Autoschematic

In this first guide, we won't be modifying or creating any infrastructure. All we'll be doing is demonstrating automatic import and state-drift-resolution against AWS IAM.

In fact, we'll be running with the safety lock active. This means that Autoschematic can't modify your infrastructure. It's entirely read-only for this tutorial.

When running locally, Autoschematic will use your local AWS credentials in the same way that the AWS CLI would. You can also pass credentials or other config via environment variables. However, because connector plugins are sandboxed, they don't inherit their environment automatically.

There's a demo repo for this example, too - all it contains is autoschematic.ron, so skip it if you feel you can handle setting it up yourself.

autoschematic.ron

AutoschematicConfig(
    prefixes: {
        "main": Prefix(
            connectors: [
                Connector(
                    shortname: "aws/iam",
                    spec: Cargo(
                        name: "autoschematic-connector-aws-iam",
                        version: "0.11.0"
                    ),
                    env: {
                        // For security, connectors don't inherit env vars from the host automatically.
                        // You can either set them directly, like so:
                        // "AWS_ACCOUNT_ID": "1234567890",
                        // ...or explicitly inherit them, like so:
                        // "RUST_LOG": "env://RUST_LOG",
                    }
                ),
            ]
        )
    },
)

Once you have your repo set up, cd to it and run autoschematic install to install the aws/iam connector if you haven't already.

First, we'll make sure the safety lock is set:

autoschematic safety lock

Safety lock set. It is now not possible to modify infrastructure with `autoschematic apply` or task execution.

Now, we'll begin the import. You can control

Up next: AWS IAM Users, Roles, Groups, and Policies