Amazon Elastic Container Service (ECS) is a fully managed container orchestration service designed to streamline the deployment and management of containerized applications. ECS comprises multiple resources, such as ECS Cluster, ECS Service, ECS Task, and Task Definition. Typically, customers utilizing ECS have dozens of services running in a cluster, alongside an equal or greater number of Task Definitions, ECS Import to Terraform and OpenTofu can help to reduce toil.

Why ECS Import to Terraform and OpenTofu matters?

Managing these resources manually can be challenging, error-prone, and difficult to maintain, particularly for Task Definition resources that consist of numerous properties and configurations. Leveraging Terraform to manage ECS resources is essential for tracking changes and preventing mistakes before they occur.

Our latest addition to the ControlMonkey platform enables lightning-fast, one-click import of ECS resources, including:

• ECS Cluster(aws_ecs_cluster)
• ECS Service(aws_ecs_service),
• ECS Capacity Provider(aws_ecs_capacity_provider)
• ECS Task Definition(aws_ecs_task_definition)
• and others.

Controlmonkey simplifying ECS import to IaC

By simplifying the ECS Import to Terraform and OpenTofu process, we aim to help you focus on what matters most: efficiently deploying and managing your containerized applications. Our one-click import feature ensures that your ECS resources are accurately represented in your Terraform state files, allowing you to monitor and maintain your infrastructure with confidence.

Furthermore, our Control Policies ensure that your Terraform configurations adhere to best practices and compliance requirements. This reduces the risk of configuration errors and promotes a more secure and reliable infrastructure. With ControlMonkey’s lightning-fast ECS import feature, you can effortlessly manage your ECS resources, streamline your workflows, and maintain the stability and security of your infrastructure.

If you’re looking to ECS Import to Terraform and OpenTofu to manage your ECS. don’t hesitate to reach out to us at ControlMonkey. Our team of experts is ready to help you in your Terraform journey.

Today, we are happy to announce our latest addition to ControlMonkey’s CI/CD solution – Control Policies! Control Policies provide customers with preventive controls to help them avoid errors and misconfigurations in production, making it an essential tool for DevOps teams.

With Control Policies, DevOps teams receive instant feedback for any proposed infrastructure configuration changes before they are deployed to their live environment. DevOps members get immediate input on any misconfigurations or non-compliant changes as part of their CI (Continuous Integration) pipeline, enabling them to take corrective action quickly and efficiently. Utilizing this GitOps methodology can save a significant amount of time that would otherwise be spent on reviewing incorrect code among DevOps team members.

ControlMonkey Preventive Controls

By offering preventive controls, ControlMonkey is taking a proactive approach to infrastructure management that can help organizations avoid costly mistakes. Compared to detective controls, which identify issues after they’ve occurred, preventive controls provide an opportunity to avoid those issues altogether. This means that Control Policies can help organizations reduce the risk of errors and misconfigurations in production, which can lead to costly downtime and lost revenue.

ControlMonkey’s Control Policies are cloud-ready, parameterized policies, which means that customers don’t need to use any specific programming language or be familiar with Terraform internals. This is a major advantage for organizations that may not have dedicated DevOps members to write policies on their own.
With Control Policies, customers can provide parameters according to their needs, and ControlMonkey takes care of the rest, including supporting different versions of Terraform and various plugin versions.

Some Examples

To better illustrate the capabilities of Control Policies, let’s explore a few examples of how they can be applied in real-world scenarios:

1. Required Tags:  A customer can define that all of their resources should have specific tag keys and tag values. If a proposed change contains a resource without those tags the build will be blocked on ControlMonkey’s CI solution. This helps maintain consistency and compliance across your infrastructure and simplifies resource management.
2. Allowed Regions:  A customer can define allowed regions in which resources can be spun up. If someone attempts to spin up resources in a different region, they will be blocked. This is highly relevant for GDPR compliance, as it helps organizations manage and maintain data residency requirements by restricting resource allocation to specific geographical locations.

