PyPI - terraformgraph - Versions diffs - 1.0.1__tar.gz → 1.0.3__tar.gz - Mend

terraformgraph 1.0.1tar.gz → 1.0.3tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (25) hide show

{terraformgraph-1.0.1/terraformgraph.egg-info → terraformgraph-1.0.3}/PKG-INFO RENAMED Viewed

@@ -1,8 +1,8 @@
 Metadata-Version: 2.4
 Name: terraformgraph
-Version: 1.0.1
+Version: 1.0.3
 Summary: Generate interactive architecture diagrams from Terraform configurations
-Author-email: Your Name <your.email@example.com>
+Author-email: Ferdinando Bonsegna <1bonsegnaferdinando@gmail.com>
 License: MIT
 Project-URL: Homepage, https://github.com/ferdinandobons/terraformgraph
 Project-URL: Documentation, https://github.com/ferdinandobons/terraformgraph#readme
@@ -75,9 +75,11 @@ pip install -e .
 Generate a diagram from a Terraform directory:
 ```bash
-terraformgraph -t ./infrastructure -o diagram.html
+terraformgraph -t ./infrastructure
 ```
+This creates `diagram.html` in the current directory.
 ### With Environment Subdirectories
 If your Terraform is organized by environment:
@@ -91,7 +93,7 @@ terraformgraph -t ./infrastructure -e prod -o prod-diagram.html
 For beautiful AWS service icons, download the [AWS Architecture Icons](https://aws.amazon.com/architecture/icons/) and extract them:
 ```bash
-terraformgraph -t ./infrastructure -i ./AWS_Icons -o diagram.html
+terraformgraph -t ./infrastructure -i ./AWS_Icons
 ```
 ## Command Line Options
@@ -101,7 +103,7 @@ terraformgraph -t ./infrastructure -i ./AWS_Icons -o diagram.html
 | `-t, --terraform` | Yes | Path to Terraform directory |
 | `-e, --environment` | No | Environment subdirectory (dev, staging, prod) |
 | `-i, --icons` | No | Path to AWS icons directory |
-| `-o, --output` | Yes | Output HTML file path |
+| `-o, --output` | No | Output HTML file path (default: `diagram.html`) |
 | `-v, --verbose` | No | Enable debug output |
 ## Configuration

{terraformgraph-1.0.1 → terraformgraph-1.0.3}/README.md RENAMED Viewed

@@ -37,9 +37,11 @@ pip install -e .
 Generate a diagram from a Terraform directory:
 ```bash
-terraformgraph -t ./infrastructure -o diagram.html
+terraformgraph -t ./infrastructure
 ```
+This creates `diagram.html` in the current directory.
 ### With Environment Subdirectories
 If your Terraform is organized by environment:
@@ -53,7 +55,7 @@ terraformgraph -t ./infrastructure -e prod -o prod-diagram.html
 For beautiful AWS service icons, download the [AWS Architecture Icons](https://aws.amazon.com/architecture/icons/) and extract them:
 ```bash
-terraformgraph -t ./infrastructure -i ./AWS_Icons -o diagram.html
+terraformgraph -t ./infrastructure -i ./AWS_Icons
 ```
 ## Command Line Options
@@ -63,7 +65,7 @@ terraformgraph -t ./infrastructure -i ./AWS_Icons -o diagram.html
 | `-t, --terraform` | Yes | Path to Terraform directory |
 | `-e, --environment` | No | Environment subdirectory (dev, staging, prod) |
 | `-i, --icons` | No | Path to AWS icons directory |
-| `-o, --output` | Yes | Output HTML file path |
+| `-o, --output` | No | Output HTML file path (default: `diagram.html`) |
 | `-v, --verbose` | No | Enable debug output |
 ## Configuration

{terraformgraph-1.0.1 → terraformgraph-1.0.3}/pyproject.toml RENAMED Viewed

@@ -4,13 +4,13 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "terraformgraph"
-version = "1.0.1"
+version = "1.0.3"
 description = "Generate interactive architecture diagrams from Terraform configurations"
 readme = "README.md"
 license = {text = "MIT"}
 requires-python = ">=3.9"
 authors = [
-    {name = "Your Name", email = "your.email@example.com"}
+    {name = "Ferdinando Bonsegna", email = "1bonsegnaferdinando@gmail.com"}
 ]
 keywords = [
     "terraform",

