Skip to content

Codify resources outside of Terraform control, detect drift, estimate cloud costs, identify security risks, and more. "Terraform best practices as a Pull Request."

License

Notifications You must be signed in to change notification settings

dragondrop-cloud/cloud-concierge

Repository files navigation

cloud-concierge

Why cloud-concierge?

cloud-concierge is a container that integrates with your existing Terraform management set up. All results and codified resources are output via a digestible Pull Request to a repository of your choice, providing you with a "State of Cloud" report in a GitOps manner. It provides:

  • ✅ Cloud codification, identify un-managed resources and generate corresponding Terraform code and import statements/import blocks

  • ✅ Drift detection

  • ✅ Flag accounts creating changes outside your Terraform workflow

  • ✅ Whole-cloud cost estimation, powered by Infracost

  • ✅ Whole-cloud security scanning, powered by tfsec

Quick Start

All Cloud Provider Pre-requisites

  1. Configure an environment variable file (use one of our templates to get started) to control the specifics of cloud-concierge's coverage.
  2. Run docker pull dragondropcloud/cloud-concierge:latest to pull the latest image.

AWS Quickstart

I) Run aws configure on your CLI and ensure that credentials with read-only access to your cloud are configured. If referencing state files stored in an s3 bucket, the credentials specified should be able to read those state files as well.

II) Run the cloud-concierge container using the following command: docker run --env-file ./my-env-file.env -v main:/main -v ~/.aws:/main/credentials/aws:ro -w /main dragondropcloud/cloud-concierge:latest

If running on Windows, the substitute $HOME/.aws: for ~/.aws: in the above command.

III) Check the Pull Request that has been created by cloud-concierge (example output).

Azure & GCP Quickstart

See more here.

How does it work?

  1. cloud-concierge creates a representation of your cloud infrastructure as Terraform. Only read-only access should be given to cloud-concierge.
  2. This representation is compared against your state files to detect drift, and identify resources outside of Terraform control.
  3. Static security scans and cost estimation is performed on the Terraform representation.
  4. Results and code are summarized in a Pull Request within the repository of your choice.

NLP Engine

Usage of cloud-concierge is not tracked. To maintain a slimmer final docker image we host the NLP model that recommends new Terraform resources to match with state files in a Python-based Google Cloud Function.

This modelling code does not log any of the anonymized data sent to it, and is stored within this repository here.

Contributing

Contributions in any form are highly encouraged. Check out our contributing guide to get started.

Resources

Star History

Star History Chart

About

Codify resources outside of Terraform control, detect drift, estimate cloud costs, identify security risks, and more. "Terraform best practices as a Pull Request."

Topics

Resources

License

Stars

Watchers

Forks

Languages