driftctl/README.md

210 lines
7.2 KiB
Markdown
Raw Normal View History

<p align="center">
<img width="201" src="assets/new_icon.svg" alt="Driftctl">
</p>
<p align="center">
2020-12-09 16:01:08 +00:00
<img src="https://circleci.com/gh/cloudskiff/driftctl.svg?style=shield"/>
<img src="https://goreportcard.com/badge/github.com/cloudskiff/driftctl"/>
<img src="https://img.shields.io/github/license/cloudskiff/driftctl">
<img src="https://img.shields.io/github/v/release/cloudskiff/driftctl">
<img src="https://img.shields.io/github/go-mod/go-version/cloudskiff/driftctl">
<img src="https://img.shields.io/github/downloads/cloudskiff/driftctl/total.svg"/>
<img src="https://img.shields.io/bintray/dt/homebrew/bottles/driftctl?label=homebrew"/>
2020-12-09 16:01:08 +00:00
<a href="https://codecov.io/gh/cloudskiff/driftctl">
<img src="https://codecov.io/gh/cloudskiff/driftctl/branch/main/graph/badge.svg?token=8C5R02G5S7"/>
</a>
<img src="https://img.shields.io/docker/pulls/cloudskiff/driftctl"/>
<img src="https://img.shields.io/microbadger/layers/cloudskiff/driftctl"/>
<img src="https://img.shields.io/docker/image-size/cloudskiff/driftctl"/>
2021-01-25 20:52:57 +00:00
<a href="https://discord.gg/NMCBxtD7Nd">
<img src="https://img.shields.io/discord/783720783469871124?color=%237289da&label=discord&logo=discord"/>
</a>
</p>
<p align="center">
2020-12-09 16:20:30 +00:00
Measures infrastructure as code coverage, and tracks infrastructure drift.<br>
<strong>IaC:</strong> Terraform, <strong>Cloud platform:</strong> AWS (Azure and GCP on the roadmap for 2021).<br>
:warning: <strong>This tool is still in beta state and will evolve in the future with potential breaking changes</strong> :warning:
</p>
2020-09-25 19:01:23 +00:00
## Why ?
2020-09-28 14:57:08 +00:00
Infrastructure as code is awesome, but there are too many moving parts: codebase, state file, actual cloud state. Things tend to drift.
2020-09-25 19:01:23 +00:00
Drift can have multiple causes: from developers creating or updating infrastructure through the web console without telling anyone, to uncontrolled updates on the cloud provider side. Handling infrastructure drift vs the codebase can be challenging.
You can't efficiently improve what you don't track. We track coverage for unit tests, why not infrastructure as code coverage?
2020-09-25 19:01:23 +00:00
driftctl tracks how well your IaC codebase covers your cloud configuration. driftctl warns you about drift.
2020-09-25 19:01:23 +00:00
## Features
2020-09-25 19:01:23 +00:00
- **Scan** cloud provider and map resources with IaC code
- Analyze diff, and warn about drift and unwanted unmanaged resources
2020-09-25 19:01:23 +00:00
- Allow users to **ignore** resources
2020-12-09 16:20:30 +00:00
- Multiple output formats
2020-09-25 19:01:23 +00:00
## Documentation & support
- [Get started](https://driftctl.com/product/quick-tutorial/)
- [User guide](doc/README.md)
2021-01-25 20:48:26 +00:00
- [Discord](https://discord.gg/NMCBxtD7Nd)
## Getting started
### Installation
driftctl is available on Linux, macOS and Windows.
Binaries are available in the [release page](https://github.com/cloudskiff/driftctl/releases).
#### Homebrew for macOS
```bash
brew install driftctl
```
2021-02-08 13:34:43 +00:00
#### MacPorts for macOS
```bash
sudo port install driftctl
```
2020-12-14 10:32:03 +00:00
#### Docker
2020-12-14 10:32:03 +00:00
```bash
2021-01-05 10:27:11 +00:00
docker run -t --rm \
-v ~/.aws:/home/.aws:ro \
-v $(pwd):/app:ro \
-v ~/.driftctl:/home/.driftctl \
-e AWS_PROFILE=non-default-profile \
2021-01-05 10:36:53 +00:00
cloudskiff/driftctl scan
2020-12-14 10:32:03 +00:00
```
2021-01-05 10:27:11 +00:00
`-v ~/.aws:/home/.aws:ro` (optionally) mounts your `~/.aws` containing AWS credentials and profile
2020-12-14 10:32:03 +00:00
2021-01-05 10:27:11 +00:00
`-v $(pwd):/app:ro` (optionally) mounts your working dir containing the terraform state
2020-12-14 10:32:03 +00:00
2021-01-05 10:27:11 +00:00
`-v ~/.driftctl:/home/.driftctl` (optionally) prevents driftctl to download the provider at each run
2020-12-14 10:32:03 +00:00
2021-01-05 10:27:11 +00:00
`-e AWS_PROFILE=cloudskiff` (optionally) exports the non-default AWS profile name to use
2020-12-14 10:32:03 +00:00
`cloudskiff/driftctl:<VERSION_TAG>` run a specific driftctl tagged release
2020-12-14 10:32:03 +00:00
#### Manual
- **Linux**
2020-12-21 11:12:46 +00:00
This is an example using `curl`. If you don't have `curl`, install it, or use `wget`.