{terraformgraph-1.0.1 → terraformgraph-1.0.3}/terraformgraph/__init__.py RENAMED Viewed

@@ -1,6 +1,6 @@
 """terraformgraph - Create architecture diagrams from Terraform configurations."""
-__version__ = "1.0.1"
+__version__ = "1.0.3"
 from .aggregator import ResourceAggregator
 from .config_loader import ConfigLoader

terraformgraph-1.0.3/terraformgraph/aggregator.py ADDED Viewed

@@ -0,0 +1,140 @@
+"""
+Resource Aggregator
+Aggregates low-level Terraform resources into high-level logical services
+for cleaner architecture diagrams.
+"""
+from dataclasses import dataclass, field
+from typing import Any, Dict, List, Optional
+from .config_loader import ConfigLoader
+from .parser import ParseResult, TerraformResource
+@dataclass
+class LogicalService:
+    """A high-level logical service aggregating multiple resources."""
+    service_type: str  # e.g., 'alb', 'ecs', 's3', 'sqs'
+    name: str
+    icon_resource_type: str  # The Terraform type to use for the icon
+    resources: List[TerraformResource] = field(default_factory=list)
+    count: int = 1  # How many instances (e.g., 24 SQS queues)
+    is_vpc_resource: bool = False
+    attributes: Dict[str, str] = field(default_factory=dict)
+    @property
+    def id(self) -> str:
+        return f"{self.service_type}.{self.name}"
+@dataclass
+class LogicalConnection:
+    """A connection between logical services."""
+    source_id: str
+    target_id: str
+    label: Optional[str] = None
+    connection_type: str = 'default'  # 'default', 'data_flow', 'trigger', 'encrypt'
+@dataclass
+class AggregatedResult:
+    """Result of aggregating resources into logical services."""
+    services: List[LogicalService] = field(default_factory=list)
+    connections: List[LogicalConnection] = field(default_factory=list)
+    vpc_services: List[LogicalService] = field(default_factory=list)
+    global_services: List[LogicalService] = field(default_factory=list)
+class ResourceAggregator:
+    """Aggregates Terraform resources into logical services."""
+    def __init__(self, config_loader: Optional[ConfigLoader] = None):
+        self._config = config_loader or ConfigLoader()
+        self._aggregation_rules = self._build_aggregation_rules()
+        self._logical_connections = self._config.get_logical_connections()
+        self._build_type_to_rule_map()
+    def _build_aggregation_rules(self) -> Dict[str, Dict[str, Any]]:
+        """Build aggregation rules dict from config."""
+        flat_rules = self._config.get_flat_aggregation_rules()
+        result = {}
+        for service_name, config in flat_rules.items():
+            # Map YAML format (primary/secondary/in_vpc) to internal format
+            result[service_name] = {
+                'primary': config.get("primary", []),
+                'aggregate': config.get("secondary", []),  # secondary in YAML -> aggregate internally
+                'icon': config.get("primary", [""])[0] if config.get("primary") else "",
+                'display_name': service_name.replace("_", " ").title(),
+                'is_vpc': config.get("in_vpc", False),
+            }
+        return result
+    def _build_type_to_rule_map(self) -> None:
+        """Build a mapping from resource type to aggregation rule."""
+        self._type_to_rule: Dict[str, str] = {}
+        for rule_name, rule in self._aggregation_rules.items():
+            for res_type in rule['primary']:
+                self._type_to_rule[res_type] = rule_name
+            for res_type in rule['aggregate']:
+                self._type_to_rule[res_type] = rule_name
+    def aggregate(self, parse_result: ParseResult) -> AggregatedResult:
+        """Aggregate parsed resources into logical services."""
+        result = AggregatedResult()
+        # Group resources by aggregation rule
+        rule_resources: Dict[str, List[TerraformResource]] = {}
+        unmatched: List[TerraformResource] = []
+        for resource in parse_result.resources:
+            rule_name = self._type_to_rule.get(resource.resource_type)
+            if rule_name:
+                rule_resources.setdefault(rule_name, []).append(resource)
+            else:
+                unmatched.append(resource)
+        # Create logical services from grouped resources
+        for rule_name, resources in rule_resources.items():
+            rule = self._aggregation_rules[rule_name]
+            # Count primary resources
+            primary_count = sum(1 for r in resources if r.resource_type in rule['primary'])
+            if primary_count == 0:
+                continue  # Skip if no primary resources
+            service = LogicalService(
+                service_type=rule_name,
+                name=rule['display_name'],
+                icon_resource_type=rule['icon'],
+                resources=resources,
+                count=primary_count,
+                is_vpc_resource=rule['is_vpc'],
+            )
+            result.services.append(service)
+            if service.is_vpc_resource:
+                result.vpc_services.append(service)
+            else:
+                result.global_services.append(service)
+        # Create logical connections based on which services exist
+        existing_services = {s.service_type for s in result.services}
+        for conn in self._logical_connections:
+            source = conn.get("source", "")
+            target = conn.get("target", "")
+            if source in existing_services and target in existing_services:
+                result.connections.append(LogicalConnection(
+                    source_id=f"{source}.{self._aggregation_rules[source]['display_name']}",
+                    target_id=f"{target}.{self._aggregation_rules[target]['display_name']}",
+                    label=conn.get("label", ""),
+                    connection_type=conn.get("type", "default"),
+                ))
+        return result
+def aggregate_resources(parse_result: ParseResult) -> AggregatedResult:
+    """Convenience function to aggregate resources."""
+    aggregator = ResourceAggregator()
+    return aggregator.aggregate(parse_result)

