What-If Simulator
Preview the impact of infrastructure changes before applying them. Test migration plans, security group changes, and decommissioning scenarios safely.
Overview
The What-If Simulator lets you model infrastructure changes in a safe, isolated environment. By creating a simulated version of your graph with proposed changes applied, you can see the full impact before executing any real modifications.
Safe exploration
The simulator never modifies your live infrastructure. All changes exist only in the simulation context, making it safe for exploring even destructive scenarios.
Simulation scenarios
The simulator supports a wide range of change scenarios:
| Scenario | Description |
|---|---|
| Resource removal | Simulate removing a resource to see what breaks |
| Security group change | Modify ingress/egress rules and see affected resources |
| Migration plan | Move resources between scopes, VPCs, or regions |
| Scaling change | Scale up or down and see dependent resource impact |
| Provider migration | Simulate migrating from one provider to another |
| Tag change | Update tags and see policy compliance impact |
How it works
- Select baseline -- choose a current or historical graph snapshot as your starting point
- Define changes -- specify resource additions, removals, or modifications
- Run simulation -- the system creates a simulated graph with changes applied
- Analyze impact -- review impacted resources, dependency changes, and policy violations
- Compare -- side-by-side comparison of baseline vs. simulated state
- Export -- export the simulation plan as a change request for execution
# Run a what-if simulation
POST /api/v1/simulate
Content-Type: application/json
{
"baseline": "latest",
"changes": [
{
"action": "remove",
"resource_id": "sg-abc123"
},
{
"action": "modify",
"resource_id": "sg-xyz789",
"properties": {
"ingress": [
{
"protocol": "tcp",
"port": 443,
"cidr": "10.0.0.0/8"
}
]
}
}
]
}Use cases
- Change planning -- validate change requests before CAB approval
- Decommission planning -- understand the full impact of retiring a resource
- Security group audit -- test the effect of tightening security group rules
- Migration validation -- validate that a migration plan will not break critical dependencies
- Disaster recovery testing -- simulate failover scenarios without actual disruption
- Cost impact -- estimate cost impact of scaling or migration changes
Limitations
- Graph only -- the simulator models graph impact, not runtime behavior (latency, throughput, etc.)
- Static analysis -- simulations are based on the current graph state, not dynamic runtime conditions
- External dependencies -- changes to external services not in the graph are not modeled
Combine with impact analysis
For deeper analysis, export simulation results to the impact analysis engine for AI-generated impact summaries and remediation suggestions.