Comments (8)
This is definitely a setup we have in mind (and quite common actually). Thanks for reporting this use case!
We'll support multiple tfstates soon, but In the meantime, is there a possibility for you to use driftctl filtering features? Examples are in the doc.
I have a case where multiple environments live in the same account, and all resources are tagged accordingly (Name = prod etc.).
Is it something you could use, with one driftctl run per env/tfstate? driftctl scan --filter "Attr.Tags.Environment == 'staging'"
from driftctl.
Hi,
I have another use case. Actually, we have lot of tfstate. For limits drift of infra, we for usage of tfstate between project and no data to find existing ressources.
We have :
- VPC tfstate
- project SG tfstate
- project component tfstate (ALB, ASG front, ASG middle, Storage, ...)
We store all tfstate in one S3 bucket, perhaps it's possible to sync all bucket and parse all tfstate files ?
Thank's for this tools
from driftctl.
Adding a use case where tfstates are in the "hundreds". In this case, driftctl in its current version (0.1.x) is not easy to use.
from driftctl.
In my current usecase I have terraform states separated per environment but also per type of resources so filtering by environment would not be enough, have you some possibilities to limit by type of resources ?
from driftctl.
@bertux on Discord added that his setup was:
in an S3 bucket, one folder per environment, each containing terraform states for every resource type (ec2.tfstate, s3.tfstate, etc.)
from driftctl.
@sjourdan on Discord precised how to limit by type of resources :
driftctl scan --filter "Type=='aws_s3_bucket'" for inclusion logic
driftctl scan --filter "Type!='aws_s3_bucket'" for exclusion logic
The names for the type of resources can be found at https://github.com/cloudskiff/driftctl/blob/main/doc/cmd/scan/supported_resources/aws.md#s3
from driftctl.
LGTM on main!
Step 1 with only the base state
$ driftctl scan --from tfstate://./base/terraform.tfstate
Scanning AWS on region: us-east-1
Found unmanaged resources:
aws_iam_user:
- INTERN-ee0kre
aws_iam_access_key:
- AKIASBXWQ3AYWQ3DST6W
aws_iam_policy_attachment:
- INTERN-ee0kre-arn:aws:iam::aws:policy/ReadOnlyAccess
Found 3 resource(s)
- 0% coverage
- 0 covered by IaC
- 3 not covered by IaC
- 0 deleted on cloud provider
- 0/0 drifted from IaC
Step 2 with 2 states
$ driftctl scan --from tfstate://./base/terraform.tfstate --from tfstate://./iam/terraform.tfstate
Scanning AWS on region: us-east-1
Found 3 resource(s)
- 100% coverage
Congrats! Your infrastructure is fully in sync.
from driftctl.
a much better test with 3 states including 2 non-empty states
$ driftctl-dev scan --from tfstate://./base/terraform.tfstate --from tfstate://./iam/terraform.tfstate
[...]
Found unmanaged resources:
aws_s3_bucket:
- ee0kre-demo
[...]
Adding the 3rd state solved the aws_s3_bucket showing up!
$ driftctl-dev scan --from tfstate://./base/terraform.tfstate --from tfstate://./iam/terraform.tfstate --from tfstate://./s3/terraform.tfstate
[...]
```
from driftctl.
Related Issues (20)
- Add Support For AWS Resource SSM
- Add Support for AWS Resource EKS
- No AWS provider error handler on detailed resource read
- feature request to update the contribution guide
- driftctl hangs. HOT 1
- Add support for configuration file instead of DCTL_ environment variables or command line flags
- Errors reading state files generated by terraform aws provider 5.*
- attribute "vm_protection_enabled" is required
- Out of sync issue with aws instance
- unsupported attribute "disable_execute_api_endpoint" for aws_api_gateway_rest_api
- unsupported attribute "blue_green_update" for aws_db_instance
- aws_route53_record validation error(s) found
- Unable to decode resource from state name=replicas type=google_sql_database_instance
- aws_db_instance: false positive not being covered by IaC
- .driftignore: Inline comments being ignored
- Driftcl scan is not showing drifted rescources HOT 4
- 0.40.0 release did not get completed HOT 2
- driftctl results in GCP not working as expected HOT 1
- Add support for AWS secrets
- driftctl.com is not accessible
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from driftctl.