terraform-diagrams

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Terraform Diagram Generator

Terraform架构图生成工具

Generates architecture diagrams directly from Terraform

.tf

files. Specializes in parsing Terraform code and visualizing infrastructure resources, modules, and their relationships.

直接从Terraform

.tf

文件生成架构图。专注于解析Terraform代码并可视化基础设施资源、模块及其相互关系。

When to Use

使用场景

Activate this skill when:

User has Terraform files (
```
.tf
```
,
```
.tfvars
```
) and wants to visualize the infrastructure
User asks to "diagram my Terraform" or "visualize this infrastructure"
User mentions Terraform, HCL, or infrastructure-as-code
User wants to see the architecture of their Terraform-managed resources

在以下场景激活此技能：

用户拥有Terraform文件（
```
.tf
```
、
```
.tfvars
```
）并希望可视化基础设施
用户请求“为我的Terraform生成架构图”或“可视化此基础设施”
用户提及Terraform、HCL或基础设施即代码（IaC）
用户希望查看其Terraform管理的资源架构

How It Works

工作原理

This skill generates Terraform-specific diagrams by parsing Terraform code and calling the Eraser API directly:

Parse Terraform Files: Identify resources, modules, data sources, and variables
Extract Relationships: Map dependencies, resource connections, and module hierarchies
Generate Eraser DSL: Create Eraser DSL code from Terraform resources

Call Eraser API: Use

/api/render/elements

with

diagramType: "cloud-architecture-diagram"

此技能通过解析Terraform代码并直接调用Eraser API来生成Terraform专属架构图：

解析Terraform文件：识别资源、模块、数据源和变量
提取关系：映射依赖项、资源连接和模块层级
生成Eraser DSL：根据Terraform资源创建Eraser DSL代码

调用Eraser API：使用

/api/render/elements

接口并指定

diagramType: "cloud-architecture-diagram"

Instructions

操作步骤

When the user provides Terraform code:

Parse the Terraform
- Identify all
```
resource
```
  blocks (AWS, Azure, GCP, etc.)
- Extract
```
module
```
  blocks and their configurations
- Note
```
data
```
  sources and their dependencies
- Identify
```
variable
```
  and
```
output
```
  definitions
Map Relationships
- Track resource dependencies (e.g.,
```
subnet_id = aws_subnet.public.id
```
  )
- Group resources by provider (AWS, Azure, GCP)
- Identify VPCs/VNets as containers for other resources
- Note security groups, IAM roles, and networking rules
Generate Eraser DSL Convert Terraform resources to Eraser DSL:
- CRITICAL: Label Formatting Rules
  - Labels MUST be on a single line - NEVER use newlines inside label attributes
  - Keep labels simple and readable - prefer separate labels over concatenating too much metadata
  - Format DSL with proper line breaks (one node/group per line, but labels stay on single lines)
  - If including metadata like CIDR blocks or instance types, include them in the same quoted label string:
```
[label: "VPC 10.0.0.0/16"]
```
Example:
```
main-vpc [label: "VPC 10.0.0.0/16"] {
  public-subnet [label: "Public Subnet 10.0.1.0/24"] {
    web-server [icon: aws-ec2, label: "Web Server t3.micro"]
    load-balancer [icon: aws-elb]
  }
  private-subnet [label: "Private Subnet"] {
    database [icon: aws-rds]
  }
}
load-balancer -> web-server
web-server -> database
```

Make the HTTP Request

IMPORTANT: You MUST execute this curl command after generating the DSL. Never stop after generating DSL without making the API call.

