Getting Started
This guide will walk you through setting up Controlinfra and running your first infrastructure drift scan.
Prerequisites
Before you begin, make sure you have:
- A GitHub account with access to repositories containing Terraform code
- AWS credentials (Access Key ID and Secret Access Key) with read permissions for your infrastructure
- An AI provider API key (Anthropic or OpenAI) for drift analysis
Step 1: Sign In with GitHub
- Navigate to controlinfra.com
- Click "Get Started" or "Sign in with GitHub"
- Authorize Controlinfra to access your GitHub account
- You'll be redirected to your dashboard
GitHub Permissions
Controlinfra requests minimal permissions:
- Read access to your repositories
- Ability to create pull requests (for automated fixes)
- Webhook access (for real-time scanning)
Step 2: Configure Your AI Provider
Before you can analyze drift, you need to set up an AI provider. Controlinfra supports Bring Your Own Key (BYOK):
- Go to Settings from the bottom navigation
- Navigate to the AI Provider section
- Choose your provider:
- Anthropic Claude (recommended)
- OpenAI GPT-4
- Enter your API key
- Click Save
Getting API Keys
- Anthropic: Get your key at console.anthropic.com
- OpenAI: Get your key at platform.openai.com
Step 3: Add Your First Repository
- Click "Add Repository" from the dashboard or repositories page
- Select a GitHub repository from the list
- Configure the repository settings:
Basic Configuration
| Field | Description |
|---|---|
| Repository | The GitHub repository to monitor |
| Working Directory | Path to Terraform files (e.g., /, /infrastructure) |
| Terraform Version | Version to use for scanning (default: latest) |
AWS Configuration
| Field | Description |
|---|---|
| AWS Access Key ID | Your AWS access key |
| AWS Secret Access Key | Your AWS secret key |
| AWS Region | Default region for resources |
Security Note
AWS credentials are encrypted at rest and never exposed in logs or the UI. For enhanced security, consider using self-hosted runners.
Terraform Backend (Optional)
If your Terraform uses a remote backend (S3, Terraform Cloud, etc.), configure it:
| Field | Description |
|---|---|
| Backend Type | s3, remote, gcs, etc. |
| Bucket | S3 bucket name (for S3 backend) |
| Key | State file path |
| Region | Backend region |
- Click Save Repository
Step 4: Run Your First Scan
- Navigate to your newly added repository
- Click the "Scan" button
- Watch the scan progress through each stage:
- 📥 Clone - Downloading repository
- ⚙️ Init - Initializing Terraform
- 📋 Plan - Running terraform plan
- 🔍 Detect - Parsing drift
- 🤖 Analyze - AI analysis (if drifts found)
- ✅ Complete - Results ready
Step 5: Review Results
Once the scan completes, you'll see:
If No Drift Detected
Your infrastructure matches your Terraform code. Great job!
If Drift Detected
For each drift, you'll see:
- Resource: The affected resource (e.g.,
aws_instance.web) - Change Type: Create, Update, or Delete
- Severity: Low, Medium, High, or Critical
- AI Analysis: Root cause, impact, and recommendations
- Fix Code: Generated Terraform code to resolve the drift
Next Steps
Now that you've completed your first scan:
- Connect more repositories
- Configure scheduled scans
- Set up self-hosted runners
- Understand drift analysis
Troubleshooting
Scan Fails at Init Stage
- Check that your Terraform backend is correctly configured
- Ensure AWS credentials have permission to access the state backend
- Verify the working directory path is correct
Scan Fails at Plan Stage
- Verify AWS credentials have read access to all resources
- Check that required Terraform variables are provided
- Ensure the Terraform version is compatible with your code
No AI Analysis Available
- Confirm your AI provider API key is configured in Settings
- Check that the API key has sufficient credits/quota
- Try switching providers if one is experiencing issues
Need more help? Contact support at support@controlinfra.com.