ncc-erik-steringer
commented
2 years ago Hi there!
I have a couple ideas around generating graphs from data sources that are not the AWS APIs. I think Terraform plans could be one of those. However, that'll be a pretty large hunk of work that will not be available anytime soon.
In the meantime, feel free to checkout https://github.com/ncc-erik-steringer/Aerides and see if you can wedge that into your CI today.
jakeyheath
Question
Hey Erik, I love your tool. Happy to see you are actively maintaining it.
I am pretty sure this would not be possible, but if pmapper had a graph of an account could it produce an updated graph based on a Terraform plan to that account? Right now, I run pmapper at regular intervals to find privilege escalations, but it would be even nicer to catch them as people were checking in Terraform to the codebase. Terraform doesn't always know everything at the plan time, though, so I figured it wouldn't produce the highest quality graph, but I thought I would ask in case you had thought about it.
Did the Wiki Have an Answer?
Not sure, maybe a suggested features section? You might have a section about how this can and cannot work with infra-as-code tools because of their nature.