In this quick tutorial, we will create, using Terraform, a simple IAM user with a keypair and attach to it a limited policy. Then we will make a series of (bad!) manual changes on the AWS console, to finally show how simply running driftctl helps to be alerted about new drifts!
Once you’ve gone through this page, we also recommend you to visit this advanced tutorial where you will learn how to use driftctl in a more realistic real-life environment, with multiple Terraform states and output filtering.
Download the example Terraform code and execute it:
$ git clone email@example.com:cloudskiff/driftctl-quick-aws-tutorial.git
$ cd driftctl-quick-aws-tutorial
$ export AWS_PROFILE="your-profile"
Initialize the Terraform environment:
$ terraform init [...]
$ terraform apply
Apply complete! Resources: 4 added, 0 changed, 0 destroyed.
For demonstration purposes, let’s create some major drifts from the Terraform code and intention:
2. Go to the IAM user details, and create a new IAM access key pair (don’t save the details, it’s for demo purposes)
3. Go to the IAM user details
Confirm that Terraform doesn’t rollback nor notify the changes we just made manually:
$ terraform apply
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
Now, using driftctl, execute the following:
$ driftctl scan
Scanning AWS on region: us-east-1
Found unmanaged resources:
Found 5 resource(s)
- 60% coverage
- 3 covered by IaC
- 2 not covered by IaC
- 0 deleted on cloud provider
- 0/3 drifted from IaC
Driftctl just reported you a set of manual changes that would otherwise stay in the dark!
Now that you have a basic understanding of how the CLI works, feel free to visit this advanced tutorial where you will learn how to use driftctl in a more realistic real-life environment, with multiple Terraform states and output filtering.