Releases

Track the evolution of TFDrift-Falco with our release history

v0.5.0: Multi-Cloud Support (GCP) 🎉

December 17, 2025

TFDrift-Falco v0.5.0 Release Notes

Release Date: December 17, 2025

Release Type: Major Feature Release

---

🎉 Highlights

Multi-Cloud Support is Here!

TFDrift-Falco v0.5.0 brings comprehensive Google Cloud Platform (GCP) support, enabling real-time drift detection across both AWS and GCP environments simultaneously. This is a major milestone in our journey toward true multi-cloud infrastructure drift detection.

Key Achievements

- ✅ 100+ GCP Events mapped across 12+ services
- ✅ GCS Backend for Terraform state storage
- ✅ Zero Breaking Changes - fully backward compatible
- ✅ Multi-Provider Architecture ready for future clouds (Azure, etc.)
- ✅ Production Ready with comprehensive testing

---

🚀 What's New

1. GCP Audit Logs Integration

Real-time drift detection for Google Cloud Platform resources using Falco's gcpaudit plugin.

#### Supported GCP Services (12+)

| Service | Events | Key Resources |
|---------|--------|---------------|
| Compute Engine | 30+ | Instances, Disks, Machine Types, Metadata, Networks, Firewalls |
| Cloud Storage | 15+ | Buckets, Objects, IAM Bindings, ACLs, Lifecycle |
| Cloud SQL | 10+ | Instances, Databases, Users, Backups |
| GKE | 10+ | Clusters, Node Pools, Workloads |
| Cloud Run | 8+ | Services, Revisions, IAM Policies |
| IAM | 8+ | Service Accounts, Roles, Bindings, Keys |
| VPC/Networking | 10+ | Firewalls, Routes, Subnets, Peering |
| Cloud Functions | 5+ | Functions, Triggers, IAM Policies |
| BigQuery | 5+ | Datasets, Tables, IAM Policies |
| Pub/Sub | 5+ | Topics, Subscriptions, IAM Policies |
| KMS | 5+ | Keys, KeyRings, IAM Policies |
| Secret Manager | 3+ | Secrets, Versions, IAM Policies |

#### Example Drift Detection Scenarios

Scenario 1: Compute Instance Metadata Change
```
Someone adds SSH keys to a GCE instance via Console
↓
GCP Audit Log captured by Falco gcpaudit plugin
↓
Falco sends event via gRPC to TFDrift-Falco
↓
TFDrift-Falco compares with Terraform state
↓
Instant Slack alert with user email and metadata changes
```

Scenario 2: Firewall Rule Modification
```
Firewall rule source ranges changed manually
↓
compute.firewalls.patch event detected
↓
Drift detected against Terraform definition
↓
Critical severity alert sent to all channels
```

2. GCS Backend Support

Load Terraform state files from Google Cloud Storage buckets.

Features:
- Application Default Credentials (ADC) support
- Custom credentials file support
- Bucket and prefix configuration
- Automatic error handling and retries

Configuration Example:
```yaml
providers:
gcp:
enabled: true
projects:
- my-project-123
- my-project-456
state:
backend: "gcs"
gcs_bucket: "my-terraform-state"
gcs_prefix: "prod"
```

3. Multi-Provider Architecture

Intelligent Event Routing:
- `aws_cloudtrail` events → AWS parser
- `gcpaudit` events → GCP parser
- Extensible design for future providers (Azure, etc.)

No Breaking Changes:
- Existing AWS configurations work unchanged
- New GCP fields don't affect AWS events
- Provider-agnostic core fields preserved

4. Enhanced Event Types

New GCP-Specific Fields:
- `ProjectID` - GCP project identifier
- `ServiceName` - GCP service name (compute.googleapis.com, etc.)
- `Region` - Extracted from zone (us-central1-a → us-central1)

Preserved AWS Fields:
- `Region` - AWS region
- `AccountID` - AWS account ID
- All existing AWS user identity fields

