From f9768019e2b2c98c028d4d24bec61baea0fc5985 Mon Sep 17 00:00:00 2001 From: Moshe Immermam Date: Tue, 3 Dec 2024 01:08:50 +0200 Subject: [PATCH] feat: add integrations category --- mission-control/docs/integrations/argo.mdx | 24 ++++ .../docs/integrations/aws/catalog.md | 3 + .../docs/integrations/aws/cloudformation.md | 53 ++++++++ .../docs/integrations/aws/cloudtrail.md | 39 ++++++ .../docs/integrations/aws/cloudwatch.md | 3 + mission-control/docs/integrations/aws/cur.md | 39 ++++++ mission-control/docs/integrations/azure.mdx | 3 + .../docs/integrations/crossplane.mdx | 45 +++++++ .../docs/integrations/flux/catalog.md | 24 ++++ .../docs/integrations/flux/index.md | 3 + .../docs/integrations/flux/playbooks.md | 113 ++++++++++++++++++ .../docs/integrations/flux/topology.md | 27 +++++ mission-control/docs/integrations/helm.mdx | 0 mission-control/docs/integrations/index.md | 13 ++ .../docs/integrations/kubernetes/catalog.mdx | 49 ++++++++ .../docs/integrations/kubernetes/index.md | 4 + .../docs/integrations/kubernetes/playbooks.md | 61 ++++++++++ .../docs/integrations/postgres.mdx | 3 + .../docs/integrations/prometheus.mdx | 3 + .../docs/integrations/sql-server.mdx | 3 + .../docs/integrations/terraform.mdx | 61 ++++++++++ 21 files changed, 573 insertions(+) create mode 100644 mission-control/docs/integrations/argo.mdx create mode 100644 mission-control/docs/integrations/aws/catalog.md create mode 100644 mission-control/docs/integrations/aws/cloudformation.md create mode 100644 mission-control/docs/integrations/aws/cloudtrail.md create mode 100644 mission-control/docs/integrations/aws/cloudwatch.md create mode 100644 mission-control/docs/integrations/aws/cur.md create mode 100644 mission-control/docs/integrations/azure.mdx create mode 100644 mission-control/docs/integrations/crossplane.mdx create mode 100644 mission-control/docs/integrations/flux/catalog.md create mode 100644 mission-control/docs/integrations/flux/index.md create mode 100644 mission-control/docs/integrations/flux/playbooks.md create mode 100644 mission-control/docs/integrations/flux/topology.md create mode 100644 mission-control/docs/integrations/helm.mdx create mode 100644 mission-control/docs/integrations/index.md create mode 100644 mission-control/docs/integrations/kubernetes/catalog.mdx create mode 100644 mission-control/docs/integrations/kubernetes/index.md create mode 100644 mission-control/docs/integrations/kubernetes/playbooks.md create mode 100644 mission-control/docs/integrations/postgres.mdx create mode 100644 mission-control/docs/integrations/prometheus.mdx create mode 100644 mission-control/docs/integrations/sql-server.mdx create mode 100644 mission-control/docs/integrations/terraform.mdx diff --git a/mission-control/docs/integrations/argo.mdx b/mission-control/docs/integrations/argo.mdx new file mode 100644 index 00000000..89841f82 --- /dev/null +++ b/mission-control/docs/integrations/argo.mdx @@ -0,0 +1,24 @@ +--- +draft: true +--- + +# ArgoCD Integration + +Mission Control integrates with ArgoCD to provide monitoring and relationship tracking of ArgoCD Applications and their associated resources. + +## Resource Scraping & Relationships + +The integration automatically scrapes ArgoCD Applications (Custom Resources with apiVersion starting with `argoproj.io`) and establishes parent-child relationships between the Application and its deployed resources. This is done by: + +1. Examining the `status.resources` field of ArgoCD Applications +2. Creating links between the Application and each resource referenced in the status +3. Tracking resources across all supported Kubernetes types like Deployments, Services, ConfigMaps etc. + +For example, if an ArgoCD Application deploys a Deployment and Service, Mission Control will automatically: +- Detect the Application as the parent resource +- Link it to the child Deployment and Service resources +- Allow you to navigate and view the full resource hierarchy + +## Health Status + +ArgoCD's built-in health checks