Infragraph overview

Infragraph is the HashiCorp Cloud Platform (HCP) resource graph database. It creates a centralized data storage layer for your infrastructure environment metadata to enable greater visibility into resources and their usage.

Beta feature

This feature is currently available as a beta release. Beta functionality is stable but possibly incomplete and subject to change. We strongly discourage using beta features with production workflows, as features may not function seamlessly and you may encounter unexpected issues.

Introduction

Infragraph helps you visualize and act on your hybrid cloud infrastructure.

The resource graph service has several pieces that you use together:

Connect data sources to the resource graph
Displays interactive data results in your web browser
Queries filter the resources displayed by the resource graph

Get started

To get started with Infragraph, you must have the Admin or Owner role in your HCP organization.

After you sign in to the HCP portal, select the Infragraph tile from the Project dashboard or the Organization dashboard to find the onboarding wizard.

The onboarding workflow consists of the following steps:

Roles and permissions

Infragraph introduces new roles and permissions to your HCP organization. You can scope user access to Infragraph using service-level permissions.

The following table describes the roles and permissions for Infragraph, scoped to their service-level and organizational access.

Permission	Connection Admin	Infragraph Admin	Infragraph Querier
Create, edit, and delete connections	✅	✅	❌
View connections	✅	✅	✅
Create, edit, and delete saved queries from the catalog	❌	✅	✅
View, build and execute any query	❌	✅	✅
Assign and edit Infragraph roles	❌	✅	❌
View audit logs	❌	❌	❌
View node inventory	❌	✅	✅
View synced data	✅	✅	✅

Permission	Organization Admin	Organization Contributor	Organization Viewer	Organization Browser
Create, edit, and delete connections	✅	✅	❌	❌
View connections	✅	✅	✅	❌
Create, edit, and delete saved queries from the catalog	✅	❌	❌	❌
View, build and execute any query	✅	✅	✅	❌
Assign and edit Infragraph roles	✅	❌	❌	❌
View audit logs	❌	❌	❌	❌
View node inventory	✅	✅	✅	❌
View synced data	✅	✅	✅	❌

Limitations and technical constraints

The beta release of Infragraph has limited features and functionality.

These lists describe the limitations and technical constraints of the beta release.

Not supported

Real-time updates. Updates only occur on manually triggered sync.
HCP Terraform drift detection.
Automated vulnerability detection and remediation.
Ingesting SBOMs outside of HCP Packer.
HCP European regions. During the public beta, Infragraph is only available in the United States.
Adding custom nodes and edges to the graph.
Creating resource tags within the application.
- Tags specified in upstream data source are synced, such as AWS resource tags.

Limitations

There is a limit of one connection per data source.
- The AWS connector is limited to 100 accounts per connection.
- The HCP Terraform connector is limited to one organization per connection.
Only a subset of planned AWS resources and resource fields are supported.
Initial HCP Packer syncs require up to a 30 minute wait after you create the connection.
Query API validation is limited. Query failures and errors may not be exposed.
The inventory page contains resources that are built by the graph service, not ingested by connections. They are considered "discovered resources" and are not differentiated from the other type of resources in the UI.