2c06a5912a
Add doc issue template |
||
---|---|---|
.circleci | ||
.github | ||
assets | ||
bin | ||
build | ||
doc | ||
logger | ||
mocks | ||
pkg | ||
scripts | ||
test | ||
.dockerignore | ||
.editorconfig | ||
.gitignore | ||
.go-version | ||
Dockerfile | ||
LICENSE.md | ||
Makefile | ||
README.md | ||
codecov.yml | ||
go.mod | ||
go.sum | ||
main.go |
README.md
Measures infrastructure as code coverage, and tracks infrastructure drift.
⚠️ This tool is still in beta state and will evolve in the future with potential breaking changes ⚠️
Why ?
Infrastructure as code is awesome, but there are too many moving parts: codebase, state file, actual cloud state. Things tend to drift.
Drift can have multiple causes: from developers creating or updating infrastructure through the web console without telling anyone, to uncontrolled updates on the cloud provider side. Handling infrastructure drift vs the codebase can be challenging.
You can't efficiently improve what you don't track. We track coverage for unit tests, why not infrastructure as code coverage?
driftctl tracks how well your IaC codebase covers your cloud configuration. driftctl warns you about drift.
Features
- Scan cloud provider and map resources with IaC code
- Analyze diff, and warn about drift and unwanted unmanaged resources
- Allow users to ignore resources
- Multiple output formats
Getting started
Installation
driftctl is available on Linux, macOS and Windows.
Binaries are available in the release page.
Docker
docker run \
-v ~/.aws:/app/.aws:ro \
-v $(pwd)/terraform.tfstate:/app/terraform.tfstate:ro \
-v ~/.driftctl:/app/.driftctl \
-e AWS_PROFILE=cloudskiff \
cloudskiff/driftctl scan ## with the same option as the binary version
-v ~/.aws:/app/.aws:ro
mount your .aws containing credentials and profile
-v $(pwd)/terraform.tfstate:/app/terraform.tfstate:ro
mount your terraform state
-v ~/.driftctl:/app/.driftctl
to prevent driftctl downloading the provider at each run, mount a directory to persist it
-e AWS_PROFILE=cloudskiff
export the profile to use in you aws config
Manual
Linux
# x64
curl https://github.com/cloudskiff/driftctl/releases/latest/download/driftctl_linux_amd64 | sudo tee /usr/local/bin/driftctl
# x86
curl https://github.com/cloudskiff/driftctl/releases/latest/download/driftctl_linux_386 | sudo tee /usr/local/bin/driftctl
macOS
# x64
curl https://github.com/cloudskiff/driftctl/releases/latest/download/driftctl_darwin_amd64 | sudo tee /usr/local/bin/driftctl
Windows
# x64
curl https://github.com/cloudskiff/driftctl/releases/latest/download/driftctl_windows_amd64.exe -o driftctl.exe
# x86
curl https://github.com/cloudskiff/driftctl/releases/latest/download/driftctl_windows_386.exe -o driftctl.exe
Run
Be sure to have configured your AWS credentials.
You will need to assign proper permissions to allow driftctl to scan your account.
# With a local state
$ driftctl scan
# Same as
$ driftctl scan --from tfstate://terraform.tfstate
# To specify AWS credentials
$ AWS_ACCESS_KEY_ID=XXX AWS_SECRET_ACCESS_KEY=XXX driftctl scan
# or using a profile
$ AWS_PROFILE=profile_name driftctl scan
# With state stored on a s3 backend
$ driftctl scan --from tfstate+s3://my-bucket/path/to/state.tfstate
Documentation & support
Contribute
To learn more about compiling driftctl and contributing, please refer to the contribution guidelines and contributing guide for technical details.