Join our next Live Demo on July 16th!

Resource Blog News Customers Stories

Updated: Aug 20, 2025 Upd: 20.08.25

2 min read

Terraform Modules Explorer

Test User

Test User

CTO & Co-Founder

Terraform Modules Explorer

Terraform Modules dramatically reduce the amount of code you have to write for similar infrastructure resources and are considered the most efficient way to replicate services across your AWS account.

However, DevOps teams leveraging Terraform modules have no visibility into which Terraform Modules are being used, if their source is a registry or local Git repository, where are they used in the code, and whether or not they are running on the latest version.

A crucial part of staying on top of your Terraform Operations is having that visibility, so today we are proud to announce the latest enhancement to our Cloud Inventory solution, Terraform Modules Explorer.

ControlMonkey scans your entire Terraform repositories for Terraform Modules and provides a dashboard view where you can investigate your Terraform Modules SBOM (Software bill of materials), and understand exactly:

  • What Terraform Modules are being used by you.
  • The source of the modules – Registry or a local Git directory.
  • How many times are they being used and where exactly they are used in the code.
  • The version constraint you’ve set and whether or not you use an outdated version.


Besides providing a holistic view of Terraform Modules, ControlMonkey also enables you to drill down on any Terraform Module to see exactly where it resides in the code and provides a 1-click link to the specific line in your Git repository.
Consider the time you could save in identifying all usages of a module when planning an upgrade.
Moreover, you also gain visibility into which Constraint Version is being used and whether or not it’s outdated.

In some cases, multiple Terraform Modules are used in the same piece of code (main module and sub-modules), so ControlMonkey also provides a view of the full module path.

With Terraform Modules Explorer you can also export the Terraform Modules SBOM in cases of compliance audits or security questionnaires where you need to provide this information to a security officer or auditor.

To summarize, Terraform Modules Explorer solves the challenge of staying on top of your Terraform Modules, makes modules upgrade much easier and provides DevOps teams with full visibility into what was once unknown or unclear.

Bottom CTA Custom Background

A 30-min meeting will save your team 1000s of hours

A 30-min meeting will save your team 1000s of hours

Book Intro Call

Author

Test User

Test User

CTO & Co-Founder

Lorem ipsum dolor sit amet, consectetur adipisicing elit. Animi architecto consequuntur dicta dolor, excepturi ipsam iste laudantium, magnam molestiae obcaecati odio quam quas repellendus sed, sint magnam molestiae.

    Sounds Interesting?

    Request a Demo

    Resource Blog News Customers Stories

    Updated: Aug 20, 2025 Upd: 20.08.25

    2 min read

    Allowed AWS Console Operations

    Allowed AWS Console Operations

    Last month we released the feature ‘Console Operations Notifications’, which notifies ControlMonkey users whenever someone performs operations from the AWS console.

    The feedback we got from our customers was outstanding, but some of them also indicated that there are certain actions that they allow their teams to perform in the AWS console, so they wanted to have a mechanism to allow-list those actions that are permitted in their organization.

    So to support this request we have developed a new capability, ‘Allowed Console Operations’.

    ‘Allowed Console Operations’ enables ControlMonkey users to define rules for specific actions that are permitted to be performed in the AWS console. 
    For example: Updating Lambda function code from the AWS console.

    This feature’s granularity allows ControlMonkey users to apply the rule to a specific account, region, resource name, or resource type. 

    To make things easier, we have also added the option to create an allowed console operation rule directly from a console operations event in our cloud events dashboard, in 2 clicks. 

    While our vision is enabling our customers to minimize their ClickOps in the AWS console, this capability adds that extra layer of customization which allows them to also reduce unnecessary ClickOps and also the notifications for permitted actions. 

    Bottom CTA Custom Background

    A 30-min meeting will save your team 1000s of hours

    A 30-min meeting will save your team 1000s of hours

    Book Intro Call

      Sounds Interesting?

      Request a Demo

      Resource Blog News Customers Stories

      Updated: Sep 04, 2025 Upd: 04.09.25

      2 min read

      Drift auto-sync

      Zack Bentolila

      Zack Bentolila

      Marketing Director

      Drift auto-sync

      Today we are excited to announce the latest enhancement to ControlMonkey’s Drift Center, Drift auto-sync.

