Configuration Drifts and Haydarctl
Hello everyone today we gonna talk about the configuration drifts on your infrastructure stack which developed with Terragrunt.
In infra stack there could be more than one person.So according to the isolation level of your organization your infrastructure might be open to change by manual actions.
Suppose that you have a S3 bucket and you already created it via terraform code block at day1 your infra and real life state goes like that;
Day1
When you run your IAC stack it your entire state graphic would be like that;
Day2
After any kind of manual changes your IAC stack do not cover the entire state.
Now your terraform stack looks like that;
In this graph the greenfield represents the drifted config space.That meaning is your real-state is far away from your current terraform state.
And if you want to maintain your resources via codebase that would be fail because your terraform state will overlap and override the manual changes.
This is a very common, known and big problem in many organization so to fix that problem you can close the console access and manage everything via platform pipelines , according to the circumstances of your organizational structure.
But if you want to be aware your config and resource drifts you can use haydarctl.
Let’s see what is haydarctl.
Haydarctl
Haydarctl is a very simple tool that just run the built-in terragrunt commands to compare states between each others.
terragrunt plan & refresh
And it generates a simple markdown output according to the results.
Let’s take a look ;
At the first you have to create directory of the outputs of the terragrunt plan.
mkdir outputs-directory
And let’s set your terragrunt stack address
haydarctl --output outputs-directory --workspace haydar-terragrunt
Now the expected output is ;
After that check your outputs-directory and you will see the config drift results like that;
After you check the files resource by resource you can adjust your code blocks.
Conclusion
Configuration drift is a big trouble for the IAC and it is a very big problem to provide automation, idempotency, reusability and secure infrastructure, regarding to that you have to be care about the real and terraform states.
Therefore haydarctl allows you to easily automate this drift detection process.
To see how it is installing you can check this