Terraform Enterprise Resource Counter

Written: 2019-05-01
Author: WhatsARanjit
Links:

• TFE Resource Counter Web App
• WhatsARanjit/magicbox API

The problem

You have multiple teams affecting change through different Terraform Enterprise (TFE) workspaces within the same organization. You would like to, for example, pull a report that gives you a reading on how many aws_instance types are currently deployed. Another example may be “How many S3 storage buckets are in use across many of my teams?”

The fix

TFE stores all your state files encrypted at rest. There is going to be one state file per workspace. These state files contain data about what is deployed and the timestamp at which it was created. What we need is a way to iterate through all the current states and audit the things that are there. The interface at:

https://whatsaranjit.herokuapp.com/hashicorp/resource_counter

…allows you to query a TFE organization and find out how much of a thing you have going on.

Setup

You’ll need some setup values to make this work. Here are the basics:

• TFE Server

The DNS name where your TFE is located. The default is app.terraform.io for the HashiCorp SaaS TFE offering.

• TFE Organization

The name of the organization you would like to query.

• TFE Token

The TFE token to use with enough permissions to list workspaces and read state within each workspace. For more information on generating tokens, please read:

https://www.terraform.io/docs/enterprise/users-teams-organizations/users.html#api-tokens

• Resource type

The name of the Terraform resource type you wish to count across your TFE organization.

Usage

1. Bring up https://whatsaranjit.herokuapp.com/hashicorp/resource_counter in your browser.
2. Enter the private DNS name of your TFE server, if it is not the SaaS offering (the web app needs access to your DNS name to work)
3. Provide the TFE token to use. https://www.terraform.io/docs/enterprise/users-teams-organizations/users.html#api-tokens
4. Enter the resource type you would like to query.
5. Hit the Count button.
6. Examine the output for each workspace and what they contain and lastly the grand total of the resources across the organization.

In the end

The point here is to get an idea of “Across all the workspaces in my org, we have X number of networks provisioned” or more generically, “Business Unit A consumes X things.” This is helpful for internal charge-back or reporting practices. The UI sits in front of an API. For automation purposes you can hit the API directly. Good counting!