Slack

Blog

Digger

Setting up separate mgmt account

Digger is an open-source CI/CD orchestrator for Terraform

About Digger

How it works

Pricing

Feedback

Github Actions + AWS

Github Actions + GCP

Plan preview

CommentOps

Dashboard

OPA policies

Concurrency

PR-level locks

Plan Persistence

RBAC

Apply on Merge

Auto-merge

Backendless mode

Commenting strategies

Custom commands

Destroy via manual workflow

By default Digger checks out latest code from the branch prior to every run. So you don't need to configure checkout in your workflow file.

Disable auto-checkout

Disable telemetry

Drift Detection

Generate projects

Include / exclude patterns

Multiple AWS accounts

Policy overrides

Project Level Roles for AWS

Segregate cloud accounts

Trigger workflow directly

You can configure Digger to run Checkov policy-as-code as an additional step:

Using Checkov

Using Infracost

This feature is in active development. If you find something that can be improved, please let us know by [filing an issue](https://github.com/diggerhq/digger/issues)

Using OPA (Conftest)

Using Terragrunt

For serious usecases always use a pinned version which is of the form @vX.Y.Z since this will download compiled binary. Addition to being faster to run, it is also more secure than using a commit from a branch

Specifying version

Auth methods

Deploy as docker image

Deploy using docker-compose

Deploy as a binary

digger.yml

Action inputs

Setting up Digger EE

RBAC via OPA guide

Digger runs without a backend but uses a DynamoDB table to keep track of all the locks that are necessary for locking PR projects. On the first run in your AWS account digger checks for the presense of `DiggerDynamoDBLockTable` and it requires the following policy for the DynamoDB access:

Setting up DynamoDB Access for locks

Authenticating with OIDC on AWS

Setting up GCP + GH Actions

You can configure Digger to use OIDC instead of key-value pairs.

Federated OIDC access

Store plans in a Bucket

Setting up Azure + GH Actions

Azure devops locking connection methods

Importing existing resources

Introduction

Getting Started

Features

How To

Self-host Digger

Reference

Digger Enterprise

Digger API

AWS-specific

GCP-specific

Azure-specific

Troubleshooting Errors

Setting up separate mgmt account