2020-12-09 15:31:34 +00:00
< p align = "center" >
< img width = "201" src = "assets/icon.svg" alt = "Driftctl" > < br >
2020-12-09 16:01:08 +00:00
< img src = "https://circleci.com/gh/cloudskiff/driftctl.svg?style=shield" / >
< img src = "https://goreportcard.com/badge/github.com/cloudskiff/driftctl" / >
< img src = "https://img.shields.io/github/license/cloudskiff/driftctl" >
< img src = "https://img.shields.io/github/v/release/cloudskiff/driftctl" >
< img src = "https://img.shields.io/github/go-mod/go-version/cloudskiff/driftctl" >
< img src = "https://img.shields.io/github/downloads/cloudskiff/driftctl/total.svg" / >
< a href = "https://codecov.io/gh/cloudskiff/driftctl" >
< img src = "https://codecov.io/gh/cloudskiff/driftctl/branch/main/graph/badge.svg?token=8C5R02G5S7" / >
2020-12-11 16:12:22 +00:00
< / a >
< img src = "https://img.shields.io/docker/pulls/cloudskiff/driftctl" / >
< img src = "https://img.shields.io/microbadger/layers/cloudskiff/driftctl" / >
< img src = "https://img.shields.io/docker/image-size/cloudskiff/driftctl" / >
< br >
2020-12-09 16:20:30 +00:00
Measures infrastructure as code coverage, and tracks infrastructure drift.< br >
2020-12-09 15:31:34 +00:00
:warning: < strong > This tool is still in beta state and will evolve in the future with potential breaking changes< / strong > :warning:
< / p >
2020-09-25 19:01:23 +00:00
## Why ?
2020-09-28 14:57:08 +00:00
Infrastructure as code is awesome, but there are too many moving parts: codebase, state file, actual cloud state. Things tend to drift.
2020-09-25 19:01:23 +00:00
Drift can have multiple causes: from developers creating or updating infrastructure through the web console without telling anyone, to uncontrolled updates on the cloud provider side. Handling infrastructure drift vs the codebase can be challenging.
2020-12-09 15:31:34 +00:00
You can't efficiently improve what you don't track. We track coverage for unit tests, why not infrastructure as code coverage?
2020-09-25 19:01:23 +00:00
2020-12-09 15:31:34 +00:00
driftctl tracks how well your IaC codebase covers your cloud configuration. driftctl warns you about drift.
2020-09-25 19:01:23 +00:00
2020-12-09 15:31:34 +00:00
## Features
2020-09-25 19:01:23 +00:00
2020-12-09 15:31:34 +00:00
- **Scan** cloud provider and map resources with IaC code
- Analyze diff, and warn about drift and unwanted unmanaged resources
2020-09-25 19:01:23 +00:00
- Allow users to **ignore** resources
2020-12-09 16:20:30 +00:00
- Multiple output formats
2020-09-25 19:01:23 +00:00
2020-12-09 15:31:34 +00:00
## Getting started
### Installation
driftctl is available on Linux, macOS and Windows.
Binaries are available in the [release page ](https://github.com/cloudskiff/driftctl/releases ).
2020-12-14 10:32:03 +00:00
#### Docker
```bash
docker run \
-v ~/.aws:/app/.aws:ro \
-v $(pwd)/terraform.tfstate:/app/terraform.tfstate:ro \
-v ~/.driftctl:/app/.driftctl \
-e AWS_PROFILE=cloudskiff \
2020-12-19 08:44:22 +00:00
cloudskiff/driftctl:v0.1.1 scan ## with the same option as the binary version
2020-12-14 10:32:03 +00:00
```
`-v ~/.aws:/app/.aws:ro` mount your .aws containing credentials and profile
`-v $(pwd)/terraform.tfstate:/app/terraform.tfstate:ro` mount your terraform state
`-v ~/.driftctl:/app/.driftctl` to prevent driftctl downloading the provider at each run, mount a directory to persist it
`-e AWS_PROFILE=cloudskiff` export the profile to use in you aws config
2020-12-09 15:31:34 +00:00
#### Manual
##### Linux
```bash
# x64
curl https://github.com/cloudskiff/driftctl/releases/latest/download/driftctl_linux_amd64 | sudo tee /usr/local/bin/driftctl
# x86
curl https://github.com/cloudskiff/driftctl/releases/latest/download/driftctl_linux_386 | sudo tee /usr/local/bin/driftctl
```
##### macOS
```bash
# x64
curl https://github.com/cloudskiff/driftctl/releases/latest/download/driftctl_darwin_amd64 | sudo tee /usr/local/bin/driftctl
```
##### Windows
```bash
# x64
curl https://github.com/cloudskiff/driftctl/releases/latest/download/driftctl_windows_amd64.exe -o driftctl.exe
# x86
curl https://github.com/cloudskiff/driftctl/releases/latest/download/driftctl_windows_386.exe -o driftctl.exe
```
### Run
Be sure to have [configured ](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html ) your AWS credentials.
You will need to assign [proper permissions ](doc/cmd/scan/supported_resources/aws.md#least-privileged-policy ) to allow driftctl to scan your account.
```bash
# With a local state
$ driftctl scan
# Same as
$ driftctl scan --from tfstate://terraform.tfstate
2020-12-16 15:31:03 +00:00
# To specify AWS credentials
$ AWS_ACCESS_KEY_ID=XXX AWS_SECRET_ACCESS_KEY=XXX driftctl scan
# or using a profile
$ AWS_PROFILE=profile_name driftctl scan
2020-12-09 15:31:34 +00:00
# With state stored on a s3 backend
$ driftctl scan --from tfstate+s3://my-bucket/path/to/state.tfstate
```
## Documentation & support
- [User guide ](doc/README.md )
- [Discord ](https://discord.gg/eYGHUa75Q2 )
## Contribute
To learn more about compiling driftctl and contributing, please refer to the [contribution guidelines ](.github/CONTRIBUTING.md ) and [contributing guide ](doc/contributing/README.md ) for technical details.
