terrafoudre
Find if your terraform resources are used in another terraform state
Prerequisities
terrafoudre only works with state format from terraform show -json
(as explained here).
You should consider producing and storing terraform show -json
after each successful terraform apply
.
All states that needs to be analyze by terrafoudre must be accessible in filesystem.
Configuration
Main idea of terrafoudre is to check if given values from a source state are present in another state to know if there is a dependency.
The first step is to define primary keys for your source resources, like id
for example, but depending on provider or resource, it may be name
, or arn
, or...
It is your job to define depending on provider or resource what key to choose:
- if you want by default to look for
id
keys, then you should put it in defaultKeyMatcher
- if you want to look for
arn
keys with provider aws
, then you should put it in providerMatchers
- if you want to look for
name
keys with provider aws
and resource type aws_iam_role
, then you should put it in typeMatchers
typeMatcher
take precedence on providerMatchers
that take precedence on defaultKeyMatcher
Keys selected with previous matchers are excluded from destination state managed resources (!= data): if an aws_iam_role
has name=george
in a source state, we doesn't try to match it with other aws_iam_role
name
key, it could only mean that this role exists in 2 different accounts for example, without dependencies.
Usage
Usage of terrafoudre:
-config string
Path to config (default "test/config-full.yaml")
-debug
Set log level to debug
-destinationStates string
Path to json states directory that contains destination resources (default "test/states/")
-sourceState string
Path to json state that contains source resources (default "test/states/source.json")
Credits
Dependency by Meko from Noun Project
thunder by Mansion@design from Noun Project
Terraform logo from Terraform