      What is Drift auto-sync?

      Our Drift Center helps DevOps teams identify and address discrepancies. These lie between the specified configuration in the Terraform, OpenTofu and Terragrunt code and the actual state of resources in the cloud environment.

      Whenever a drift is detected and ‘Drift auto-sync’ is enabled, ControlMonkey will automatically trigger a deployment (reconciliation). This is to align the AWS resource (The “Actual State”) to the Terraform Code (The “Desired state”).

      This feature is very similar to ArgoCD reconciliation capability.

      The new capability is a checkbox configuration that is part of the stack’s configuration. This capability is included to all levels of subscription.

      Drift auto-sync supports 2 types of Terraform Drifts:

      1. Drift that originated from a configuration change that was made from the AWS, GCP or Azure console. This change was not from Terraform Apply.
      2. Drift that originated from a change to a Terraform Data Source.
        e.g An auto-scaling group configuration fetches an image ID from a Data Source and that image ID has changed. This occurs since the last deployment, causing the Auto-scaling group to drift because it has the old image.

      What next?

      So if your stack is heavily dependent on data sources and you want to validate that you are always using the latest values, then the Drift auto-sync is the ideal solution. It will automatically reconcile the resource and save you the trouble of manually resolving the drift.

      Join our Product Showdown this week to see it in action

      Bottom CTA Custom Background

      A 30-min meeting will save your team 1000s of hours

      A 30-min meeting will save your team 1000s of hours

      Book Intro Call

      Author

      Zack Bentolila

      Zack Bentolila

      Marketing Director

      Zack is the Marketing Director at ControlMonkey, with a strong focus on DevOps and DevSecOps. He was the Senior Director of Partner Marketing and Field Marketing Manager at Checkmarx. There, he helped with global security projects. With over 10 years in marketing, Zack specializes in content strategy, technical messaging, and go-to-market alignment. He loves turning complex cloud and security ideas into clear, useful insights for engineering, DevOps, and security leaders.

        Sounds Interesting?

        Request a Demo

        Resource Blog News Customers Stories

        Updated: Aug 20, 2025 Upd: 20.08.25

        1 min read

        Console Operations Notifications

        Console Operations Notifications

        ControlMonkey is all about helping organizations shift their cloud operations from ClickOps (working from the AWS console) to GitOps with Terraform.

        As part of our Cloud Inventory tool, we are already monitoring all the infrastructure modifications made from the AWS console and the reflective user who made them.
        Wouldn’t it be great to be notified in real-time whenever someone makes such an operation and prevent drifts or misconfigurations?


        Today we are happy to announce the latest enhancement, Cloud Operations Notifications.
        ControlMonkey users can now be notified in real-time to SlackTeams on any Click Operations done from the AWS console.

        Despite believing that you are running fully GitOps, setting additional guardrails, and getting real-time alerts helps you avoid surprises and educateenable the organization to work in a GitOps methodology, and not through the AWS console.

        Bottom CTA Custom Background

        A 30-min meeting will save your team 1000s of hours

        A 30-min meeting will save your team 1000s of hours

        Book Intro Call

          Sounds Interesting?

          Request a Demo

          Resource Blog News Customers Stories

          Updated: Aug 20, 2025 Upd: 20.08.25

          1 min read

          Infrastructure Cost Breakdown

          Infrastructure Cost Breakdown

          Today we are happy to announce the latest enhancement to ControlMonkey Cloud Inventory Tool, Infrastructure Cost Breakdown.

          With Infrastructure Cost Breakdown, ControlMonkey users can see the estimated monthly cost of any specific stack or namespace in their cloud account and validate if they’re within budget.

          You can also logically divide namespaces per team (e.g. DEV, QA) and have certain costs attributed to a particular team.

          Infrastructure Cost Breakdown doesn’t require any configuration, you get this capability out of the box as part of our hierarchy mechanism of namespaces and stacks.

          Note: The monthly cost estimation takes into consideration only the base cost of non-usage-priced AWS resources. For example, for resources such as Lambda functions, we can only predict the base cost, not the actual usage cost.