are used to determine the overall health status of Applications and their resources. The status is gathered from ArgoCD's native health assessment and surfaced in Mission Control's UI. diff --git a/mission-control/docs/integrations/aws/catalog.md b/mission-control/docs/integrations/aws/catalog.md new file mode 100644 index 00000000..4d6e3deb --- /dev/null +++ b/mission-control/docs/integrations/aws/catalog.md @@ -0,0 +1,3 @@ +--- +draft: true +--- diff --git a/mission-control/docs/integrations/aws/cloudformation.md b/mission-control/docs/integrations/aws/cloudformation.md new file mode 100644 index 00000000..e8076a47 --- /dev/null +++ b/mission-control/docs/integrations/aws/cloudformation.md @@ -0,0 +1,53 @@ +--- +draft: true +--- + +# CloudFormation + +CloudFormation stacks and their relationships are automatically tracked by Mission Control through the AWS scraper. Here's how it works: + +![](/img/cloudformation.svg) + +## Features + +- Tracks all CloudFormation stacks across enabled regions +- Automatically discovers stack dependencies and relationships +- Links resources created by CloudFormation stacks back to their parent stack +- Provides status and health monitoring of stacks +- Creates deep links to the AWS Console +- Retains stack deletion history and reasons + +## Stack Relationships + +Any AWS resource that has an `aws:cloudformation:stack-id` tag is automatically linked to its parent CloudFormation stack. The scraper: + +1. Discovers the stack ID from resource tags +2. Creates a parent relationship from the resource to the stack +3. Moves any default parent relationships to soft relationships +4. Maintains the full stack tree hierarchy + +## Stack Properties + +The following properties are tracked for each stack: + +- Stack name and ID +- Creation time +- Deletion time and reason (if deleted) +- Current status and health state +- Stack status reason messages +- Console URL link + +## Configuration + +CloudFormation scraping is enabled by default when AWS scraping is configured. Include "cloudformation" in the AWS scraper config to explicitly enable it: + +```yaml +spec: + aws: + - regions: ['us-east-1'] + includes: ['cloudformation'] +``` + +## Learn More + +- [AWS](/config-db/scrapers/aws) Scraper diff --git a/mission-control/docs/integrations/aws/cloudtrail.md b/mission-control/docs/integrations/aws/cloudtrail.md new file mode 100644 index 00000000..0805ddd5 --- /dev/null +++ b/mission-control/docs/integrations/aws/cloudtrail.md @@ -0,0 +1,39 @@ +--- +draft: true +--- + +# CloudTrail Integration + +Mission Control integrates with AWS CloudTrail to track API activity and changes across your AWS accounts. The AWS scraper handles CloudTrail events and trails. + +## Features + +- Discovers CloudTrail trails across regions +- Maps trail configurations and settings +- Links trails to their associated S3 buckets +- Tracks multi-region trail setups +- Creates relationships between trails and logged resources + +## Trail Properties + +The following properties are tracked for CloudTrail trails: + +- Trail name and ARN +- Associated S3 bucket and prefix +- Multi-region status +- Log file validation settings +- CloudWatch logs configuration +- KMS encryption settings + +## Configuration + +CloudTrail scraping is enabled by default in the AWS scraper. Include "cloudtrail" in the AWS config to explicitly enable it: + +```yaml +spec: + aws: + - regions: ['us-east-1'] + includes: ['cloudtrail'] +``` + +This allows Mission Control to maintain a complete audit trail of changes across your AWS infrastructure. diff --git a/mission-control/docs/integrations/aws/cloudwatch.md b/mission-control/docs/integrations/aws/cloudwatch.md new file mode 100644 index 00000000..4d6e3deb --- /dev/null +++ b/mission-control/docs/integrations/aws/cloudwatch.md @@ -0,0 +1,3 @@ +--- +draft: true +--- diff --git a/mission-control/docs/integrations/aws/cur.md b/mission-control/docs/integrations/aws/cur.md new file mode 100644 index 00000000..5f1ebfeb --- /dev/null +++ b/mission-control/docs/integrations/aws/cur.md @@ -0,0 +1,39 @@ +--- +draft: true +--- + +# Cost & Usage Reports + +Mission Control can track AWS Cost and Usage Reports (CUR) to help monitor and analyze your AWS spending. The AWS scraper handles CUR data collection. + +## Features + +- Discovers configured Cost and Usage Reports +- Maps report delivery settings and schedules +- Links reports to their S3 buckets +- Tracks report time ranges and formats +- Creates relationships to billed resources + +## Report Properties + +The following properties are tracked for Cost and Usage Reports: + +- Report name and ARN +- S3 bucket and prefix path +- Time granularity settings +- File format and compression +- Report content configuration +- Resource IDs and tagging + +## Configuration + +CUR scraping is enabled by default in the AWS scraper. Include "cur" in the AWS config to explicitly enable it: + +```yaml +spec: + aws: + - regions: ['us-east-1'] + includes: ['cur'] +``` + +This allows Mission Control to help track and analyze your AWS infrastructure costs. diff --git a/mission-control/docs/integrations/azure.mdx b/mission-control/docs/integrations/azure.mdx new file mode 100644 index 00000000..4d6e3deb --- /dev/null +++ b/mission-control/docs/integrations/azure.mdx @@ -0,0 +1,3 @@ +--- +draft: true +--- diff --git a/mission-control/docs/integrations/crossplane.mdx b/mission-control/docs/integrations/crossplane.mdx new file mode 100644 index 00000000..5b3a546d --- /dev/null +++ b/mission-control/docs/integrations/crossplane.mdx @@ -0,0 +1,45 @@ +--- +draft: true +--- + +# Crossplane Integration + +Mission Control integrates deeply with Crossplane to provide visibility and relationships across your cloud infrastructure resources managed through Crossplane. + +## How It Works + +Mission Control's Kubernetes scraper (`kubernetes.go`) automatically detects and handles Crossplane resources by: + +1. Identifying Crossplane resources through their API group - any resource with an apiVersion containing `.upbound.io` or `.crossplane.io` is treated as a Crossplane resource. + +2. Categorizing them with a special "Crossplane::" type prefix instead of the standard "Kubernetes::" prefix to distinguish them from regular Kubernetes resources. + +3. Building relationships between: + - Crossplane managed resources and their providers + - Crossplane composite resources (XRs) and their composed resources + - Crossplane resources and their underlying cloud infrastructure + +## Resource Relationships + +The scraper automatically establishes relationships between: + +- Crossplane Providers and their managed resources +- Composite Resources (XRs) and their composed resources +- Crossplane managed resources and their cloud provider equivalents (e.g. AWS RDS instances) + +The relationships are created through: + +1. Owner references on managed resources pointing to their providers +2. Cross-references between XRs and composed resources +3. Cloud provider specific external IDs linking to actual cloud resources + +## Scraping and Monitoring + +The scraper: + +- Watches for changes to Crossplane resources through the Kubernetes event stream +- Tracks health and status of Crossplane resources +- Maps relationships between components +- Provides visibility into the full stack - from Crossplane CRDs down to cloud resources + +This enables Mission Control to provide a complete view of your Crossplane-managed infrastructure with proper relationship mapping and real-time updates. diff --git a/mission-control/docs/integrations/flux/catalog.md b/mission-control/docs/integrations/flux/catalog.md new file mode 100644 index 00000000..9b59aca2 --- /dev/null +++ b/mission-control/docs/integrations/flux/catalog.md @@ -0,0 +1,24 @@ +--- +title: Catalog +--- +import { IoIosHeart } from "react-icons/io"; + +# FluxCD + +Mission Control provides built-in support for relating Flux resources to each other, determining their health status, and building a dependency