I got tired of manually digging CloudTrail every time Terraform drifted — so I built tf-why

1 / 2

I got tired of manually digging CloudTrail every time Terraform drifted — so I built tf-why

DEV Community·Raj Patil·29 days ago

#jSFU0LNn

#devops #aws #cloud #terraform #cloudtrail #changed

Reading 0:00

15s threshold

The problem Every time terraform plan showed drift, I'd see something like this: ~ aws_security_group.web will be updated in-place ~ ingress = [ { from_port = 22 protocol = "tcp" to_port = 22 }, ] Terraform tells you what changed. It tells you nothing about who changed it, when, or how. So I'd open the AWS Console, navigate to CloudTrail, set the time range, filter by resource, scroll through dozens of unrelated events, and eventually find the culprit — 20 minutes later. Every. Single. Time. What I built tf-why — a CLI that pipes terraform show -json output directly into AWS CloudTrail and gives you attribution in seconds.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

I got tired of manually digging CloudTrail every time Terraform drifted — so I built tf-why