Terraform stands out as a powerful Infrastructure-as-Code (IaC) tool on its own, yet as the sophistication of your infrastructure grows, you might discover the need for additional tooling for specific use-cases. We will explore some of the leading tools currently employed in deployments managed by Terraform.
Digger
Digger is an Open Source IaC management platform that allows you to orchestrate terraform/OpenTofu in your CI/CD system. It helps you reuse async jobs infrastructure with compute, orchestration, logs, etc of your existing CI. Digger also has a pro version built on top of Digger’s community edition. Digger’s “bring your own compute” philosophy ensures that users have private runners by default and don’t have to pay for it additionally. Digger pro gives team leads, managers and IaC practitioners dashboards, Drift Detection, RBAC via OPA policies and concurrency so they can help guide the team.
Star Digger on Github ⭐️
Checkov
Checkov is a versatile static code analysis tool designed for infrastructure as code (IaC) and software composition analysis (SCA). It supports a wide range of technologies, including Terraform, CloudFormation, Kubernetes, Docker, and others, to detect security and compliance issues through graph-based scanning. Checkov also performs SCA scans, identifying vulnerabilities in open source packages and images by checking for Common Vulnerabilities and Exposures (CVEs). Additionally, it is integrated into Prisma Cloud Application Security, a platform that helps developers secure cloud resources and infrastructure-as-code files, enabling the identification, rectification, and prevention of misconfigurations throughout the development lifecycle.
Former2
Former2 is a tool that automates the creation of Infrastructure-as-Code (IaC) scripts from existing AWS resources. It utilizes the AWS JavaScript SDK to scan the user’s AWS infrastructure, identifying all available resources. Users can then select from this list which resources they want to include in their IaC outputs. This process simplifies the task of writing IaC scripts, especially for complex environments, by directly converting current AWS configurations into ready-to-use code. Former2 is particularly useful for documenting existing infrastructure or for migrating manually created resources into an IaC framework.
Infracost
Infracost is a tool that provides cloud cost estimates for infrastructure managed by Terraform. It enables engineers to view and understand the financial impact of their infrastructure changes before they are applied. Infracost integrates directly into the workflow, offering cost breakdowns in various environments like the terminal, Visual Studio Code, or directly within pull requests. This feature allows for more informed decision-making regarding infrastructure modifications, promoting cost-awareness and budget management in the early stages of development. Infracost is particularly useful for teams looking to balance cloud resource utilization with budget constraints. Infracost Cloud is their SaaS product that builds on top of Infracost open source and works with CI/CD integrations. It gives team leads, managers and FinOps practitioners dashboards, guardrails, centralized cost policies and Jira integration so they can help guide the team (e.g. switch AWS GP2 volumes to GP3).
Terragrunt
Created and maintained by Gruntwork, Terragrunt is a tool designed to enhance Terraform’s capabilities. It acts as a thin wrapper around Terraform, offering additional features to streamline and optimise Terraform usage. Key functions of Terragrunt include helping users keep their Terraform configurations DRY (Don’t Repeat Yourself), efficiently managing multiple Terraform modules, and handling remote state management. By reducing repetition in Terraform code and simplifying the management of complex module dependencies and remote state, Terragrunt makes working with Terraform more efficient, especially for larger or more complex infrastructure deployments.
Sato
Sato is a conversion tool designed to translate CloudFormation and ARM (Azure Resource Manager) templates into Terraform configurations. Developed in Go, Sato stands out for its speed and efficiency in this conversion process. By automating the translation of existing templates into Terraform’s syntax, Sato facilitates a smoother and quicker migration to Terraform’s ecosystem.
Prettyplan
Prettyplan is a user-friendly tool designed to simplify the review of large Terraform plan outputs. It enhances readability by providing an online interface where users can paste their Terraform plan output, which is then reorganized into a more manageable format. Key features include expandable and collapsible sections for a comprehensive yet detailed view, a tabular layout for straightforward comparison of old and new values, and improved display formatting for multi-line strings like JSON documents. Initially created for Terraform versions up to 0.11, Prettyplan’s relevance has diminished with Terraform’s 0.12 update, which incorporated many of Prettyplan’s functionalities, leading to no further updates for the tool.
Regula
Regula is a dynamic tool designed for pre-deployment security and compliance checks of infrastructure as code (IaC) for multiple cloud providers and Kubernetes. It supports an array of file types, including CloudFormation JSON/YAML templates, Terraform source code and JSON plans, Kubernetes YAML manifests, and Azure Resource Manager (ARM) JSON templates (currently in preview). Regula leverages a rule library written in Rego, the language used by the Open Policy Agent (OPA) project, offering robust policy evaluation. It integrates seamlessly with popular CI/CD tools like Jenkins, Circle CI, and AWS CodePipeline, and even includes a GitHub Actions example for easy setup. Regula’s policies are aligned with CIS Benchmarks for AWS, Azure, Google Cloud, and Kubernetes, aiding in comprehensive compliance assessments. This tool is actively developed and maintained by the team at Fugue.
Terraboard
Terraboard is a web-based dashboard designed for visualizing and querying Terraform states. It offers several key features: an overview page that lists the most recently updated state files along with their activities; a detailed state page showing versions and resource attributes of state files; a search interface for querying resources by type, name, or attributes; and a diff interface for comparing state versions. Terraboard supports various remote state backend providers, including AWS S3 for state management and DynamoDB for locking, S3-compatible backends like MinIO, Google Cloud Storage, Terraform Cloud (remote), and GitLab. This makes it a versatile tool for managing and understanding Terraform state files.
tfmigrate
Tfmigrate is a Terraform state migration tool tailored for GitOps workflows. It enhances Terraform’s state management by allowing users to write state move (mv), remove (rm), and import commands in HCL, enabling them to plan and apply changes in a structured, version-controlled manner. The tool supports monorepo styles, facilitating the movement of resources between different Terraform states, which is essential for refactoring and managing large, complex infrastructures. Tfmigrate also offers a dry run feature, allowing users to simulate state operations with a temporary local state and verify the impact of migrations without affecting the remote state. Additionally, it maintains a history of migrations, ensuring that all changes are tracked and can be sequentially applied. This robust tracking makes tfmigrate a reliable tool for managing state migrations in a controlled and predictable way.
Digger
Thank you for reading until the end. Before you go, wanted to share the following:
- We’re building an Open Source Tool that helps you orchestrate Terraform within CI/CD systems such as GitHub Actions while providing RBAC via OPA, Drift Detection and Concurrency with a self hostable orchestrator backend. Would love your feedback!
- Star us on GitHub | Check out Docs | Blog | Slack
