In this first demo, we will create, using Terraform, a simple IAM user with a keypair and attach to it a limited policy. Then we will make a series of (bad!) manual changes on the AWS console, to finally show how simply running driftctl helps to be alerted about new drifts!
Once you’ve gone through this page, we also recommend you to visit this advanced demo where you will learn how to use driftctl in a more realistic real-life environment, with multiple Terraform states and output filtering.
Download the example Terraform code and execute it:
$ git clone firstname.lastname@example.org:cloudskiff/driftctl-quick-aws-tutorial.git $ cd driftctl-quick-aws-tutorial
$ export AWS_PROFILE="your-profile"
Initialize the Terraform environment:
$ terraform init [...]
$ terraform apply [...] Apply complete! Resources: 4 added, 0 changed, 0 destroyed.
For demonstration purposes, let’s create some major drifts from the Terraform code and intention:
2. Go to the IAM user details, and create a new IAM access key pair (don’t save the details, it’s for demo purposes)
3. Go to the IAM user details
Confirm that Terraform doesn’t rollback nor notify the changes we just made manually:
$ terraform apply [...] Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
Now, using driftctl, execute the following:
$ driftctl scan Scanning AWS on region: us-east-1 Found unmanaged resources: aws_iam_access_key: - AKIASBXWQ3AY3RL7B2HG aws_iam_policy_attachment: - driftctl-demo-dfbvp5-arn:aws:iam::aws:policy/AdministratorAccess Found 5 resource(s) - 60% coverage - 3 covered by IaC - 2 not covered by IaC - 0 deleted on cloud provider - 0/3 drifted from IaC
Driftctl just reported you a set of manual changes that would otherwise stay in the dark!
This first demo gave you a basic understanding of how the CLI works. Feel free to visit this advanced demo where you will learn how to use driftctl in a more realistic real-life environment, with multiple Terraform states and output filtering.
Get product updates and occasional news.