Quick Reference Card
Quick reference for common tasks and commands.
🚀 Quick Start
# Setup
./scripts/setup-pre-commit.sh
./scripts/setup-git-secrets.sh
# Deploy backend
cd examples/terraform-backend && terraform apply
# Deploy Control Tower
terraform init -backend-config=backend.hcl
make plan && make apply
📋 Common Commands
Terraform
# Initialize
terraform init
# Plan
terraform plan -out=tfplan
# Apply
terraform apply tfplan
# Destroy
terraform destroy
# Format
terraform fmt -recursive
# Validate
terraform validate
# Show state
terraform show
# List resources
terraform state list
Make Commands
make init # Initialize Terraform
make validate # Validate configuration
make plan # Generate plan
make apply # Apply changes
make destroy # Destroy infrastructure
make test-all # Run all tests
make security-scan # Run security scan
make pre-deploy # Pre-deployment checks
Testing
# All tests
make test-all
# Unit tests
make test-unit
# OPA tests
make test-opa
# Security scan
make security-scan
# Linting
make lint
🔧 Scripts
# Pre-commit hooks
./scripts/setup-pre-commit.sh
# Git secrets
./scripts/setup-git-secrets.sh
# State backup
./scripts/backup-state-automated.sh bucket-name
# Pre-deployment check
./scripts/pre-deployment-check.sh
# Post-deployment
./scripts/post-deployment.sh
# Validation
./scripts/validate-all.sh
# OPA tests
./scripts/run-opa-tests.sh
# Terraform tests
./scripts/run-terraform-tests.sh
📚 Documentation
| Document | Purpose |
|---|---|
| Getting Started | Initial setup |
| Architecture | System design |
| Deployment Guide | Step-by-step deployment |
| Security | Security features |
| Networking | Network architecture |
| Account Vending | Account creation |
| Disaster Recovery | DR procedures |
| Testing | Testing guide |
🔍 Troubleshooting
Backend Issues
# Reinitialize backend
terraform init -reconfigure
# Migrate state
terraform init -migrate-state
# Force unlock
terraform force-unlock LOCK_ID
Validation Errors
# Format code
terraform fmt -recursive
# Validate syntax
terraform validate
# Check diagnostics
terraform validate -json
State Issues
# Pull state
terraform state pull > backup.tfstate
# Push state
terraform state push backup.tfstate
# Remove resource
terraform state rm resource.name
# Import resource
terraform import resource.name id
🔐 Security
Check Security
# tfsec scan
tfsec .
# Checkov scan
checkov -d .
# TFLint
tflint --recursive
# Pre-commit
pre-commit run --all-files
Secrets Management
# Scan for secrets
git secrets --scan
# Scan history
git secrets --scan-history
# Add pattern
git secrets --add 'pattern'
💰 Cost Management
Check Costs
# AWS Cost Explorer
aws ce get-cost-and-usage \
--time-period Start=2024-01-01,End=2024-01-31 \
--granularity MONTHLY \
--metrics BlendedCost
# List budgets
aws budgets describe-budgets \
--account-id $(aws sts get-caller-identity --query Account --output text)
📊 Monitoring
CloudWatch
# List log groups
aws logs describe-log-groups
# Tail logs
aws logs tail /aws/controltower/CloudTrailLogs --follow
# Get metric statistics
aws cloudwatch get-metric-statistics \
--namespace AWS/EC2 \
--metric-name CPUUtilization \
--start-time 2024-01-01T00:00:00Z \
--end-time 2024-01-02T00:00:00Z \
--period 3600 \
--statistics Average
GuardDuty
# List detectors
aws guardduty list-detectors
# Get findings
aws guardduty list-findings \
--detector-id DETECTOR_ID
🏗️ Account Management
Organizations
# Describe organization
aws organizations describe-organization
# List accounts
aws organizations list-accounts
# List OUs
aws organizations list-organizational-units-for-parent \
--parent-id ROOT_ID
# List policies
aws organizations list-policies \
--filter SERVICE_CONTROL_POLICY
Account Vending
# Add new account
accounts = {
new_account = {
name = "New Account"
email = "aws-new@example.com"
ou_id = "ou-xxxx-xxxxxxxx"
environment = "dev"
vpc_cidr = "10.5.0.0/16"
# ... configuration
}
}
🌐 Networking
VPC
# List VPCs
aws ec2 describe-vpcs
# List subnets
aws ec2 describe-subnets
# List route tables
aws ec2 describe-route-tables
# List security groups
aws ec2 describe-security-groups
Transit Gateway
# List transit gateways
aws ec2 describe-transit-gateways
# List attachments
aws ec2 describe-transit-gateway-attachments
# List route tables
aws ec2 describe-transit-gateway-route-tables
📝 Git Workflow
# Create feature branch
git checkout -b feature/my-feature
# Make changes
git add .
git commit -m "Description"
# Push branch
git push origin feature/my-feature
# Create PR
gh pr create --title "Title" --body "Description"
# Merge PR
gh pr merge --squash
🔄 CI/CD
GitHub Actions
# List workflows
gh workflow list
# Run workflow
gh workflow run terraform-ci.yml
# View runs
gh run list
# View specific run
gh run view RUN_ID
# View logs
gh run view RUN_ID --log
📦 Modules
Using Modules
module "example" {
source = "./modules/example"
# Variables
name = "my-resource"
environment = "prod"
tags = var.tags
}
# Access outputs
output "example_id" {
value = module.example.id
}
🎯 Best Practices
✅ Always run terraform plan before apply
✅ Use workspaces for multiple environments
✅ Enable state locking
✅ Use remote state storage
✅ Tag all resources
✅ Use modules for reusability
✅ Version control everything
✅ Run security scans
✅ Test before deploying
✅ Document changes
🆘 Emergency Procedures
Rollback
# Revert to previous state
terraform state pull > current.tfstate
terraform state push previous.tfstate
terraform apply
Disaster Recovery
# Restore from backup
aws s3 cp s3://backup-bucket/terraform.tfstate.backup .
terraform state push terraform.tfstate.backup
terraform plan
📞 Support
- Documentation: docs/INDEX.html
- GitHub Issues: github.com/your-org/your-repo/issues
- AWS Support: console.aws.amazon.com/support
💡 Tip: Bookmark this page for quick access to common commands!