Autoschematic

In this first section, we won't be modifying or creating any infrastructure. All we'll be doing is demonstrating automatic import and state-drift-resolution against AWS IAM.

In fact, we'll be running with the safety lock active. This means that Autoschematic can't modify your infrastructure. It's entirely read-only for this initial part of the tutorial.

When running locally, Autoschematic will use your local AWS credentials in the same way that the AWS CLI would. You can also pass credentials or other config via environment variables. However, because connector plugins are sandboxed, they don't inherit their environment automatically.

There's a demo repo for this example, too - all it contains is autoschematic.ron, so skip it if you feel you can handle setting it up yourself.

autoschematic.ron

AutoschematicConfig(
    prefixes: {
        "main": Prefix(
            connectors: [
                Connector(
                    shortname: "aws/iam",
                    spec: Cargo(
                        name: "autoschematic-connector-aws-iam",
                        version: "0.14.0"
                    ),
                ),
            ]
        )
    },
)

Once you have your repo set up, cd to it and run autoschematic install to install the aws/iam connector if you haven't already.

First, we'll make sure the safety lock is set:

autoschematic safety lock

Safety lock set. It is now not possible to modify infrastructure with `autoschematic apply` or task execution.

Now, you can begin the import by runninng autoschematic import. This will begin the process of scanning and importing your AWS IAM roles, users, and policies into code.

Next: AWS IAM Users, Roles, Groups, and Policies