Setup for automatic drift detection
Use Terracotta AI to detect drift in real-time
Terracotta AI has automatic drift detection for your cloud environments, powered by Infrastructure as Code. Terracotta captures the remote state file alongside your actual environment's live state to generate a report delivered to you in seconds.
As part of your deployment process, this pre-flight check before you deploy your Terraform or OpenTofu changes is powerful and can save individuals or teams from putting your environments into a bad state.
How to securely set up TerracottaUser in your cloud environment in AWS?
TerracottaUser in your cloud environment in AWS?- Log into AWS
- Go to IAM
- Go to create a policy and name it
terracottaReadOnlyAccessPolicy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"aws-marketplace:Describe*",
"aws-marketplace:List*",
"aws-marketplace:Get*",
"cloudformation:Describe*",
"cloudformation:List*",
"cloudformation:Get*",
"cloudfront:Describe*",
"cloudfront:List*",
"cloudfront:Get*",
"cloudtrail:Describe*",
"cloudtrail:List*",
"cloudtrail:Get*",
"cloudwatch:Describe*",
"cloudwatch:List*",
"cloudwatch:Get*",
"dynamodb:Describe*",
"dynamodb:List*",
"dynamodb:Get*",
"ec2:Describe*",
"ec2:List*",
"ec2:Get*",
"iam:List*",
"iam:Get*",
"lambda:List*",
"lambda:Get*",
"rds:Describe*",
"rds:List*",
"s3:List*",
"s3:Get*",
"s3:ListTagsForResource",
"sns:List*",
"sns:Get*",
"sqs:List*",
"sqs:Get*",
"sts:AssumeRole"
],
"Resource": "*"
}
]
}- Go to users and create a new user
TerracottaUser - Attach the newly created policy to the user
- Generate access keys for the user
- Paste the access keys into the Terracotta AI and save them
- Terracotta is now enabled to retrieve state data for drift functionality
Example of how Terracotta shows your drift within a PR:
Updated 15 days ago