The latest articles on Forem by Praveen HA (@praveenha). https://forem.com/praveenha https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1174309%2F1ffce073-b235-4975-a9ba-0476e21771dc.jpeg https://forem.com/praveenha en Praveen HA Fri, 15 May 2026 08:03:27 +0000 https://forem.com/praveenha/beyond-the-cli-building-an-enterprise-terraform-impact-dashboard-4ldb https://forem.com/praveenha/beyond-the-cli-building-an-enterprise-terraform-impact-dashboard-4ldb <p>Stop Reading Raw JSON: Build an Enterprise Terraform Impact Dashboard</p> <p>As a Lead DevOps Architect, I often deal with infrastructure plans that touch hundreds of resources. Sifting through a standard <code>terraform plan</code> terminal output to find a single critical "delete" is like looking for a needle in a haystack.</p> <p>When you are managing complex infrastructure—like a technical cutover from Squid Proxy to Google Secure Web Proxy—the cognitive load is high. The risk of missing a "destroy" on a production database is a real threat to stability.</p> <h2> The Problem: The "Wall of Text" </h2> <p>Standard Terraform output is designed for logs, not for human auditing. In an enterprise environment, we face three main challenges:</p> <ul> <li> <strong>Risk Blindness:</strong> Critical resources (like RDS instances, S3 buckets, or IAM roles) look exactly like a minor tag update in the terminal.</li> <li> <strong>Scale Issues:</strong> Large plans (500+ changes) are impossible to review manually without missing something important.</li> <li> <strong>Stakeholder Gap:</strong> It is difficult to share a raw CLI output with a manager or security auditor for quick approval.</li> </ul> <h2> The Solution: An Automation-First Dashboard </h2> <p>I developed a Python-based <strong>Impact Analyser</strong> that transforms a <code>plan.json</code> into a high-fidelity, interactive HTML dashboard. This isn't just a formatter; it’s a risk-assessment engine.</p> <h3> 1. The Workflow </h3> <p>The process is simple and integrates directly into any CI/CD pipeline:</p> <ol> <li> <strong>Generate the Plan:</strong> <code>terraform plan -out=main.tfplan</code> </li> <li> <strong>Convert to JSON:</strong> <code>terraform show -json main.tfplan &gt; plan.json</code> </li> <li> <strong>Run the Analyser:</strong> <code>python3 tf_impact.py plan.json</code> </li> </ol> <h3> 2. Enterprise Features </h3> <ul> <li> <strong>Risk-Level Heuristics:</strong> The script automatically flags changes as <strong>CRITICAL</strong> or <strong>HIGH</strong> if stateful resources (Databases, Storage, KMS Keys) are marked for deletion or replacement.</li> <li> <strong>Client-Side Filtering:</strong> Built with Tailwind CSS and vanilla JavaScript, the dashboard allows you to search 1,000+ resources instantly by address or module path.</li> <li> <strong>Standalone Portability:</strong> The output is a single HTML file. No database or server is required, making it perfect for CI/CD artifacts.</li> </ul> <h2> The Code: Python Risk Logic </h2> <p>Here is a snippet of how the risk assessment engine identifies dangerous operations before they hit production: we can always modify the risk engine with more critical type resources<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">RiskAnalyzer</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Identifies dangerous changes based on resource sensitivity</span><span class="sh">"""</span> <span class="n">CRITICAL_TYPES</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">aws_db_instance</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">google_sql_database_instance</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">aws_s3_bucket</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">aws_iam_role</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">aws_kms_key</span><span class="sh">'</span> <span class="p">}</span> <span class="nd">@staticmethod</span> <span class="k">def</span> <span class="nf">assess</span><span class="p">(</span><span class="n">resource_type</span><span class="p">,</span> <span class="n">actions</span><span class="p">):</span> <span class="n">is_delete</span> <span class="o">=</span> <span class="sh">'</span><span class="s">delete</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">actions</span> <span class="n">is_replace</span> <span class="o">=</span> <span class="sh">'</span><span class="s">create</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">actions</span> <span class="ow">and</span> <span class="sh">'</span><span class="s">delete</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">actions</span> <span class="k">if</span> <span class="n">resource_type</span> <span class="ow">in</span> <span class="n">RiskAnalyzer</span><span class="p">.</span><span class="n">CRITICAL_TYPES</span><span class="p">:</span> <span class="k">return</span> <span class="sh">"</span><span class="s">CRITICAL</span><span class="sh">"</span> <span class="nf">if </span><span class="p">(</span><span class="n">is_delete</span> <span class="ow">or</span> <span class="n">is_replace</span><span class="p">)</span> <span class="k">else</span> <span class="sh">"</span><span class="s">HIGH</span><span class="sh">"</span> <span class="k">if</span> <span class="n">is_delete</span> <span class="ow">or</span> <span class="n">is_replace</span><span class="p">:</span> <span class="k">return</span> <span class="sh">"</span><span class="s">HIGH</span><span class="sh">"</span> <span class="k">return</span> <span class="sh">"</span><span class="s">LOW</span><span class="sh">"</span> </code></pre> </div> <h2> copy the script below </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code> <span class="c1">#!/usr/bin/env python3 </span><span class="sh">"""</span><span class="s"> Enterprise Terraform Impact Analyser (v2.0) High-performance, filter-enabled change detector for large-scale plans. Provides a dynamic HTML dashboard with client-side filtering. </span><span class="sh">"""</span> <span class="kn">import</span> <span class="n">json</span> <span class="kn">import</span> <span class="n">argparse</span> <span class="kn">import</span> <span class="n">re</span> <span class="kn">import</span> <span class="n">logging</span> <span class="kn">import</span> <span class="n">sys</span> <span class="kn">from</span> <span class="n">typing</span> <span class="kn">import</span> <span class="n">Dict</span><span class="p">,</span> <span class="n">List</span><span class="p">,</span> <span class="n">Any</span><span class="p">,</span> <span class="n">Optional</span> <span class="kn">from</span> <span class="n">collections</span> <span class="kn">import</span> <span class="n">defaultdict</span> <span class="kn">from</span> <span class="n">datetime</span> <span class="kn">import</span> <span class="n">datetime</span> <span class="kn">from</span> <span class="n">dataclasses</span> <span class="kn">import</span> <span class="n">dataclass</span><span class="p">,</span> <span class="n">asdict</span> <span class="c1"># Configure logging </span><span class="n">logging</span><span class="p">.</span><span class="nf">basicConfig</span><span class="p">(</span> <span class="n">level</span><span class="o">=</span><span class="n">logging</span><span class="p">.</span><span class="n">INFO</span><span class="p">,</span> <span class="nb">format</span><span class="o">=</span><span class="sh">'</span><span class="s">%(asctime)s - %(levelname)s - %(message)s</span><span class="sh">'</span><span class="p">,</span> <span class="n">stream</span><span class="o">=</span><span class="n">sys</span><span class="p">.</span><span class="n">stderr</span> <span class="p">)</span> <span class="n">logger</span> <span class="o">=</span> <span class="n">logging</span><span class="p">.