GET STARTED ON DRIFTCTL

Set up your AWS
authentication
Configure Terraform
provider version
Create a clean
baseline
Generate
HTML reports
Build your driftctl
Docker image
Workflows

Getting started on driftctl: build your own driftctl Docker image

Including your own .driftignore file

Share on twitter
Share on reddit
Share on linkedin

This post is the last of the walkthrough series on how to get started on driftctl. For any additional information, feel free to join our discord community server or reach out on GitHub. We’ll be glad to chat.

Easy steps to your driftctl Docker image

The easiest way to use driftctl along with your own custom .driftignore file is to build your own driftctl Docker image, based on the official one.

Requirements for this tutorial:

Here´s how we do it:

				
					$ docker run -t --rm -v $(pwd):/app:ro \
  -e AWS_ACCESS_KEY_ID=AKIAxxx \
  -e AWS_SECRET_ACCESS_KEY=XXX \
  -e AWS_REGION=us-east-1 \
  cloudskiff/driftctl scan --from tfstate+s3://mycorp-bucket/tfstates-folder/ 
[...]
  • Now create a new folder (that will eventually become a git repository later) and add your own .driftignore file to it:
				
					mkdir mycorp-driftctl-docker-custom 
touch .driftignore
  • Add all the content you need into this .driftignore file, like:
				
					echo "aws_iam_user.terraform" >> .driftignore 
[...lots of copy-pasting...]
  • Now, let’s create our own Docker image from the official one; create a Dockerfile and open it:
				
					touch Dockerfile
  • Add the following content:
				
					FROM cloudskiff/driftctl 
WORKDIR /app 
COPY .driftignore .
  • Now build your custom docker image:
				
					$ docker build -t mycorp-driftctl . 
[...]
  • Finally run your own docker image of driftctl:
				
					$ docker run -t --rm \
  -e AWS_ACCESS_KEY_ID=AKIAxxx \
  -e AWS_SECRET_ACCESS_KEY=xxx \
  -e AWS_REGION=us-east-1 \
  mycorp-driftctl:latest scan --from tfstate+s3://driftctl-tfstates/ 
[...]

Congratulations! Now you can run driftctl fully isolated in Docker, with your own .driftignore always available. Much easier now to run as a scheduled task or cronjob!

Next steps

The next steps can include:

  • Adding this folder to git, so you can version the .driftignore file and track your improvements over time
  • Pushing the image somewhere central, so it can be easily used by your team
  • Automatically rebuilding your own docker image when the source image changes (so you stay up to date with driftctl)
  • Automatically rebuilding your own docker image when the .driftignore file changes
  • Adding your docker image scan to an hourly cron job so you are notified when something drifts

We’d love to hear about your own use cases, come tell us how you use driftctl! Thanks for reading!

Stay in touch

Get product updates and occasional news.