These examples demonstrate the versatility and practicality of ControlMonkey’s Control Policies in addressing common infrastructure management challenges. By implementing such preventive controls, organizations can streamline their DevOps processes, save time, reduce risks, and enhance overall efficiency.

Overall, Control Policies are an essential feature that can help organizations manage their infrastructure delivery more efficiently and with fewer errors. If you’re looking for a reliable and efficient platform to manage your infrastructure, check out the ControlMonkey CI/CD pipeline with Control Policies today! 

AWS API Gateway is one of the first services introduced by AWS as part of their serverless services package. It allows developers to create, deploy, and manage APIs that are able to integrate with various backend services like Application Load Balancers and Lambda functions.

API Gateway to Terraform & OpenTofu no longer complex

However, API Gateway has also become one of the more complex services of AWS due to its multiple entities and configuration options.
It can be quite difficult to manually manage API Gateway configurations in order to track and investigate changes. It is therefore advisable to utilize Terraform for managing these configurations.
Being a complex service, it is not trivial and highly error prone to import it to Terraform manually.

Today we’re happy to announce that ControlMonkey supports a one-click Terraform import of existing API Gateway resources to simplify its management and streamline changes moving forward.

This feature allows users to easily import API Gateway resources such as API Gateway Rest API (aws_api_gateway_rest_api), API Gateway Resource (aws_api_gateway_resource), API Gateway Method (aws_api_gateway_method), API Gateway Method Response (aws_api_gateway_method_response) and more using just one click. 

Import API Gateway with 1 Click

This allows users to quickly set up and manage API Gateway resources without needing extensive manual configurations.
Combining this new capability with our Lambda Import capability is a true game-changer for managing serverless architectures in scale and simplifying AWS management for developers and DevOps teams.

By using this new feature, users can prioritize their focus on developing their APIs and have less emphasis on managing the infrastructure that supports them.

Today we’re happy to announce ControlMonkey’s support for importing AWS Lambda functions into Terraform in seconds!

AWS Lambda function is a small, single-purpose function that can be run in the cloud without the need to provision or manage servers used in serverless architectures.

In a serverless architecture, managing various moving parts can be a difficult task, especially when dealing with dozens or hundreds of Lambda functions with multiple configurations and setting variations.

However, when managing Lambda functions with Terraform, it is easier for the DevOps and R&D teams to keep track of their Lambda functions, their configurations and also to identify drifts and discrepancies in their settings.

Manually importing Lambda functions into Terraform can be a tiresome and error-prone task. Moreover, if there are hundreds of functions that need to be imported, it can consume a significant amount of time.

ControlMonkey now supports an easy Terraform import of Lambda Function (aws_lambda_function), Lambda Layer (aws_lambda_layer_version), and Lambda Alias (aws_lambda_alias).

AWS IAM (Identity and Access Management) is a service that provides a centralized way to manage access to AWS resources. It allows you to create and manage AWS users and groups, and assign permissions to them to access AWS resources.

Managing IAM resources through Terraform is essential to maintain full control over the permissions delegated to users, roles, and third-party solutions.
The primary reason for managing IAM resources through Terraform is to maintain a desired state for how the permissions posture should look like. By defining this state in code, organizations can ensure that their cloud infrastructure is always in line with their security policies and compliance requirements.

Another critical reason for using Terraform for IAM management is to review any changes in permissions before deployment. This practice ensures that all modifications to permissions are carefully evaluated and approved before they are implemented.
This approach can help prevent accidental or intentional misuse of permissions, which could lead to security breaches or other types of cyber threats that could compromise the integrity of the cloud infrastructure.

We are excited to announce that ControlMonkey now provides one-click import support for all IAM resources to Terraform. This includes Users (aws_iam_user), Groups (aws_iam_group), Policies (aws_iam_policy), Roles (aws_iam_role) and more.

ControlMonkey stands out from other platforms because it not only supports Terraform code generation but also prepares the Terraform state file. It ensures that there are no drifts in the state file and provides a one-click solution to import resources without the need to re-provision them.
This feature is particularly important when dealing with IAM entities that are already in use by various users, roles, and third-party solutions, where re-provisioning could cause disruptions and potentially affect the security and stability of the infrastructure.