</span><span class="nf">getLogger</span><span class="p">(</span><span class="sh">"</span><span class="s">TF-Impact</span><span class="sh">"</span><span class="p">)</span> <span class="nd">@dataclass</span> <span class="k">class</span> <span class="nc">ResourceChange</span><span class="p">:</span> <span class="n">address</span><span class="p">:</span> <span class="nb">str</span> <span class="nb">type</span><span class="p">:</span> <span class="nb">str</span> <span class="n">name</span><span class="p">:</span> <span class="nb">str</span> <span class="n">module</span><span class="p">:</span> <span class="nb">str</span> <span class="n">provider</span><span class="p">:</span> <span class="nb">str</span> <span class="n">actions</span><span class="p">:</span> <span class="n">List</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="n">risk_level</span><span class="p">:</span> <span class="nb">str</span> <span class="n">change_summary</span><span class="p">:</span> <span class="nb">str</span> <span class="k">class</span> <span class="nc">FilterEngine</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Enterprise filtering logic for large-scale infrastructure</span><span class="sh">"""</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">include_types</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">exclude_types</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">modules</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">providers</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="n">address_regex</span><span class="o">=</span><span class="bp">None</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">include_types</span> <span class="o">=</span> <span class="nf">set</span><span class="p">(</span><span class="n">include_types</span><span class="p">)</span> <span class="k">if</span> <span class="n">include_types</span> <span class="k">else</span> <span class="bp">None</span> <span class="n">self</span><span class="p">.</span><span class="n">exclude_types</span> <span class="o">=</span> <span class="nf">set</span><span class="p">(</span><span class="n">exclude_types</span><span class="p">)</span> <span class="k">if</span> <span class="n">exclude_types</span> <span class="k">else</span> <span class="bp">None</span> <span class="n">self</span><span class="p">.</span><span class="n">modules</span> <span class="o">=</span> <span class="nf">set</span><span class="p">(</span><span class="n">modules</span><span class="p">)</span> <span class="k">if</span> <span class="n">modules</span> <span class="k">else</span> <span class="bp">None</span> <span class="n">self</span><span class="p">.</span><span class="n">providers</span> <span class="o">=</span> <span class="nf">set</span><span class="p">(</span><span class="n">providers</span><span class="p">)</span> <span class="k">if</span> <span class="n">providers</span> <span class="k">else</span> <span class="bp">None</span> <span class="n">self</span><span class="p">.</span><span class="n">address_pattern</span> <span class="o">=</span> <span class="n">re</span><span class="p">.</span><span class="nf">compile</span><span class="p">(</span><span class="n">address_regex</span><span class="p">)</span> <span class="k">if</span> <span class="n">address_regex</span> <span class="k">else</span> <span class="bp">None</span> <span class="k">def</span> <span class="nf">should_include</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">resource_addr</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">r_type</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">module</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">provider</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bool</span><span class="p">:</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">include_types</span> <span class="ow">and</span> <span class="n">r_type</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">self</span><span class="p">.</span><span class="n">include_types</span><span class="p">:</span> <span class="k">return</span> <span class="bp">False</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">exclude_types</span> <span class="ow">and</span> <span class="n">r_type</span> <span class="ow">in</span> <span class="n">self</span><span class="p">.</span><span class="n">exclude_types</span><span class="p">:</span> <span class="k">return</span> <span class="bp">False</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">modules</span> <span class="ow">and</span> <span class="ow">not</span> <span class="nf">any</span><span class="p">(</span><span class="n">module</span><span class="p">.</span><span class="nf">startswith</span><span class="p">(</span><span class="n">m</span><span class="p">)</span> <span class="k">for</span> <span class="n">m</span> <span class="ow">in</span> <span class="n">self</span><span class="p">.</span><span class="n">modules</span><span class="p">):</span> <span class="k">return</span> <span class="bp">False</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">providers</span> <span class="ow">and</span> <span class="n">provider</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">self</span><span class="p">.</span><span class="n">providers</span><span class="p">:</span> <span class="k">return</span> <span class="bp">False</span> <span class="k">if</span> <span class="n">self</span><span class="p">.</span><span class="n">address_pattern</span> <span class="ow">and</span> <span class="ow">not</span> <span class="n">self</span><span class="p">.</span><span class="n">address_pattern</span><span class="p">.</span><span class="nf">search</span><span class="p">(</span><span class="n">resource_addr</span><span class="p">):</span> <span class="k">return</span> <span class="bp">False</span> <span class="k">return</span> <span class="bp">True</span> <span class="k">class</span> <span class="nc">RiskAnalyzer</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Identifies dangerous changes based on resource sensitivity</span><span class="sh">"""</span> <span class="n">CRITICAL_TYPES</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">aws_db_instance</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">aws_rds_cluster</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">google_sql_database_instance</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">azurerm_postgresql_server</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">aws_s3_bucket</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">google_storage_bucket</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">aws_iam_role</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">aws_kms_key</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">kubernetes_namespace</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">aws_route53_zone</span><span class="sh">'</span> <span class="p">}</span> <span class="nd">@staticmethod</span> <span class="k">def</span> <span class="nf">assess</span><span class="p">(</span><span class="n">resource_type</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">actions</span><span class="p">:</span> <span class="n">List</span><span class="p">[</span><span class="nb">str</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="n">is_delete</span> <span class="o">=</span> <span class="sh">'</span><span class="s">delete</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">actions</span> <span class="n">is_replace</span> <span class="o">=</span> <span class="sh">'</span><span class="s">create</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">actions</span> <span class="ow">and</span> <span class="sh">'</span><span class="s">delete</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">actions</span> <span class="k">if</span> <span class="n">resource_type</span> <span class="ow">in</span> <span class="n">RiskAnalyzer</span><span class="p">.