Resource Relationships
Understand infrastructure dependencies through automatic relationship extraction. ops0 analyzes resource configurations to map how your cloud resources connect and depend on each other.
Relationship Types
ops0 automatically detects four types of resource relationships:
| Type | Description | Example |
|---|---|---|
| depends_on | One resource requires another to function | EC2 Instance → Security Group |
| contains | A parent resource holds child resources | VPC → Subnets |
| attached_to | A resource is physically or logically attached | EBS Volume → EC2 Instance |
| routes_to | Network traffic flows between resources | Route Table → Internet Gateway |
Extracting Relationships
After a discovery scan completes:
1Navigate to your completed session
2Click "Extract Relationships" button
3View the interactive relationship graph
Relationship Graph
The relationship graph provides an interactive visualization of your infrastructure:
Resource Nodes
Each resource appears as a node with its type and name
Dependency Edges
Lines between nodes show how resources connect
Relationship Types
Color-coded edges indicate relationship type
Blast Radius Highlighting
Select a resource to see all impacted resources
Blast Radius Analysis
Understand the impact of changes before making them:
1Select the resource you plan to modify or delete
2Click "View Blast Radius" tab
3See all dependent and related resources highlighted
4Assess the impact before making changes
Use Cases
| Use Case | How Relationships Help |
|---|---|
| Visualize VPC Architecture | See how subnets, security groups, and gateways connect to your VPC |
| Assess Deletion Impact | Identify which resources will break if you delete a security group or subnet |
| Plan Migrations | Understand resource dependencies before moving to a new region or account |
| Troubleshoot Connectivity | Trace network paths from EC2 instances through security groups and route tables |
Example: VPC Relationship Graph
Scenario
You want to understand how a production VPC is structured before making changes.
Discovered Relationships
After extracting relationships from a VPC scan:
VPC (vpc-0abc123)
├── contains → Subnet (public-1a)
├── contains → Subnet (public-1b)
├── contains → Subnet (private-1a)
├── contains → Subnet (private-1b)
├── contains → Internet Gateway (igw-main)
└── contains → Route Table (rt-public)
EC2 Instance (web-server-1)
├── depends_on → Security Group (web-sg)
├── depends_on → Subnet (public-1a)
└── attached_to → EBS Volume (vol-0def456)
Security Group (web-sg)
└── depends_on → VPC (vpc-0abc123)
Route Table (rt-public)
└── routes_to → Internet Gateway (igw-main)
Blast Radius Example
If you select the Internet Gateway to delete:
Impacted Resources:
- Route Table
rt-public(loses internet route) - Subnets
public-1aandpublic-1b(lose internet connectivity) - EC2 Instance
web-server-1(loses outbound internet access)
Result: 4 resources would be impacted by deleting the Internet Gateway.
Supported Providers
| Provider | Relationship Detection | Example Relationships |
|---|---|---|
| AWS | ✅ Full support | VPC → Subnets, EC2 → Security Groups, EBS → EC2 |
| GCP | ✅ Full support | VPC → Subnetworks, Compute → Disks, Firewall → VPC |
| Azure | ✅ Full support | VNet → Subnets, VM → NSG, Disk → VM |