graph. This allows you to: + +- Visualize relationships between Flux resources like `Kustomizations`, `HelmReleases`, `GitRepositories` etc. +- Track the health and status of related Flux resources +- Understand dependencies between resources to troubleshoot issues +- Build a graph showing how Flux resources connect and depend on each other +- Monitor the overall health of your Flux-based GitOps workflows + + +![](/img/helmrelease-graph.png) + + +## Next Steps + +1. Use self-service [playbooks](./playbooks) to enable a ClickOps experience, while still leveraging the power of GitOps. +2. Manage and monitor Flux with a [topology](./topology) view, providing the missing GUI for Flux. +3. [Continuously test your control plane](/canary-checker/tutorials/control-plane-testing) with `kubernetesResource` canaries diff --git a/mission-control/docs/integrations/flux/index.md b/mission-control/docs/integrations/flux/index.md new file mode 100644 index 00000000..0a9af4e8 --- /dev/null +++ b/mission-control/docs/integrations/flux/index.md @@ -0,0 +1,3 @@ +--- +title: Flux +--- diff --git a/mission-control/docs/integrations/flux/playbooks.md b/mission-control/docs/integrations/flux/playbooks.md new file mode 100644 index 00000000..ef3c9bc9 --- /dev/null +++ b/mission-control/docs/integrations/flux/playbooks.md @@ -0,0 +1,113 @@ +--- +title: Playbooks +--- + +# Flux Playbooks + +import { IoIosCheckmarkCircleOutline } from "react-icons/io"; +import Git from '@site/docs/partials/\_git_all.mdx'; + +Mission control enhances a [flux](https://fluxcd.io/flux) deployment with: + +1. An Argo style graph between Flux resources and the objects they create +2. A playbook libary that includes a GUI for both day 2 operations with `flux` cli and a Git +3. Health checks on all flux resources based on `status.conditions` +4. Alert silencing based on Flux hierachy - i.e. Silence all alerts for objects created by this Kustomization/HelmChart + +## Playbooks + +The following playbooks work by calling the `flux` CLI directly + +| Playbook | Kustomization | HelmRelease | +| ---------------------------------------------------------------------- | ------------------------------------------------------- | ------------------------------------------------------- | +| SuspendRuns `flux suspend` | | | +| ResumeRuns`flux resume` | | | +| ReconcileRuns`flux resume` | | | + +### ClickOps + +The following playbooks enable a ClickOps style of working, but with all changes implemented using standard pull request workflows, giving developers self-service, guardrail driven access to make changes without direct git access or expertise. + +| Playbook | Kustomization | HelmRelease | Namespace | Deployment | +| ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------- | ------------------------------------------------------- | ------------------------------------------------------- | ------------------------------------------------------- | +| Edit Updates the YAML of a resource | | | | | +| Create KustomizationCreates a new `Kustomization` and inserts it into the file containing the selected `Kustomization` | | | | | +| Create NamespaceCreates a new folder with a `kustomization.yaml` and `namespace.yaml` and then adds it the `bases` | | | | | +| Create DeploymentCreates a new `Deployment` and inserts it into the `Kustomization` that created the namespace | | | | | +| Create Helm ChartCreates a new `HelmRelease` and inserts it into the `Kustomization` that created the namespace | | | | | +| Update Values Updates `.spec.values` | | | | | +| Update Chart Version Updates `.spec.chart.spec.version` | | | | | +| ScaleUpdates `.spec.replicas` | | | | | +| Update Resources Updates `containers[0].resources` | | | | | +| Update Image Updates `containers[0].image` | | | | | + +### Just In Time (JIT) Access + +Just In Time playbooks provide a mechnism to grant users access to a namespace for a short space of time, this works by creating a new `Rolebinding` resource and inserting it into the