</span><span class="n">CRITICAL_TYPES</span><span class="p">:</span> <span class="k">return</span> <span class="sh">"</span><span class="s">CRITICAL</span><span class="sh">"</span> <span class="nf">if </span><span class="p">(</span><span class="n">is_delete</span> <span class="ow">or</span> <span class="n">is_replace</span><span class="p">)</span> <span class="k">else</span> <span class="sh">"</span><span class="s">HIGH</span><span class="sh">"</span> <span class="k">if</span> <span class="n">is_delete</span> <span class="ow">or</span> <span class="n">is_replace</span><span class="p">:</span> <span class="k">return</span> <span class="sh">"</span><span class="s">HIGH</span><span class="sh">"</span> <span class="k">if</span> <span class="sh">'</span><span class="s">update</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">actions</span><span class="p">:</span> <span class="k">return</span> <span class="sh">"</span><span class="s">MEDIUM</span><span class="sh">"</span> <span class="k">return</span> <span class="sh">"</span><span class="s">LOW</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">EnterpriseTFDetector</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">plan_file</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">filter_engine</span><span class="p">:</span> <span class="n">FilterEngine</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">plan_file</span> <span class="o">=</span> <span class="n">plan_file</span> <span class="n">self</span><span class="p">.</span><span class="n">filter_engine</span> <span class="o">=</span> <span class="n">filter_engine</span> <span class="n">self</span><span class="p">.</span><span class="n">risk_analyzer</span> <span class="o">=</span> <span class="nc">RiskAnalyzer</span><span class="p">()</span> <span class="n">self</span><span class="p">.</span><span class="n">data</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="nf">_load_plan</span><span class="p">(</span><span class="n">plan_file</span><span class="p">)</span> <span class="k">def</span> <span class="nf">_load_plan</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">filepath</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">Dict</span><span class="p">:</span> <span class="k">try</span><span class="p">:</span> <span class="k">with</span> <span class="nf">open</span><span class="p">(</span><span class="n">filepath</span><span class="p">,</span> <span class="sh">'</span><span class="s">r</span><span class="sh">'</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span> <span class="k">return</span> <span class="n">json</span><span class="p">.</span><span class="nf">load</span><span class="p">(</span><span class="n">f</span><span class="p">)</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Failed to load plan file: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="n">sys</span><span class="p">.</span><span class="nf">exit</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="k">def</span> <span class="nf">_detect_provider</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">resource_type</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="n">parts</span> <span class="o">=</span> <span class="n">resource_type</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="sh">'</span><span class="s">_</span><span class="sh">'</span><span class="p">,</span> <span class="mi">1</span><span class="p">)</span> <span class="k">return</span> <span class="n">parts</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="k">if</span> <span class="nf">len</span><span class="p">(</span><span class="n">parts</span><span class="p">)</span> <span class="o">&gt;</span> <span class="mi">1</span> <span class="k">else</span> <span class="sh">'</span><span class="s">other</span><span class="sh">'</span> <span class="k">def</span> <span class="nf">analyze</span><span class="p">(</span><span class="n">self</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">Dict</span><span class="p">[</span><span class="nb">str</span><span class="p">,</span> <span class="n">Any</span><span class="p">]:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">info</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Analyzing </span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">plan_file</span><span class="si">}</span><span class="s">...</span><span class="sh">"</span><span class="p">)</span> <span class="n">results</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">'</span><span class="s">metadata</span><span class="sh">'</span><span class="p">:</span> <span class="p">{</span> <span class="sh">'</span><span class="s">timestamp</span><span class="sh">'</span><span class="p">:</span> <span class="n">datetime</span><span class="p">.</span><span class="nf">now</span><span class="p">().</span><span class="nf">isoformat</span><span class="p">(),</span> <span class="sh">'</span><span class="s">tf_version</span><span class="sh">'</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">terraform_version</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">Unknown</span><span class="sh">'</span><span class="p">),</span> <span class="sh">'</span><span class="s">plan_id</span><span class="sh">'</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">format_version</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">N/A</span><span class="sh">'</span><span class="p">)</span> <span class="p">},</span> <span class="sh">'</span><span class="s">changes</span><span class="sh">'</span><span class="p">:</span> <span class="p">[],</span> <span class="sh">'</span><span class="s">stats</span><span class="sh">'</span><span class="p">:</span> <span class="nf">defaultdict</span><span class="p">(</span><span class="nb">int</span><span class="p">),</span> <span class="sh">'</span><span class="s">risk_summary</span><span class="sh">'</span><span class="p">:</span> <span class="nf">defaultdict</span><span class="p">(</span><span class="nb">int</span><span class="p">),</span> <span class="sh">'</span><span class="s">by_module</span><span class="sh">'</span><span class="p">:</span> <span class="nf">defaultdict</span><span class="p">(</span><span class="k">lambda</span><span class="p">:</span> <span class="nf">defaultdict</span><span class="p">(</span><span class="nb">int</span><span class="p">))</span> <span class="p">}</span> <span class="n">resource_changes</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">resource_changes</span><span class="sh">'</span><span class="p">,</span> <span class="p">[])</span> <span class="k">for</span> <span class="n">change</span> <span class="ow">in</span> <span class="n">resource_changes</span><span class="p">:</span> <span class="n">addr</span> <span class="o">=</span> <span class="n">change</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">address</span><span class="sh">'</span><span class="p">)</span> <span class="n">r_type</span> <span class="o">=</span> <span class="n">change</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">type</span><span class="sh">'</span><span class="p">)</span> <span class="n">module</span> <span class="o">=</span> <span class="n">change</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">module_address</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">root</span><span class="sh">'</span><span class="p">)</span> <span class="n">provider</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="nf">_detect_provider</span><span class="p">(</span><span class="n">r_type</span><span class="p">)</span> <span class="n">actions</span> <span class="o">=</span> <span class="n">change</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">change</span><span class="sh">'</span><span class="p">,</span> <span class="p">{}).</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">actions</span><span class="sh">'</span><span class="p">,</span> <span class="p">[])</span> <span class="k">if</span> <span class="sh">'</span><span class="s">no-op</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">actions</span> <span class="ow">or</span> <span class="ow">not</span> <span class="n">actions</span> <span class="ow">or</span> <span class="n">actions</span> <span class="o">==</span> <span class="p">[</span><span class="sh">'</span><span class="s">read</span><span class="sh">'</span><span class="p">]:</span> <span class="k">continue</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">self</span><span class="p">.</span><span class="n">filter_engine</span><span class="p">.</span><span class="nf">should_include</span><span class="p">(</span><span class="n">addr</span><span class="p">,</span> <span class="n">r_type</span><span class="p">,</span> <span class="n">module</span><span class="p">,</span> <span class="n">provider</span><span class="p">):</span> <span class="k">continue</span> <span class="n">risk</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">risk_analyzer</span><span class="p">.