Skip to main content

Terraform

ScraperRelationship

Mission Control integrates with Terraform to provide visibility into your infrastructure-as-code. Use it to:

  • Discover resources managed by Terraform across your state files
  • Build relationships between Terraform modules and the AWS resources they create
  • Track state file changes and correlate with infrastructure drift
  • Map ARN-based connections between EC2, RDS, Lambda, S3, and other AWS services
  • Understand infrastructure dependencies by linking Terraform configurations to cloud resources

How It Works

The Terraform scraper performs the following key functions:

  1. State File Processing:

    • Loads Terraform state files from specified locations
    • Parses the JSON state data to extract resource information
    • Maintains the state file lineage as a unique identifier

  2. Resource Relationship Mapping:

    • Identifies managed AWS resources in the Terraform state
    • Extracts ARN (Amazon Resource Name) information from resource attributes
    • Creates relationships between Terraform configurations and AWS resources using ARNs

  3. Configuration Tracking:

    • Creates unique configurations for each Terraform state
    • Masks sensitive attributes in the state data
    • Maintains aliases and identifiers for tracking purposes

Example Configuration

spec:
  terraform:
    - name: "{{.path}}"  # Uses the state file path as the configuration name
      state:
        path: "/path/to/terraform/states"  # Directory containing terraform state files

The scraper currently supports AWS resources and can extract relationships based on various ARN attributes including:

  • Standard ARN
  • Policy ARN
  • Function ARN
  • Role ARN
  • KMS Key ARN
  • Bucket ARN
  • Topic ARN
  • Queue ARN
  • Lambda ARN
  • Cluster ARN
  • Instance ARN
  • Execution ARN
  • Stream ARN

Generated Relationships

For each AWS resource found in the Terraform state, the scraper creates a relationship between:

  • The Terraform module configuration (identified by its lineage)
  • The corresponding AWS resource (identified by its ARN)

These relationships help in:

  • Understanding resource dependencies
  • Tracking infrastructure changes
  • Mapping infrastructure relationships across your AWS environment