Running Campaigns Locally
You can run campaigns on a local state file. This feature requires the following:
Prerequisite
An active list of guardrails in order to generate violations, see Guardrails
Download Resourcely-CLI You can find the list of available versions here
A copy of state file in JSON format - You can find example state file in our scaffolding repo
Running CLI
Now you can run the resourcely-cli against a local state file. We can export a CSV of findings associated with a single state file without needing any configuration beyond the normal for the resourcely CLI.
Copy export RESOURCELY_API_TOKEN=<token> Without config root
Copy resourcely-cli evaluate_state --state_file terraform.json --api_host <https://api.resourcely.io> --repo_url <https://github.com/org/repo_name> With config root configured via resourcely.yaml
Copy resourcely-cli evaluate_state --state_file terraform.json --api_host <https://api.resourcely.io> --repo_url <https://github.com/org/repo_name> --config_root_path "." Results will look like this
Copy ... Logs trimmed to highlight relevant sections ...
2025-01-08T13:25:20.666-0800 info evaluate/state.go:650 Checking Campaigns:All (config_root=., environment=dev) for guardrail violations... {"run_id": "d32d5491-f9aa-4137-8cbd-31405aea5abe", "repo_url": "<https://github.com/org/repo_name>", "config_root": "."}
2025-01-08T13:25:20.737-0800 info evaluate/evaluate_state.go:82 Evaluation returned 0 passed checks, 3 violations
2025-01-08T13:25:20.737-0800 warn cl/cl.go:124 Guardrail checks found 3 violations
2025-01-08T13:25:20.737-0800 info evaluate/evaluate.go:294 =============== Guardrail ID 2c451692-1bef-43e7-8597-0680d8ae6bc3 ==============
2025-01-08T13:25:20.737-0800 warn cl/cl.go:124 (config_root_path: "." environment: "dev") Resource "aws_s3_bucket_versioning.campaigns-data-resource_fraMshbmm94dxGRa" violates requirement "REQUIRE versioning_configuration.status = \\"Enabled\\"". Approver: "default"
2025-01-08T13:25:20.737-0800 info evaluate/evaluate.go:294 =============== Guardrail ID 2ced4a82-23fa-4e42-b467-b60c2605745f ==============
2025-01-08T13:25:20.738-0800 warn cl/cl.go:124 (config_root_path: "." environment: "dev") Resource "aws_s3_bucket_public_access_block.campaigns-data-resource_fraMshbmm94dxGRa" violates requirement "REQUIRE block_public_acls = true AND restrict_public_buckets = true". Approver: "default"
2025-01-08T13:25:20.738-0800 info evaluate/evaluate.go:294 =============== Guardrail ID 7d69433d-3018-4889-8bb2-6725d2d2a18b ==============
2025-01-08T13:25:20.738-0800 warn cl/cl.go:124 (config_root_path: "." environment: "dev") Resource "aws_s3_bucket.campaigns-data-resource_fraMshbmm94dxGRa" violates requirement "REQUIRE bucket STARTSWITH \\"resourcely\\"". Approver: "default" With environment
Copy resourcely-cli evaluate_state --state_file terraform.json --api_host <https://api.resourcely.io> --repo_url <https://github.com/org/repo_name> --config_root_path "." --environment "dev" Output results to a CSV file
Copy resourcely-cli evaluate_state --state_file terraform.json --api_host <https://api.resourcely.io> --repo_url <https://github.com/org/repo_name> --output_file_csv /path/to/export.csv Upload Findings
We can add findings into a config root as long as it doesnβt have an actual setup for campaigns; these will be rejected if there is any pre-existing setup for that config root. This allows you to see the findings in the UI, and go through the steps for campaigns without needing the proxy set up.
Copy resourcely-cli evaluate_state state terraform.json --api_host https://api.resourcely.io --repo_url https://github.com/org/repo_name --config_root_path us-east-1 --upload_demo_findings true You can also test demo findings through the Github scaffolding repository evaluating a state file in a repository.
