In this blog post, we’ll show the simplest but secure way we can use authentication with AWS and driftctl: a read-only IAM dedicated user and an optional separate IAM profile to access the S3 bucket that contains the Terraform states.
You’ll get fully started in less than 5 minutes!
Building driftctl, we often came across users with multiple IaC tools on the same infra. Here is what we learned while drilling into this.
Here’s how to configure driftctl to use a specific Terraform provider version, to better detect resources in your cloud provider account(s), and support the variety of existing deployments.
How to start tracking drifts from a clean state whatever your IaC coverage, by automatically generating a .driftignore file
How a simple manual change in an AWS Security Group using the AWS Web Console can have bitter security consequences