Skip to content
/ cloud-concierge Public

Codify resources outside of Terraform control, detect drift, estimate cloud costs, identify security risks, and more. "Terraform best practices as a Pull Request."

docs.cloudconcierge.io

License

Apache-2.0 license
193 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dragondrop-cloud/cloud-concierge

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

247 Commits

.github

.github

 
 

examples/environments

examples/environments

 
 

images

images

 
 

main

main

 
 

nlpengine

nlpengine

 
 

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

.golangci.yml

.golangci.yml

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

__init__.py

__init__.py

 
 

docker-compose.yml

docker-compose.yml

 
 

makefile

makefile

 
 

Repository files navigation

cloud-concierge

Example Output | Docs

Why cloud-concierge?

cloud-concierge is a container that integrates with your existing Terraform management set up. All results and codified resources are output via a digestible Pull Request to a repository of your choice, providing you with a "State of Cloud" report in a GitOps manner. It provides:

  • ✅ Cloud codification, identify un-managed resources and generate corresponding Terraform code and import statements/import blocks

  • ✅ Drift detection

  • ✅ Flag accounts creating changes outside your Terraform workflow

  • ✅ Whole-cloud cost estimation, powered by Infracost

  • ✅ Whole-cloud security scanning, powered by tfsec

Quick Start

All Cloud Provider Pre-requisites

  1. Configure an environment variable file (use one of our templates to get started) to control the specifics of cloud-concierge's coverage.
  2. Run docker pull dragondropcloud/cloud-concierge:latest to pull the latest image.

AWS Quickstart

I) Run aws configure on your CLI and ensure that credentials with read-only access to your cloud are configured. If referencing state files stored in an s3 bucket, the credentials specified should be able to read those state files as well.

II) Run the cloud-concierge container using the following command: docker run --env-file ./my-env-file.env -v main:/main -v ~/.aws:/main/credentials/aws:ro -w /main dragondropcloud/cloud-concierge:latest

If running on Windows, the substitute $HOME/.aws: for ~/.aws: in the above command.

III) Check the Pull Request that has been created by cloud-concierge (example output).

Azure & GCP Quickstart

See more here.

How does it work?

  1. cloud-concierge creates a representation of your cloud infrastructure as Terraform. Only read-only access should be given to cloud-concierge.
  2. This representation is compared against your state files to detect drift, and identify resources outside of Terraform control.
  3. Static security scans and cost estimation is performed on the Terraform representation.
  4. Results and code are summarized in a Pull Request within the repository of your choice.

NLP Engine

Usage of cloud-concierge is not tracked. To maintain a slimmer final docker image we host the NLP model that recommends new Terraform resources to match with state files in a Python-based Google Cloud Function.

This modelling code does not log any of the anonymized data sent to it, and is stored within this repository here.

Contributing

Contributions in any form are highly encouraged. Check out our contributing guide to get started.

Resources

Star History

Star History Chart

About

Codify resources outside of Terraform control, detect drift, estimate cloud costs, identify security risks, and more. "Terraform best practices as a Pull Request."

docs.cloudconcierge.io

Topics

aws containers terraform gcp iac infrastructure-as-code azurerm

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

193 stars

Watchers

3 watching

Forks

7 forks
Report repository

Releases 41

v0.2.2 Latest
May 4, 2024
+ 40 releases

Contributors 5

Languages