outtasync
helps users quickly identify the CloudFormation stacks that have
gone out of sync with the state represented by their counterpart stack files.
This can occur when someone updates a stack but fails to commit the latest stack
file to the codebase. Alternatively, it may happen when a stack is updated on
one deployment environment but not on others. 🤷
homebrew:
brew install dhth/tap/outtasync
go:
go install github.com/dhth/outtasync@latest
Or get the binaries directly from a release. Read more about verifying the authenticity of released artifacts here.
git
(used to show the diff for out-of-sync changes)outtasync
doesn't change or override git's pager, so the diff will follow your.gitconfig
settings (if present).
Create a configuration file that looks like the following. By default,
outtasync
will look for this file at ~/.config/outtasync.yml
.
globalRefreshCommand: aws sso login --sso-session sessionname
profiles:
- name: qa
stacks:
- name: bingo-service-qa
local: ~/projects/bingo-service/cloudformation/infrastructure.yml
region: eu-central-1
refreshCommand: aws sso login --profile qa1
- name: papaya-service-qa
local: ~/projects/papaya-service/cloudformation/service.yml
region: eu-central-1
tags:
- qa
- auth
- name: racoon-service-qa
local: ~/projects/racoon-service/cloudformation/service.yml
region: eu-central-1
tags:
- qa
- payments
- name: prod
stacks:
- name: brb-dll-prod
local: ~/projects/brb-dll-service/cloudformation/service.yml
region: eu-central-1
refreshCommand: aws sso login --profile rgb-prod
tags:
- prod
- integrations
- name: galactus-service-prod
local: ~/projects/galactus-service/cloudformation/service.yml
region: eu-central-1
refreshCommand
overrides globalRefreshCommand
whereever set.
Note: The globalRefreshCommand
and refreshCommand
settings are only needed
if you want to invoke the command that refreshes your AWS credentials via the
TUI directly.
outtasync
can run in two modes: A TUI mode (ideal for running locally), and a
CLI mode (ideal for running in a CI pipeline). TUI mode is the default.
outtasync
outtasync -config-file /path/to/config.yml
outtasync -profiles qa,prod
outtasync -t 'comma,separated,list,of,tags,to,filter,for'
outtasync -p '<regex-pattern-for-stack-names>'
outtasync -p '.*(qa|staging)$'
outtasync -c # to check status for all stacks on startup
outtasync -mode=cli
This will print an output like the following to stdout.
2 stacks are outtasync:
qa:eu-central-1:bingo-service-qa
prod:eu-central-1:galactus-service-prod
outtasync
can be downloaded from Github releases and used as follows:
curl -s -OL https://github.com/dhth/outtasync/releases/download/v0.3.0/outtasync_v0.3.0_linux_amd64.tar.gz
tar -xzvf outtasync_v0.3.0_linux_amd64.tar.gz
./outtasync -mode=cli
↑/k up
↓/j down
→/l/pgdn next page
←/h/pgup prev page
g/home go to start
G/end go to end
ctrl+f/enter check status
a check status for all
r refresh aws credentials
ctrl+d/v show diff
o filter outtasync stacks
i filter in-sync stacks
e filter stacks with errors
q return to previous page/quit
/ filter
? show/close help
In case you get the outtasync
binary directly from a release, you may
want to verify its authenticity. Checksums are applied to all released
artifacts, and the resulting checksum file is signed using
cosign.
Steps to verify (replace x.y.z
in the commands listed below with the version
you want):
-
Download the following files from the release:
- outtasync_x.y.z_checksums.txt
- outtasync_x.y.z_checksums.txt.pem
- outtasync_x.y.z_checksums.txt.sig
-
Verify the signature:
cosign verify-blob outtasync_x.y.z_checksums.txt \ --certificate outtasync_x.y.z_checksums.txt.pem \ --signature outtasync_x.y.z_checksums.txt.sig \ --certificate-identity-regexp 'https://github\.com/dhth/outtasync/\.github/workflows/.+' \ --certificate-oidc-issuer "https://token.actions.githubusercontent.com"
-
Download the compressed archive you want, and validate its checksum:
curl -sSLO https://github.com/dhth/outtasync/releases/download/vx.y.z/outtasync_x.y.z_linux_amd64.tar.gz sha256sum --ignore-missing -c outtasync_x.y.z_checksums.txt
-
If checksum validation goes through, uncompress the archive:
tar -xzf outtasync_x.y.z_linux_amd64.tar.gz ./outtasync # profit!
- Add a command to generate a sample config file
- Add CLI mode
outtasync
is built using the awesome TUI framework bubbletea.