AWS Config to Infrastructure-as-Code Reconciler
Utility to enable reconciliation between AWS Config snapshot, and one or more Terraform
statefiles, as well as possibly other IaC tools in the future.
This does not (yet) contact AWS and do a report for you. It may at some point.
For now, you need to enable AWS Config, save
the snapshot output to a bucket, download it, and provide it as an input
file to this utility.
Usage
$ aws-config detail --aws-config path/to/aws-config-snapshot.json --terraform path/to/terraform.tfstate
As many organizations split Terraform into multiple configs, each with their own
statefile, you can tell it to search in a path and find all *.tfstate
files:
$ aws-config generate --aws-config path/to/aws-config-snapshot.json --terraform path/to/terraform/root --tf-recursive
Output
The output is a list of all resources found in one, the other, or both.
Each resource lists which it is found within, and the resource's type and ID.
Run aws-config
to list the various subcommands, such as detail
, resource
, summarized
.
Limitations
As of this writing, everything is stored in memory. This should not be an issue except
at very large scale. We are open to replacing it with a memory-mapped file, or an embedded
sql database like sqlite, if this becomes an issue.