With ControlMonkey, managing IAM resources is no longer a daunting task, but rather an automated and streamlined process that ensures the highest level of security for cloud infrastructure.

ControlMonkey Joins the AWS ISV Accelerate Program

What Is the AWS ISV Accelerate Program?

The AWS ISV Accelerate Program is Amazon Web Services’ co-sell program for Independent Software Vendors (ISVs) that integrate with or run on AWS. It’s designed to connect approved partners with the AWS Sales organization, enabling joint selling and accelerating time-to-market for enterprise software solutions.

Through this program, ISVs gain access to AWS field sellers and co-selling support across global markets—helping them reach more customers and close deals faster.

Strengthening Our AWS Partnership

ControlMonkey is proud to be accepted into the AWS ISV Accelerate Program, marking a major step forward in our partnership with AWS. This milestone allows us to collaborate more closely with AWS sellers and extend the reach of our Infrastructure as Code (IaC) automation platform to more enterprises around the world.

By joining the program, we now have access to co-sell support and go-to-market resources that will help us bring our platform to more organizations—from cloud-native startups to large enterprises and public institutions—where AWS is the backbone of their infrastructure.

What This Means for Our Customers

For ControlMonkey customers, this partnership translates to faster implementation, stronger AWS alignment, and more opportunities to integrate IaC automation into their existing cloud operations. Our team can now engage directly with AWS field teams to support joint customer needs, streamline procurement, and unlock new efficiencies in cloud governance.

Joining the AWS Program in record time reflects our team’s focus on innovation, execution, and delivering solutions that solve real infrastructure pain points.

👉 See how ControlMonkey integrates with AWS and discover how our co-sell partnership can accelerate your IaC transformation.

We’re thrilled to roll out Cloud Events! This new feature allows customers to track changes made to their AWS cloud resources, including creations, updates, and deletions. 

It completes the missing piece of the puzzle of how to manage your infrastructure right with GitOps methodology.
Managing your cloud with Terraform and GitOps is the way to go but many of our customers asked us: How can we make sure that nobody is making changes outside of our Terraform pipeline? 

Cloud Events provides customers with deeper insights into their day-to-day cloud operations, including which AWS resources were changed most often, who made the changes, and from what platform or tool they did it, whether from the AWS console or Terraform.

By pinpointing resources that are frequently changed manually, customers can prioritize which resources to import into Terraform first, where changes are made in a controlled, automated, and repeatable fashion. 

The new feature benefits both customers who use Terraform to manage their cloud infrastructure and those who choose to do it manually(although we recommend not managing your cloud manually 🙂 )

In conclusion, By using Cloud Events customers can be confident that all Infrastructure changes have been made through their Terraform pipeline and that all Infrastructure changes have been reviewed and authorized before being delivered and deployed.

Starting today, Cloud Events is available to all ControlMonkey customers.
Feel free to utilize this capability to gain insights into what’s happening in your cloud resources, track changes, identify which resources are changed manually most frequently, and import the mentioned resources into Terraform to reduce human error.

ControlMonkey will continue to deliver trailblazing solutions that help customers gain full control of their cloud, making it easier to manage and automate.

*The feature is relying on AWS CloudTrail and requires read-only permissions to the service API.

Amazon CloudFront is a content delivery network (CDN) that speeds up the delivery of static and dynamic web content. It integrates with other Amazon Web Services (AWS) products to provide fast, reliable delivery of website content to users around the world. CloudFront resources are composed of many attributes that each affect the performance and correctness of the CDN.

Managing CloudFront with Terraform is crucial to ensure that all of these attributes are properly configured and working together. Terraform provides a way to automate the management of CloudFront resources, making it easier to maintain and scale the CDN. Additionally, Terraform allows for version control of CloudFront configurations, making it easier to revert to previous configurations if necessary.