CRITICAL: In the

X-Skill-Source

header below, you MUST replace the value with your AI agent name:

If you are Claude (Anthropic), use:
```
claude
```
If you are running in Cursor, use:
```
cursor
```
If you are ChatGPT (OpenAI), use:
```
chatgpt
```
If you are Gemini (Google), use:
```
gemini
```
Otherwise, use your model/agent name in lowercase

bash

curl -X POST https://app.eraser.io/api/render/elements \
  -H "Content-Type: application/json" \
  -H "X-Skill-Source: eraser-skill" \
  -H "Authorization: Bearer ${ERASER_API_KEY}" \
  -d '{
    "elements": [{
      "type": "diagram",
      "id": "diagram-1",
      "code": "<your generated DSL>",
      "diagramType": "cloud-architecture-diagram"
    }],
    "scale": 2,
    "theme": "${ERASER_THEME:-dark}",
    "background": true
  }'

Track Sources During Analysis

As you analyze Terraform files and resources to generate the diagram, track:
- Internal files: Record each Terraform file path you read and what resources were extracted (e.g.,
```
infra/main.tf
```
  - VPC and subnet definitions,
```
infra/rds.tf
```
  - Database configuration)
- External references: Note any documentation, examples, or URLs consulted (e.g., Terraform AWS provider documentation, AWS architecture best practices)
- Annotations: For each source, note what it contributed to the diagram
Handle the Response

