Infracost estimates your monthly cloud bill from Terraform code before you deploy. But its output — a long table of resource costs in the terminal — makes it hard to see which part of your architecture is driving spend. Is it the database? The NAT gateway? The EC2 fleet?
InfraSketch's cost overlay answers this visually. Run infracost breakdown --format json, paste the output, and every resource node in your architecture diagram gets a colour-coded cost pill showing its monthly cost. Green for cheap, red for expensive. See your cloud bill spatially, in context.
TL;DR: Generate your diagram → click 💰 Cost → paste infracost breakdown --path . --format json output → colour-coded cost badges appear on every resource. Free, no login, stays in your browser.
The problem with cost tables
Here's a typical Infracost breakdown summary:
Name Monthly Qty Unit Monthly Cost
aws_instance.web_server 730 hours $73.00
aws_db_instance.postgres 730 hours $185.10
aws_nat_gateway.main 1 months $32.40
aws_elasticache_cluster.sessions 730 hours $25.55
...
TOTAL $316.05
You can see the numbers, but not the relationships. The NAT gateway costs $32/month — but is it serving one subnet or eight? The RDS instance at $185/month — what's connected to it, and could you downsize it without breaking the data pipeline? The table doesn't tell you.
A visual overlay does. You see the RDS instance sitting inside its private subnet, connected to the application servers and the analytics Lambda. You see the NAT gateway at the boundary of the public subnet serving the entire private tier. Cost becomes architectural context, not just numbers.
Step-by-step: generate and overlay
Install Infracost
brew install infracost # macOS # or curl -fsSL https://raw.githubusercontent.com/infracost/infracost/master/scripts/install.sh | sh infracost auth login # free account needed for cost data
Run the breakdown and save JSON
infracost breakdown --path . --format json > infracost.json
For a specific Terraform module:infracost breakdown --path ./modules/networking --format json > infracost.jsonFor Terragrunt:infracost breakdown --path . --terragrunt-flags="--terragrunt-working-dir ." --format json > infracost.jsonGenerate your architecture diagram Open infrasketch.cloud, paste your Terraform HCL (or plan JSON for the most accurate results), and click Generate Diagram.
Open the Cost overlay In the export bar at the bottom of the page, click the 💰 Cost button. A modal opens with a textarea.
Paste the Infracost JSON and apply Copy the contents of
infracost.json, paste into the textarea, and click Apply. Cost pills appear on every resource that Infracost priced.
Reading the cost colour scale
Each node gets a pill badge at its bottom centre showing the monthly cost estimate. The colour indicates cost tier:
Free / $0
<$10/mo
$10–$100/mo
$100–$500/mo
$500/mo
Resources with no cost data (e.g., IAM roles, security groups, Route 53 records) don't get a badge. Resources Infracost estimates as free (Lambda free tier, CloudWatch basic metrics) get a grey "Free" pill.
Hover over any pill to see the cost breakdown by component. For example, an RDS instance might show:
aws_db_instance.postgres
Database instance (db.t3.medium): $60.74/mo
Storage (gp2, 100GB): $11.50/mo
Backup storage: $0.00/mo
This tells you exactly which component is driving cost — useful when deciding between instance types or storage tiers.
Common cost patterns to spot in the diagram
The hidden NAT gateway cost
NAT gateways often appear as a single small node in the architecture but carry significant cost: $0.045/GB data processed plus the hourly charge. In the diagram, a yellow/orange NAT gateway node connected to dozens of private resources immediately flags a potential optimization — could some of those services use VPC endpoints (free) instead?
Idle or over-provisioned compute
An EC2 cluster with red-tier cost badges ($500+/mo) that's only connected to a dev database and a single Lambda is a red flag. The spatial context makes over-provisioning obvious in a way that the cost table alone doesn't.
Cascading storage costs
S3 buckets, EBS volumes attached to EC2 instances, and RDS storage often combine to form a significant portion of the bill. When you see multiple amber/orange storage nodes grouped in the same subnet, you can immediately identify candidates for lifecycle policies or right-sizing.
Multi-AZ vs single-AZ databases
A Multi-AZ RDS setup doubles the instance cost. In the diagram, both the primary and standby show up as nodes. If the standby has a red cost badge and your app is internal-only, that's a candidate for a discussion about RTO/RPO tradeoffs vs. cost.
Combining with the security overlay
InfraSketch supports both the Checkov security overlay (🛡) and the Infracost cost overlay (💰) simultaneously. Security badges appear top-right, cost pills appear bottom-centre — no overlap.
The most actionable pattern is a resource that's both expensive and misconfigured: orange/red cost pill plus a red security border. That's a double priority — it's costing you money and creating compliance risk.
Conversely, a resource with many security failures but a "Free" cost pill might be lower priority to fix urgently — though you should still fix it. The combined view helps teams triage when they have limited sprint capacity.
