{"id":13505832,"url":"https://github.com/derBroBro/TerraDepot","last_synced_at":"2025-03-30T00:31:41.148Z","repository":{"id":172209513,"uuid":"216419509","full_name":"derBroBro/TerraDepot","owner":"derBroBro","description":"A terraform http backend written in python, deployed on aws lambda.","archived":false,"fork":false,"pushed_at":"2020-02-15T22:04:41.000Z","size":213,"stargazers_count":66,"open_issues_count":2,"forks_count":4,"subscribers_count":5,"default_branch":"master","last_synced_at":"2024-11-15T04:13:07.629Z","etag":null,"topics":["aws","terraform","userinterface","webui"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/derBroBro.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-10-20T19:58:51.000Z","updated_at":"2024-08-24T21:49:54.000Z","dependencies_parsed_at":"2024-01-03T02:29:01.500Z","dependency_job_id":null,"html_url":"https://github.com/derBroBro/TerraDepot","commit_stats":null,"previous_names":["derbrobro/terradepot"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/derBroBro%2FTerraDepot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/derBroBro%2FTerraDepot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/derBroBro%2FTerraDepot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/derBroBro%2FTerraDepot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/derBroBro","download_url":"https://codeload.github.com/derBroBro/TerraDepot/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246262490,"owners_count":20749170,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","terraform","userinterface","webui"],"created_at":"2024-08-01T00:01:14.935Z","updated_at":"2025-03-30T00:31:36.134Z","avatar_url":"https://github.com/derBroBro.png","language":"Python","funding_links":[],"categories":["Tools"],"sub_categories":["Miscellaneous","Community providers"],"readme":"# About the project\nThis project is targeting to provide an easy to use s3 backend for [terraform](https://www.terraform.io/).  \nYou may complain that there is already a built-in backend for aws s3 which can be used.\nAnd yes - you are right the is something similar but also different as this approach. Further details can be found [here](#problems-of-the-build-in-s3-backend)\n\n## Features\n- [x] Offer a Webinterface for creation of backends\n- [x] Inspect the state of each project in a webui\n- [x] Offer a diffrent token for each new Project\n- [x] List projects as admin\n- [ ] Show if the project fulfills the security requirements of your organistation\n- [ ] The an cost estimate based on the used ressources\n\n## Demo\nA demo installation can be found [here](https://terraform.exoit.de/project/new) (admin/r3pl4c3m3).\n\n## Screenshots\n### New project\n![alt text](img/form.png \"form\")\n### Project status\n![alt text](img/header.png \"header\")\n![alt text](img/costs.png \"costs\")\n![alt text](img/usage.png \"usage\")\n\n\n## Problems of the build-in s3 backend\n- Some setup effort required\n  - IAM users must be created and maintained for each project\n  - A Bucket (or complex policy) must be created\n  - Can be handled by for example [terragrunt](https://github.com/gruntwork-io/terragrunt) but this is also one further component\n- If you want to do it right, you have to handle two AWS credentials which the same time (for tf and the backend)  \n\n## Idea behind this approach\nThe idea is to make it as easy as possible to use remote beackends. At the same time a normal level of security should be keeped.  \nTo achive this, the project has just need to be set up ONCE for your organization. Afterward, everyone can set up the backend for terraform by his own.  \nBy to so, a new uniqe ID will be created which can be used. Currently the ID is an random alpha numerical key. \n\nTo use it an HTTP endpoint is provided which can add to your terraform project. \nIn behind all data (tfstate and config) are stored in a bucket in a folder named after the project id. This bucket has versioning enabled of cause.\n\n\n# Setup\n## Deploy the server-side\n```\ngit clone https://github.com/derBroBro/terraform-http-backend.git\ncd terraform-http-backend/deploy\nterraform apply\n```\n\u003e You must provide a name for the project. This will be used for the functions, IAM user and the bucket.\n\n### Using a cust domains\nUsing custom domains is quite easy, just pass in the `domain` and `cert_arn` variables.\nThe `cert_arn` must be a verfied ACM certificate in the us-east-1 region.\nAfter this you need to create a CNAME Record for your domain pointing to the API Gateways Endpoint. Details what to configure will be shown in the outputs.\n\n## Webhooks and Mails\nChanges on the config, as well as on the state will be pushed to an SNS topic created.  \nIf you want to get informed, just create an fitting subscription.\n\n## For each project\nVisit your https://yourdomain/project/new to create a new project.  \nAfter creation you will get to the overview of your project. On this you find also an `backend_http.tf` config which should be added to your projects.\n\n# Further opportunities\nThere are a lot of extensions possible for this backend.\nJust some ideas:  \n- [x] Trigger a central webhook for each state-change  \n- [x] List and show all states on a central place \n- [ ] Central state locking\n- [ ] Cost warnings (base is set. Baybe [lyft/awspricing](https://github.com/lyft/awspricing) is helpfull)\n- [ ] Security checks (public buckets etc.)\n- [ ] Pen-Test after state changes\n- [x] Send a brief summary as a notification\n\n# Todo\n- [x] Setup proper testing\n- [x] Setup basis auth instead of the key-based\n- [x] Add custom Domains\n- [x] Add SNS to subscribe on changes\n- [x] Generate report asynchronously (Required for notifications and pentests) \n- [ ] Add costs estimates for more and complex resource types\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FderBroBro%2FTerraDepot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FderBroBro%2FTerraDepot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FderBroBro%2FTerraDepot/lists"}