A CLI tool to analyze Terraform plan files, and prevent unallowed resources deletions and drop/create actions.
Project description
Terrasafe
https://github.com/PrismeaOpsTeam/Terrasafe
Terrasafe provide a way to secure your automated terraform pipeline and fail if an unauthorized deletion is planned.
Usage
terraform plan -out=tfplan
terraform show -json tfplan | terrasafe --config terrasafe.json
terraform apply --auto-approve tfplan
Configuration
The --config
option allows to specify the path of the JSON configuration file.
{
"ignore_deletion": [ "aws_ecs_task_definition*" ], // Resource can be deleted
"ignore_deletion_if_recreation": [ "aws_ecs_task_definition*"], // Resource can be replaced
"unauthorized_deletion": [ "aws_ecs_task_definition*" ] // Resource can't be deleted by any way
}
How to delete a resource ?
- Comment it
- Or rename the file with the extension
.tf.disabled
- Or define the Env var
TERRASAFE_ALLOW_DELETION
to the addresses of resources to delete, separated by;
. Example:export TERRASAFE_ALLOW_DELETION=aws_ecs_task_definition.a;aws_lambda.b
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
terrasafe-0.1.0.tar.gz
(16.2 kB
view hashes)
Built Distribution
terrasafe-0.1.0-py3-none-any.whl
(16.0 kB
view hashes)
Close
Hashes for terrasafe-0.1.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | de3bf14b286c022fb6ee49221229aaf3a97cece66101a6a84b4afa43fbf8c59b |
|
MD5 | 80bd74b650b2ccb1d6ae676ca7456d1c |
|
BLAKE2b-256 | fd0bb90bc2ee920799d9a3a56e5998659162d3f3de42c3fe05e29f056fd2b2f2 |