ControlMonkey now makes it easier to manage CloudFront with Terraform by enabling a one-click import to Terraform for CloudFront resources. This includes generating Terraform code for the CloudFront Distribution (aws_cloudfront_distribution), CloudFront Cache Policy (aws_cloudfront_cache_policy), and CloudFront Response Headers Policy (aws_cloudfront_response_headers_policy), among others. After the code is generated, ControlMonkey automatically validates the accuracy of the code and checks that it is identical to the existing CloudFront resources in the background. This validation process helps ensure a smooth and error-free migration.

Amazon Relational Database Service (RDS) is an AWS service that simplifies the setup, operation, and scaling of relational databases in the cloud. It supports various database engines like MySQL, PostgreSQL, and Oracle, making it a widely-used option for many organizations.

AWS provides Terraform resources that enable the management of RDS resources. These resources include DB instance(aws_db_instance), DB Subnet Group (aws_db_subnet_group), DB Parameter Group(aws_db_parameter_group) and DB Option Group (aws_db_option_group) and more.
By using Terraform to manage these resources, organizations can ensure that their RDS configurations are version controlled and easily recoverable in case of failures.
However, not managing RDS DB configurations with Terraform can have implications such as lack of disaster recovery plans and lack of the ability to track configuration changes and to rollback in case needed.
Without Terraform, organizations may have to manually create and manage these resources, increasing the risk of human error and service interruption.

One key resource that should be managed with Terraform is the RDS parameter group.
This is because parameter groups allow for the modification of database engine settings, which can greatly affect the performance and security of the RDS DB instance. By managing RDS parameter groups with Terraform, organizations can ensure that their RDS configurations are optimized for their specific use case and are aligned across multiple DB instances.

But what if you already have RDS DB instances running in your account that you have provisioned manually from the AWS console? You want to manage them by Terraform but you don’t want to spin up a new DB instance and perform a cutover with the risk of a downtime and loss of data during the process.
In such a case, importing existing RDS resources to be managed under Terraform is the way to go.

ControlMonkey is a powerful tool that enables an easy import of Amazon Relational Database Service (RDS) into Terraform. With just a click of a button, it can generate the necessary code for the RDS DB instance, parameter group and option group, allowing for seamless migration without the need to re-provision the resources and risk service interruption incidents.
The seamless migration is possible since ControlMonkey prepares a Terraform state file that contains the link between the generated Terraform code and the existing RDS resources in the customer’s AWS account.
This feature is particularly useful for organizations that have multiple RDS instances, as it allows them to easily manage and automate their applications data layer.

Route53 is a highly available and scalable Domain Name System (DNS) web service offered by Amazon Web Services (AWS). It is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications by translating domain names, such as www.example.com, to the IP addresses of Internet Protocol (IP) resources, such as web servers.

Managing Route53 using Terraform is important for several reasons:
Firstly, it enables easy disaster recovery by creating a snapshot of how your DNS records configuration should look like, allowing for the creation of disaster recovery plans that can be easily executed in case of a failure.
Secondly, by managing the Terraform code in a version control system (GitHub, GitLab, etc.), it’s making it easy to detect and audit all changes and to roll back to previous configurations if needed.
Lastly, when changing DNS records the blast radius of such an operation could be pretty devastating and might lead to service interruptions. When using a Terraform change management system that verifies any change in your Route53 configuration before it’s being executed it limits the blast radius of changes, hence improving SLA and uptime.

ControlMonkey is a Saas platform that enables an easy import of Route53 resources into Terraform in just a click of a button. ControlMonkey generates the code that represents the existing Route 53 Hosted Zones (aws_route53_zone) and Record Sets (aws_route53_record) in your account. To complete the Import operation, ControlMonkey also generates the Terraform state file that contains the mapping between the generated Terraform code and the Route53 resources. This eliminates the need to re-provision the Route53 resources all over again and minimizes the risk of service interruptions.

To summarize, Route53 is an important DNS service offered by AWS, and managing it with Terraform can bring many benefits such as disaster recovery, version control, and limiting blast radius. ControlMonkey makes this process easy by allowing for the import of Route53 into Terraform in seconds, generating the necessary code and state file for a seamless migration without the risk of service interruption.