https://github.com/tinystacks/precloud Skip to content Toggle navigation Sign up * Product + Actions Automate any workflow + Packages Host and manage packages + Security Find and fix vulnerabilities + Codespaces Instant dev environments + Copilot Write better code with AI + Code review Manage code changes + Issues Plan and track work + Discussions Collaborate outside of code + Explore + All features + Documentation + GitHub Skills + Blog * Solutions + For + Enterprise + Teams + Startups + Education + By Solution + CI/CD & Automation + DevOps + DevSecOps + Case Studies + Customer Stories + Resources * Open Source + GitHub Sponsors Fund open source developers + The ReadME Project GitHub community articles + Repositories + Topics + Trending + Collections * Pricing [ ] * # In this repository All GitHub | Jump to | * No suggested jump to results * # In this repository All GitHub | Jump to | * # In this organization All GitHub | Jump to | * # In this repository All GitHub | Jump to | Sign in Sign up {{ message }} tinystacks / precloud Public * Notifications * Fork 0 * Star 72 An open source command line interface that runs checks on infrastructure as code to catch potential deployment issues before deploying. License BSD-3-Clause license 72 stars 0 forks Star Notifications * Code * Issues 5 * Pull requests 0 * Actions * Projects 0 * Security * Insights More * Code * Issues * Pull requests * Actions * Projects * Security * Insights tinystacks/precloud This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository. main Switch branches/tags [ ] Branches Tags Could not load branches Nothing to show {{ refName }} default View all branches Could not load tags Nothing to show {{ refName }} default View all tags Name already in use A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch? Cancel Create 4 branches 0 tags Code * Local * Codespaces * Clone HTTPS GitHub CLI [https://github.com/t] Use Git or checkout with SVN using the web URL. [gh repo clone tinyst] Work fast with our official CLI. Learn more. * Open with GitHub Desktop * Download ZIP Sign In Required Please sign in to use Codespaces. Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Launching Xcode If nothing happens, download Xcode and try again. Launching Visual Studio Code Your codespace will open once ready. There was a problem preparing your codespace, please try again. Latest commit @github-actions @zsimjee github-actions[bot] and zsimjee version v1.0.12 [skip ci] (#26) ... 7b2a5c4 Jan 26, 2023 version v1.0.12 [skip ci] (#26) Co-authored-by: Zayd Simjee 7b2a5c4 Git stats * 91 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time .github remove gh publish Jan 25, 2023 .husky husky with precommit Jan 24, 2023 examples/cdk Add example to readme Jan 25, 2023 src don't allow parsers to return empty values Jan 24, 2023 test remove .only Jan 24, 2023 .eslintrc merge latest changes Jan 20, 2023 .eslintrc.test.json merge latest changes Jan 20, 2023 .gitignore updates from workshop Jan 20, 2023 .version-change-type Add github workflows Jan 24, 2023 CHANGELOG.md version v1.0.12 [skip ci] (#26) Jan 26, 2023 CONTRIBUTING.md remove coming soon Jan 26, 2023 DEVELOPING_PLUGINS.md fix links in docs Jan 26, 2023 LICENSE add standard bsd 3 clause license Jan 26, 2023 PLUGINS.md fix documentation Jan 25, 2023 README.md update title and gif Jan 26, 2023 RELEASENOTES.md version v1.0.12 [skip ci] (#26) Jan 26, 2023 example.gif update title and gif Jan 26, 2023 jest.config.js test coverage Jan 23, 2023 package-lock.json version v1.0.12 [skip ci] (#26) Jan 26, 2023 package.json version v1.0.12 [skip ci] (#26) Jan 26, 2023 tsconfig.json import code Jan 20, 2023 tsconfig.test.json merge latest changes Jan 20, 2023 View code [ ] precloud - Dynamic tests for infrastructure-as-code Introduction Use cases How it works Contributing Installation Install from the Global NPM registry Try it out Local Installation Usage precloud precloud --version precloud --help Available Commands precloud help precloud check Options Config File Example Config File Check Behaviour Authentication AWS GCP Microsoft Azure Community README.md precloud - Dynamic tests for infrastructure-as-code 1. Introduction 1. Use cases 2. How it works 3. Contributing 4. Installation 1. Install from the Global NPM registry 1. Try it out 2. Local Installation 5. Usage 1. precloud 2. precloud --version 3. precloud --help 6. Available Commands 1. precloud help 2. precloud check 1. Options 2. Config File 3. Example Config File 4. Check Behaviour 5. Authentication 1. AWS 2. GCP 3. Microsoft Azure 7. Community Introduction example-gif Infrastructure code deployments often fail due to mismatched constraints over resource fields between the infrastructure code, the deployment engine, and the target cloud. For example, you may be able to pass any arbitrary string as a resource name to terraform or AWS CDK, and plan or synth go through fine, but the deployment may fail because that string failed a naming constraint on the target cloud. This package is an open source command line interface that is run before deploying to the cloud. It contains rules that check for names, quotas, and resource-specific constraints to make sure that your infrastructure code can be deployed successfully. Use cases 1. Harden your deployments. Ensure that you haven't defined resources that already exist so that you don't have to fail during deployments. 2. Enforce organizational resource patterns. Use resource checks to ensure resources are named and tagged correctly. 