Getting Started
This guide will walk you through setting up Controlinfra and running your first infrastructure drift scan.
Prerequisites
Before you begin, make sure you have:
- A GitHub account with access to repositories containing Terraform code
- Cloud credentials for at least one provider: AWS, Azure, or GCP (see below)
- An AI provider API key (Anthropic or OpenAI) for drift analysis
Step 1: Sign In with GitHub
- Navigate to Controlinfra.com
- Click "Get Started" or "Sign in with GitHub"
- Authorize Controlinfra to access your GitHub account
- You'll be redirected to your dashboard
GitHub Permissions
Controlinfra requests minimal permissions:
- Read access to your repositories
- Ability to create pull requests (for automated fixes)
- Webhook access (for real-time scanning)
Step 2: Configure Your AI Provider
Before you can analyze drift, you need to set up an AI provider. Controlinfra supports Bring Your Own Key (BYOK):
- Go to Settings from the bottom navigation
- Navigate to the AI Provider section
- Choose your provider:
- Anthropic Claude (recommended)
- OpenAI GPT-4
- Enter your API key
- Click Save
Getting API Keys
- Anthropic: Get your key at console.anthropic.com
- OpenAI: Get your key at platform.openai.com
Step 3: Add Your First Repository
- Click "Add Repository" from the dashboard or repositories page
- Select a GitHub repository from the list
- Configure the repository settings:
Basic Configuration
| Field | Description |
|---|---|
| Repository | The GitHub repository to monitor |
| Working Directory | Path to Terraform files (e.g., /, /infrastructure) |
| Terraform Version | Version to use for scanning (default: latest) |
Cloud Provider Configuration
Controlinfra supports AWS, Azure, and GCP. Configure credentials for the provider(s) your Terraform code targets.
AWS:
| Field | Description |
|---|---|
| AWS Access Key ID | Your AWS access key |
| AWS Secret Access Key | Your AWS secret key |
| AWS Region | Default region for resources |
Azure:
| Field | Description |
|---|---|
| Subscription ID | Your Azure subscription |
| Tenant ID | Azure AD tenant |
| Client ID | Service Principal app ID |
| Client Secret | Service Principal secret |
GCP:
| Field | Description |
|---|---|
| Project ID | Your GCP project |
| Service Account Key | JSON key file contents |
For detailed setup instructions, see AWS Credentials, Azure Credentials, or GCP Credentials.
Security Note
Cloud credentials are encrypted at rest and never exposed in logs or the UI. For enhanced security, consider using self-hosted runners.
Terraform Backend (Optional)
If your Terraform uses a remote backend (S3, Terraform Cloud, etc.), configure it:
| Field | Description |
|---|---|
| Backend Type | s3, remote, gcs, etc. |
| Bucket | S3 bucket name (for S3 backend) |
| Key | State file path |
| Region | Backend region |
- Click Save Repository
Step 4: Run Your First Scan
- Navigate to your newly added repository
- Click the "Scan" button
- Watch the scan progress through each stage:
- 📥 Clone - Downloading repository
- ⚙️ Init - Initializing Terraform
- 📋 Plan - Running terraform plan
- 🔍 Detect - Parsing drift
- 🤖 Analyze - AI analysis (if drifts found)
- ✅ Complete - Results ready
Step 5: Review Results
Once the scan completes, you'll see:
If No Drift Detected
Your infrastructure matches your Terraform code. Great job!
If Drift Detected
For each drift, you'll see:
- Resource: The affected resource (e.g.,
aws_instance.web) - Change Type: Create, Update, or Delete
- Severity: Low, Medium, High, or Critical
- AI Analysis: Root cause, impact, and recommendations
- Fix Code: Generated Terraform code to resolve the drift
Next Steps
Now that you've completed your first scan:
- Connect more repositories
- Configure scheduled scans
- Set up self-hosted runners
- Understand drift analysis
- Configure Azure Credentials
- Configure GCP Credentials
Troubleshooting
Scan Fails at Init Stage
- Check that your Terraform backend is correctly configured
- Ensure AWS credentials have permission to access the state backend
- Verify the working directory path is correct
Scan Fails at Plan Stage
- Verify AWS credentials have read access to all resources
- Check that required Terraform variables are provided
- Ensure the Terraform version is compatible with your code
No AI Analysis Available
- Confirm your AI provider API key is configured in Settings
- Check that the API key has sufficient credits/quota
- Try switching providers if one is experiencing issues
Need more help? Contact support at support@Controlinfra.com.