          We are leveraging Infracost’s technology for this feature, so big kudos to the team there.

          Bottom CTA Custom Background

          A 30-min meeting will save your team 1000s of hours

          A 30-min meeting will save your team 1000s of hours

          Book Intro Call

            Sounds Interesting?

            Request a Demo

            Resource Blog News Customers Stories

            Updated: Oct 20, 2025 Upd: 20.10.25

            2 min read

            Terraform Drift Source

            Terraform Drift Source

            We are pleased to announce the latest enhancement to ControlMonkey’s Drift Center, Terraform Drift Source!

            The Drift Center helps DevOps teams identify and address discrepancies between the specified configuration in the Terraform code and the actual state of resources in the cloud environment.

            Starting today, ControlMonkey users can detect who is the AWS user/role that modified the resources’ configuration not through Terraform and caused the drift.
            Understanding immediately who or what is responsible for the Terraform drift significantly lowers the time to resolution of the drift.

            This amazing capability is a perfect example of how powerful it is to have your Terraform Operations platform fully integrated with your cloud account!

            The drift source can be a remote DevOps team member, a developer, or a 3rd party tool.
            So finding the source can be a long and irritating process.

            Our algorithm automatically matches between Terraform drifts and CloudTrail events and indicates who is responsible for the drift.

            Drift Center

            Besides providing the drift source, ControlMonkey also offers a one-click link to the CloudTrail event of the configuration change to streamline the investigation process even further.

            CloudTrail event

            ControlMonkey’s ‘Drift Center‘ is the only solution that provides DevOps teams with valuable cloud insights that help them resolve drifts faster, and more efficiently.

            Detecting and resolving Terraform Drifts faster helps keep your cloud secure, compliant, and cost-efficient.

             

            Bottom CTA Custom Background

            A 30-min meeting will save your team 1000s of hours

            A 30-min meeting will save your team 1000s of hours

            Book Intro Call

              Sounds Interesting?

              Request a Demo

              Resource Blog News Customers Stories

              Updated: Aug 20, 2025 Upd: 20.08.25

              2 min read

              Enhanced Resource Explorer

              Test User

              Test User

              CTO & Co-Founder

              Enhanced Resource Explorer

              Today we are excited to announce the launch of our enhanced resource explorer.
              ControlMonkey’s resource explorer is a simplified dashboard that helps DevOps teams discover and investigate all of their AWS resources.

              With Resource Explorer, you can:

              • Search for AWS resources per account, region, Resource Type, VPC, and even by tags.
              • Get an indication of whether this resource is managed by Terraform alongside a 1-click button that opens the resource’s corresponding code in your GIT repository.
              • Get an indication of whether this resource is unmanaged by Terraform alongside a 1-click remediation button for a quick resolution.
              • Easily see the resource’s ARN alongside a 1-click button that opens the resource in the AWS console.
              • Find related resources. For example: who’s using a security group? what IAM users are using an IAM policy?

              Resource Explorer provides you with complete visibility into your Cloud Infrastructure, saves precious time when searching for resources, and makes sure your Terraform coverage is maximized.

              With ControlMonkey, you can seamlessly detect resources that are not managed by Terraform, and in a few clicks you can import those into Terraform code using our ‘Terraform Import Engine’.
              Our ‘Smart Stacking Algorithm’ automatically identifies related resources and proactively allows the user to import the entire related stack, rather than importing them one by one.

              1-click import of unmanaged resources to Terraform

              ControlMonkey’s Resource Explorer also serves as your Terraform knowledge base, providing your team an easy way to locate Terraform code across your Git repositories regardless of specific team member seniority or tenure within the organization.

              Harness terraform to its full potential, maximize your terraform coverage, and achieve secure and compliant AWS environments.

              Bottom CTA Custom Background

              A 30-min meeting will save your team 1000s of hours

              A 30-min meeting will save your team 1000s of hours

              Book Intro Call

              Author

              Test User

              Test User

              CTO & Co-Founder

              Lorem ipsum dolor sit amet, consectetur adipisicing elit. Animi architecto consequuntur dicta dolor, excepturi ipsam iste laudantium, magnam molestiae obcaecati odio quam quas repellendus sed, sint magnam molestiae.