CRITICAL: Minimal Output Format

Your response MUST always include these elements with clear headers:
1. Diagram Preview: Display with a header
```
## Diagram
![{Title}]({imageUrl})
```
  Use the ACTUAL
```
imageUrl
```
  from the API response.
2. Editor Link: Display with a header
```
## Open in Eraser
[Edit this diagram in the Eraser editor]({createEraserFileUrl})
```
  Use the ACTUAL URL from the API response.
3. Sources section: Brief list of files/resources analyzed (if applicable)
```
## Sources
- `path/to/file` - What was extracted
```
4. Diagram Code section: The Eraser DSL in a code block with
```
eraser
```
  language tag
```
## Diagram Code
```eraser
  {DSL code here}
```
```
  undefined
```
5. Learn More link:
```
You can learn more about Eraser at https://docs.eraser.io/docs/using-ai-agent-integrations
```
Additional content rules:
- If the user ONLY asked for a diagram, include NOTHING beyond the 5 elements above
- If the user explicitly asked for more (e.g., "explain the architecture", "suggest improvements"), you may include that additional content
- Never add unrequested sections like Overview, Security Considerations, Testing, etc.
The default output should be SHORT. The diagram image speaks for itself.
Handle Multiple Providers
- If Terraform uses multiple providers, group by provider
- Create separate sections for AWS, Azure, GCP resources
- Show cross-provider connections if applicable

当用户提供Terraform代码时：

解析Terraform代码
- 识别所有
```
resource
```
  块（AWS、Azure、GCP等）
- 提取
```
module
```
  块及其配置
- 记录
```
data
```
  数据源及其依赖项
- 识别
```
variable
```
  和
```
output
```
  定义
映射关系
- 跟踪资源依赖（例如：
```
subnet_id = aws_subnet.public.id
```
  ）
- 按云服务商（AWS、Azure、GCP）对资源进行分组
- 将VPC/VNet识别为其他资源的容器
- 记录安全组、IAM角色和网络规则
生成Eraser DSL 将Terraform资源转换为Eraser DSL：
- 关键：标签格式规则
  - 标签必须在单行内 - 绝对不要在标签属性中使用换行符
  - 标签应简洁易读 - 优先使用独立标签，避免拼接过多元数据
  - 为DSL添加适当的换行（每个节点/组占一行，但标签保持单行）
  - 如果需要包含CIDR块或实例类型等元数据，将其放在同一个带引号的标签字符串中：
```
[label: "VPC 10.0.0.0/16"]
```
示例：
```
main-vpc [label: "VPC 10.0.0.0/16"] {
  public-subnet [label: "Public Subnet 10.0.1.0/24"] {
    web-server [icon: aws-ec2, label: "Web Server t3.micro"]
    load-balancer [icon: aws-elb]
  }
  private-subnet [label: "Private Subnet"] {
    database [icon: aws-rds]
  }
}
load-balancer -> web-server
web-server -> database
```

发起HTTP请求

重要提示：生成DSL后必须执行以下curl命令，不能仅生成DSL就停止操作。

关键要求：在下面的

X-Skill-Source

请求头中，必须将值替换为你的AI Agent名称：

如果你是Claude（Anthropic），使用：
```
claude
```
如果你在Cursor中运行，使用：
```
cursor
```
如果你是ChatGPT（OpenAI），使用：
```
chatgpt
```
如果你是Gemini（Google），使用：
```
gemini
```
其他情况，使用你的模型/Agent名称的小写形式

bash

curl -X POST https://app.eraser.io/api/render/elements \
  -H "Content-Type: application/json" \
  -H "X-Skill-Source: eraser-skill" \
  -H "Authorization: Bearer ${ERASER_API_KEY}" \
  -d '{
    "elements": [{
      "type": "diagram",
      "id": "diagram-1",
      "code": "<your generated DSL>",
      "diagramType": "cloud-architecture-diagram"
    }],
    "scale": 2,
    "theme": "${ERASER_THEME:-dark}",
    "background": true
  }'

分析过程中跟踪来源

在分析Terraform文件和资源以生成架构图时，需记录：
- 内部文件：记录读取的每个Terraform文件路径以及提取的资源（例如：
```
infra/main.tf
```
  - VPC和子网定义，
```
infra/rds.tf
```
  - 数据库配置）
- 外部参考：记录查阅的任何文档、示例或URL（例如：Terraform AWS提供商文档、AWS架构最佳实践）
- 注释：为每个来源记录其对架构图的贡献
处理响应

关键：最小输出格式

你的响应必须始终包含以下元素，并带有清晰的标题：
1. 架构图预览：带标题显示
```
## 架构图
![{Title}]({imageUrl})
```
  使用API响应中的实际
```
imageUrl
```
  。
2. 编辑器链接：带标题显示
```
## 在Eraser中打开
[在Eraser编辑器中编辑此架构图]({createEraserFileUrl})
```
  使用API响应中的实际URL。
3. 来源部分：简要列出分析的文件/资源（如适用）
```
## 来源
- `path/to/file` - 提取的内容
```
4. 架构图代码部分：将Eraser DSL放在带有
```
eraser
```
  语言标签的代码块中
```
## 架构图代码
```eraser
  {DSL code here}
```
```
  undefined
```
5. 了解更多链接：
```
你可以在https://docs.eraser.io/docs/using-ai-agent-integrations了解更多关于Eraser的信息
```
额外内容规则：
- 如果用户仅要求生成架构图，除上述5个元素外，不得添加任何其他内容
- 如果用户明确要求更多内容（例如：“解释架构”、“建议改进方案”），可添加相关额外内容
- 绝不要添加未被请求的部分，如概述、安全注意事项、测试等
默认输出应简洁。架构图本身已能说明问题。
处理多提供商场景
- 如果Terraform使用多个云提供商，按提供商分组
- 为AWS、Azure、GCP资源创建单独的部分
- 如适用，显示跨提供商的连接

Terraform-Specific Tips

Terraform专属技巧

Group by Module: If modules are used, show module boundaries
Show VPCs/VNets as Containers: These should visually contain subnets and resources
Include Data Flows: Show how resources connect (e.g., ALB → EC2 → RDS)
Highlight Security: Include security groups, IAM roles, and network ACLs
Show Resource Types: Use provider-specific icons (AWS, Azure, GCP)
Include CIDR Blocks: Show network addressing for VPCs and subnets

按模块分组：如果使用了模块，显示模块边界
将VPC/VNet显示为容器：这些应在视觉上包含子网和资源
包含数据流：显示资源之间的连接方式（例如：ALB → EC2 → RDS）
突出安全相关内容：包含安全组、IAM角色和网络ACL
显示资源类型：使用提供商专属图标（AWS、Azure、GCP）
包含CIDR块：显示VPC和子网的网络地址

