Awesome
validiac
ValidIaC combines the best open-source tools to help ensure Terraform best practices, hygiene & security.
Contents
<!-- vim-markdown-toc GFM --> <!-- vim-markdown-toc -->Capabilities
- Lint - Lint your Terraform HCL files with tflint
- Secure - Scan your Terraform templates for security vulnerabilities with tfsec
- Cost - Get a breakdown of your cloud costs with infracost
- Map - Chart a map of your cloud infrastructure with inframap
ValidIaC is an open-source solution, so please feel free to add more capabilities or tools :)
A free online instance of ValidIaC is available for anyone to use at https://www.validiac.com. The program can both be deployed as an AWS Lambda function, or be used directly from the command line.
Usage
The validiac
binary can be used in three different ways:
- As a CLI utility.
- As an HTTP server.
- As an AWS Lambda handler.
To compile the binary:
- Install Graphviz via your package manager.
- Download static dependencies with
make deps
- Build validiac with
make build
CLI Usage
Run bin/validiac --help
for complete usage instructions. Example: bin/validiac --png plan.tf > plan.png
HTTP Server Usage
Simply execute bin/validiac
without any arguments. By default, the server will
listen on all addresses at port 8080. Supply a different port with --port
.
AWS Lambda Usage
Build the Docker image with make docker
and deploy to a Lambda environment.
Use with Docker
As an alternative to installing and running ValidIaC on your system, you may run ValidIaC in a Docker container.
To run:
- :Build Docker (from local directory)
docker build -t validiac .
- :Run ValidIaC as CLI, read hcl files from LOCAL_DIRECTORY
#Help
docker run validiac --help
#Secure
docker run --rm -v <LOCAL_DIRECTORY>:/iac validiac secure /iac/<LOCAL_FILE>
#Cost
docker run --rm -v <LOCAL_DIRECTORY>:/iac -e INFRACOST_API_KEY="<PUT_HERE_INFRACOST_KEY>" validiac cost /iac/<LOCAL_FILE>
#Lint
docker run --rm -v <LOCAL_DIRECTORY>:/iac validiac lint /iac/<LOCAL_FILE>
#Map (adding --png argument returns it as an image with icons)
docker run --rm -v <LOCAL_DIRECTORY>:/iac validiac map /iac/<LOCAL_FILE>
#Running ValidIaC as a server listening to port 8080
docker run -p 8080:8080 -e INFRACOST_API_KEY="<PUT_HERE_INFRACOST_KEY>" validiac
Development
- Download static dependencies with
make deps
- Run unit tests with
make test
- Run static code analysis with
make lint
(requires golangci-lint) - Remove validiac binary with
make clean
- Remove all binaries (including static dependencies) with
make clean-all
Upgrading Dependency Versions
The versions used for the four base tools are defined in the Makefile. Simply change the version number of the relevant tool and rebuild (the validiac binary will need to be rebuilt as well).