</span><span class="nf">assess</span><span class="p">(</span><span class="n">r_type</span><span class="p">,</span> <span class="n">actions</span><span class="p">)</span> <span class="n">primary_action</span> <span class="o">=</span> <span class="sh">"</span><span class="s">replace</span><span class="sh">"</span> <span class="nf">if </span><span class="p">(</span><span class="sh">'</span><span class="s">create</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">actions</span> <span class="ow">and</span> <span class="sh">'</span><span class="s">delete</span><span class="sh">'</span> <span class="ow">in</span> <span class="n">actions</span><span class="p">)</span> <span class="k">else</span> <span class="n">actions</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="n">res_obj</span> <span class="o">=</span> <span class="nc">ResourceChange</span><span class="p">(</span> <span class="n">address</span><span class="o">=</span><span class="n">addr</span><span class="p">,</span> <span class="nb">type</span><span class="o">=</span><span class="n">r_type</span><span class="p">,</span> <span class="n">name</span><span class="o">=</span><span class="n">change</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">name</span><span class="sh">'</span><span class="p">),</span> <span class="n">module</span><span class="o">=</span><span class="n">module</span><span class="p">,</span> <span class="n">provider</span><span class="o">=</span><span class="n">provider</span><span class="p">,</span> <span class="n">actions</span><span class="o">=</span><span class="n">actions</span><span class="p">,</span> <span class="n">risk_level</span><span class="o">=</span><span class="n">risk</span><span class="p">,</span> <span class="n">change_summary</span><span class="o">=</span><span class="sh">"</span><span class="s"> -&gt; </span><span class="sh">"</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">actions</span><span class="p">)</span> <span class="p">)</span> <span class="n">results</span><span class="p">[</span><span class="sh">'</span><span class="s">changes</span><span class="sh">'</span><span class="p">].</span><span class="nf">append</span><span class="p">(</span><span class="nf">asdict</span><span class="p">(</span><span class="n">res_obj</span><span class="p">))</span> <span class="n">results</span><span class="p">[</span><span class="sh">'</span><span class="s">stats</span><span class="sh">'</span><span class="p">][</span><span class="n">primary_action</span><span class="p">]</span> <span class="o">+=</span> <span class="mi">1</span> <span class="n">results</span><span class="p">[</span><span class="sh">'</span><span class="s">risk_summary</span><span class="sh">'</span><span class="p">][</span><span class="n">risk</span><span class="p">]</span> <span class="o">+=</span> <span class="mi">1</span> <span class="n">results</span><span class="p">[</span><span class="sh">'</span><span class="s">by_module</span><span class="sh">'</span><span class="p">][</span><span class="n">module</span><span class="p">][</span><span class="n">primary_action</span><span class="p">]</span> <span class="o">+=</span> <span class="mi">1</span> <span class="k">return</span> <span class="n">results</span> <span class="k">class</span> <span class="nc">EnterpriseVisualizer</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">analysis_results</span><span class="p">:</span> <span class="n">Dict</span><span class="p">):</span> <span class="n">self</span><span class="p">.</span><span class="n">results</span> <span class="o">=</span> <span class="n">analysis_results</span> <span class="k">def</span> <span class="nf">generate_html</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">output_file</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Generates a standalone HTML dashboard with client-side filtering</span><span class="sh">"""</span> <span class="n">json_data</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">results</span><span class="p">)</span> <span class="n">html_template</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"""</span><span class="s"> &lt;!DOCTYPE html&gt; &lt;html lang=</span><span class="sh">"</span><span class="s">en</span><span class="sh">"</span><span class="s">&gt; &lt;head&gt; &lt;meta charset=</span><span class="sh">"</span><span class="s">UTF-8</span><span class="sh">"</span><span class="s">&gt; &lt;title&gt;TF Impact Dashboard&lt;/title&gt; &lt;script src=</span><span class="sh">"</span><span class="s">https://cdn.tailwindcss.com</span><span class="sh">"</span><span class="s">&gt;&lt;/script&gt; &lt;style&gt; .risk-CRITICAL {{ border-left: 5px solid #ef4444; background: rgba(239, 68, 68, 0.05); }} .risk-HIGH {{ border-left: 5px solid #f97316; background: rgba(249, 115, 22, 0.05); }} .risk-MEDIUM {{ border-left: 5px solid #f59e0b; }} .risk-LOW {{ border-left: 5px solid #10b981; }} &lt;/style&gt; &lt;/head&gt; &lt;body class=</span><span class="sh">"</span><span class="s">bg-slate-900 text-slate-100 min-h-screen pb-20</span><span class="sh">"</span><span class="s">&gt; &lt;div class=</span><span class="sh">"</span><span class="s">max-w-7xl mx-auto px-6 py-10</span><span class="sh">"</span><span class="s">&gt; &lt;header class=</span><span class="sh">"</span><span class="s">flex justify-between items-center mb-10 border-b border-slate-700 pb-8</span><span class="sh">"</span><span class="s">&gt; &lt;div&gt; &lt;h1 class=</span><span class="sh">"</span><span class="s">text-4xl font-extrabold text-white tracking-tight</span><span class="sh">"</span><span class="s">&gt;Terraform Impact Dashboard&lt;/h1&gt; &lt;p class=</span><span class="sh">"</span><span class="s">text-slate-400 mt-2 font-medium</span><span class="sh">"</span><span class="s">&gt;Enterprise Infrastructure Change Analysis&lt;/p&gt; &lt;/div&gt; &lt;div class=</span><span class="sh">"</span><span class="s">text-right</span><span class="sh">"</span><span class="s">&gt; &lt;div class=</span><span class="sh">"</span><span class="s">text-xs uppercase tracking-widest text-slate-500 font-bold</span><span class="sh">"</span><span class="s">&gt;Report Generated&lt;/div&gt; &lt;div class=</span><span class="sh">"</span><span class="s">text-slate-300 font-mono</span><span class="sh">"</span><span class="s">&gt;</span><span class="si">{</span><span class="n">datetime</span><span class="p">.</span><span class="nf">now</span><span class="p">().</span><span class="n">strftime</span><span class="p">(</span><span class="sh">'</span><span class="s">%Y-%m-%d %H</span><span class="si">:</span><span class="o">%</span><span class="n">M</span><span class="si">:</span><span class="o">%</span><span class="n">S</span><span class="sh">'</span><span class="s">)</span><span class="si">}</span><span class="s">&lt;/div&gt; &lt;/div&gt; &lt;/header&gt; &lt;div class=</span><span class="sh">"</span><span class="s">grid grid-cols-2 md:grid-cols-4 gap-6 mb-10</span><span class="sh">"</span><span class="s">&gt; &lt;div class=</span><span class="sh">"</span><span class="s">bg-slate-800 p-6 rounded-2xl border border-slate-700 shadow-lg</span><span class="sh">"</span><span class="s">&gt; &lt;div class=</span><span class="sh">"</span><span class="s">text-slate-500 text-xs font-bold uppercase mb-1</span><span class="sh">"</span><span class="s">&gt;Create&lt;/div&gt; &lt;div class=</span><span class="sh">"</span><span class="s">text-3xl font-bold text-emerald-500</span><span class="sh">"</span><span class="s">&gt;</span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">results</span><span class="p">[</span><span class="sh">'</span><span class="s">stats</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">create</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">&lt;/div&gt; &lt;/div&gt; &lt;div class=</span><span class="sh">"</span><span class="s">bg-slate-800 p-6 rounded-2xl border border-slate-700 shadow-lg</span><span class="sh">"</span><span class="s">&gt; &lt;div class=</span><span