sundowndev
/
driftctl
mirror of https://github.com/sundowndev/driftctl.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10 from cloudskiff/update_remote_state_doc 

Add policy doc for remote s3 state
main
Elie 2020-12-14 14:50:04 +01:00 committed by GitHub
parent 971b9cee15 27324cf5fc
commit 5e39a3e9e1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
doc/cmd/scan/iac_source.md
View File

@ -8,3 +8,25 @@ We are investigating to support the Terraform code as well, as a state does not
* Terraform state
* Local: `--from tfstate://terraform.tfstate`
* S3: `--from tfstate+s3://my-bucket/path/to/state.tfstate`
### S3
driftctl needs to read your state, you could use the policy below to ensure minimal access to your state file
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::mybucket"
},
{
"Effect": "Allow",
"Action": ["s3:GetObject", "s3:PutObject"],
"Resource": "arn:aws:s3:::mybucket/path/to/my/key"
}
]
}
```