Once the code & cloud scan is completed, the dashboard will refresh to show you the summary of findings.
Following are the few key indicators that you can review to make sure code & cloud scan has discovered all the expected resources correctly.
These are the resources that Accurics has discovered from the provided terraform repository. Please note that sometimes terraform code may have resources that can’t be directly mapped to the cloud resources due to multiple reasons such as:
- Terraform specific resources such as Null resources
- Resources attributes are defined as resources, but in the cloud these resources are part of an AWS resource. For example, in terraform security group and security group rule are two separate resources, but in the AWS cloud, security group rules are part of the security group resource.
Accurics will continue to provide more granular information on such resources to have you focus on key resources.
These are the resources that Accurics has discovered from the provided target AWS account and the VPC.
Clicking on the number, it will take you to the “Inventory” view to see more granular information about these resources.
IaC violations are the number highlighting all the compliance and governance issues found in the resource configurations in your terraform code.
Cloud violations is the number highlighting all the compliance and governance issues found in the cloud resource configurations. You can find more detailed information in the “Forensics” view” on the left navigation.
Resource drifts are the number of resources that couldn’t be mapped to the IaC terraform code provided at the time of environment setup. There can be multiple reasons why these resources could not be mapped with the resources defined in your IaC code. Some of the reasons could be as follows:
- Brownfield resources – These are the resources that may have been added/created in the cloud account directly and not provisioned through your terraform code.
- Untagged resources – if resources do not have appropriate tags.
You can find more detailed information in the “Inventory” view” on the left navigation.
These are resources that have different configurations in cloud & IaC code and have drifted from the single source of truth which is terraform code. It is very important to resolve these drifts as they are breaking the immutability of your infrastructure and continue to introduce more violations.
These drifts can be good or bad but they will introduce cloud posture drifts. Accurics aims to eliminate these drifts to keep the infrastructure secure.