kustomization resources, and then after the expiry window deleting the resources from git. + +This approach provides a single audit trail of who has received access, and limits the need for the control plane to have direct access to update permissions. + +| Playbook | Namespace | +| -------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------- | +| Request Access Creates a new `RoleBinding` with an optional expiry | | + +## Getting Started + +:::info Prerequisites +To enable the Flux integration you need + +- Mission Control [installed](/installation/) +- [kubectl](/installation/saas/kubectl) access to the Mission Control instance + ::: + +1. Create a github connection +

+ :::note Optional + This step is optional if you do not plan to use the ClickOps playbooks. + ::: + + + +2. Install the [mission-control-playbooks-flux](https://artifacthub.io/packages/helm/flanksource/mission-control-playbooks-flux) chart + + + +3. Annotate resources with `config.kubernetes.io/origin` + + The annotation is added by kustomize when the `originAnnotations` build flag is set: + + ```yaml title='kustomization.yaml' + apiVersion: kustomize.config.k8s.io/v1beta1 + kind: Kustomization + // highlight-next-line + buildMetadata: [originAnnotations] + ``` + +## Best Practises + +- Don't provide the service account user who is submitting Pull Requests direct access to commit to `main`. +- Use branch protection policies to require pull requests, passing tests and selective approval +- Implement PR based integration tests that ensure changes: + - Compile using + ```shell + kustomization build + ``` + - Are compatible with your kubernetes API versions and CRD's with: + ```shell + kustomization build | kubectl apply -f - --dry-run=service + ``` + - Passes all compliance and governance rule +- Auto Merge PR's that are safe + +## Learn More + +- Playbook [exec](/playbooks/actions/exec) and [gitops](/playbooks/actions/gitops) actions +- [ Auto Merging PRs](https://jhale.dev/posts/auto-merging-prs/) by @jhale, has a run-down of using Github Actions to automerge, with some gotchas +- [ trivy](https://trivy.dev/) - A mis-configuration, secrets and compliance scanner with good support for Kubernetes +- [ bulldozer](https://github.com/palantir/bulldozer) and [ policy-bot](https://github.com/palantir/policy-bot) for auto-merging PR's using customizable rules and policies diff --git a/mission-control/docs/integrations/flux/topology.md b/mission-control/docs/integrations/flux/topology.md new file mode 100644 index 00000000..bb4e129c --- /dev/null +++ b/mission-control/docs/integrations/flux/topology.md @@ -0,0 +1,27 @@ +--- +title: Topology +--- + +The flux topology + +![](/img/flux-topology.svg) + +## Getting Started + +:::info Prerequisites +To enable the Flux Topology you need + +- Mission Control [installed](/installation/) +- [kubectl](/installation/saas/kubectl) access to the Mission Control instance +- Scrape configuration for a [kubernetes](../kubernetes/config) cluster + ::: + +1. Install the [mission-control-flux](https://artifacthub.io/packages/helm/flanksource/mission-control-flux) chart + + + + :::note Single + This chart only needs to be installed once, + ::: diff --git a/mission-control/docs/integrations/helm.mdx b/mission-control/docs/integrations/helm.mdx new file mode 100644 index 00000000..e69de29b diff --git a/mission-control/docs/integrations/index.md b/mission-control/docs/integrations/index.md new file mode 100644 index 00000000..89c5203c --- /dev/null +++ b/mission-control/docs/integrations/index.md @@ -0,0 +1,13 @@ +--- +title: Integrations +sidebar_position: 1 +--- + +We provide ready to use helm charts for setting up: + +- [Kubernetes](/registry/kubernetes) +- [AWS](/registry/aws) +- [Azure](/registry/azure) +- [Prometheus](/registry/prometheus) +- [FluxCD](/registry/fluxcd) +- [ArgoCD](/registry/argocd) diff --git a/mission-control/docs/integrations/kubernetes/catalog.mdx b/mission-control/docs/integrations/kubernetes/catalog.mdx new