                Sounds Interesting?

                Request a Demo

                Resource Blog News Customers Stories

                Updated: Aug 20, 2025 Upd: 20.08.25

                2 min read

                SOC2 Compliance with IaC

                SOC2 Compliance with IaC

                SOC2 is a compliance standard that measures a company’s ability to securely manage customer data. As part of the audit process, companies must demonstrate that they have effective controls in place to ensure the security, availability, processing integrity, confidentiality, and privacy of customer data.

                Managing cloud infrastructure with Terraform can greatly assist companies to meet SOC2 compliance requirements in several ways:

                • Consistency: Terraform management provides a consistent way to manage infrastructure across environments, ensuring that security controls are consistently applied.
                • Auditable: Managing your Terraform code in a version-controlled and auditable manner can help demonstrate compliance with SOC2 requirements.
                • Automation: Automating your Terraform deployment reduces the risk of human error and ensures that controls are consistently applied.
                • Security: Adding security checks to your Terraform deployment to ensure compliance, such as resource-level access controls, encryption, and secure network communication.
                • Reporting: Audit reporting is an essential aspect of compliance and security, as it allows companies to demonstrate that they have effective controls in place and are meeting regulatory requirements. 

                Overall, using Terraform management tools as part of a comprehensive security program can help companies meet SOC2 compliance requirements and demonstrate their commitment to security best practices.

                Today, ControlMonkey has launched a new solution to help companies achieve and maintain their SOC2 compliance. Check out our new solution page to see how ControlMonkey can help with your SOC2 compliance. ControlMonkey assists with:

                • Environment separation: Ensuring that different environments are isolated and managed separately to maintain security and compliance.
                • Audit reports: Provide detailed audit reports for your auditor to demonstrate compliance.
                • Standardized deployment process: Streamlining the deployment process for infrastructure updates with approvals, ensuring consistency and control.
                • Security and compliance tests: Enabling shift-left methodology by integrating security and compliance tests into your infrastructure deployment process.

                If you’re about to run your SOC2 audit, check out our new solution to save time and ensure your infrastructure is always compliant.
                With ControlMonkey’s assistance, you can confidently navigate the SOC2 compliance process and demonstrate your commitment to maintaining the highest security standards for your customers’ data.

                Bottom CTA Custom Background

                A 30-min meeting will save your team 1000s of hours

                A 30-min meeting will save your team 1000s of hours

                Book Intro Call

                  Sounds Interesting?

                  Request a Demo

                  Resource Blog News Customers Stories

                  Updated: Aug 20, 2025 Upd: 20.08.25

                  3 min read

                  Split Terraform State Files Easily

                  Test User

                  Test User

                  CTO & Co-Founder

                  Split Terraform State Files Easily

                  Here at ControlMonkey, we have been dedicated to helping cloud users to simplify their infrastructure management by supporting the import of existing resources into Terraform in a click of a button.

                  Many of our customers have found it challenging to manage large Terraform state files due to several reasons.

                  • Slower performance: As the state file grows larger, Terraform may take longer to load and manipulate it. This can slow down your infrastructure deployment and management processes.
                  • Increased risk of corruption: A larger state file is more prone to corruption due to network issues or other unexpected interruptions during state operations. If your state file becomes corrupted, you could lose all of your infrastructure’s configuration data.
                  • Harder to manage: It can be challenging to manage a large state file with many resources, especially if they are spread across multiple environments or teams. It can be harder to identify and resolve conflicts, track changes, or collaborate effectively.
                  • Limited scalability: A large state file can become a bottleneck in your infrastructure deployment pipeline, limiting your ability to scale your infrastructure as your organization grows.

                  To avoid these issues, it’s best to keep your state file as small as possible. This can be done by breaking your infrastructure into smaller, more manageable pieces to simplify deployment and management. 

                  Today we are thrilled to announce our new feature that supports splitting existing Terraform state files into smaller state files!
                  This enhancement is designed to address your key concerns when it comes to the management of big Terraform state files. You can now ensure that your infrastructure stacks represent your unit of deployments, move a resource from one Terraform state file to another, or split a single state file into smaller units as your company grows.

