I have created an infrastructure in AWS using terraform. I need to get a notification ,if changes are made to infrastructure through the AWS console that was created by terraform.
Is there any possible way to achieve the above use case
CodePudding user response:
Terraform Cloud has a Drift Detection feature which will periodically compare the results of the most recent Terraform run with the current state of remote objects and send notifications if it detects differences.
If you wish to implement something similar yourself outside of Terraform Cloud, one way to achieve it is to periodically run the following two steps:
terraform plan -refresh-only -out=tfplanterraform show -json tfplan
The first command generates a "refresh-only plan", which only considers differences between the previous run result and the current object state, without also comparing with the current configuration.
The second command converts that plan into a machine-readable JSON format which you can then interrogate with your own software to determine if there are any changes that you consider to be worthy of notifying about. The resource_drift property in that JSON format is the one most relevant to your goals here.