cloud-concierge is a container that integrates with your existing Terraform management set up. All results and codified resources are output via a digestible Pull Request to a repository of your choice, providing you with a "State of Cloud" report in a GitOps manner. It provides:
-
✅ Cloud codification, identify un-managed resources and generate corresponding Terraform code and import statements/import blocks
-
✅ Drift detection
-
✅ Flag accounts creating changes outside your Terraform workflow
-
✅ Whole-cloud cost estimation, powered by Infracost
-
✅ Whole-cloud security scanning, powered by tfsec
- Configure an environment variable file (use one of our templates to get started) to control the specifics of cloud-concierge's coverage.
- Run
docker pull dragondropcloud/cloud-concierge:latest
to pull the latest image.
I) Run aws configure
on your CLI and ensure that credentials with read-only access to your cloud are configured. If referencing state files stored in an s3 bucket, the credentials specified should be able to read those state files as well.
II) Run the cloud-concierge container using the following command:
docker run --env-file ./my-env-file.env -v main:/main -v ~/.aws:/main/credentials/aws:ro -w /main dragondropcloud/cloud-concierge:latest
If running on Windows, the substitute $HOME/.aws:
for ~/.aws:
in the above command.
III) Check the Pull Request that has been created by cloud-concierge (example output).
See more here.
- cloud-concierge creates a representation of your cloud infrastructure as Terraform. Only read-only access should be given to cloud-concierge.
- This representation is compared against your state files to detect drift, and identify resources outside of Terraform control.
- Static security scans and cost estimation is performed on the Terraform representation.
- Results and code are summarized in a Pull Request within the repository of your choice.
Usage of cloud-concierge is not tracked. To maintain a slimmer final docker image we host the NLP model that recommends new Terraform resources to match with state files in a Python-based Google Cloud Function.
This modelling code does not log any of the anonymized data sent to it, and is stored within this repository here.
Contributions in any form are highly encouraged. Check out our contributing guide to get started.