Job Output

Note that "external resource" refers to a cloud resource that is outside of Terraform control but living within your public cloud.

New Terraform Code for External Resources

Each identified external resource has Terraform code generated for it and placed into the directory associated with the workspace that dragondrop has identified as most appropriate for the resource. This new Terraform code is generated in a file called "", allowing you to take the configuration and place it within your organized Terraform files with desired syntax modifications (modules, loops, etc.). At the top of each resource is information on the Cloud Actor who created and most recently modified the resource.

Migration Statements for Importing Resources

Each identified external resource also has a matching state migration statement to import cloud resources generated within the Pull Request. This allows you to store all resource imports as code within your VCS instead of running state migration commands arbitrarily and without record through the CLI.

State of Cloud Report and Cloud Actor Identification

Each Pull Request outputs via a PR comment a "State of Cloud Report" which provides a high level summary of the drifted and new-to-Terraform resources identified by dragondrop. It also outputs a summary of the Cloud Actors that made changes outside of your Terraform workflow, allowing you to close the loop on Terraform drift.

Drift Within Terraform-Managed Resources

Cleaner than parsing terraform plan, each job outputs the specific resource attributes that have drifted for resources that are already managed by Terraform. If this is the only type of drift that your organization would like to identify and surface, that is configurable within your job.

Resource Cost Calculations

Within the State of Cloud Report, as well as for individual resources, dragondrop provides detailed cost calculations. Provides users a single pane for their cloud costs (both controlled by Terraform and uncontrolled) within a Pull Request. Cost calculations are powered by a native Infracost integration.

Security Risk Surfacing

Identify for all scanned resources, by resource instance, security risks within your cloud.

Last updated