A CLI tool to analyze Terraform plan files, and prevent unallowed resources deletions and drop/create actions.
Project description
Terrasafe
https://github.com/PrismeaOpsTeam/Terrasafe
Terrasafe provide a way to secure your automated terraform pipeline and fail if an unauthorized deletion is planned.
Usage
terraform plan -out=tfplan
terraform show -json tfplan | terrasafe --config terrasafe.json
terraform apply --auto-approve tfplan
Configuration
The --config
option allows to specify the path of the JSON configuration file.
{
"ignore_deletion": [ "aws_ecs_task_definition*" ], // Resource can be deleted
"ignore_deletion_if_recreation": [ "aws_ecs_task_definition*"], // Resource can be replaced
"unauthorized_deletion": [ "aws_ecs_task_definition*" ] // Resource can't be deleted by any way
}
How to delete a resource ?
- Comment it
- Or rename the file with the extension
.tf.disabled
- Or define the Env var
TERRASAFE_ALLOW_DELETION
to the addresses of resources to delete, separated by;
. Example:export TERRASAFE_ALLOW_DELETION=aws_ecs_task_definition.a;aws_lambda.b
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
terrasafe-0.5.1.tar.gz
(4.0 kB
view hashes)
Built Distribution
Close
Hashes for terrasafe-0.5.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1fa5eeb53d6019183f95251f73cde68161aadcf69204138a047615690453419f |
|
MD5 | 70d4b07a7a96fb0f9195960d3aa78b33 |
|
BLAKE2b-256 | 6ed80f8e8925238059727dda1d105bbf3419a4fee299a1d765e897eb19fada22 |