A small script that is useful to track the level of 'infrastructure-as-code' coverage; ie how much of your AWS infrastructure is managed by Terraform?
It checks the following AWS resources:
- EC2 Instances
- EC2 Security Groups
- EC2 AMIs
- EC2 Volumes
- EC2 ALBs
- EC2 ELBs
- Lambda Functions
- RDS Instances
- VPC Subnets
- VPC Route Tables
- VPC IGWs
- VPC DHCP Options
- VPC Network ACLs
- S3 Buckets
It can be difficult track the status of existing AWS resources when attempting to import a large existing project into Terraform managed infrastructure-as-code. One of the challenges is identifying what AWS resources are currently managed by Terraform and which ones still need to be imported. This script is an initial attempt.
A series of bash functions that call the AWS API, performs some basic mathematics as needed, and writes the output to a badge using http://shields.io/
git clonethis repo
- configure the variables at the top of the script
- run the script
- it will make the AWS API calls, checking all AWS resources in the specified region of your specified account for the existence of the specified tag.
- it will calculate the total number of resources vs the total number of tagged resources
- it will use the output of the above function as the input for the badges.io API to create coverage badges
- it will write the badges to the specified S3 bucket
- you can point to the URL of the S3 badges in order to embed anywhere you want, see above Demo for an example.
- An existing AWS account.
- Permissions: Create S3 bucket
- what else?
- Locally configured AWS profile with AWS credentials
- AWS resources that are consistently identified via a single tag
- tag is configurable. Our example is "Terraform = True"
- Any resource containing this tag is assumed to be managed via Terraform
- Q) Why bash?
- A) I like bash. It's simple and is easy for coders of all levels to contribute to.
- Q) Does this show my coverage for ALL AWS resources?
- A) No. It currently checks for over a dozen resources that 1) support AWS tags & 2) Have Terraform support for reading/writing AWS tags.
- Q) Do you plan on extending this?
- A) Sure, see the TODO section.