{terraformgraph-1.0.1 → terraformgraph-1.0.3}/terraformgraph/layout.py RENAMED Viewed

@@ -88,13 +88,13 @@ class LayoutEngine:
             st = service.service_type
             if st in ('cloudfront', 'waf', 'route53', 'acm', 'cognito'):
                 edge_services.append(service)
-            elif st in ('alb', 'ecs', 'ec2', 'security', 'vpc'):
+            elif st in ('alb', 'ecs', 'ec2', 'security_groups', 'security', 'vpc'):
                 vpc_services.append(service)
             elif st in ('s3', 'dynamodb', 'mongodb'):
                 data_services.append(service)
             elif st in ('sqs', 'sns', 'eventbridge'):
                 messaging_services.append(service)
-            elif st in ('kms', 'secrets', 'iam'):
+            elif st in ('kms', 'secrets', 'secrets_manager', 'iam'):
                 security_services.append(service)
             else:
                 other_services.append(service)

{terraformgraph-1.0.1 → terraformgraph-1.0.3}/terraformgraph/main.py RENAMED Viewed

@@ -6,14 +6,17 @@ Generates AWS infrastructure diagrams from Terraform code using official AWS ico
 Creates high-level architectural diagrams with logical service groupings.
 Usage:
-    # Parse a directory directly (auto-discovers icons in ./aws-official-icons)
-    terraformgraph -t ./infrastructure -o diagram.html
+    # Parse a directory directly (generates diagram.html by default)
+    terraformgraph -t ./infrastructure
     # Parse a specific environment subdirectory
-    terraformgraph -t ./infrastructure -e dev -o diagram.html
+    terraformgraph -t ./infrastructure -e dev
+    # With custom output path
+    terraformgraph -t ./infrastructure -o my-diagram.html
     # With custom icons path
-    terraformgraph -t ./infrastructure -i /path/to/icons -o diagram.html
+    terraformgraph -t ./infrastructure -i /path/to/icons
 """
 import argparse
@@ -33,14 +36,17 @@ def main():
         formatter_class=argparse.RawDescriptionHelpFormatter,
         epilog='''
 Examples:
-    # Parse a directory (auto-discovers icons in ./aws-official-icons)
-    terraformgraph -t ./infrastructure -o diagram.html
+    # Parse a directory (generates diagram.html by default)
+    terraformgraph -t ./infrastructure
     # Parse a specific environment subdirectory
-    terraformgraph -t ./infrastructure -e dev -o diagram.html
+    terraformgraph -t ./infrastructure -e dev
+    # With custom output path
+    terraformgraph -t ./infrastructure -o my-diagram.html
     # With custom icons path
-    terraformgraph -t ./infrastructure -i /path/to/icons -o diagram.html
+    terraformgraph -t ./infrastructure -i /path/to/icons
         '''
     )
@@ -64,8 +70,8 @@ Examples:
     parser.add_argument(
         '-o', '--output',
-        required=True,
-        help='Output file path (HTML)'
+        default='diagram.html',
+        help='Output file path (HTML). Default: diagram.html'
     )
     parser.add_argument(

{terraformgraph-1.0.1 → terraformgraph-1.0.3}/terraformgraph/parser.py RENAMED Viewed

