Scanning¶

The Scan screen lets you run infrastructure drift detection against your AWS environment.

Service Selector¶

Choose which AWS service to scan:

The config path auto-updates when you switch services.

Scan Parameters¶

Scan Lifecycle¶

stateDiagram-v2
    [*] --> Idle
    Idle --> Running: Click "Run Scan"
    Running --> Completed: Success
    Running --> Error: Failure
    Completed --> Idle: New scan
    Error --> Idle: Retry

Desktop Mode¶

On macOS desktop, the scan runs the CLI binary directly:

cloudrift scan \
  --config=cloudrift-s3.yml \
  --service=s3 \
  --format=json \
  --no-emoji

The app invokes this via Process.run with the working directory set to the CLI repo folder.

Web Mode (Docker)¶

In Docker/web mode, the scan calls the backend API:

POST /api/scan
Content-Type: application/json

{
  "service": "s3",
  "config_path": "/etc/cloudrift/config/cloudrift-s3.yml"
}

The Go API server executes the CLI binary server-side and returns the JSON result.

Scan Output¶

A successful scan produces:

• Drift results — Per-resource comparison (added/removed/changed attributes)
• Policy violations — OPA evaluation results for all applicable policies
• Compliance scores — Framework-level pass/fail percentages
• Resource summaries — Aggregated view of all scanned resources

Results are stored in local history (Hive on desktop, browser storage on web) and feed the Dashboard, Resources, Policies, and Compliance screens.

CLI Flags¶

The full set of CLI flags available for scanning: