-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathMakefile
82 lines (65 loc) · 1.99 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
#===============================================================================
#
# Terraform Makefile
#
#===============================================================================
#-------------------------------------------------------------------------------
# Configuration
#-------------------------------------------------------------------------------
vault_profile = cs-dev
#-------------------------------------------------------------------------------
# Local variables
#-------------------------------------------------------------------------------
vault_exec = aws-vault exec $(vault_profile) --
#tf = $(vault_exec) terraform
tf = terraform
ifc = $(vault_exec) infracost
#-------------------------------------------------------------------------------
# Pipeline targets
#-------------------------------------------------------------------------------
all: validate checkov
#-------------------------------------------------------------------------------
# Other targets
#-------------------------------------------------------------------------------
# Terraform commands, run via aws-vault
apply:
$(tf) apply
destroy:
$(tf) destroy
init:
$(tf) init
plan: validate
$(tf) plan
validate:
$(tf) validate
# Checkov static analysis
checkov:
if [ -s .checkov.baseline ]; then \
make checkov_baseline; \
else \
make checkov_full; \
fi
checkov_full:
checkov --quiet --compact --framework terraform --directory .
checkov_create_baseline:
checkov --quiet --create-baseline --framework terraform --directory .
checkov_baseline:
checkov --quiet --compact --framework terraform --baseline .checkov.baseline --directory .
# AWS Vault clear all session keys
clear:
aws-vault clear
infracost-breakdown:
$(ifc) breakdown --path .
infracost-diff:
$(ifc) diff --path .
yor:
yor tag -d .
# Developer tools
install_tools:
# Asdf version manager must already be installed
asdf plugin-add aws-vault
asdf plugin-add yor
asdf install
pip install -U pip
pip install -U checkov
asdf reshim