Architectural Models

Patterns and Use Cases

Real-world patterns combining rescile features for FinOps, lifecycle management, DR, compliance, and SBOMs.

Edit this page on GitHub

Patterns and Use Cases

Combining Advanced Features to Solve Real-World Problems

Advanced Patterns and Use Cases

Once you have mastered the advanced syntax, you can model complex, large-scale enterprise environments by combining these features into powerful patterns:

  • FinOps Cost Attribution: Use a link_resources rule to join cost data from a cloud billing export (billing_data.csv) onto thousands of server resources using a common resource_id. This adds a monthly_cost property, enabling queries like, “Show the total monthly cost of all infrastructure owned by team-alpha.”

  • Hardware Lifecycle Management: Use link_resources to join server data from your CMDB with a separate hardware asset system using a common serial_number. This enriches server resources with properties like end_of_life_date, enabling proactive queries such as, “Show all applications running on hardware that will be unsupported in the next six months.”

  • Disaster Recovery (DR) Twinning: For a policy that every production database in aws-eu-central-1 must have a replica in aws-eu-west-1, a rule can automatically enforce this. It would match on production databases in the primary region and create a corresponding database_replica resource in the DR region, linked by a REPLICATES_TO relation.

  • PCI-DSS Network Segmentation: Define a compliance rule that finds every connection from a non-PCI network zone to a PCI database zone. The rule then uses the “insert resource” pattern to automatically place an audited pci_firewall resource into the path, making your topology auditable by design.

  • Software Bill of Materials (SBOM) Vulnerability Tracing: Combine asset data with security intelligence for rapid impact analysis. When a new log4j vulnerability is discovered, a single GraphQL query traversing from an installed_package resource up to its server and application can instantly identify every affected application and its owner.

graph LR
  subgraph "Vulnerability Impact Trace"
      CVE[CVE Database<br><b>log4j vulnerability</b>] --> IP[installed_package<br><b>log4j-core-2.14.1.jar</b>]
      IP -- "INSTALLED_ON" --> S[server<br><b>app-server-01</b>]
      S -- "RUNS" --> A[application<br><b>billing-api</b>]
      A -- "OWNED_BY" --> O[owner<br><b>team-alpha</b>]
  end

By defining your architecture, compliance rules, and ownership models in version-controlled files, you create a single, queryable source of truth that scales with your organization, ensuring consistency, auditability, and deep insight into your entire hybrid estate.