```bash
# x64
curl -L https://github.com/cloudskiff/driftctl/releases/latest/download/driftctl_linux_amd64 -o driftctl
# x86
curl -L https://github.com/cloudskiff/driftctl/releases/latest/download/driftctl_linux_386 -o driftctl
```
Make the binary executable:
```bash
chmod +x driftctl
```
Optionally install driftctl to a central location in your `PATH`:
```bash
# use any path that suits you, this is just a standard example. Install sudo if needed.
sudo mv driftctl /usr/local/bin/
```
- **macOS**
```bash
# x64
curl -L https://github.com/cloudskiff/driftctl/releases/latest/download/driftctl_darwin_amd64 -o driftctl
```
Make the binary executable:
```bash
chmod +x driftctl
```
Optionally install driftctl to a central location in your `PATH`:
```bash
# use any path that suits you, this is just a standard example. Install sudo if needed.
sudo mv driftctl /usr/local/bin/
```
- **Windows**
```bash
# x64
curl https://github.com/cloudskiff/driftctl/releases/latest/download/driftctl_windows_amd64.exe -o driftctl.exe
# x86
curl https://github.com/cloudskiff/driftctl/releases/latest/download/driftctl_windows_386.exe -o driftctl.exe
```
2021-02-04 12:26:11 +00:00
#### Verify digital signatures
Cloudskiff releases are signed using PGP key (ed25519) with ID `ACC776A79C824EBD` and fingerprint `2776 6600 5A7F 01D4 84F6 376D ACC7 76A7 9C82 4EBD`
Our key can be retrieved from common keyservers.
```shell
# Download binary, checksums and signature
$ curl -L https://github.com/cloudskiff/driftctl/releases/latest/download/driftctl_linux_amd64 -o driftctl_linux_amd64
$ curl -L https://github.com/cloudskiff/driftctl/releases/latest/download/driftctl_SHA256SUMS -o driftctl_SHA256SUMS
$ curl -L https://github.com/cloudskiff/driftctl/releases/latest/download/driftctl_SHA256SUMS.gpg -o driftctl_SHA256SUMS.gpg
2021-02-04 12:26:11 +00:00
# Import key
$ gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys 0xACC776A79C824EBD
gpg: key ACC776A79C824EBD: public key "Cloudskiff <security@cloudskiff.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
# Verify signature (optionally trust the key from gnupg to avoid any warning)
$ gpg --verify driftctl_SHA256SUMS.gpg
2021-02-04 12:26:11 +00:00
gpg: Signature made jeu. 04 févr. 2021 14:58:06 CET
gpg: using EDDSA key 277666005A7F01D484F6376DACC776A79C824EBD
gpg: issuer "security@cloudskiff.com"
gpg: Good signature from "Cloudskiff <security@cloudskiff.com>" [ultimate]
# Verify checksum
$ sha256sum --ignore-missing -c driftctl_SHA256SUMS
driftctl_linux_amd64: OK
```
### Run
Be sure to have [configured](doc/cmd/scan/supported_resources/aws.md#authentication) your AWS credentials.
You will need to assign [proper permissions](doc/cmd/scan/supported_resources/aws.md#least-privileged-policy) to allow driftctl to scan your account.
```bash
# With a local state
$ driftctl scan
# Same as
$ driftctl scan --from tfstate://terraform.tfstate
# To specify AWS credentials
$ AWS_ACCESS_KEY_ID=XXX AWS_SECRET_ACCESS_KEY=XXX driftctl scan
# or using a profile
$ AWS_PROFILE=profile_name driftctl scan
# With state stored on a s3 backend
$ driftctl scan --from tfstate+s3://my-bucket/path/to/state.tfstate
2021-01-15 11:44:13 +00:00
# With multiples states
$ driftctl scan --from tfstate://terraform_S3.tfstate --from tfstate://terraform_VPC.tfstate
```
## Contribute
To learn more about compiling driftctl and contributing, please refer to the [contribution guidelines](.github/CONTRIBUTING.md) and [contributing guide](doc/contributing/README.md) for technical details.
2021-02-01 13:30:58 +00:00
2021-02-02 18:02:56 +00:00
This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification and is brought to you by these [awesome contributors](CONTRIBUTORS.md).
2021-02-09 16:53:06 +00:00
Build with ❤️️ from 🇫🇷 🇯🇵 🇬🇷 🇸🇪 🇺🇸