@@ -4,6 +4,7 @@ Terraform HCL Parser
 Parses Terraform files and extracts AWS resources and their relationships.
 """
+import logging
 import re
 from dataclasses import dataclass, field
 from pathlib import Path
@@ -11,6 +12,8 @@ from typing import Any, Dict, List, Optional
 import hcl2
+logger = logging.getLogger(__name__)
 @dataclass
 class TerraformResource:
@@ -130,7 +133,7 @@ class TerraformParser:
         # Parse all .tf files in directory
         tf_files = list(directory.glob("*.tf"))
         if not tf_files:
-            print(f"Warning: No .tf files found in {directory}")
+            logger.warning("No .tf files found in %s", directory)
         for tf_file in tf_files:
             self._parse_file(tf_file, result, module_path="")
@@ -153,7 +156,7 @@ class TerraformParser:
             with open(file_path, 'r') as f:
                 content = hcl2.load(f)
         except Exception as e:
-            print(f"Warning: Could not parse {file_path}: {e}")
+            logger.warning("Could not parse %s: %s", file_path, e)
             return
         # Extract resources
@@ -199,7 +202,7 @@ class TerraformParser:
             module_path = self.infrastructure_path / '.modules' / source
         if not module_path.exists():
-            print(f"Warning: Module path not found: {module_path}")
+            logger.warning("Module path not found: %s", module_path)
             return ParseResult()
         # Check cache

{terraformgraph-1.0.1 → terraformgraph-1.0.3}/terraformgraph/renderer.py RENAMED Viewed

@@ -250,7 +250,7 @@ class SVGRenderer:
            data-target="{html.escape(connection.target_id)}"
            data-conn-type="{connection.connection_type}"
            data-label="{html.escape(label)}">
-            <path class="connection-hitarea" d="{path}"/>
+            <path class="connection-hitarea" d="{path}" fill="none" stroke="transparent" stroke-width="15"/>
             <path class="connection-path" d="{path}" fill="none" stroke="{stroke_color}"
                 stroke-width="1.5" {dash_attr} marker-end="{marker}" opacity="0.7"/>
         </g>
@@ -676,6 +676,11 @@ class HTMLRenderer:
             function startDrag(e) {{
                 e.preventDefault();
+                // Guard against null CTM (can happen during rendering)
+                const ctm = svg.getScreenCTM();
+                if (!ctm) return;
                 dragging = e.currentTarget;
                 dragging.classList.add('dragging');
                 dragging.style.cursor = 'grabbing';
@@ -683,7 +688,15 @@ class HTMLRenderer:
                 const pt = svg.createSVGPoint();
                 pt.x = e.clientX;
                 pt.y = e.clientY;
-                const svgP = pt.matrixTransform(svg.getScreenCTM().inverse());
+                const svgP = pt.matrixTransform(ctm.inverse());
+                // Validate coordinates to prevent NaN issues
+                if (isNaN(svgP.x) || isNaN(svgP.y)) {{
+                    dragging.classList.remove('dragging');
+                    dragging.style.cursor = 'grab';
+                    dragging = null;
+                    return;
+                }}
                 const id = dragging.dataset.serviceId;
                 const pos = servicePositions[id] || {{ x: 0, y: 0 }};
@@ -697,10 +710,17 @@ class HTMLRenderer:
             function drag(e) {{
                 if (!dragging) return;
+                // Guard against null CTM
+                const ctm = svg.getScreenCTM();
+                if (!ctm) return;
                 const pt = svg.createSVGPoint();
                 pt.x = e.clientX;
                 pt.y = e.clientY;
-                const svgP = pt.matrixTransform(svg.getScreenCTM().inverse());
+                const svgP = pt.matrixTransform(ctm.inverse());
+                // Validate coordinates to prevent NaN issues
+                if (isNaN(svgP.x) || isNaN(svgP.y)) return;
                 let newX = svgP.x - offset.x;
                 let newY = svgP.y - offset.y;

