Typed sockets

Most diagram tools draw a line between two boxes and leave the meaning to you. Flowright does the opposite: every connection binds to a named port on each node, and that port knows exactly which Terraform argument it produces or consumes.

A port is a relationship, not just a dot

Each node exposes ports for the specific relationships it actually has. A Lambda doesn’t have “an input” — it has a trigger, an execution role, layers, VPC subnets, security groups, and a dead-letter target. Wiring an IAM role into the execution-role port emits exactly:

role = aws_iam_role.exec.arn

…and nothing else. The port carries the argument name (role) and which attribute to read (arn), so the reference is generated, not guessed.

Three kinds of connection

Ports are colour-coded by what flows across them:

Traffic (cyan) — the request path. It forms the clean vertical spine: in on top, out on the bottom.
Reference (violet) — one resource’s argument points at another (a subnet id, a target-group arn). These sit on the sides.
Association (amber) — identity, security, and observability wiring (IAM, security groups, KMS, certificates). Also on the sides, so the traffic path stays readable.

Why type-by-name breaks at scale

A tool that resolves connections by resource type (“the IAM role”, “the database”) falls apart the moment there are two. Which role is the task role and which is the execution role? Which database belongs to tenant A? Named ports remove the ambiguity by construction — the connection remembers the exact socket it landed on.

Why it matters

Because the wiring is typed, the generated terraform references are correct on the first pass, the byte-perfect round-trip can reconstruct each edge onto the exact port it came from, and the load simulation knows which edges carry traffic and which are configuration.