class="sh">"</span><span class="s">text-slate-500 text-xs font-bold uppercase mb-1</span><span class="sh">"</span><span class="s">&gt;Update&lt;/div&gt; &lt;div class=</span><span class="sh">"</span><span class="s">text-3xl font-bold text-amber-500</span><span class="sh">"</span><span class="s">&gt;</span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">results</span><span class="p">[</span><span class="sh">'</span><span class="s">stats</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">update</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">&lt;/div&gt; &lt;/div&gt; &lt;div class=</span><span class="sh">"</span><span class="s">bg-slate-800 p-6 rounded-2xl border border-slate-700 shadow-lg</span><span class="sh">"</span><span class="s">&gt; &lt;div class=</span><span class="sh">"</span><span class="s">text-slate-500 text-xs font-bold uppercase mb-1</span><span class="sh">"</span><span class="s">&gt;Replace&lt;/div&gt; &lt;div class=</span><span class="sh">"</span><span class="s">text-3xl font-bold text-violet-500</span><span class="sh">"</span><span class="s">&gt;</span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">results</span><span class="p">[</span><span class="sh">'</span><span class="s">stats</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">replace</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">&lt;/div&gt; &lt;/div&gt; &lt;div class=</span><span class="sh">"</span><span class="s">bg-slate-800 p-6 rounded-2xl border border-slate-700 shadow-lg</span><span class="sh">"</span><span class="s">&gt; &lt;div class=</span><span class="sh">"</span><span class="s">text-slate-500 text-xs font-bold uppercase mb-1</span><span class="sh">"</span><span class="s">&gt;Delete&lt;/div&gt; &lt;div class=</span><span class="sh">"</span><span class="s">text-3xl font-bold text-red-500</span><span class="sh">"</span><span class="s">&gt;</span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">results</span><span class="p">[</span><span class="sh">'</span><span class="s">stats</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">delete</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">&lt;/div&gt; &lt;/div&gt; &lt;/div&gt; &lt;div class=</span><span class="sh">"</span><span class="s">bg-slate-800 p-8 rounded-2xl mb-10 border border-slate-700 shadow-2xl</span><span class="sh">"</span><span class="s">&gt; &lt;h3 class=</span><span class="sh">"</span><span class="s">text-sm font-bold text-slate-400 uppercase tracking-widest mb-6</span><span class="sh">"</span><span class="s">&gt;Interactive Filters&lt;/h3&gt; &lt;div class=</span><span class="sh">"</span><span class="s">grid grid-cols-1 md:grid-cols-3 gap-8</span><span class="sh">"</span><span class="s">&gt; &lt;div class=</span><span class="sh">"</span><span class="s">space-y-2</span><span class="sh">"</span><span class="s">&gt; &lt;label class=</span><span class="sh">"</span><span class="s">text-xs font-bold text-slate-500 uppercase</span><span class="sh">"</span><span class="s">&gt;Search Resources&lt;/label&gt; &lt;input type=</span><span class="sh">"</span><span class="s">text</span><span class="sh">"</span><span class="s"> id=</span><span class="sh">"</span><span class="s">searchBox</span><span class="sh">"</span><span class="s"> placeholder=</span><span class="sh">"</span><span class="s">Search address, type, or module...</span><span class="sh">"</span><span class="s"> class=</span><span class="sh">"</span><span class="s">w-full bg-slate-900 border-slate-700 border rounded-xl p-3 text-sm focus:ring-2 focus:ring-blue-500 outline-none transition-all</span><span class="sh">"</span><span class="s">&gt; &lt;/div&gt; &lt;div class=</span><span class="sh">"</span><span class="s">space-y-2</span><span class="sh">"</span><span class="s">&gt; &lt;label class=</span><span class="sh">"</span><span class="s">text-xs font-bold text-slate-500 uppercase</span><span class="sh">"</span><span class="s">&gt;Risk Threshold&lt;/label&gt; &lt;select id=</span><span class="sh">"</span><span class="s">riskFilter</span><span class="sh">"</span><span class="s"> class=</span><span class="sh">"</span><span class="s">w-full bg-slate-900 border-slate-700 border rounded-xl p-3 text-sm outline-none</span><span class="sh">"</span><span class="s">&gt; &lt;option value=</span><span class="sh">"</span><span class="s">ALL</span><span class="sh">"</span><span class="s">&gt;Show All Risks&lt;/option&gt; &lt;option value=</span><span class="sh">"</span><span class="s">CRITICAL</span><span class="sh">"</span><span class="s">&gt;Critical Only&lt;/option&gt; &lt;option value=</span><span class="sh">"</span><span class="s">HIGH</span><span class="sh">"</span><span class="s">&gt;High &amp; Above&lt;/option&gt; &lt;/select&gt; &lt;/div&gt; &lt;div class=</span><span class="sh">"</span><span class="s">space-y-2</span><span class="sh">"</span><span class="s">&gt; &lt;label class=</span><span class="sh">"</span><span class="s">text-xs font-bold text-slate-500 uppercase</span><span class="sh">"</span><span class="s">&gt;Filter Action&lt;/label&gt; &lt;select id=</span><span class="sh">"</span><span class="s">actionFilter</span><span class="sh">"</span><span class="s"> class=</span><span class="sh">"</span><span class="s">w-full bg-slate-900 border-slate-700 border rounded-xl p-3 text-sm outline-none</span><span class="sh">"</span><span class="s">&gt; &lt;option value=</span><span class="sh">"</span><span class="s">ALL</span><span class="sh">"</span><span class="s">&gt;All Actions&lt;/option&gt; &lt;option value=</span><span class="sh">"</span><span class="s">create</span><span class="sh">"</span><span class="s">&gt;Create&lt;/option&gt; &lt;option value=</span><span class="sh">"</span><span class="s">update</span><span class="sh">"</span><span class="s">&gt;Update&lt;/option&gt; &lt;option value=</span><span class="sh">"</span><span class="s">replace</span><span class="sh">"</span><span class="s">&gt;Replace&lt;/option&gt; &lt;option value=</span><span class="sh">"</span><span class="s">delete</span><span class="sh">"</span><span class="s">&gt;Delete&lt;/option&gt; &lt;/select&gt; &lt;/div&gt; &lt;/div&gt; &lt;/div&gt; &lt;div class=</span><span class="sh">"</span><span class="s">bg-slate-800 rounded-2xl border border-slate-700 overflow-hidden shadow-2xl</span><span class="sh">"</span><span class="s">&gt; &lt;div id=</span><span class="sh">"</span><span class="s">resource-list</span><span class="sh">"</span><span class="s"> class=</span><span class="sh">"</span><span class="s">divide-y divide-slate-700</span><span class="sh">"</span><span class="s">&gt; &lt;/div&gt; &lt;/div&gt; &lt;/div&gt; &lt;script&gt; const data = </span><span class="si">{</span><span class="n">json_data</span><span class="si">}</span><span class="s">; const listContainer = document.getElementById(</span><span class="sh">'</span><span class="s">resource-list</span><span class="sh">'</span><span class="s">); function updateUI() {{ const searchTerm = document.getElementById(</span><span class="sh">'</span><span class="s">searchBox</span><span class="sh">'</span><span class="s">).value.toLowerCase(); const riskLevel = document.getElementById(</span><span class="sh">'</span><span class="s">riskFilter</span><span class="sh">'</span><span class="s">).value; const actionType = document.getElementById(</span><span class="sh">'</span><span class="s">actionFilter</span><span class="sh">'</span><span class="s">).value; const filtered = data.changes.filter(item =&gt; {{ const matchesSearch = item.address.toLowerCase().includes(searchTerm) || item.type.toLowerCase().includes(searchTerm); const matchesRisk = riskLevel === </span><span class="sh">'</span><span class="s">ALL</span><span class="sh">'</span><span class="s"> || (riskLevel === </span><span class="sh">'</span><span class="s">HIGH</span><span class="sh">'</span><span class="s"> ? (item.risk_level === </span><span class="sh">'</span><span class="s">HIGH</span><span class="sh">'</span><span class="s"> || item.risk_level === </span><span class="sh">'</span><span class="s">CRITICAL</span><span class="sh">'</span><span class="s">) : item.risk_level === riskLevel); const matchesAction = actionType === </span><span class="sh">'</span><span class="s">ALL</span><span class="sh">'</span><span class="s"> || item.actions.includes(actionType); return matchesSearch &amp;&amp; matchesRisk &amp;&amp; matchesAction; }}); if (filtered.length === 0) {{ listContainer.innerHTML = </span><span class="sh">'</span><span class="s">&lt;div class=</span><span class="sh">"</span><span class="s">p-20 text-center text-slate-500 font-medium</span><span class="sh">"</span><span class="s">&gt;No resources match your filters&lt;/div&gt;</span><span class="sh">'</span><span class="s">; return; }} listContainer.innerHTML = filtered.map(item =&gt; ` &lt;div class=</span><span class="sh">"</span><span class="s">p-6 hover:bg-slate-700/20 transition-all risk-${{item.risk_level}} flex flex-col md:flex-row justify-between items-start md:items-center gap-4</span><span class="sh">"</span><span class="s">&gt; &lt;div class=</span><span class="sh">"</span><span class="s">flex-1</span><span class="sh">"</span><span class="s">&gt; &lt;div class=</span><span class="sh">"</span><span class="s">flex items-center gap-3 mb-1</span><span class="sh">"</span><span class="s">&gt; &lt;span class=</span><span class="sh">"</span><span class="s">text-xs font-mono font-bold text-slate-500 bg-slate-900 px-2 py-0.5 rounded border border-slate-700</span><span class="sh">"</span><span class="s">&gt;${{item.type}}&lt;/span&gt; &lt;span class=</span><span class="sh">"</span><span class="s">text-xs font-bold uppercase tracking-tighter ${{item.risk_level === </span><span class="sh">'</span><span class="s">CRITICAL</span><span class="sh">'</span><span class="s"> ? </span><span class="sh">'</span><span class="s">text-red-500</span><span class="sh">'</span><span class="s"> : (item.risk_level === </span><span class="sh">'</span><span class="s">HIGH</span><span class="sh">'</span><span class="s"> ? </span><span class="sh">'</span><span class="s">text-orange-500</span><span class="sh">'</span><span class="s"> : </span><span class="sh">'</span><span class="s">text-slate-400</span><span class="sh">'</span><span class="s">)}}</span><span class="sh">"</span><span class="s">&gt; ${{item.risk_level}} RISK &lt;/span&gt; &lt;/div&gt; &lt;h4 class=</span><span class="sh">"</span><span class="s">text-blue-400 font-mono text-sm font-semibold mb-1 truncate</span><span class="sh">"</span><span class="s">&gt;# ${{item.address}}&lt;/h4&gt; &lt;div class=</span><span class="sh">"</span><span class="s">text-xs text-slate-500</span><span class="sh">"</span><span class="s">&gt;Module Path: &lt;span class=</span><span class="sh">"</span><span class="s">text-slate-400</span><span class="sh">"</span><span class="s">&gt;${{item.module}}&lt;/span&gt;&lt;/div&gt; &lt;/div&gt; &lt;div class=</span><span class="sh">"</span><span class="s">flex flex-col items-end gap-2</span><span class="sh">"</span><span class="s">&gt; &lt;div class=</span><span class="sh">"</span><span class="s">flex gap-1</span><span class="sh">"</span><span class="s">&gt; ${{item.actions.map(a =&gt; ` &lt;span class=</span><span class="sh">"</span><span class="s">px-3 py-1 rounded-full text-[10px] font-black uppercase tracking-widest border ${{a === </span><span class="sh">'</span><span class="s">create</span><span class="sh">'</span><span class="s"> ? </span><span class="sh">'</span><span class="s">bg-emerald-500/10 text-emerald-500 border-emerald-500/20</span><span class="sh">'</span><span class="s"> : a === </span><span class="sh">'</span><span class="s">delete</span><span class="sh">'</span><span class="s"> ? </span><span class="sh">'</span><span class="s">bg-red-500/10 text-red-500 border-red-500/20</span><span class="sh">'</span><span class="s"> : </span><span class="sh">'</span><span class="s">bg-blue-500/10 text-blue-400 border-blue-500/20</span><span class="sh">'</span><span class="s">}}</span><span class="sh">"</span><span class="s">&gt; ${{a}} &lt;/span&gt; `).join(</span><span class="sh">''</span><span class="s">)}} &lt;/div&gt; &lt;div class=</span><span class="sh">"</span><span class="s">text-[10px] font-bold text-slate-600 uppercase tracking-widest</span><span class="sh">"</span><span class="s">&gt;Provider: ${{item.provider}}&lt;/div&gt; &lt;/div&gt; &lt;/div&gt; `).join(</span><span class="sh">''</span><span class="s">); }} document.getElementById(</span><span class="sh">'</span><span class="s">searchBox</span><span class="sh">'</span><span class="s">).addEventListener(</span><span class="sh">'</span><span class="s">input</span><span class="sh">'</span><span class="s">, updateUI); document.getElementById(</span><span class="sh">'</span><span class="s">riskFilter</span><span class="sh">'</span><span class="s">).addEventListener(</span><span class="sh">'</span><span class="s">change</span><span class="sh">'</span><span class="s">, updateUI); document.getElementById(</span><span class="sh">'</span><span class="s">actionFilter</span><span class="sh">'</span><span class="s">).addEventListener(</span><span class="sh">'</span><span class="s">change</span><span class="sh">'</span><span class="s">, updateUI); // Initial render updateUI(); &lt;/script&gt; &lt;/body&gt; &lt;/html&gt; </span><span class="sh">"""</span> <span class="k">with</span> <span class="nf">open</span><span class="p">(</span><span class="n">output_file</span><span class="p">,</span> <span class="sh">'</span><span class="s">w</span><span class="sh">'</span><span class="p">)</span> <span class="k">as</span> <span class="n">f</span><span class="p">:</span> <span class="n">f</span><span class="p">.</span><span class="nf">write</span><span class="p">(</span><span class="n">html_template</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Dashboard generated: </span><span class="si">{</span><span class="n">output_file</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">main</span><span class="p">():</span> <span class="n">parser</span> <span class="o">=</span> <span class="n">argparse</span><span class="p">.</span><span class="nc">ArgumentParser</span><span class="p">(</span><span class="n">description</span><span class="o">=</span><span class="sh">'</span><span class="s">Enterprise TF Impact Dashboard Generator</span><span class="sh">'</span><span class="p">)</span> <span class="n">parser</span><span class="p">.</span><span class="nf">add_argument</span><span class="p">(</span><span class="sh">'</span><span class="s">plan</span><span class="sh">'</span><span class="p">,</span> <span class="n">help</span><span class="o">=</span><span class="sh">'</span><span class="s">Terraform plan JSON file</span><span class="sh">'</span><span class="p">)</span> <span class="n">parser</span><span class="p">.</span><span class="nf">add_argument</span><span class="p">(</span><span class="sh">'</span><span class="s">--output</span><span class="sh">'</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="sh">'</span><span class="s">tf_report.html</span><span class="sh">'</span><span class="p">,</span> <span class="n">help</span><span class="o">=</span><span class="sh">'</span><span class="s">Output HTML filename</span><span class="sh">'</span><span class="p">)</span> <span class="n">parser</span><span class="p">.</span><span class="nf">add_argument</span><span class="p">(</span><span class="sh">'</span><span class="s">--provider</span><span class="sh">'</span><span class="p">,</span> <span class="n">nargs</span><span class="o">=</span><span class="sh">'</span><span class="s">+</span><span class="sh">'</span><span class="p">,</span> <span class="n">help</span><span class="o">=</span><span class="sh">'</span><span class="s">Initial filter by provider</span><span class="sh">'</span><span class="p">)</span> <span class="n">parser</span><span class="p">.</span><span class="nf">add_argument</span><span class="p">(</span><span class="sh">'</span><span class="s">--module</span><span class="sh">'</span><span class="p">,</span> <span class="n">nargs</span><span class="o">=</span><span class="sh">'</span><span class="s">+</span><span class="sh">'</span><span class="p">,</span> <span class="n">help</span><span class="o">=</span><span class="sh">'</span><span class="s">Initial filter by module prefix</span><span class="sh">'</span><span class="p">)</span> <span class="n">args</span> <span class="o">=</span> <span class="n">parser</span><span class="p">.