{terraformgraph-1.0.1 → terraformgraph-1.0.3/terraformgraph.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,8 +1,8 @@
 Metadata-Version: 2.4
 Name: terraformgraph
-Version: 1.0.1
+Version: 1.0.3
 Summary: Generate interactive architecture diagrams from Terraform configurations
-Author-email: Your Name <your.email@example.com>
+Author-email: Ferdinando Bonsegna <1bonsegnaferdinando@gmail.com>
 License: MIT
 Project-URL: Homepage, https://github.com/ferdinandobons/terraformgraph
 Project-URL: Documentation, https://github.com/ferdinandobons/terraformgraph#readme
@@ -75,9 +75,11 @@ pip install -e .
 Generate a diagram from a Terraform directory:
 ```bash
-terraformgraph -t ./infrastructure -o diagram.html
+terraformgraph -t ./infrastructure
 ```
+This creates `diagram.html` in the current directory.
 ### With Environment Subdirectories
 If your Terraform is organized by environment:
@@ -91,7 +93,7 @@ terraformgraph -t ./infrastructure -e prod -o prod-diagram.html
 For beautiful AWS service icons, download the [AWS Architecture Icons](https://aws.amazon.com/architecture/icons/) and extract them:
 ```bash
-terraformgraph -t ./infrastructure -i ./AWS_Icons -o diagram.html
+terraformgraph -t ./infrastructure -i ./AWS_Icons
 ```
 ## Command Line Options
@@ -101,7 +103,7 @@ terraformgraph -t ./infrastructure -i ./AWS_Icons -o diagram.html
 | `-t, --terraform` | Yes | Path to Terraform directory |
 | `-e, --environment` | No | Environment subdirectory (dev, staging, prod) |
 | `-i, --icons` | No | Path to AWS icons directory |
-| `-o, --output` | Yes | Output HTML file path |
+| `-o, --output` | No | Output HTML file path (default: `diagram.html`) |
 | `-v, --verbose` | No | Enable debug output |
 ## Configuration

