Resource Relationships

Understand infrastructure dependencies through automatic relationship extraction. ops0 analyzes resource configurations to map how your cloud resources connect and depend on each other.

Relationship Types

ops0 automatically detects four types of resource relationships:

Type	Description	Example
depends_on	One resource requires another to function	EC2 Instance → Security Group
contains	A parent resource holds child resources	VPC → Subnets
attached_to	A resource is physically or logically attached	EBS Volume → EC2 Instance
routes_to	Network traffic flows between resources	Route Table → Internet Gateway

Extracting Relationships

After a discovery scan completes:

1Navigate to your completed session

2Click "Extract Relationships" button

3View the interactive relationship graph

Relationship Graph

The relationship graph provides an interactive visualization of your infrastructure:

Resource Nodes

Each resource appears as a node with its type and name

Dependency Edges

Lines between nodes show how resources connect

Relationship Types

Color-coded edges indicate relationship type

Blast Radius Highlighting

Select a resource to see all impacted resources

Blast Radius Analysis

Understand the impact of changes before making them:

1Select the resource you plan to modify or delete

2Click "View Blast Radius" tab

3See all dependent and related resources highlighted

4Assess the impact before making changes

Use Cases

Use Case	How Relationships Help
Visualize VPC Architecture	See how subnets, security groups, and gateways connect to your VPC
Assess Deletion Impact	Identify which resources will break if you delete a security group or subnet
Plan Migrations	Understand resource dependencies before moving to a new region or account
Troubleshoot Connectivity	Trace network paths from EC2 instances through security groups and route tables

Example: VPC Relationship Graph

Scenario

You want to understand how a production VPC is structured before making changes.

Discovered Relationships

After extracting relationships from a VPC scan:

VPC (vpc-0abc123)
├── contains → Subnet (public-1a)
├── contains → Subnet (public-1b)
├── contains → Subnet (private-1a)
├── contains → Subnet (private-1b)
├── contains → Internet Gateway (igw-main)
└── contains → Route Table (rt-public)

EC2 Instance (web-server-1)
├── depends_on → Security Group (web-sg)
├── depends_on → Subnet (public-1a)
└── attached_to → EBS Volume (vol-0def456)

Security Group (web-sg)
└── depends_on → VPC (vpc-0abc123)

Route Table (rt-public)
└── routes_to → Internet Gateway (igw-main)

Blast Radius Example

If you select the Internet Gateway to delete:

Impacted Resources:

Route Table rt-public (loses internet route)
Subnets public-1a and public-1b (lose internet connectivity)
EC2 Instance web-server-1 (loses outbound internet access)

Result: 4 resources would be impacted by deleting the Internet Gateway.

Supported Providers

Provider	Relationship Detection	Example Relationships
AWS	✅ Full support	VPC → Subnets, EC2 → Security Groups, EBS → EC2
GCP	✅ Full support	VPC → Subnetworks, Compute → Disks, Firewall → VPC
Azure	✅ Full support	VNet → Subnets, VM → NSG, Disk → VM