Join our community Discord server

Driftctl v0.6.0 now available on GitHub!

Reading all Terraform states from a bucket, GitHub provider support, additional features and news from the community

Share on twitter
Share on reddit
Share on linkedin

Here’s your monthly update about driftctl, with highlights from the latest releases, project life and community.

Tl;dr : 

  • Reading all Terraform states from a bucket or a directory
  • Multi provider with GitHub support
  • Additional AWS resources
  • Several UX enhancements and bug fixes
  • Dedicated documentation website
  • News about project life and community
visit release page

Reading all Terraform states within a bucket or a directory

That was a highly anticipated feature for many of you, driftctl now supports reading all Terraform states from a bucket or a directory, so you don’t need to list them all on the command line anymore, especially if you have hundreds of them!

Just run $ driftctl scan --from tfstate+s3://bucket-full-of-tfstates/ for your states stored on an S3 bucket, or *.tfstate to use a whole local directory as your IaC source.

GitHub support

driftctl now supports the GitHub provider, which means that if you manage your GitHub account with Terraform, you can now track any drift related to it. Currently, the resources covered by driftctl include repositories, branches protection, as well as teams and membership within teams. So basically, if anyone adds a new user by hand within your organization or changes his permissions, driftctl will spot it immediately.

Additional AWS resources

We recently added several new resources to the existing ones making the AWS support even more comprehensive. driftctl now also spots drift from :

  • ECR (Docker repositories)
  • KMS encryption keys and aliases
  • Lambda source event mapping
  • Dynamo tables
  • CloudFront (enhanced support)
  • Route53 (enhanced support with health checks)

Native Apple silicon support

As a happy consequence of Go 1.16 release, driftctl now natively supports builds for the new apple silicon M1 chip.

Documentation

So far, our doc was displayed directly on GitHub, partly on the README, partly in other places. As the project grew, it was getting less and less readable so we decided to change it. We’re particularly happy to release our dedicated documentation website.

documentation

UX and bug fixes

driftctl now alerts users when the minimal policies from previous versions do not match the abilities of the version you are using and points you to the latest minimal policy you can use.

Additionally, driftctl now warns users on potential false positive drifts from security groups rules.

We also improved the IAM access key output and now return both the ID and the user for the resource.

Sending out our very special thoughts on this one 😀

Thank you user from Belgium who reported on discord a bug on driftctl related to the eu-west-1 region for older S3 buckets randomly returning “either eu-west-1” or just “EU”.

What's coming next?

As you now know, we are now multi providers as we support the GitHub Terraform provider on top of the AWS provider. There’s a lot of work under the hood going on right now to be able to support any provider version soon, and open up the tool to new cloud providers. Stay tuned!

We are also about to release a bunch of ready to use CI integrations like Circle CI orbs or GitHub Actions for easy integration in your pipelines.

We recently were lucky enough to speak about infrastructure drift at the 2021 Fosdem and Hashitalk editions. We’ll be speaking at Blueprint London on March, 10th and the Lyon CNCF Meetup in April. You can find replays of our latest talks at driftctl.com/replays.

Community

Thank you @lamienois for opening a GitHub issue about adding Gitlab and Azure blob as IaC Sources. Very interesting point you’ve raised: so far we support only local and S3 IaC sources, but there’s a workaround to answer your needs by using terraform state pull to retrieve your state using Terraform and output it to a file using terraform state pull > my-state.tfstate and then simply run driftctl scan --tfstate://my-state.tfstate  from there.

There might be more coming on this topic soon, so stay tuned…

Did you know that we are doing live release demos on twitch and youtube twice a month? Our engineering team also frequently opens up live coding sessions on twitch. Just follow us on twitter to get the notifications when we go live.

They talked about us

Need a quick start guide?

We published a series of short demo videos that will show you around in no time! Go ahead and check them out. 

Get started

Looking forward to further contacts!
Feel free to reach out on GitHub or join our discord and in the meantime…

mind the gap between the code and the platform

Stay in touch

Get product updates and occasional news.