terraformgraph-1.0.1/terraformgraph/aggregator.py DELETED Viewed

@@ -1,396 +0,0 @@
-"""
-Resource Aggregator
-Aggregates low-level Terraform resources into high-level logical services
-for cleaner architecture diagrams.
-"""
-from dataclasses import dataclass, field
-from typing import Any, Dict, List, Optional
-from .config_loader import ConfigLoader
-from .parser import ParseResult, TerraformResource
-@dataclass
-class LogicalService:
-    """A high-level logical service aggregating multiple resources."""
-    service_type: str  # e.g., 'alb', 'ecs', 's3', 'sqs'
-    name: str
-    icon_resource_type: str  # The Terraform type to use for the icon
-    resources: List[TerraformResource] = field(default_factory=list)
-    count: int = 1  # How many instances (e.g., 24 SQS queues)
-    is_vpc_resource: bool = False
-    attributes: Dict[str, str] = field(default_factory=dict)
-    @property
-    def id(self) -> str:
-        return f"{self.service_type}.{self.name}"
-@dataclass
-class LogicalConnection:
-    """A connection between logical services."""
-    source_id: str
-    target_id: str
-    label: Optional[str] = None
-    connection_type: str = 'default'  # 'default', 'data_flow', 'trigger', 'encrypt'
-@dataclass
-class AggregatedResult:
-    """Result of aggregating resources into logical services."""
-    services: List[LogicalService] = field(default_factory=list)
-    connections: List[LogicalConnection] = field(default_factory=list)
-    vpc_services: List[LogicalService] = field(default_factory=list)
-    global_services: List[LogicalService] = field(default_factory=list)
-# Define which resource types should be aggregated together
-AGGREGATION_RULES = {
-    # Load Balancing: ALB + listeners + target groups = one ALB
-    'alb': {
-        'primary': ['aws_lb'],
-        'aggregate': ['aws_lb_listener', 'aws_lb_target_group', 'aws_lb_target_group_attachment'],
-        'icon': 'aws_lb',
-        'display_name': 'Load Balancer',
-        'is_vpc': True,
-    },
-    # ECS: cluster + services + task definitions = one ECS
-    'ecs': {
-        'primary': ['aws_ecs_cluster'],
-        'aggregate': ['aws_ecs_service', 'aws_ecs_task_definition'],
-        'icon': 'aws_ecs_cluster',
-        'display_name': 'ECS Cluster',
-        'is_vpc': True,
-    },
-    # VPC: vpc + subnets + gateways + route tables = one VPC
-    'vpc': {
-        'primary': ['aws_vpc'],
-        'aggregate': ['aws_subnet', 'aws_internet_gateway', 'aws_nat_gateway',
-                      'aws_route_table', 'aws_route', 'aws_route_table_association',
-                      'aws_eip', 'aws_vpc_endpoint', 'aws_db_subnet_group'],
-        'icon': 'aws_vpc',
-        'display_name': 'VPC',
-        'is_vpc': True,
-    },
-    # Security Groups: aggregate all SGs
-    'security': {
-        'primary': ['aws_security_group'],
-        'aggregate': ['aws_security_group_rule'],
-        'icon': 'aws_security_group',
-        'display_name': 'Security Groups',
-        'is_vpc': True,
-    },
-    # S3: buckets (aggregate policies, versioning, etc.)
-    's3': {
-        'primary': ['aws_s3_bucket'],
-        'aggregate': ['aws_s3_bucket_policy', 'aws_s3_bucket_versioning',
-                      'aws_s3_bucket_lifecycle_configuration', 'aws_s3_bucket_notification',
-                      'aws_s3_bucket_cors_configuration', 'aws_s3_bucket_public_access_block',
-                      'aws_s3_bucket_ownership_controls', 'aws_s3_bucket_server_side_encryption_configuration'],
-        'icon': 'aws_s3_bucket',
-        'display_name': 'S3 Buckets',
-        'is_vpc': False,
-    },
-    # SQS: aggregate all queues
-    'sqs': {
-        'primary': ['aws_sqs_queue'],
-        'aggregate': ['aws_sqs_queue_policy'],
-        'icon': 'aws_sqs_queue',
-        'display_name': 'SQS Queues',
-        'is_vpc': False,
-    },
-    # SNS: aggregate topics
-    'sns': {
-        'primary': ['aws_sns_topic'],
-        'aggregate': ['aws_sns_topic_policy', 'aws_sns_topic_subscription'],
-        'icon': 'aws_sns_topic',
-        'display_name': 'SNS Topics',
-        'is_vpc': False,
-    },
-    # Cognito: user pool + clients + domain
-    'cognito': {
-        'primary': ['aws_cognito_user_pool'],
-        'aggregate': ['aws_cognito_user_pool_client', 'aws_cognito_user_pool_domain',
-                      'aws_cognito_identity_pool', 'aws_cognito_identity_pool_roles_attachment',
-                      'aws_cognito_log_delivery_configuration'],
-        'icon': 'aws_cognito_user_pool',
-        'display_name': 'Cognito',
-        'is_vpc': False,
-    },
-    # KMS: keys + aliases
-    'kms': {
-        'primary': ['aws_kms_key'],
-        'aggregate': ['aws_kms_alias'],
-        'icon': 'aws_kms_key',
-        'display_name': 'KMS Keys',
-        'is_vpc': False,
-    },
-    # Secrets Manager
-    'secrets': {
