Terraform risk calculator

Estimate plan risk from manual counts.

Use this static calculator before a review meeting when you know the shape of a Terraform change but do not want to share plan contents. Raw Terraform plans stay local in your workstation or CI.

Manual counts only No plan upload No accounts No billing

The score is a planning aid, not a replacement for analyzing the real Terraform JSON plan with readtheplan. Counts can miss attribute-level changes such as public access blocks, deny statement removal, or retention decreases.

S3 risk IAM risk 0.0.0.0/0 risk Log retention risk

Manual inputs

Risk signals

Replacements

Delete/create changes, especially identity-bearing resources.

Delete actions

Resources that Terraform plans to remove.

IAM changes

Policies, roles, trust relationships, or permission boundaries.

Public network changes

Security groups, routes, listeners, or ingress that broaden exposure.

Data or key changes

S3, RDS, KMS, backups, encryption, or lifecycle settings.

Logging changes

CloudWatch retention, audit trails, alarms, or delivery paths.

Context

Production Non-prod

Audit pressure

SOC 2 / ISO / HIPAA None selected

Estimate

Risk result

Lower apparent risk

This form has no submission destination and no file picker. Use the pilot setup flow when you want help wiring readtheplan into CI without sending a raw Terraform plan.

Request pilot setup

Placeholder inbox: pilot-contact@example.com. Replace the configured pilot handoff address before production use.

FAQ

Terraform risk calculator questions

Does this page analyze my Terraform plan?

No. It estimates risk from counts you type manually. Run readtheplan locally or in CI when you need plan-specific analysis and evidence.

Which Terraform changes should increase review priority?

Replacements, deletes, IAM policy edits, public network exposure, data protection changes, and logging retention changes usually deserve a closer review.