Today, ControlMonkey is pleased to announce that we have added the capability to easily import AWS Identity Center resources to Terraform/OpenTofu Code using our Terraform Import Engine.

AWS Identity Center is a service that provides centralized management of access to multiple AWS accounts and applications. It enables organizations to manage user identities and permissions efficiently, allowing users to sign in to their AWS accounts and applications with a single set of credentials

Provisioning Identity Stores resources with Terraform/OpenTofu provides a consistent, version-controlled, simplified, and automated way to manage AWS Accounts permissions and RBAC and reduces the overall risk of manual misconfigurations.

ControlMonkey now supports the one-click Terraform/OpenTofu Import of the following Identity Store resources:

IdentityStore::User (aws_identitystore_user)
IdentityStore::Group (aws_identitystore_group)
IdentityStore::GroupMembership (aws_identitystore_group_membership)
SSO:Assignment(aws_ssoadmin_account_assignment)
SSO:PermissionSet(aws_ssoadmin_permission_set)

Are you using Identity Center and have resources you would like to shift to Terraform?
Feel free to book an intro meeting to learn more about how ControlMonkey generates the Terraform/OpenTofu code that represents your Identity Center configuration, making the shift to Terraform as seamless as possible.

Today, ControlMonkey is pleased to announce that we have added the capability to easily import AWS OpenSearch domain resources to Terraform Code using our Terraform Import Engine.

AWS OpenSearch is a fully managed service that simplifies the deployment, operation, and scaling of OpenSearch, a powerful search and analytics engine based on Elasticsearch.
It provides real-time search, monitoring, and analysis capabilities for various use cases.

Managing OpenSearch resources with Terraform provides a consistent, version-controlled, and automated way to provision, update, and manage OpenSearch deployments, which enhances efficiency and reduces the risk of manual misconfigurations.

ControlMonkey now supports the one-click Terraform Import of the following OpenSearch resources:

OpenSearchService::Domain (aws_opensearch_domain)

So, if you’re using OpenSearch in your environments, swiftly shift your OpenSearch resources to Terraform code and manage the cluster’s configuration with Terraform to create, update, and delete OpenSearch domains reliably and repeatedly.

Are you using OpenSearch and have resources you would like to shift to Terraform?
Feel free to book an intro meeting to learn more about how ControlMonkey generates the Terraform code that represents your OpenSearch configuration, making the shift to Terraform as seamless as possible.

Today, ControlMonkey is pleased to announce that we have added the capability to easily import EC2 Image Builder resources to Terraform Code using our Terraform Import Engine.

EC2 Image Builder is an AWS service that automates creating, managing, and deploying customized and secure machine images for EC2 instances.

Managing EC2 Image Builder with Terraform is important because it ensures consistent, repeatable, and version-controlled deployments of machine images across different environments.

ControlMonkey now supports the one-click Terraform Import of the following Image Builder resources:

ImageBuilder::Component (aws_imagebuilder_component)
ImageBuilder::ContainerRecipe (aws_imagebuilder_container_recipe)
ImageBuilder::DistributionConfiguration (aws_imagebuilder_distribution_configuration)
ImageBuilder::Image (aws_imagebuilder_image)
ImageBuilder::ImagePipeline (aws_imagebuilder_image_pipeline)
ImageBuilder::ImageRecipe (aws_imagebuilder_image_recipe)
ImageBuilder::InfrastructureConfiguration (aws_imagebuilder_infrastructure_configuration)
ImageBuilder::Workflow (aws_imagebuilder_workflow)

So, if you’re building images using EC2 Image Builder, you can now manage their configuration with Terraform.

Are you using Image Builder and have resources you would like to shift to Terraform?
Feel free to book an intro meeting with us to learn more about how ControlMonkey generates the Terraform code that represents your Image Builder resources configuration, making the shift to Terraform as seamless as possible.

Today ControlMonkey is pleased to announce that we have reinforced our Terraform Import Engine with the ability to Import AWS Direct Connect resources to Terraform.

AWS Direct Connect is a networking service that provides an alternative to using the internet to connect to AWS. Using AWS Direct Connect, data that would have previously been transported over the internet is delivered through a private network connection between private facilities and AWS.

ControlMonkey now supports one-click Terraform Import of the following Direct Connect resources:

Connections (aws_dx_connection)
Lag (aws_dx_lag)
Virtual Interface (aws_dx_private_virtual_interface)

Are you using Direct Connect and have resources that you would like to shift to Terraform?
Feel free to book an intro meeting  with us to learn more!

Today ControlMonkey is pleased to announce that we have reinforced our Terraform Import Engine  with the ability to Import AWS Code Pipeline  resources to Terraform.

AWS CodePipeline is a continuous integration and continuous delivery (CI/CD) service provided by Amazon Web Services (AWS). It automates the build, test, and deployment phases of your release process for software applications.