-        'primary': ['aws_secretsmanager_secret'],
-        'aggregate': ['aws_secretsmanager_secret_version'],
-        'icon': 'aws_secretsmanager_secret',
-        'display_name': 'Secrets Manager',
-        'is_vpc': False,
-    },
-    # Route53
-    'route53': {
-        'primary': ['aws_route53_zone'],
-        'aggregate': ['aws_route53_record'],
-        'icon': 'aws_route53_zone',
-        'display_name': 'Route 53',
-        'is_vpc': False,
-    },
-    # ACM Certificates
-    'acm': {
-        'primary': ['aws_acm_certificate'],
-        'aggregate': ['aws_acm_certificate_validation'],
-        'icon': 'aws_acm_certificate',
-        'display_name': 'Certificates',
-        'is_vpc': False,
-    },
-    # CloudWatch
-    'cloudwatch': {
-        'primary': ['aws_cloudwatch_log_group', 'aws_cloudwatch_metric_alarm'],
-        'aggregate': ['aws_cloudwatch_log_resource_policy', 'aws_cloudwatch_log_delivery',
-                      'aws_cloudwatch_log_delivery_source', 'aws_cloudwatch_log_delivery_destination',
-                      'aws_cloudwatch_dashboard'],
-        'icon': 'aws_cloudwatch_metric_alarm',
-        'display_name': 'CloudWatch',
-        'is_vpc': False,
-    },
-    # EventBridge
-    'eventbridge': {
-        'primary': ['aws_cloudwatch_event_rule', 'aws_cloudwatch_event_bus'],
-        'aggregate': ['aws_cloudwatch_event_target', 'aws_cloudwatch_event_archive'],
-        'icon': 'aws_cloudwatch_event_rule',
-        'display_name': 'EventBridge',
-        'is_vpc': False,
-    },
-    # WAF
-    'waf': {
-        'primary': ['aws_wafv2_web_acl'],
-        'aggregate': ['aws_wafv2_web_acl_association', 'aws_wafv2_rule_group'],
-        'icon': 'aws_wafv2_web_acl',
-        'display_name': 'WAF',
-        'is_vpc': False,
-    },
-    # IAM
-    'iam': {
-        'primary': ['aws_iam_role'],
-        'aggregate': ['aws_iam_policy', 'aws_iam_role_policy', 'aws_iam_role_policy_attachment',
-                      'aws_iam_instance_profile'],
-        'icon': 'aws_iam_role',
-        'display_name': 'IAM Roles',
-        'is_vpc': False,
-    },
-    # ECR
-    'ecr': {
-        'primary': ['aws_ecr_repository'],
-        'aggregate': [],
-        'icon': 'aws_ecr_repository',
-        'display_name': 'ECR',
-        'is_vpc': False,
-    },
-    # DynamoDB
-    'dynamodb': {
-        'primary': ['aws_dynamodb_table'],
-        'aggregate': [],
-        'icon': 'aws_dynamodb_table',
-        'display_name': 'DynamoDB',
-        'is_vpc': False,
-    },
-    # SES
-    'ses': {
-        'primary': ['aws_ses_domain_identity'],
-        'aggregate': ['aws_ses_domain_dkim', 'aws_ses_domain_mail_from',
-                      'aws_ses_identity_notification_topic', 'aws_ses_configuration_set'],
-        'icon': 'aws_ses_domain_identity',
-        'display_name': 'SES',
-        'is_vpc': False,
-    },
-    # CloudFront
-    'cloudfront': {
-        'primary': ['aws_cloudfront_distribution'],
-        'aggregate': ['aws_cloudfront_origin_access_control'],
-        'icon': 'aws_cloudfront_distribution',
-        'display_name': 'CloudFront',
-        'is_vpc': False,
-    },
-    # Bedrock
-    'bedrock': {
-        'primary': ['aws_bedrockagent_knowledge_base'],
-        'aggregate': [],
-        'icon': 'aws_bedrockagent_knowledge_base',
-        'display_name': 'Bedrock KB',
-        'is_vpc': False,
-    },
-    # Budgets
-    'budgets': {
-        'primary': ['aws_budgets_budget'],
-        'aggregate': [],
-        'icon': 'aws_budgets_budget',
-        'display_name': 'Budgets',
-        'is_vpc': False,
-    },
-    # EC2 (standalone instances like DevOps agent)
-    'ec2': {
-        'primary': ['aws_instance'],
-        'aggregate': ['aws_launch_template'],
-        'icon': 'aws_instance',
-        'display_name': 'EC2',
-        'is_vpc': True,
-    },
-    # MongoDB Atlas (external)
-    'mongodb': {
-        'primary': ['mongodbatlas_cluster'],
-        'aggregate': ['mongodbatlas_network_peering', 'mongodbatlas_project_ip_access_list'],
-        'icon': 'aws_dynamodb_table',  # Use DynamoDB icon as fallback
-        'display_name': 'MongoDB Atlas',
-        'is_vpc': False,
-    },
-}
-# High-level connections between service types
-LOGICAL_CONNECTIONS = [
-    # Internet -> WAF -> CloudFront -> ALB
-    ('cloudfront', 'alb', 'HTTPS', 'data_flow'),
-    ('waf', 'alb', 'protects', 'default'),
-    ('waf', 'cognito', 'protects', 'default'),
-    # ALB -> ECS
-    ('alb', 'ecs', 'routes to', 'data_flow'),
-    # ECS -> various services
-    ('ecs', 'sqs', 'sends/receives', 'data_flow'),
-    ('ecs', 's3', 'reads/writes', 'data_flow'),
-    ('ecs', 'dynamodb', 'queries', 'data_flow'),
-    ('ecs', 'secrets', 'reads', 'default'),
-    ('ecs', 'bedrock', 'invokes', 'data_flow'),
-    # S3 -> SQS (notifications)
-    ('s3', 'sqs', 'triggers', 'trigger'),
-    # SNS for alerts