file mode 100644 index 00000000..c0e1a336 --- /dev/null +++ b/mission-control/docs/integrations/kubernetes/catalog.mdx @@ -0,0 +1,49 @@ +--- +title: Setup + +sidebar_position: 1 +--- + +import { MenuItem } from '@site/src/components/Menu'; +import { IoIosCheckmarkCircleOutline } from "react-icons/io"; + + + +Mission Control provides comprehensive monitoring and management capabilities for your Kubernetes clusters. It automatically discovers and tracks: + +- All standard Kubernetes resources (Pods, Deployments, Services, etc.) +- Custom Resources (CRDs) +- Resource health status via [is-healthy](https://github.com/flanksource/is-healthy) +- Configuration changes +- Resource relationships and dependencies + +This enables you to: +- Get real-time visibility into your cluster's state +- Troubleshoot issues faster with relationship mapping +- Track configuration drift and changes over time +- Monitor resource utilization and capacity +- Ensure compliance with security policies +- Manage multiple clusters from a single interface + + + +1. Install the Kubernetes chart + + + + + +1. Install common playbooks for interacting with Kubernetes items + + +## Learn More + +- Kubernetes Scraper [kubernetes](/config-db/scrapers/kubernetes) +- [ Auto Merging PRs](https://jhale.dev/posts/auto-merging-prs/) by @jhale, has a run-down of using Github Actions to automerge, with some gotchas +- [ trivy](https://trivy.dev/) - A mis-configuration, secrets and compliance scanner with good support for Kubernetes +- [ bulldozer](https://github.com/palantir/bulldozer) and [ policy-bot](https://github.com/palantir/policy-bot) for auto-merging PR's using customizable rules and policies diff --git a/mission-control/docs/integrations/kubernetes/index.md b/mission-control/docs/integrations/kubernetes/index.md new file mode 100644 index 00000000..83874b1b --- /dev/null +++ b/mission-control/docs/integrations/kubernetes/index.md @@ -0,0 +1,4 @@ +--- +title: Kubernetes +sidebar_class_name: icon-kubernetes +--- diff --git a/mission-control/docs/integrations/kubernetes/playbooks.md b/mission-control/docs/integrations/kubernetes/playbooks.md new file mode 100644 index 00000000..687c3649 --- /dev/null +++ b/mission-control/docs/integrations/kubernetes/playbooks.md @@ -0,0 +1,61 @@ +--- +title: Playbooks +--- + +import { IoIosCheckmarkCircleOutline } from "react-icons/io"; + +Self-service playbooks empower teams to manage their Kubernetes resources efficiently: + +- **Reduced operational overhead**: Teams can perform common tasks without DevOps intervention +- **Standardized operations**: Ensure consistent execution of tasks across clusters +- **Faster incident response**: Enable developers to troubleshoot and resolve issues +- **Improved security**: Controlled access to cluster operations through predefined playbooks +- **Better developer experience**: User-friendly interface for complex Kubernetes operations + Common use cases include: +- Developers checking application logs and debugging issues +- Teams scaling deployments during high traffic periods +- Application owners updating container images for new releases +- Project teams requesting access to namespaces +- DevOps automating resource cleanup and management + +The following playbooks are available for use: +| Playbook | Pod | Deployment | Namespace | Cluster | +| ------------------------------------------------------------ | ------------------------------------------------------- | ------------------------------------------------------- | ------------------------------------------------------- | ------------------------------------------------------- | +| Delete | | | | | +| Logs | | | | | +| Scale Updates `.spec.replicas` | | | | | +| Update Resources } link="../flux#clickops">Updates `.spec.containers[0].resources` | | | | | +| Update Image Updates `.spec.containers[0].image` | | | | | +| Create Helm Chart Creates and installs a new helm chart using `helm install` | | | | | +| Create Deployment | | | | | +| Request