</span><span class="nf">parse_args</span><span class="p">()</span> <span class="c1"># Pre-filtering engine (CLI level) </span> <span class="n">engine</span> <span class="o">=</span> <span class="nc">FilterEngine</span><span class="p">(</span><span class="n">providers</span><span class="o">=</span><span class="n">args</span><span class="p">.</span><span class="n">provider</span><span class="p">,</span> <span class="n">modules</span><span class="o">=</span><span class="n">args</span><span class="p">.</span><span class="n">module</span><span class="p">)</span> <span class="n">detector</span> <span class="o">=</span> <span class="nc">EnterpriseTFDetector</span><span class="p">(</span><span class="n">args</span><span class="p">.</span><span class="n">plan</span><span class="p">,</span> <span class="n">engine</span><span class="p">)</span> <span class="n">results</span> <span class="o">=</span> <span class="n">detector</span><span class="p">.</span><span class="nf">analyze</span><span class="p">()</span> <span class="n">visualizer</span> <span class="o">=</span> <span class="nc">EnterpriseVisualizer</span><span class="p">(</span><span class="n">results</span><span class="p">)</span> <span class="n">visualizer</span><span class="p">.</span><span class="nf">generate_html</span><span class="p">(</span><span class="n">args</span><span class="p">.</span><span class="n">output</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sh">"</span><span class="se">\n</span><span class="s">Summary:</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s"> - Total Changes detected: </span><span class="si">{</span><span class="nf">sum</span><span class="p">(</span><span class="n">results</span><span class="p">[</span><span class="sh">'</span><span class="s">stats</span><span class="sh">'</span><span class="p">].</span><span class="nf">values</span><span class="p">())</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s"> - Critical Risks: </span><span class="si">{</span><span class="n">results</span><span class="p">[</span><span class="sh">'</span><span class="s">risk_summary</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">CRITICAL</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s"> - High Risks: </span><span class="si">{</span><span class="n">results</span><span class="p">[</span><span class="sh">'</span><span class="s">risk_summary</span><span class="sh">'</span><span class="p">][</span><span class="sh">'</span><span class="s">HIGH</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">__name__</span> <span class="o">==</span> <span class="sh">"</span><span class="s">__main__</span><span class="sh">"</span><span class="p">:</span> <span class="nf">main</span><span class="p">()</span> </code></pre> </div> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd7c47yzw9tsoottiv19b.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fd7c47yzw9tsoottiv19b.png" alt="Terraform Dashboard" width="800" height="535"></a></p> terraform infrastructure linux cloudcomputing Praveen HA Mon, 03 Jun 2024 07:23:41 +0000 https://forem.com/praveenha/streamline-your-aws-asset-inventory-with-automated-discovery-and-reporting-4c29 https://forem.com/praveenha/streamline-your-aws-asset-inventory-with-automated-discovery-and-reporting-4c29 <p>Managing resources across multiple AWS accounts and regions can be a daunting task, especially as your cloud infrastructure grows. To simplify this process, I have developed an AWS Inventory Discovery tool that scans all your AWS accounts across all regions and compiles a comprehensive, searchable HTML report. In this blog, I'll walk you through the features, benefits, and technical details of this solution.</p> <p>Introduction<br> As organizations scale their use of AWS, keeping track of resources scattered across various accounts and regions becomes increasingly challenging. Manual inventory management is not only time-consuming but also prone to errors. This is where the AWS Inventory Discovery tool comes in.</p> <p>Features<br> Comprehensive Scanning: The tool scans all your AWS accounts across all regions, ensuring no resource is left unaccounted for.<br> Detailed Reporting: Generates a detailed HTML report that lists all discovered resources, including their ARNs and regions.<br> Searchable Interface: The HTML report includes a search functionality, making it easy to find specific resources quickly.<br> Visual Representation: Includes pie charts to provide a visual summary of your resources, helping you quickly understand the distribution of resources across various dimensions.<br> User-Friendly: The generated report is easy to navigate, allowing users to drill down into resource details with just a few clicks.<br> Benefits<br> Improved Visibility: Gain a clear overview of all your AWS resources across accounts and regions.<br> Time Savings: Automate the discovery process, freeing up time for your team to focus on more critical tasks.<br> Error Reduction: Minimize the risk of overlooking resources or making mistakes in manual inventories.<br> Enhanced Security: Quickly identify and manage resources to ensure compliance with security policies and best practices.<br> How It Works<br> Prerequisites<br> Before you begin, ensure you have the following set up:</p> <p>AWS CLI: Install the AWS Command Line Interface (CLI).<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>pip install awscli AWS Credentials: Export your AWS profile or access keys and secrets, and specify the region. export AWS_PROFILE=your-aws-profile export AWS_ACCESS_KEY_ID=your-access-key-id export AWS_SECRET_ACCESS_KEY=your-secret-access-key export AWS_DEFAULT_REGION=your-default-region` </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>#!/bin/bash AccountID="&lt;YOUR_AWS_ACCOUNT&gt;" regions=$(aws ec2 describe-regions --query "Regions[].RegionName" --output text) #regions=(ap-south-1 eu-north-1 eu-west-3 eu-west-1 ap-northeast-3 ap-northeast-2 ap-northeast-1 ca-central-1 sa-east-1 ap-southeast-1 ap-southeast-2 eu-central-1 us-east-1 us-east-2 us-west-1 us-west-2 ) # Initialize arrays to store data declare -a summary_data=() declare -a detailed_data=() # Fetch resources from all regions for region in $regions; do # Fetch resource ARNs and process them data=$(aws --region $region resourcegroupstaggingapi get-resources | jq -r '.ResourceTagMappingList[].ResourceARN' | \ awk -v region=$region -F '[:/]' ' { resourceType = "unknown" if ($3 == "s3") { resourceType = "bucket" } else if ($3 == "sns") { resourceType = "topic" } else { resourceType = $6 } # Construct a unique key for each service-resource pair pair = $3 ":" resourceType count[pair]++ } END { for (pair in count) { split(pair, s, ":") # Split the pair back into service and resource service = s[1] resource = s[2] print "{\"service\":\"" service "\", \"resource\":\"" resource "\", \"count\":" count[pair] "}" } } ') # Append to summary_data summary_data+=($data) # Fetch detailed resource information detailed_info=$(aws resourcegroupstaggingapi get-resources --region $region | jq -r --arg region $region '.ResourceTagMappingList[] | {Resource_Arn: .ResourceARN, Region: ($region // "Global"), Detailed_Service: (.ResourceARN | split(":")[2])}') # Append to detailed_data detailed_data+=($detailed_info) done # Process summary data summary_json=$(printf "%s\n" "${summary_data[@]}" | jq -s 'group_by(.service, .resource) | map({service: .[0].service, resource: .