Skip to content

Configuration

Cloudrift uses a YAML configuration file to define AWS credentials, region, and scan parameters.

Config File Format

aws_profile: default
region: us-east-1
plan_path: ./examples/terraform-plan.json
policy_dir: ./policies          # optional
fail_on_violation: false        # optional
skip_policies: false            # optional

Fields

Field Type Required Default Description
aws_profile string yes default AWS credentials profile name from ~/.aws/credentials
region string yes us-east-1 AWS region to scan
plan_path string yes Path to Terraform plan JSON file
policy_dir string no built-in Custom OPA policy directory
fail_on_violation bool no false Exit with non-zero code when violations are found
skip_policies bool no false Skip OPA policy evaluation entirely

Multiple Service Configs

Each AWS service needs its own plan file. Create separate configs:

aws_profile: default
region: us-east-1
plan_path: ./examples/plan.json
aws_profile: default
region: us-east-1
plan_path: ./examples/ec2-plan.json
aws_profile: default
region: us-east-1
plan_path: ./examples/iam-plan.json

The Scan screen auto-switches the config path when you change the service selector.

Config Locations

Docker

The Docker image includes default configs at:

/etc/cloudrift/config/cloudrift-s3.yml
/etc/cloudrift/examples/terraform-plan.json

Desktop

The app looks for configs relative to the CLI binary's directory:

<cloudrift-repo>/config/cloudrift-s3.yml
<cloudrift-repo>/config/cloudrift-ec2.yml
<cloudrift-repo>/config/cloudrift-iam.yml

Web API

Use the config endpoints to read and write configs:

# Read current config
curl http://localhost:8080/api/config?path=/etc/cloudrift/config/cloudrift-s3.yml

# Update config
curl -X PUT http://localhost:8080/api/config?path=/etc/cloudrift/config/cloudrift-s3.yml \
  -d 'aws_profile: production
region: eu-west-1
plan_path: /etc/cloudrift/examples/terraform-plan.json'

Plan File Format

The plan_path should point to a Terraform plan JSON file generated by:

terraform plan -out=tfplan
terraform show -json tfplan > plan.json

The plan file contains the full resource graph that Cloudrift uses for drift detection. See the Resource Builder for generating plan files from the UI.