3. Maintain security standards. Use template check plugins to make sure that you're not launching things outside of VPCs, leaving public IPs open, or allowing global access to S3 buckets. How it works This package compairs resources in CDK diffs and Terraform Plans against the state of your cloud account. The rules and validations come from default and custom defined "plugins", which are composed of parsers and checkers. See DEVELOPING_PLUGINS.md for more information. Contributing You may want to check for other attributes before deploying. This package is built using a plugin-model. You can find existing plugins at PLUGINS.md and use them easily by adding the plugin to your config file. See the example config file below. It is easy to create additional tests as plugins, please see DEVELOPING_PLUGINS.md. Make sure to issue a PR to add your plugin to this package! Installation Install from the Global NPM registry # Install the CLI globally # Using the -g option installs the precloud cli to your shell scope instead of the package scope. # It adds the CLI command to bin, allowing you to call precloud from anywhere npm i -g @tinystacks/precloud; # Use the CLI, refer to the usage guide below precloud --version; Try it out # After installing the CLI, you can try it out on a cdk or terraform package # An example cdk package is included in this package git clone https://github.com/tinystacks/precloud.git; # navigate to the examples directory cd precloud/examples/cdk; # install dependencies npm i; # (Optional) initalize precloud precloud init; # run precloud check precloud check; # To see a precloud check fail, uncomment the commented out lines in examples/cdk/index.ts precloud check; Local Installation # Clone this package git clone https://github.com/tinystacks/precloud.git; # Install dependencies and build npm i; npm run build; # Install the CLI globally # Using the -g option installs the precloud cli to your shell scope instead of the package scope. # It adds the CLI command to bin, allowing you to call precloud from anywhere npm i -g; # Use the CLI, refer to the usage guide below precloud --version; Usage precloud Shows usage and help information. precloud --version Alias: -V Shows the current installed version number. precloud --help Alias: -h Shows usage and help information. Available Commands precloud help Shows usage and help information. precloud check Performs a check on an AWS CDK app or a Terraform configuration to validate the planned resources can be launched or updated. Options Flag Arguments Description Specifies the iac format. Can also be set -f, --format via "format" in the config file. (choices: "tf", "aws-cdk") Specifies a config file. Options -c, specified via the command line will --config-file always take precedence over options specified in a config file. Looks for precloud.config.json by default. -h, --help display help for this command Config File Alternatively, instead of specifying options via command line flags, you can set them in a configuration file. This file must be valid JSON and named either precloud.config.json or the --config-file flag specified. Valid config properties: Property name Type Description format String Specifies the iac format. (valid values: "tf", "aws-cdk") A list of npm module names to parse AWS Array CDK resources. By default, the internal awsCdkParsers TinyStacks AWS CDK Parser will be used. Any parsers besides defaults must be installed in the target cdk repository. A list of npm module names to parse Terraform resources or modules. By default, the internal TinyStacks terraformParsers Array Terraform Resource Parser and TinyStacks Terraform Module Parser will be used. Any parsers besides defaults must be installed in the target terraform repository. A list of npm module names to run resource checks. By default, the resourceChecks Array @tinystacks/aws-resource-checks package will be used. Any resource checks besides this must be installed within or upstream of the IaC repository. A list of npm module names to run template checks. By default, the templateChecks Array @tinystacks/aws-template-checks package will be used. Any template checks besides this must be installed within or upstream of the IaC repository. Option for default plugin @tinystacks/ aws-resource-checks. When set to true, requirePrivateSubnet Boolean requires VPCs to have a subnet with egress to the internet, but no ingress. Defaults to false. Example Config File { "awsCdkParsers": [ "@tinystacks/aws-cdk-parser" ], "terraformParsers": [ "@tinystacks/terraform-resource-parser", "@tinystacks/terraform-module-parser" ], "templateChecks": [ "@tinystacks/aws-template-checks" ], "resourceChecks": [ "@tinystacks/aws-resource-checks" ] } Check Behaviour When the check command is run, it will first perform a diffing operation to determine the changes that deploying the stack would make. For AWS CDK this is cdk diff, for Terraform terraform plan. The diff from this operation is then used to identify resources that would change. These resources are then tested first by running template checks which validate across the resources in the IaC configuration, and then at an individual resource level to determine if any runtime errors might occur during a deployment. This cli includes some of our plugins for parsing and running template and resource checks by default. The default plugins will check the following: 1. Any SQS queue names are unique. 2. Any S3 bucket names are unique. 3. The current stack will not surpass the S3 service quota. 4. The current stack will not surpass the Elastic IP Address service quota. 5. The current stack will not surpass the VPC service quota. 6. (Optional) Verifies that the VPC has private subnets (egress-only subnets via a NAT Gateway or Nat Instance(s)). Authentication This command requires authentication to the Cloud Provider the CDK app or Terraform config will use. The following authentication methods are supported. AWS * Environment Variables (preferred) * Any other authetication method supported by the Node Provider Chain. GCP Not supported. Microsoft Azure Not supported. Community Join our discord to have a chat! About An open source command line interface that runs checks on infrastructure as code to catch potential deployment issues before deploying. Resources Readme License BSD-3-Clause license Stars 72 stars Watchers 2 watching Forks 0 forks Releases No releases published Packages 0 No packages published Contributors 5 * @zsimjee * @CalebCourier * @github-actions[bot] * @smohiuddin * @nefertitirogers Languages * TypeScript 91.2% * HCL 6.2% * JavaScript 2.5% * Shell 0.1% Footer (c) 2023 GitHub, Inc. Footer navigation * Terms * Privacy * Security * Status * Docs * Contact GitHub * Pricing * API * Training * Blog * About You can't perform that action at this time. You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.