Add Support for multiple tfstate on one account about driftctl HOT 8 CLOSED

This is definitely a setup we have in mind (and quite common actually). Thanks for reporting this use case!

We'll support multiple tfstates soon, but In the meantime, is there a possibility for you to use driftctl filtering features? Examples are in the doc.

I have a case where multiple environments live in the same account, and all resources are tagged accordingly (Name = prod etc.).
Is it something you could use, with one driftctl run per env/tfstate? driftctl scan --filter "Attr.Tags.Environment == 'staging'"

from driftctl.

Hi,
I have another use case. Actually, we have lot of tfstate. For limits drift of infra, we for usage of tfstate between project and no data to find existing ressources.
We have :

• VPC tfstate
• project SG tfstate
• project component tfstate (ALB, ASG front, ASG middle, Storage, ...)

We store all tfstate in one S3 bucket, perhaps it's possible to sync all bucket and parse all tfstate files ?

Thank's for this tools

from driftctl.

Adding a use case where tfstates are in the "hundreds". In this case, driftctl in its current version (0.1.x) is not easy to use.

from driftctl.

In my current usecase I have terraform states separated per environment but also per type of resources so filtering by environment would not be enough, have you some possibilities to limit by type of resources ?

from driftctl.

@bertux on Discord added that his setup was:

in an S3 bucket, one folder per environment, each containing terraform states for every resource type (ec2.tfstate, s3.tfstate, etc.)

from driftctl.

@sjourdan on Discord precised how to limit by type of resources :
driftctl scan --filter "Type=='aws_s3_bucket'" for inclusion logic
driftctl scan --filter "Type!='aws_s3_bucket'" for exclusion logic
The names for the type of resources can be found at https://github.com/cloudskiff/driftctl/blob/main/doc/cmd/scan/supported_resources/aws.md#s3

from driftctl.

LGTM on main!

Step 1 with only the base state

$ driftctl scan --from tfstate://./base/terraform.tfstate
Scanning AWS on region: us-east-1
Found unmanaged resources:
  aws_iam_user:
    - INTERN-ee0kre
  aws_iam_access_key:
    - AKIASBXWQ3AYWQ3DST6W
  aws_iam_policy_attachment:
    - INTERN-ee0kre-arn:aws:iam::aws:policy/ReadOnlyAccess
Found 3 resource(s)
 - 0% coverage
 - 0 covered by IaC
 - 3 not covered by IaC
 - 0 deleted on cloud provider
 - 0/0 drifted from IaC

Step 2 with 2 states

$ driftctl scan --from tfstate://./base/terraform.tfstate --from tfstate://./iam/terraform.tfstate
Scanning AWS on region: us-east-1
Found 3 resource(s)
 - 100% coverage
Congrats! Your infrastructure is fully in sync.

from driftctl.

a much better test with 3 states including 2 non-empty states

$ driftctl-dev scan --from tfstate://./base/terraform.tfstate --from tfstate://./iam/terraform.tfstate
[...]
Found unmanaged resources:
  aws_s3_bucket:
    - ee0kre-demo
[...]

Adding the 3rd state solved the aws_s3_bucket showing up!

$ driftctl-dev scan --from tfstate://./base/terraform.tfstate --from tfstate://./iam/terraform.tfstate --from tfstate://./s3/terraform.tfstate
[...]
```

from driftctl.