Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/edeas123/aws-terraform-casper
A tool for detecting ghost resources running on your aws cloud
https://github.com/edeas123/aws-terraform-casper
aws cloud iac infrastructure-as-code python3 terraform terraform-0-12
Last synced: 2 days ago
JSON representation
A tool for detecting ghost resources running on your aws cloud
- Host: GitHub
- URL: https://github.com/edeas123/aws-terraform-casper
- Owner: edeas123
- License: mpl-2.0
- Created: 2019-12-25T18:12:02.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2020-04-20T16:54:40.000Z (over 4 years ago)
- Last Synced: 2024-09-24T09:10:44.163Z (3 days ago)
- Topics: aws, cloud, iac, infrastructure-as-code, python3, terraform, terraform-0-12
- Language: Python
- Size: 132 KB
- Stars: 13
- Watchers: 5
- Forks: 5
- Open Issues: 9
-
Metadata Files:
- Readme: README.md
- Contributing: docs/CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
# Casper
[](https://circleci.com/gh/edeas123/aws-terraform-casper)
[](https://badge.fury.io/py/aws-terraform-casper)
[](https://codecov.io/gh/edeas123/aws-terraform-casper)
[](https://github.com/psf/black)
Casper is a tool for detecting `ghosts` running on your AWS cloud environment. Ghosts are resources running on your cloud
environment but not provisioned through infrastructure as code (IaC) tools such as Terraform. Casper currently works only with AWS and Terraform.
## Benefits
Some of the benefits Casper provides includes:
* **Security and resource management**: Ghosts in your infrastructure can be a sign of a security exploit because the resources were not provisioned through the traditional means used in your organization.
* **Coverage**: It would help to measure coverage for an organization gradually using
Terraform to provision their AWS infrastructure. Running Casper on an empty terraform state directory would detect all the (supported) resources in your cloud as ghosts. Then you can gradually import those resources to terraform and improve coverage.
## Installation
Install Casper by running:
```shell script
pip install aws-terraform-casper
```
## Usage
Run Casper using:
```shell script
casper [options]
```
Casper currently has two subcommands: `BUILD` and `SCAN`.
| Subcommand | Description |
| ------------- |:-------------|
| build | Collects and stores information about the infrastructure captured in terraform. |
| scan | Compares the resources on terraform with that running in the cloud. |
Casper currently supports the following options:
| Options | Description |
| ------------- |:-------------|
| -h, --help | Display help message and exit |
| --root-dir | The root terraform directory |
| --aws-profile | AWS profile to use. If not set, uses the value in AWS_PROFILE environment variable |
| --bucket-name | Bucket name created to save and retrieve state. If not set, uses the value in CASPER_BUCKET environment variable |
| --exclude-dirs | Comma separated list of directories to ignore |
| --exclude-state-res | Comma separated list of terraform state resources to ignore |
| --services | Comma separated list of services to scan, the default is to scan all supported services |
| --exclude-cloud-res | Comma separated list of cloud resources ids to ignore |
| --rebuild | Rebuild and save state first before scanning |
| --detailed | Retrieve and include details about the resources discovered through scan |
| --output-file | Output detailed result to specified file |
| --loglevel | Log level. Defaults to INFO if unspecified |
Refer to the [usage guide](./docs/guide.md) for examples, results format and how to use Casper from your code.
## Contributing
Contributions to the development of Casper is very much welcome. Please refer to [CONTRIBUTING.md](./docs/CONTRIBUTING.md) for details on ways to contribute.
## License
[Mozilla Public License v2.0](LICENSE)