Using Infracost in CI for cost-aware PR reviews
Infracost has a native GitHub Action that posts cost diffs on pull requests. Combine it with the InfraSketch GitHub Action for full cost-and-architecture visibility on every IaC PR:
# .github/workflows/iac-review.yml
name: IaC Review
on:
pull_request:
paths: ['**/*.tf']
jobs:
diagram:
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- uses: actions/checkout@v4
- uses: pandey-raghvendra/infrasketch@v4
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
cost:
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- uses: actions/checkout@v4
- uses: infracost/actions/setup@v3
with:
api-key: ${{ secrets.INFRACOST_API_KEY }}
- run: infracost diff --path . --format json --out-file infracost.json
- uses: infracost/actions/comment@v3
with:
path: infracost.json
behavior: update
The InfraSketch job posts diagram links for changed files. The Infracost job posts a cost diff table showing exactly how much the PR changes the monthly bill. Reviewers see both — architecture impact and cost impact — without leaving the PR page.
Note: the Infracost GitHub Action requires an INFRACOST_API_KEY secret (free account at infracost.io). The InfraSketch Action requires only the built-in GITHUB_TOKEN.
Supported Terraform patterns
HCL files
The simplest case: paste one or more .tf files into InfraSketch, run Infracost against the same directory, and overlay. Resource names match directly since both tools read the same HCL.
Terraform plan JSON (most accurate)
For accurate cost estimates — especially when your code uses count, for_each, or variable values — use plan JSON for both tools:
# Generate plan JSON
terraform plan -out=tfplan
terraform show -json tfplan > tfplan.json
# Diagram: paste tfplan.json into InfraSketch
# Cost: point Infracost at the plan
infracost breakdown --path tfplan.json --format json > infracost.json
This gives Infracost the resolved resource counts (e.g., 3 EC2 instances from a count = 3 expression) and gives InfraSketch the same expanded resource list. Matching is more accurate.
Terragrunt
infracost breakdown --path . --format json > infracost.json
Infracost detects Terragrunt automatically. For the diagram, paste the underlying .tf files (not terragrunt.hcl) or use plan JSON.
Troubleshooting
No cost pills appear
Check that you pasted the full JSON (starting with {"version":). Infracost's JSON format starts with a version field and a projects array. If you pasted the summary output instead of the JSON, it won't parse.
Also verify: run cat infracost.json | python3 -m json.tool to confirm it's valid JSON. If Infracost errored silently, it may have written an empty or partial file.
Some resources have pills, others don't
Infracost only prices resources with a known pricing model. IAM roles, security groups, VPCs, subnets, route tables, and many other resources are free in AWS and won't appear in Infracost's output — so they won't get a pill. This is expected behaviour.
Resource names don't match
If you generated the diagram from plan JSON but ran Infracost on raw HCL (or vice versa), resource names may differ. Plan JSON includes module paths in resource names. Run both tools on the same input format for best matching.
Costs look wrong
Infracost estimates are based on on-demand pricing in the region detected from your Terraform config. Reserved instance pricing, Savings Plans, enterprise discounts, and free tier credits are not included by default. The estimates are a useful relative comparison between resources, not an exact billing forecast.
Frequently asked questions
Does InfraSketch send my cost data to any server?
No. The Infracost JSON is parsed entirely in your browser in JavaScript. No data is transmitted anywhere. Your infrastructure cost breakdown stays private.
Do I need an Infracost account to use the overlay?
You need an Infracost account (free) to run infracost breakdown — it calls the Infracost API to fetch cloud pricing data. You don't need any account to use InfraSketch or its cost overlay. Just paste the JSON output InfraSketch generates.
Can the overlay show hourly costs instead of monthly?
Not currently. The pill shows monthly cost, which is the standard unit for comparing infrastructure spend. Hover on the pill to see the components breakdown, which is also monthly.
Does it work with AWS CDK, CloudFormation, or Bicep?
Infracost natively supports Terraform and Terragrunt. For CDK and CloudFormation, Infracost has experimental support via the --format=cloudformation flag. For Bicep (Azure), there's no native Infracost support yet — the azure-cost CLI or Azure Cost Management export can serve a similar purpose, but InfraSketch's overlay only parses Infracost's JSON schema.
What if my infrastructure spans multiple Terraform workspaces or accounts?
Run Infracost separately for each workspace and merge the outputs using infracost output --path infra1.json --path infra2.json --format json > merged.json. Paste the merged JSON into InfraSketch for a combined overlay.
Can I keep the cost overlay when exporting to PNG or SVG?
Yes. Export PNG or SVG with the overlay active — cost pills are rendered into the export. This is useful for attaching to Confluence pages, architecture review docs, or FinOps reports. The share link encodes the diagram structure but not the overlay state.
Try the cost overlay now Generate your architecture diagram and see monthly costs per resource — free, no login, nothing leaves your browser. Open InfraSketch →
Top comments (0)