Blog

Infrastructure as Code, in practice.

Field notes on turning live AWS into Terraform — codification, brownfield migration, and drift.

Guide · Terraform

How to Generate Terraform from an Existing AWS Account

You inherited infrastructure that was clicked together in the console. Here are the four ways to reverse-engineer it into Terraform — terraform import, open-source exporters, automated services, and the hybrid approach — with the trade-offs of each.

Jun 12, 202612 min read

Read the guide ›

# live account → HCL
resource "aws_instance" "web" {
  ami           = "ami-0abc…"
  instance_type = "t3.medium"
  subnet_id     = aws_subnet.app.id
}
# + import block, no apply

Playbook · Migration

ClickOps to Infrastructure as Code: A Migration Playbook

Most real-world AWS accounts weren't built with Terraform. This is a staged plan for codifying a brownfield estate without breaking what's running in production.

Jun 12, 202610 min read

Read the playbook ›

Guide · Operations

Terraform Drift Detection: What It Is and How to Stay Ahead of It

Drift is the silent gap between your code and your cloud. What causes it, why it's dangerous, and how to catch it before it causes an outage or a failed apply.

Jun 12, 20269 min read

Read the guide ›

Guide · Tooling

Terraform vs OpenTofu: Differences, Licensing & How to Choose

They share a language and most of their DNA — but the license split and diverging features matter. The honest breakdown for 2026.

Jun 12, 202611 min read

Read the guide ›

Guide · Security

How to Create a Read-Only IAM Role for Safe AWS Scanning

Give a scanning tool the least power that does the job. A step-by-step on read-only roles, cross-account trust, and external IDs.

Jun 12, 20269 min read

Read the guide ›

Tutorial · Terraform

The Terraform import Block: A Practical Tutorial

Terraform 1.5 turned importing into a reviewable, code-first workflow. How the import block works, with copy-paste examples.

Jun 12, 202610 min read

Read the tutorial ›

Guide · Operations

Terraform State Management: Best Practices for Teams

State is the one file that makes Terraform dangerous when it goes wrong. The rules that keep it safe, shared, and recoverable.

Jun 12, 202610 min read

Read the guide ›

Guide · Terraform

An AWS Tagging Strategy for Terraform

Tags are the index to your whole account — for cost, ownership, and security. Designing a convention and enforcing it with default_tags.

Jun 12, 20269 min read

Read the guide ›

Guide · Terraform

Building Terraform Modules from Existing Infrastructure

Refactor flat, generated HCL into clean, reusable modules — without Terraform destroying a single resource.

Jun 12, 202610 min read

Read the guide ›

Stop reading. Start scanning.

Connect a read-only IAM role and watch InfraSync turn your live AWS account into reviewable Terraform — your first pull request in minutes.

Start free scan Compare tools