                  As mentioned, managing Terraform state files can be challenging, with the ever-present risk of rendering them invalid when making changes. Our new feature aims to mitigate these risks.
                  You can now choose the resources you want to add to your existing ControlMonkey stack without worrying about potential issues with Terraform commands. We will perform a dry-run of the import command, verifying that the state file is valid and drift-free. The dry-run check is crucial in minimizing risks to the operational state file during the import process.

                  Unlike other platforms that simply generate Terraform code, ControlMonkey goes the extra mile. We prepare the Terraform state file and ensure it is 100% aligned with the actual state of your AWS resources. This guarantees seamless integration and improved infrastructure management.

                  With the addition of this new feature, we remain committed to delivering robust Infrastructure as Code solutions tailored to your needs. If you’re looking to break down your state files into smaller pieces or increase your Terraform coverage, don’t hesitate to reach out to us.
                  Our team of experts is ready to help you elevate your infrastructure management experience.

                  Bottom CTA Custom Background

                  A 30-min meeting will save your team 1000s of hours

                  A 30-min meeting will save your team 1000s of hours

                  Book Intro Call

                  Author

                  Test User

                  Test User

                  CTO & Co-Founder

                  Lorem ipsum dolor sit amet, consectetur adipisicing elit. Animi architecto consequuntur dicta dolor, excepturi ipsam iste laudantium, magnam molestiae obcaecati odio quam quas repellendus sed, sint magnam molestiae.

                    Sounds Interesting?

                    Request a Demo

                    Resource Blog News Customers Stories

                    Updated: Aug 20, 2025 Upd: 20.08.25

                    2 min read

                    Cloud Events is Here

                    Test User

                    Test User

                    CTO & Co-Founder

                    Cloud Events is Here

                    We’re thrilled to roll out Cloud Events! This new feature allows customers to track changes made to their AWS cloud resources, including creations, updates, and deletions. 

                    It completes the missing piece of the puzzle of how to manage your infrastructure right with GitOps methodology.
                    Managing your cloud with Terraform and GitOps is the way to go but many of our customers asked us: How can we make sure that nobody is making changes outside of our Terraform pipeline? 

                    Cloud Events provides customers with deeper insights into their day-to-day cloud operations, including which AWS resources were changed most often, who made the changes, and from what platform or tool they did it, whether from the AWS console or Terraform.

                    By pinpointing resources that are frequently changed manually, customers can prioritize which resources to import into Terraform first, where changes are made in a controlled, automated, and repeatable fashion. 

                    The new feature benefits both customers who use Terraform to manage their cloud infrastructure and those who choose to do it manually(although we recommend not managing your cloud manually 🙂 )

                    In conclusion, By using Cloud Events customers can be confident that all Infrastructure changes have been made through their Terraform pipeline and that all Infrastructure changes have been reviewed and authorized before being delivered and deployed.

                    Starting today, Cloud Events is available to all ControlMonkey customers.
                    Feel free to utilize this capability to gain insights into what’s happening in your cloud resources, track changes, identify which resources are changed manually most frequently, and import the mentioned resources into Terraform to reduce human error.

                    ControlMonkey will continue to deliver trailblazing solutions that help customers gain full control of their cloud, making it easier to manage and automate.

                    *The feature is relying on AWS CloudTrail and requires read-only permissions to the service API.

                    Bottom CTA Custom Background

                    A 30-min meeting will save your team 1000s of hours

                    A 30-min meeting will save your team 1000s of hours

                    Book Intro Call

                    Author

                    Test User

                    Test User

                    CTO & Co-Founder

                    Lorem ipsum dolor sit amet, consectetur adipisicing elit. Animi architecto consequuntur dicta dolor, excepturi ipsam iste laudantium, magnam molestiae obcaecati odio quam quas repellendus sed, sint magnam molestiae.

                      Sounds Interesting?

                      Request a Demo
                      Cookies banner

                      We use cookies to enhance site navigation, analyze usage, and support marketing efforts. For more information, please read our. Privacy Policy