pike
driftctl
Our great sponsors
pike | driftctl | |
---|---|---|
6 | 31 | |
499 | 2,406 | |
- | 1.2% | |
9.3 | 0.0 | |
7 days ago | 18 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pike
-
Top Terraform Tools to Know in 2024
Pike is a tool that analyzes Terraform managed resources and automatically generates the necessary IAM permissions, improving security by ensuring that only the minimum necessary permissions are granted.
- Show HN: Slauth.io (YC S22) – IAM Policy Auto-Generation
-
Open Source Terraform projects - azure focused (open to other providers as well)
I test out the Api the hard way, I make a resource and test it with a role that doesnt have the permissions (see the folder i linked), the Api (with azure anyway) tells you what you lack, azure tends to be simpler with crud permissions than aws. I then have another privilege tole that can update the first with each permission and iterate: https://github.com/JamesWoolfenden/pike/tree/master/terraform/azurerm, i then create the mapping file for that resource and add it. I can show you if you need help - send me an email/message/zoom. If you figure a better way i'm all ears, but this way I can be sure on what permissions are required.
-
Can I generate permissions needed to run a TF script on AWS, GCP or Azure?
You can run my tool pike on your tf to generate iam for aws and gcp. Get it here https://github.com/jamesWoolfenden/pike
- Can I auto-generate AWS IAM policy document based on directory of existing Terraform code so that CI has limited access to what it can deploy?
-
Pike: Tool to determine your IAM requirements from code
I wrote a small tool called Pike. It looks at your TF code and determines and create the IAM policy/Tf resource required to build it. To help you stick to least privilege in your build process. It currently supports a small but growing sub-set of AWS resources, it will support other providers. Use it or ?, but would welcome feedback https://github.com/JamesWoolfenden/pike . Its open source and always will be.
driftctl
-
Top Terraform Tools to Know in 2024
Driftctl is an open-source Terraform drift detection tool that tracks and warns about infrastructure drift. Driftctl scans your infrastructure, compares it with your IaC configurations (like Terraform), and reports discrepancies.
- Catch drift outside of your infrastructure code
-
Generating documents from the TF state?
their decoder https://github.com/snyk/driftctl/tree/main/pkg/iac/terraform/state
-
Folks who use Atlantis for Terraform Self Service - what pains you the most?
Drift detection is a pain for us as it is today, we are planning on adding another tool to the stack to solve this problem, like snyk/driftctl
-
Terraform Drift Detection
driftctl. That is all.
- GitHub - rootsami/terradrift: A tool to detect drifts in terraform IaC
-
Monitor your terraform states ??
I use driftctl running as a scheduled task as a GitHub action to monitor for state changes not matching config.
-
PROJECT SUGGESTION
https://github.com/snyk/driftctl is for comparing approved resources by looking at your IAC state to what is actually out there in your clouds.
- Monitor changes in state against infra.
-
can anyone please show me show me how credentials.tfrc.json content looks like with token ?
A quick search engine browse returns the following
What are some alternatives?
KubeArmor - Runtime Security Enforcement System. Workload hardening/sandboxing and implementing least-permissive policies made easy leveraging LSMs (BPF-LSM, AppArmor).
terratest - Terratest is a Go library that makes it easier to write automated tests for your infrastructure code.
iamlive - Generate an IAM policy from AWS, Azure, or Google Cloud (GCP) calls using client-side monitoring (CSM) or embedded proxy
terradiff - Get told when your Terraform config doesn't match reality
aztfy - A tool to bring existing Azure resources under Terraform's management [Moved to: https://github.com/Azure/aztfexport]
terraform - Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure. [Moved to: https://github.com/tenable/terrascan]
terraformer - CLI tool to generate terraform files from existing infrastructure (reverse Terraform). Infrastructure to Code
checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
terracognita - Reads from existing public and private cloud providers (reverse Terraform) and generates your infrastructure as code on Terraform configuration
former2 - Generate CloudFormation / Terraform / Troposphere templates from your existing AWS resources.
tfsec - Security scanner for your Terraform code [Moved to: https://github.com/aquasecurity/tfsec]