Lookup resource attributes in tfstate.
$ brew install fujiwara/tap/tfstate-lookup
Usage of tfstate-lookup:
-dump
dump all resources
-i interactive mode
-j run jid after selecting an item
-s string
tfstate file path or URL (default ".terraform/terraform.tfstate")
-state string
tfstate file path or URL (default ".terraform/terraform.tfstate")
-timeout duration
timeout for reading tfstate
Supported URL schemes are http(s), s3, gs, azurerm, file or remote (for Terraform Cloud and Terraform Enterprise).
$ tfstate-lookup -s .terraform/terraform.tfstate aws_vpc.main.id
vpc-1a2b3c4d
$ tfstate-lookup aws_vpc.main
{
"arn": "arn:aws:ec2:ap-northeast-1:123456789012:vpc/vpc-1a2b3c4d",
"assign_generated_ipv6_cidr_block": false,
"cidr_block": "10.0.0.0/16",
"default_network_acl_id": "acl-001234567890abcde",
"default_route_table_id": "rtb-001234567890abcde",
"default_security_group_id": "sg-01234567890abcdef",
"dhcp_options_id": "dopt-64569903",
"enable_classiclink": false,
"enable_classiclink_dns_support": false,
"enable_dns_hostnames": true,
"enable_dns_support": true,
"id": "vpc-1a2b3c4d",
"instance_tenancy": "default",
"ipv6_association_id": "",
"ipv6_cidr_block": "",
"main_route_table_id": "rtb-001234567890abcde",
"owner_id": "123456789012",
"tags": {
"Name": "main"
}
}
A remote state is supported only S3, GCS, AzureRM and Terraform Cloud / Terraform Enterprise backend currently.
You can use interactive mode with -i
option.
$ tfstate-lookup -i
Search: █
? Select an item:
▸ aws_acm_certificate.foo
aws_acm_certificate_validation.foo
aws_cloudwatch_log_group.foo
aws_ecs_cluster.foo
...
When you select an item, it shows the attributes of the resource.
You can run jid after selecting an item with -j
option.
jid is a JSON incremental digger.
tfstate-lookup -i -j
runs jid after selecting an item.
tfstate-lookup -j some.resource
runs jid for the attributes of the resource.
tfstate-lookup integrates jid as a library, so you don't need to install jid command.
See also simiji/jid.
You can dump all resources, outputs, and data sources in tfstate with -dump
option.
$ tfstate-lookup -dump
The output is a JSON object. The keys are the address of the resource, output, or data source. The values are the same as the lookup result.
{
"aws_vpc.main": {
"arn": "arn:aws:ec2:ap-northeast-1:123456789012:vpc/vpc-1a2b3c4d",
"assign_generated_ipv6_cidr_block": false,
// ...
},
"data.aws_ami.foo": {
"arn": "arn:aws:ec2:ap-northeast-1:123456789012:ami/ami-1a2b3c4d",
// ...
},
"output.foo": "bar",
// ...
}
See details in godoc.
package main
import(
"fmt"
"os"
"github.com/fujiwara/tfstate-lookup/tfstate"
)
func main() {
state, _ := tfstate.ReadURL(ctx, "s3://mybucket/terraform.tfstate")
attrs, _ := state.Lookup("aws_vpc.main.id")
fmt.Println(attrs.String())
}
- Local file
file://path/to/terraform.tfstate
- HTTP/HTTPS
https://example.com/terraform.tfstate
- Amazon S3
s3://{bucket}/{key}
- Terraform Cloud
remote://app.terraform.io/{organization}/{workspaces}
TFE_TOKEN
environment variable is required.
- Google Cloud Storage
gs://{bucket}/{key}
- Azure Blog Storage
azurerm://{resource_group_name}/{storage_account_name}/{container_name}/{blob_name}
azurerm://{subscription_id}@{resource_group_name}/{storage_account_name}/{container_name}/{blob_name}