AWS CodePipeline is commonly used to automate the software release process, ensuring that code changes are tested and deployed quickly and consistently, thus reducing manual errors and speeding up the delivery of features to end-users. It promotes best practices such as infrastructure as code, version control, and automated testing.

ControlMonkey now supports one-click Terraform Import of the following Code Pipeline resources:

Pipeline (aws_codepipeline)
Custom Action Type (aws_codepipeline_custom_action_type)
Webhook (aws_codepipeline_webhook)

Managing AWS CodePipeline with Terraform offers several benefits:

1. Infrastructure as Code (IaC): Terraform allows you to define your CodePipeline configuration in code, which can be version-controlled, reviewed, and managed just like your application code.
   This enables you to maintain consistency and reproducibility in your pipeline configurations.
2. Consistency: With Terraform, you can ensure that your CodePipeline setups are consistent across different environments (e.g., development, staging, production) by using the same Terraform configuration with appropriate variables for each environment.
3. Versioning and Rollbacks: Since Terraform configurations are version-controlled, you can track changes made to your CodePipeline setups over time and easily roll back to previous versions if needed. This helps in maintaining a history of changes and troubleshooting any issues that may arise.

Do you have Code Pipeline resources that you would like to shift to Terraform?
Feel free to book an intro meeting  with us to learn more!

Today ControlMonkey is pleased to announce that we have reinforced our Terraform Import Engine with the ability to Import Network Firewall resources to Terraform.

AWS Network Firewalls are leveraged in order to prevent malicious attacks on the application by defining multiple allow/deny rules on the networking layer.

However, in large-scale cloud environments with a lot of moving parts, the chance for mistakes misconfigurations rises.
For example, downtimes can be caused for your application’s users by blocking your VPC to legitimate connections, and on the other hand, misconfigured firewall rules can expose your application to malicious attacks.
On top of that, you would also want to track all the changes made to your Firewall rules and have the ability to roll back at any given moment to the previous state.

Therefore, managing your Network Firewall configuration with Terraform is highly important and is considered the ideal solution for scale.
But what if you already have a running firewall that you span up manually from the AWS console?
How do you import that to Terraform?

Luckily, ControlMonkey now supports one-click Terraform Import of the following Network Firewall resources:

Network Firewall (aws_networkfirewall_firewall)
Network Firewall Policy (aws_networkfirewall_firewall_policy)
Network Rule Group (aws_networkfirewall_rule_group)

ControlMonkey automatically generates the Terraform code + the Terraform state file so you can shift your Network Firewall management from ClickOps to GitOps in a few minutes with absolutely zero effort.

Managing AWS network firewalls with Terraform code offers several advantages:

1. Infrastructure as Code (IaC): Terraform allows you to define your AWS network firewall configurations as code, making it easier to manage, version control, and replicate across different environments (such as development, staging, and production). This approach enhances consistency and reduces the risk of configuration drift.
2. Automation: Terraform enables you to automate the provisioning, configuration, and management of AWS network firewalls. This automation can save time and reduce the potential for human error that may occur with manual configuration changes.
3. Scalability: With Terraform, you can easily scale your AWS network firewall configurations up or down based on changing requirements. You can dynamically adjust rules, add new firewall instances, or modify existing configurations as needed, without the need for manual intervention.
4. Visibility and Auditability: Using Terraform, you can maintain a clear and documented history of changes to your AWS network firewall configurations. This enhances visibility into your infrastructure and facilitates auditing and compliance efforts.
5. Collaboration: Terraform code can be easily shared and collaborated on by teams of developers and operations engineers. This collaborative approach promotes knowledge sharing, improves communication, and fosters best practices in managing AWS network firewalls.
6. Integration with CI/CD Pipelines: Terraform can be integrated into your continuous integration and continuous delivery (CI/CD) pipelines, allowing you to automate the deployment of changes to your AWS network firewall configurations as part of your software delivery process. This helps streamline the development lifecycle and ensures that infrastructure changes are tested and deployed consistently.

Overall, managing AWS network firewalls with Terraform code provides greater control, automation, scalability, and visibility, leading to more efficient and reliable infrastructure management in the cloud.

Want to learn more? Feel free to book an intro meeting with us.

Today ControlMonkey is pleased to announce that we have reinforced our Terraform Import Engine with the ability to Import WAFV2 resources to Terraform.

AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to various AWS services and also lets you control access to your content.

Managing WAFV2 in a manual ClickOps methodology and not through Terraform Code increases the risk of misconfigurations which may lead to security incidents.