Access Creates a new `RoleBinding` for the specified user with an optional expiry | | | | | +| Create Namespace | | | | | +| | | | | | +| | | | | | + +## Getting Started + +1. Install the `mission-control-playbooks-kubernetes` helm chart. + +If you are using the SaaS, then this needs to be installed on the SaaS vCluster using [kubectl](/installation/saas/kubectl) + + + +:::info Note +The playbooks chart only needs to be installed once, unlike the `mission-control-kubernetes` chart which is per cluster +::: + +## Customizing playbooks + +To customize the default playbooks, you can turn off the playbook in the chart: + +1. For example, to disable the `delete-pod` playbook + + ```yaml + deletePod: false + ``` + +2. Copy the playbook from [here](https://github.com/flanksource/mission-control-registry/tree/main/charts/playbooks-kubernetes/templates) to your own repository. diff --git a/mission-control/docs/integrations/postgres.mdx b/mission-control/docs/integrations/postgres.mdx new file mode 100644 index 00000000..4d6e3deb --- /dev/null +++ b/mission-control/docs/integrations/postgres.mdx @@ -0,0 +1,3 @@ +--- +draft: true +--- diff --git a/mission-control/docs/integrations/prometheus.mdx b/mission-control/docs/integrations/prometheus.mdx new file mode 100644 index 00000000..25867d5c --- /dev/null +++ b/mission-control/docs/integrations/prometheus.mdx @@ -0,0 +1,3 @@ +--- +unlisted: true +--- diff --git a/mission-control/docs/integrations/sql-server.mdx b/mission-control/docs/integrations/sql-server.mdx new file mode 100644 index 00000000..4d6e3deb --- /dev/null +++ b/mission-control/docs/integrations/sql-server.mdx @@ -0,0 +1,3 @@ +--- +draft: true +--- diff --git a/mission-control/docs/integrations/terraform.mdx b/mission-control/docs/integrations/terraform.mdx new file mode 100644 index 00000000..22c2f266 --- /dev/null +++ b/mission-control/docs/integrations/terraform.mdx @@ -0,0 +1,61 @@ +--- +draft: true +--- +# Terraform Integration + +The Terraform integration allows Mission Control to scrape and analyze your Terraform state files to build relationships between your infrastructure resources. The scraper examines Terraform state files to extract resource information and establish connections between different AWS resources. + +## How It Works + +The Terraform scraper performs the following key functions: + +1. **State File Processing**: + - Loads Terraform state files from specified locations + - Parses the JSON state data to extract resource information + - Maintains the state file lineage as a unique identifier + +2. **Resource Relationship Mapping**: + - Identifies managed AWS resources in the Terraform state + - Extracts ARN (Amazon Resource Name) information from resource attributes + - Creates relationships between Terraform configurations and AWS resources using ARNs + +3. **Configuration Tracking**: + - Creates unique configurations for each Terraform state + - Masks sensitive attributes in the state data + - Maintains aliases and identifiers for tracking purposes + +## Example Configuration + +```yaml +spec: + terraform: + - name: "{{.path}}" # Uses the state file path as the configuration name + state: + path: "/path/to/terraform/states" # Directory containing terraform state files +``` + +The scraper currently supports AWS resources and can extract relationships based on various ARN attributes including: +- Standard ARN +- Policy ARN +- Function ARN +- Role ARN +- KMS Key ARN +- Bucket ARN +- Topic ARN +- Queue ARN +- Lambda ARN +- Cluster ARN +- Instance ARN +- Execution ARN +- Stream ARN + +## Generated Relationships + +For each AWS resource found in the Terraform state, the scraper creates a relationship between: +- The Terraform module configuration (identified by its lineage) +- The corresponding AWS resource (identified by its ARN) + +These relationships help in: +- Understanding resource dependencies +- Tracking infrastructure changes +- Mapping infrastructure relationships across your AWS environment