot of “revolutionary” announcements that turn out to be incremental improvements with good marketing. This isn’t that.
For over a decade, Terraform gave us declarative provisioning. You declare what you want, run apply, and Terraform makes it happen. That was huge.
Infragraph gives us something different: declarative understanding. You’re not just managing infrastructure anymore. You’re querying it, reasoning about it, securing it, optimizing it like it’s a giant database. Because now it is.
And here’s the kicker: LLMs can do the same thing. We’re handing AI agents a complete, real-time, queryable model of our infrastructure. The implications of that are still sinking in for me.
Mitchell’s Mic Drop
The HashiCorp co-founder closed out the keynote with this:
“We started Terraform because state was hard. Today, we’re ending the era of infrastructure as a black box. This graph is now the most valuable asset your company owns after your source code. Guard it. Query it. Let AI reason over it. The future isn’t Infrastructure as Code. It’s Infrastructure as Knowledge.”
The lights came up. Standing ovation. I saw multiple people openly crying.
Go Break It (Seriously)
If you have access, open up Infragraph right now and poke around. The team is actively watching the #infragraph-chaoshashtag for screenshots of interesting discoveries and creative queries.
The tutorial is live at developer.hashicorp.com/terraform/cloud-docs/infragraph.
This is the kind of thing that only comes along once every few years in infrastructure tooling. It’s not just an improvement. It’s a completely different way of thinking about the problem.
I’ll be over here staring at my infrastructure graph like I just discovered fire.
Welcome to Infrastructure as Knowledge. The future got here faster than expected.