With ControlMonkey, DevOps can easily import and manage their WAFV2:

aws_wafv2_ip_set
aws_wafv2_regex_pattern_set
aws_wafv2_rule_group
aws_wafv2_web_acl

Manage your WAF with Terraform and benefit from:

1. Modular Deployment: Terraform allows for the creation and management of AWS WAFconfigurations in a modular and reproducible manner, making it easier to deploy and manage security policies across different projects.
2. Code Reusability: Using Terraform, you can define WAF configurations as code, making it possible to reuse these configurations in multiple projects. This is particularly useful when dealing with both global and regional WAF instances, allowing for efficient code reuse and consistency.
3. Improved Visibility and Monitoring: Terraform enables the definition of CloudWatch metrics and sampled requests for better visibility into web traffic inspection. This allows for improved monitoring and analysis of the effectiveness of WAF rules.
4. Flexibility in Scope Definition: Terraform provides flexibility in defining the scope of WAF configurations, such as specifying whether it is for CloudFront (global) or regional resources (e.g., API Gateway). This flexibility ensures that WAF configurations align with the specific needs and architecture of different services.

Want to learn more? Feel free to book an intro meeting with us.

Today we are excited to announce the launch of our enhanced resource explorer.
ControlMonkey’s resource explorer is a simplified dashboard that helps DevOps teams discover and investigate all of their AWS resources.

With Resource Explorer, you can:

• Search for AWS resources per account, region, Resource Type, VPC, and even by tags.
• Get an indication of whether this resource is managed by Terraform alongside a 1-click button that opens the resource’s corresponding code in your GIT repository.
• Get an indication of whether this resource is unmanaged by Terraform alongside a 1-click remediation button for a quick resolution.
• Easily see the resource’s ARN alongside a 1-click button that opens the resource in the AWS console.
• Find related resources. For example: who’s using a security group? what IAM users are using an IAM policy?

Resource Explorer provides you with complete visibility into your Cloud Infrastructure, saves precious time when searching for resources, and makes sure your Terraform coverage is maximized.

With ControlMonkey, you can seamlessly detect resources that are not managed by Terraform, and in a few clicks you can import those into Terraform code using our ‘Terraform Import Engine’.
Our ‘Smart Stacking Algorithm’ automatically identifies related resources and proactively allows the user to import the entire related stack, rather than importing them one by one.

ControlMonkey’s Resource Explorer also serves as your Terraform knowledge base, providing your team an easy way to locate Terraform code across your Git repositories regardless of specific team member seniority or tenure within the organization.

Harness terraform to its full potential, maximize your terraform coverage, and achieve secure and compliant AWS environments.

Today ControlMonkey is pleased to announce that we have reinforced our “Import to Terraform” solution with the capability to Import AWS CodeBuild resources to Terraform. 

AWS CodeBuild is a fully managed integration service that compiles source code, runs tests, and produces ready-to-use software packages.

However, when managing CodeBuild in a manual ClickOps methodology, and not through Terraform Code, the risk factor of misconfigurations increases.

Since CodeBuild is a crucial component for delivering applications and services to production, any misconfiguration of it may critically affect the Software Delivery process, which in turn slows down business.

With ControlMonkey, DevOps can easily import and manage their CodeBuild:

• Project (aws_codebuild_project)
• ReportGroup (aws_codebuild_report_group)
• ResourcePolicy (aws_codebuild_resource_policy)
• SourceCredential (aws_codebuild_source_credential)
• Webhook (aws_codebuild_webhook)

The benefits of managing CodeBuild with Terraform & ControlMonkey:

• Get out-of-the-box Drift Detection on any deviation from your desired CodeBuild state
• Leverage Infrastructure CI/CD to validate any changes to your CodeBuild artifacts
• Set Proactive Policies to avoid any misconfigurations that could lead to downtime

So if you’re still managing your CodeBuild projects through the AWS console, now’s the time to manage them with Terraform.

Today ControlMonkey is pleased to announce that we have reinforced our “Import to Terraform” solution with the capability to Import CloudWatch Alarms and Dashboards to Terraform. 

AWS CloudWatch is a great solution to monitor your Application and Infrastructure health with collected metrics. 

However, configuring the alerts and dashboards can be a long and mundane process, so shifting the configuration to Terraform is an easy way to manage and replicate your CloudWatch alarms and metrics. 

With ControlMonkey, DevOps can seamlessly codify their CloudWatch Alarms (cloudwatch_metric_alarm) and CloudWatch Dashboards (aws_cloudwatch_dashboard).

The benefits of managing the alarm and dashboard configuration with Terraform:  

• Every change in the configuration goes through a structured review process that prevents issues in monitoring production environments. 
• The ability to easily replicate configured alarms to other resources.
  e.g. Let’s say you’re spinning up 5 new load balancers, rather than manually configuring the CloudWatch metrics for each one individually, With Terraform you can easily replicate the configuration to all load balancers simultaneously.
• In case someone changes the dashboard configuration and you want to roll it back, if the configuration is managed by Terraform, you can do that swiftly. 
  

So if you’re running CloudWatch with multiple alarms and dashboards, now’s the time to manage it with Terraform.