-    ('cloudwatch', 'sns', 'alerts', 'trigger'),
-    ('sqs', 'sns', 'DLQ alerts', 'trigger'),
-    # Encryption
-    ('kms', 's3', 'encrypts', 'encrypt'),
-    ('kms', 'sqs', 'encrypts', 'encrypt'),
-    ('kms', 'sns', 'encrypts', 'encrypt'),
-    ('kms', 'secrets', 'encrypts', 'encrypt'),
-    # DNS
-    ('route53', 'alb', 'resolves', 'default'),
-    ('route53', 'cloudfront', 'resolves', 'default'),
-    # Certificates
-    ('acm', 'alb', 'TLS', 'default'),
-    ('acm', 'cloudfront', 'TLS', 'default'),
-    # Cognito auth
-    ('cognito', 'alb', 'authenticates', 'default'),
-    # ECR -> ECS
-    ('ecr', 'ecs', 'images', 'data_flow'),
-    # External
-    ('ecs', 'mongodb', 'queries', 'data_flow'),
-]
-class ResourceAggregator:
-    """Aggregates Terraform resources into logical services."""
-    def __init__(self, config_loader: Optional[ConfigLoader] = None):
-        self._config = config_loader or ConfigLoader()
-        self._aggregation_rules = self._build_aggregation_rules()
-        self._logical_connections = self._config.get_logical_connections()
-        self._build_type_to_rule_map()
-    def _build_aggregation_rules(self) -> Dict[str, Dict[str, Any]]:
-        """Build aggregation rules dict from config."""
-        flat_rules = self._config.get_flat_aggregation_rules()
-        result = {}
-        for service_name, config in flat_rules.items():
-            # Map YAML format (primary/secondary/in_vpc) to internal format
-            result[service_name] = {
-                'primary': config.get("primary", []),
-                'aggregate': config.get("secondary", []),  # secondary in YAML -> aggregate internally
-                'icon': config.get("primary", [""])[0] if config.get("primary") else "",
-                'display_name': service_name.replace("_", " ").title(),
-                'is_vpc': config.get("in_vpc", False),
-            }
-        return result
-    def _build_type_to_rule_map(self) -> None:
-        """Build a mapping from resource type to aggregation rule."""
-        self._type_to_rule: Dict[str, str] = {}
-        for rule_name, rule in self._aggregation_rules.items():
-            for res_type in rule['primary']:
-                self._type_to_rule[res_type] = rule_name
-            for res_type in rule['aggregate']:
-                self._type_to_rule[res_type] = rule_name
-    def aggregate(self, parse_result: ParseResult) -> AggregatedResult:
-        """Aggregate parsed resources into logical services."""
-        result = AggregatedResult()
-        # Group resources by aggregation rule
-        rule_resources: Dict[str, List[TerraformResource]] = {}
-        unmatched: List[TerraformResource] = []
-        for resource in parse_result.resources:
-            rule_name = self._type_to_rule.get(resource.resource_type)
-            if rule_name:
-                rule_resources.setdefault(rule_name, []).append(resource)
-            else:
-                unmatched.append(resource)
-        # Create logical services from grouped resources
-        for rule_name, resources in rule_resources.items():
-            rule = self._aggregation_rules[rule_name]
-            # Count primary resources
-            primary_count = sum(1 for r in resources if r.resource_type in rule['primary'])
-            if primary_count == 0:
-                continue  # Skip if no primary resources
-            service = LogicalService(
-                service_type=rule_name,
-                name=rule['display_name'],
-                icon_resource_type=rule['icon'],
-                resources=resources,
-                count=primary_count,
-                is_vpc_resource=rule['is_vpc'],
-            )
-            result.services.append(service)
-            if service.is_vpc_resource:
-                result.vpc_services.append(service)
-            else:
-                result.global_services.append(service)
-        # Create logical connections based on which services exist
-        existing_services = {s.service_type for s in result.services}
-        for conn in self._logical_connections:
-            source = conn.get("source", "")
-            target = conn.get("target", "")
-            if source in existing_services and target in existing_services:
-                result.connections.append(LogicalConnection(
-                    source_id=f"{source}.{self._aggregation_rules[source]['display_name']}",
-                    target_id=f"{target}.{self._aggregation_rules[target]['display_name']}",
-                    label=conn.get("label", ""),
-                    connection_type=conn.get("type", "default"),
-                ))
-        return result
-def aggregate_resources(parse_result: ParseResult) -> AggregatedResult:
-    """Convenience function to aggregate resources."""
-    aggregator = ResourceAggregator()
-    return aggregator.aggregate(parse_result)