Skip to main content

Applications

Group infrastructure into logical applications for business context.

Overview

Real-world infrastructure serves business applications. The Applications feature lets you group related infrastructure resources into logical applications, enabling you to:

  • Understand the blast radius of security issues
  • Track application-to-application connections
  • Roll up findings by business service
  • Prioritize remediation by business impact

Creating Applications

Auto-Discovery

Infracast can automatically discover applications from resource tags:

AWS Tags:

  • Application or app
  • Project or project
  • Service or service

Azure Tags:

  • application
  • workload
  • service

Resources with matching tags are automatically grouped into applications.

Manual Creation

  1. Navigate to Assets → Applications
  2. Click Create Application
  3. Enter a name and description
  4. Add resources manually or by filter

Filter-Based Grouping

Create dynamic applications using filters:

name contains "web" AND type = "aws.ec2.instance"
tags.environment = "production"
vpc_id = "vpc-abc123"

Application View

Overview Tab

  • Total resources in the application
  • Security findings count by severity
  • Health status (based on findings)
  • Last discovery time

Resources Tab

  • List of all resources in the application
  • Resource types and counts
  • Direct links to asset details

Findings Tab

  • Security findings affecting the application
  • Grouped by severity
  • Filter by compliance framework

Connections Tab

  • Application-to-application connections
  • Inbound and outbound traffic flows
  • Dependency mapping

Blast Radius Analysis

Understanding the impact of a compromised resource:

  1. Select an application
  2. View the Blast Radius panel
  3. See what other applications could be affected
  4. Identify critical dependencies

Blast radius considers:

  • Network connectivity
  • IAM permissions
  • Shared resources
  • Trust relationships

Connection Tracking

How It Works

Infracast maps connections between applications by analyzing:

  • Security group rules
  • Network ACLs
  • Route tables
  • Load balancer configurations

Viewing Connections

  1. Go to Assets → Applications
  2. Select an application
  3. Click the Connections tab
  4. View inbound and outbound connections

Connection Graph

The topology view shows application-level connections:

  • Click Application View toggle in Topology
  • See applications as grouped nodes
  • Connection lines show traffic flow

Health Rollup

Application health is calculated from its resources:

StatusCriteria
🟢 HealthyNo critical or high findings
🟡 WarningHigh findings present, no critical
🔴 CriticalCritical findings present

Best Practices

  1. Consistent Tagging — Use standard tags across your infrastructure
  2. Meaningful Names — Name applications after business services
  3. Include All Components — Add databases, queues, and supporting resources
  4. Review Regularly — Update applications as infrastructure changes
  5. Prioritize by Business Value — Focus on applications with highest business impact

API Access

Manage applications programmatically:

# List applications
GET /api/v1/tenants/{id}/applications

# Create application
POST /api/v1/tenants/{id}/applications
{
  "name": "Customer Portal",
  "description": "Public-facing customer web application",
  "filter": "tags.app = 'customer-portal'"
}

# Get application details
GET /api/v1/tenants/{id}/applications/{app_id}

See the API Reference for full details.