Guides
Start typing to search…

AWS - Create IAM role for drift detection

This goes through the IAM setup for AWS to detect and analyze drift in real-time.

πŸ“˜

Future improvements include STSassumeRole functionality for AWS

Use Terracotta AI to detect drift in real-time

Terracotta AI has automatic drift detection for your cloud environments, powered by Infrastructure as Code. Terracotta captures the remote state file alongside your actual environment's live state to generate a report, which is delivered to you in seconds.

As part of your deployment process, this pre-flight check before deploying your Terraform or CDK-TF changes is powerful and can save individuals or teams from putting their environments into a bad state.


drift-movie.mp4

How to securely set up TerracottaUser in your cloud environment in AWS?

A more detailed user guide is located here.

  1. Log into AWS
  2. Go to IAM
  3. Go to create a policy and name it terracottaReadOnlyAccessPolicy
{
	"Version": "2012-10-17",
	"Statement": [
		{
			"Effect": "Allow",
			"Action": [
				"ec2:Describe*",
				"rds:Describe*",
				"rds:List*",
				"dynamodb:Describe*",
				"dynamodb:List*",
				"s3:List*",
				"s3:Get*",
				"cloudformation:Describe*",
				"cloudformation:List*",
				"cloudwatch:Describe*",
				"cloudwatch:List*",
				"iam:List*",
				"iam:Get*",
				"lambda:List*",
				"lambda:Get*",
				"autoscaling:Describe*",
				"elasticloadbalancing:Describe*",
				"eks:Describe*",
				"eks:List*",
				"secretsmanager:DescribeSecret",
				"secretsmanager:ListSecrets",
				"ssm:Describe*",
				"ssm:Get*",
				"ssm:List*",
				"ecs:Describe*",
				"ecs:List*",
				"kms:Describe*",
				"kms:Get*",
				"kms:List*",
				"sns:List*",
				"sns:Get*",
				"sqs:List*",
				"sqs:Get*",
				"cloudtrail:Describe*",
				"cloudtrail:List*",
				"cloudtrail:Get*",
				"aws-marketplace:Describe*",
				"aws-marketplace:List*"
			],
			"Resource": "*"
		}
	]
}
  1. Go to users and create a new user TerracottaUser
  2. Attach the newly created policy to the user
  3. Generate access keys for the user
  4. Paste the access keys into the Terracotta AI and save them
  5. Terracotta is now enabled to retrieve state data for drift functionality

Example of how Terracotta shows your drift within a PR:

Updated 5 days ago