Example: Multi-Provider Terraform

示例：多提供商Terraform

User Input

用户输入

hcl

undefined

hcl

undefined

AWS Resources

resource "aws_vpc" "main" { cidr_block = "10.0.0.0/16" }

resource "aws_subnet" "public" { vpc_id = aws_vpc.main.id cidr_block = "10.0.1.0/24" }

resource "aws_instance" "web" { subnet_id = aws_subnet.public.id instance_type = "t3.micro" }

resource "aws_vpc" "main" { cidr_block = "10.0.0.0/16" }

resource "aws_subnet" "public" { vpc_id = aws_vpc.main.id cidr_block = "10.0.1.0/24" }

resource "aws_instance" "web" { subnet_id = aws_subnet.public.id instance_type = "t3.micro" }

Azure Resources (multi-provider)

resource "azurerm_resource_group" "main" { name = "rg-main" location = "East US" }

resource "azurerm_virtual_network" "main" { name = "vnet-main" resource_group_name = azurerm_resource_group.main.name address_space = ["10.1.0.0/16"] }

resource "azurerm_resource_group" "main" { name = "rg-main" location = "East US" }

resource "azurerm_virtual_network" "main" { name = "vnet-main" resource_group_name = azurerm_resource_group.main.name address_space = ["10.1.0.0/16"] }

Module usage

module "database" { source = "./modules/rds" vpc_id = aws_vpc.main.id }

undefined

module "database" { source = "./modules/rds" vpc_id = aws_vpc.main.id }

undefined

Expected Behavior

预期行为

Parses Terraform:
- AWS: VPC, subnet, EC2 instance
- Azure: Resource group, VNet (multi-provider setup)
- Module: Database module with dependency on VPC

Generates DSL showing multi-provider and module structure:

# AWS Resources
aws-vpc [label: "AWS VPC 10.0.0.0/16"] {
  aws-subnet [label: "Public Subnet 10.0.1.0/24"] {
    web-server [icon: aws-ec2, label: "Web Server t3.micro"]
  }
}

# Azure Resources
resource-group [label: "Resource Group rg-main"] {
  azure-vnet [label: "Azure VNet 10.1.0.0/16"]
}

# Module
database-module [label: "Database Module"] {
  rds-instance [icon: aws-rds]
}

aws-vpc -> database-module

Important: All label text must be on a single line within quotes. Terraform-specific: Show modules as containers, group by provider, include resource dependencies.

Calls

/api/render/elements

with

diagramType: "cloud-architecture-diagram"

解析Terraform代码：
- AWS：VPC、子网、EC2实例
- Azure：资源组、VNet（多提供商配置）
- 模块：依赖VPC的数据库模块

生成展示多提供商和模块结构的DSL：

# AWS Resources
aws-vpc [label: "AWS VPC 10.0.0.0/16"] {
  aws-subnet [label: "Public Subnet 10.0.1.0/24"] {
    web-server [icon: aws-ec2, label: "Web Server t3.micro"]
  }
}

# Azure Resources
resource-group [label: "Resource Group rg-main"] {
  azure-vnet [label: "Azure VNet 10.1.0.0/16"]
}

# Module
database-module [label: "Database Module"] {
  rds-instance [icon: aws-rds]
}

aws-vpc -> database-module

重要提示：所有标签文本必须放在单行引号内。Terraform专属要求：将模块显示为容器，按提供商分组，包含资源依赖关系。

调用

/api/render/elements

接口并指定

diagramType: "cloud-architecture-diagram"

Result

结果

User receives a diagram showing:

VPC as a container
Public subnet nested inside VPC
EC2 instance in the subnet
Proper AWS styling

用户将收到包含以下内容的架构图：

VPC作为容器
公共子网嵌套在VPC内
EC2实例位于子网中
符合AWS的样式设计