[0].resource, count: map(.count) | add})') total_resources=$(echo "$summary_json" | jq 'map(.count) | add') # Process detailed data detailed_json=$(printf "%s\n" "${detailed_data[@]}" | jq -s .) # Generate HTML cat &lt;&lt;EOF &gt; index.html &lt;!DOCTYPE html&gt; &lt;html lang="en"&gt; &lt;head&gt; &lt;meta charset="UTF-8"&gt; &lt;meta name="viewport" content="width=device-width, initial-scale=1.0"&gt; &lt;title&gt;AWS Resources&lt;/title&gt; &lt;style&gt; body { font-family: Arial, sans-serif; background-color: #f4f4f9; margin: 0; padding: 20px; } h1 { color: #333; } #searchBox, #searchBox2 { width: 100%; padding: 10px; margin-bottom: 20px; box-sizing: border-box; font-size: 16px; } table { width: 100%; border-collapse: collapse; } th, td { border: 1px solid #ddd; padding: 8px; text-align: left; } th { background-color: #4CAF50; color: white; } tr:nth-child(even) { background-color: #f2f2f2; } tr:hover { background-color: #ddd; } .total-count { font-size: 18px; margin: 20px 0; } #chartContainer { width: 50%; margin: 0 auto; } &lt;/style&gt; &lt;/head&gt; &lt;body&gt; &lt;h1&gt;AWS Resources for Account ID: $AccountID&lt;/h1&gt; &lt;div class="total-count"&gt;Total Resources: $total_resources&lt;/div&gt; &lt;input type="text" id="searchBox" onkeyup="filterTable()" placeholder="Search for services.."&gt; &lt;table id="resourcesTable"&gt; &lt;thead&gt; &lt;tr&gt; &lt;th&gt;Service&lt;/th&gt; &lt;th&gt;Resource&lt;/th&gt; &lt;th&gt;Count&lt;/th&gt; &lt;/tr&gt; &lt;/thead&gt; &lt;tbody&gt; &lt;/tbody&gt; &lt;/table&gt; &lt;h1&gt;Detailed AWS Resources&lt;/h1&gt; &lt;input type="text" id="searchBox2" onkeyup="filterTable2()" placeholder="Search for resources.."&gt; &lt;table id="detailedResourcesTable"&gt; &lt;thead&gt; &lt;tr&gt; &lt;th&gt;Resource ARN&lt;/th&gt; &lt;th&gt;Region&lt;/th&gt; &lt;th&gt;Detailed Service&lt;/th&gt; &lt;/tr&gt; &lt;/thead&gt; &lt;tbody&gt; &lt;/tbody&gt; &lt;/table&gt; &lt;div id="chartContainer"&gt; &lt;canvas id="resourceChart"&gt;&lt;/canvas&gt; &lt;/div&gt; &lt;script src="https://cdn.jsdelivr.net/npm/chart.js"&gt;&lt;/script&gt; &lt;script&gt; const data = $summary_json; const resourceData = $detailed_json; function loadTableData(data) { const tableBody = document.getElementById('resourcesTable').getElementsByTagName('tbody')[0]; tableBody.innerHTML = ""; data.forEach(item =&gt; { let row = tableBody.insertRow(); let cellService = row.insertCell(0); let cellResource = row.insertCell(1); let cellCount = row.insertCell(2); cellService.innerHTML = item.service; cellResource.innerHTML = item.resource; cellCount.innerHTML = item.count; }); updateChart(data); } function loadDetailedTableData(resourceData) { const tableBody = document.getElementById('detailedResourcesTable').getElementsByTagName('tbody')[0]; tableBody.innerHTML = ""; resourceData.forEach(item =&gt; { let row = tableBody.insertRow(); let cellArn = row.insertCell(0); let cellRegion = row.insertCell(1); let cellService = row.insertCell(2); cellArn.innerHTML = item.Resource_Arn; cellRegion.innerHTML = item.Region; cellService.innerHTML = item.Detailed_Service; }); } function filterTable() { const searchValue = document.getElementById('searchBox').value.toLowerCase(); const filteredData = data.filter(item =&gt; item.service &amp;&amp; item.service.toLowerCase().includes(searchValue)); loadTableData(filteredData); } function filterTable2() { const searchValue = document.getElementById('searchBox2').value.toLowerCase(); const filteredResourceData = resourceData.filter(item =&gt; item.Resource_Arn.toLowerCase().includes(searchValue) || item.Region.toLowerCase().includes(searchValue) || item.Detailed_Service.toLowerCase().includes(searchValue) ); loadDetailedTableData(filteredResourceData); } function updateChart(data) { const services = data.reduce((acc, item) =&gt; { acc[item.service] = (acc[item.service] || 0) + item.count; return acc; }, {}); const labels = Object.keys(services); const counts = Object.values(services); const ctx = document.getElementById('resourceChart').getContext('2d'); new Chart(ctx, { type: 'pie', data: { labels: labels, datasets: [{ data: counts, backgroundColor: [ '#FF6384', '#36A2EB', '#FFCE56', '#4CAF50', '#FF9800', '#9C27B0', '#00BCD4' ] }] }, options: { responsive: true, plugins: { legend: { position: 'top', }, title: { display: true, text: 'Resource Distribution by Service' } } } }); } document.addEventListener('DOMContentLoaded', () =&gt; { loadTableData(data); loadDetailedTableData(resourceData); }); &lt;/script&gt; &lt;/body&gt; &lt;/html&gt; EOF </code></pre> </div> aws inventory report awschallenge Praveen HA Sun, 01 Oct 2023 10:32:51 +0000 https://forem.com/praveenha/ami-age-calculator-of-running-aws-ec2-instances-and-generate-csv-report-20gb https://forem.com/praveenha/ami-age-calculator-of-running-aws-ec2-instances-and-generate-csv-report-20gb <p>Instances running on outdated AMIs pose a security risk. Keeping our infrastructure secure requires us to regularly update these instances with the latest AMIs. Manually identifying and updating instances can be a time-consuming process, especially in large AWS accounts.</p> <p>How does the automation work?</p> <p>Our automation script leverages AWS CLI and the power of scripting to identify instances using older AMIs automatically. <br> Account and Region Selection: We can specify the AWS account ID and region you want to scan when executing the Jenkins Job.</p> <p>AMI Age Assessment: The script checks every instance in the selected account and region and determines the age of the associated AMI based on its creation date.</p> <p>Automated Reporting: It generates a CSV report with details of instances using AMIs that are 4 months or older. This report includes the Account ID, Region, Instance ID, AMI ID, and AMI Age (Months).</p> <p>Actionable Insights: With this report, we can easily identify which instances require updates. This information can be used to patch instances with the latest AMIs, ensuring they remain secure and optimized.</p> <p>How can we use it?</p> <p>Running this automation is simple. we can execute the script filling the AWS account ID and region as parameters. script will do the rest providing us with a detailed report.</p> <p>What are the benefits?</p> <p>Enhanced Security: We can proactively identify and patch instances with older AMIs, reducing security vulnerabilities.</p> <p>Efficiency: Manual instance assessment is time-consuming, but this automation speeds up the process, allowing us to focus on other critical tasks.</p> <p>Consistency: By automating this process, we ensure that all instances are assessed uniformly and regularly.</p> <p>`#!/bin/bash</p> <h1> Initialize variables with default values </h1> <p>ACCOUNTID=""<br> REGION=""</p> <p>OUTPUT_CSV="$ACCOUNTID-$REGION-ami_age_report.csv" # Define the CSV file name<br> rm -rf $OUTPUT_CSV</p> <h1> Parse command line options </h1> <p>while getopts "a🅱️" option; do<br> case $option in<br> a) ACCOUNTID=${OPTARG} ;;<br> b) REGION=${OPTARG} ;;<br> *) echo "usage: $0 [-a ACCOUNTID] [-b REGION]" &gt;&amp;2<br> exit 1 ;;<br> esac<br> done</p> <h1> List instances and AMI IDs in the specified region </h1> <p>instances_json=$(aws ec2 describe-instances --region "$REGION" --query 'Reservations[<em>].Instances[</em>].[InstanceId,ImageId]' --output json) # For local</p> <h1> Get the current timestamp </h1> <p>current_time=$(date -u +%s)</p> <h1> Initialize the CSV file with headers </h1> <p>echo "AccountID,Region,InstanceID,AMIID,AMIAge (months)" &gt; "$OUTPUT_CSV"</p> <h1> Iterate through instances and append to the CSV file </h1> <p>for row in $(echo "$instances_json" | jq -r '.[][] | <a class="mentioned-user" href="https://dev.to/base64">@base64</a>'); do<br> _jq() {<br> echo "$row" | base64 --decode | jq -r "$1"<br> }</p> <p>instance_id=$(_jq '.[0]')<br> ami_id=$(_jq '.[1]')</p> <p># Get the creation date of the AMI in the specified region<br> ami_create_time=$(aws ec2 describe-images --region "$REGION" --image-ids "$ami_id" --query 'Images[0].CreationDate' --output text) # For local</p> <p># Calculate the age in months based on the AMI creation time<br> ami_create_timestamp=$(date -u -d "$ami_create_time" +%s)<br> months_diff=$(( (current_time - ami_create_timestamp) / 60 / 60 / 24 / 30 ))</p> <p># Check if the AMI is older than 4 months<br> if [ "$months_diff" -ge 4 ]; then<br> # Append to the CSV file<br> echo "$ACCOUNTID,$REGION,$instance_id,$ami_id,$months_diff" &gt;&gt; "$OUTPUT_CSV"<br> fi<br> done</p> <p>echo "CSV report saved to $OUTPUT_CSV"<br> cat $OUTPUT_CSV`</p> aws amazon devops bash