terraform-cloud-mcp

# Assessment Results Conversation Example This document demonstrates how to use the assessment results tools in a conversation with Claude. ## Retrieving Assessment Results ``` ### User I need to check if there's been any drift in my infrastructure based on the latest health assessment. The assessment result ID is asmtres-UG5rE9L1373hMYMA. ### Claude I'll help you check for drift in your infrastructure by retrieving the latest health assessment results. Let me fetch that information for you. [Claude uses get_assessment_result_details tool] Here's what I found: - The assessment was completed successfully - Drift was detected in your infrastructure - The assessment was created on July 2, 2022 - There are no error messages Would you like me to retrieve the detailed JSON output to see exactly what resources have drifted? ``` ``` ### User Yes, please show me the JSON output so I can see what resources have drifted. ### Claude I'll get the detailed JSON output that shows exactly which resources have drifted. [Claude uses get_assessment_json_output tool] Here's a summary of the drift detected: 1. **EC2 Instance (aws_instance.web_server)** - Current tags don't match configuration - Security group attachments have changed 2. **S3 Bucket (aws_s3_bucket.logs)** - Versioning configuration has changed from enabled to disabled 3. **IAM Role (aws_iam_role.lambda_execution)** - An additional policy has been attached that wasn't in the Terraform configuration Would you like me to help you understand how to address this drift? ``` ``` ### User Yes, what are my options for addressing this drift? ### Claude You have several options for addressing the infrastructure drift: 1. **Update Your Terraform Configuration**: - Modify your Terraform code to match the current state - This approach "accepts" the current state as the new desired state - Use terraform plan to verify changes before applying 2. **Apply Your Existing Configuration**: - Run terraform apply to revert infrastructure back to the state defined in your configuration - This will undo manual changes and enforce your existing code - Good for cases where the drift was accidental or unauthorized 3. **Selective Updates**: - Import some real-world changes into your configuration and revert others - For example, keep the new IAM policies but revert the S3 bucket versioning change 4. **Investigate Before Deciding**: - Review the logs to understand when and possibly why these changes occurred - Let me fetch the assessment logs for more context: [Claude uses get_assessment_log_output tool] Based on what I'm seeing in the logs, I recommend first updating your Terraform configuration to document the security group changes on the EC2 instance as those appear to be intentional, but reverting the S3 bucket versioning change as that appears to be accidental and could affect your compliance requirements. Would you like me to help you draft the Terraform code updates needed to address this drift? ``` ## Investigating Provider Schema ``` ### User Before updating the code, I want to check the provider schema to make sure I understand all available attributes for the S3 bucket resource. ### Claude Good idea! Let me retrieve the provider schema from the assessment result to show you all available attributes for the S3 bucket resource. [Claude uses get_assessment_json_schema tool] Here are the key attributes for the AWS S3 bucket resource based on the provider schema: **aws_s3_bucket Attributes:** **Required:** - bucket - Name of the bucket **Optional:** - acl - Canned ACL to apply - bucket_prefix - Creates a unique bucket name with this prefix - force_destroy - Allow deletion even if bucket not empty - versioning - Configuration for versioning - enabled - Whether versioning is enabled - mfa_delete - Whether MFA is required for deletion - website - Website configuration - cors_rule - CORS configuration - lifecycle_rule - Lifecycle rules - replication_configuration - Replication configuration - server_side_encryption_configuration - Server-side encryption - tags - Key-value map of tags For your issue with versioning, you'll want to focus on the versioning block. The schema confirms you need to set enabled = true to maintain versioning on your bucket. Would you like me to help you draft the necessary Terraform code to restore the versioning configuration? ```