The organization currently does not have a terraform code template for which CloudFix has reccomendations. Hence, to test out Cloudfix-linter, this demo repo with sample terraform code has been made.
If you are using Devspaces this repo will load up a vscode extension. This video demonstrates how to use the extension.
- This terraform template will create 19 resources:-
Resource Type | Count |
---|---|
aws_dynamodb_table | 1 |
aws_ebs_volume | 4 |
aws_instance | 4 |
aws_nat_gateway | 1 |
aws_vpc_endpoint | 1 |
aws_s3_bucket | 3 |
aws_efs_file_system | 1 |
aws_s3_bucket_acl | 1 |
aws_s3_bucket_public_access_block | 1 |
aws_s3_bucket_versioningterraforte | 1 |
aws_neptune_cluster | 1 |
To create them, first terraform will need to be provided creds to your AWS account. If using a personal account, this can be done by exporting AWS_ACCESS_KEY and AWS_SECRET_KEY as environment variables. If using federated login (as trilogy does), saml2aws can be used instead. For more details on how to authorize terraform can be found here
If you are using the DevFactory OIDC session tokens, then upload the credentials file to the base folder and run
./demo_setup.sh credentials.json
. run1.sh
- After authorizing terraform, run
terraform apply
to create the resources
- Since CloudFix waits 14 days before it makes recommendations for resources, there will be no reccomendations for the resources just created. You can either mock the recommendations, or use CloudFix.
In order to generate mock recommnedations and tell the linter that it needs to read reccomendations from a file rather than from CloudFix itself, on the terminal run
- Windows
$env:CLOUDFIX_FILE=$true
terraform show -json > tf.show
python3 utils/gen_recco.py tf.show
- Linux and Devspaces
export CLOUDFIX_FILE=true
terraform show -json > tf.show
python3 utils/gen_recco.py tf.show
- Windows
$env:CLOUDFIX_FILE=$false
$env:CLOUDFIX_USERNAME="<MY_USERNAME>"
$env:CLOUDFIX_PASSWORD="<PASSWORD>"
- Linux and Devspaces
export CLOUDFIX_FILE=false
export CLOUDFIX_USERNAME="<MY_USERNAME>"
export CLOUDFIX_PASSWORD="<PASSWORD>"
template in question does have recomendations, the user would only need to export CLOUDFIX_USERNAME and CLOUDFIX_PASSWORD as environement variables rather than performing the above steps. The linter would automatically get the reccomendations from Cloudfix using their credentials.
- Add the binary to
PATH
- For linux, macOS, devspaces
export PATH=$PATH:~/.cloudfix-linter/bin
- For Windows
$Env:PATH += ";${HOME}\.cloudfix-linter\bin"
- For linux, macOS, devspaces
Note: In the following commands replce cloudfix-linter
with cloudfix-linter.exe
for windows
- Run
cloudfix-linter tf init
to init the directory in which the linter has to be run
- Run
terraform apply
to deploy the resources
- Run
cloudfix-linter tf reco
to get reccomendations on the console
OR Run
cloudfix-linter tf reco -j
to get reccomendations in json format. (This command may not prompt descriptive errors currently, try without -j
flag if having issues)
- For help, run
cloudfix-linter
Running the Cloudfix linter Extension
- Install the extension from here
- Open the terraform "folder" in VSCode.
- Get command palette by
Ctrl+Shift+P
and run commandCloudfix-linter: Init
. - Select
mock-recommendations
for the demo repo. - Ensure that terraform can access your AWS account. You can use one of the following
- Devconnect with saml2aws
- Set the access key and the secret key inside of the provider "aws" block eg: in the main.tf file provider "aws" { region = "us-east-1" access_key = "my-access-key" secret_key = "my-secret-key" }
- Set and export AWS_ACCESS_KEY_ID , AWS_SECRET_ACCESS_KEY , AWS_SESSION_TOKEN as enviroment variables. More information on how to give access can be found here
- Run the following commands.
terraform init terraform apply
- For
mock-recommendations
, run the following commands.terraform show -json > tf.show python3 utils/gen_recco.py tf.show
- Save the terraform file. Now the extension will start showing lintings for possible optimizations.
- For some specific recommendations you can also use Quick fix option to modify it upon hovering on the linting.
- Redoing all the changes made till now .
a. Run
git clean -fxd
this should remove all the local files created in current directory
b. Run
git reset --hard HEAD
This should set the state of repo to current HEAD
c. Finally do a reload with clear cache in your IDE. For VSCode Steps are -
- Open command pallet
cmd+shift+P
. - Choose reload window with clear cache.
- Logs are created at
cloudfix-linter/logs
folder - At times because of some version upgrade things might not work, easiest way to go about it is
- Delete cloudfix-linter folder
- Reload vscode window
ctrl+shift+p
to open command palette- Select
Developer: Reload Window
- This will reinstall the linter to reinitiate the process from scratch