---

📦 Installation & Upgrade

Upgrade from v0.4.x

No breaking changes! Simply update your binary or Docker image:

```bash

Binary upgrade
curl -LO https://github.com/keitahigaki/tfdrift-falco/releases/download/v0.5.0/tfdrift-linux-amd64
chmod +x tfdrift-linux-amd64
sudo mv tfdrift-linux-amd64 /usr/local/bin/tfdrift

Docker upgrade
docker pull ghcr.io/higakikeita/tfdrift-falco:v0.5.0
```

New GCP Setup

Step 1: Enable GCP Audit Logs
```bash
gcloud projects add-iam-policy-binding my-project-123 \
--member="serviceAccount:falco-sa@my-project-123.iam.gserviceaccount.com" \
--role="roles/logging.viewer"
```

Step 2: Configure Falco gcpaudit Plugin

See comprehensive setup guide: [docs/gcp-setup.md](../gcp-setup.md)

Step 3: Update TFDrift-Falco Configuration
```yaml
providers:
gcp:
enabled: true
projects:
- my-project-123
state:
backend: "gcs"
gcs_bucket: "my-terraform-state"
gcs_prefix: "prod"

drift_rules:
- name: "GCP Compute Instance Modification"
resource_types:
- "google_compute_instance"
watched_attributes:
- "metadata"
- "labels"
severity: "high"
```

Step 4: Start Monitoring
```bash
tfdrift --config config.yaml
```

---

🧪 Testing & Quality

Test Coverage

- 34 GCP-specific tests covering all parser functionality
- Integration tests for multi-provider scenarios
- Resource type mapping validation for 100+ events
- 100% test pass rate

Tested Scenarios

✅ GCP Audit Log event parsing
✅ Multi-provider event routing (AWS + GCP)
✅ GCS backend state loading
✅ Resource type mapping for all services
✅ User identity extraction
✅ Change tracking and correlation

---

📚 Documentation

New Documentation

- [GCP Setup Guide](../gcp-setup.md) - Complete setup instructions (500+ lines)
- Prerequisites and architecture
- Falco gcpaudit plugin configuration
- GCP Audit Logs and Pub/Sub setup
- TFDrift-Falco configuration
- Troubleshooting (5 common issues)
- Advanced configuration
- Security best practices

- [GCP Configuration Example](../examples/config-gcp.yaml) - Production-ready config template

Updated Documentation

- README.md - Updated with GCP support announcements
- CHANGELOG.md - Comprehensive v0.5.0 changes
- Architecture diagrams - Updated to show GCP integration

---

🔄 Migration Guide

From v0.4.x to v0.5.0

No breaking changes! Your existing AWS configurations will continue to work without modifications.

#### Option 1: AWS Only (No Changes Needed)

Keep your existing configuration - everything works as before.

#### Option 2: Add GCP Support

Add GCP configuration alongside existing AWS config:

```yaml
providers:
aws:
enabled: true
regions:
- us-east-1
state:
backend: "s3"
s3_bucket: "my-terraform-state"
s3_key: "prod/terraform.tfstate"

gcp: # NEW - Add this section
enabled: true
projects:
- my-project-123
state:
backend: "gcs"
gcs_bucket: "my-terraform-state"
gcs_prefix: "prod"
```

#### Option 3: GCP Only

Start fresh with GCP-only configuration:

```yaml
providers:
gcp:
enabled: true
projects:
- my-project-123
state:
backend: "gcs"
gcs_bucket: "my-terraform-state"
gcs_prefix: "prod"

falco:
enabled: true
hostname: "localhost"
port: 5060

drift_rules:
- name: "GCP Compute Instance Modification"
resource_types:
- "google_compute_instance"
watched_attributes:
- "metadata"
- "labels"
- "deletion_protection"
severity: "high"
```

---

🐛 Known Limitations

GCP-Specific Limitations

1. New Feature - GCP support is new, production validation recommended
2. Audit Log Latency - GCP Audit Logs have 30 seconds to 5 minutes delivery latency via Pub/Sub
3. Multi-Project - Multi-project environments require per-project configuration
4. Coverage - Some advanced GCP features may not be fully covered yet

General Limitations

1. Large Scale - Environments with 50,000+ resources require performance tuning
2. Multi-Account - AWS multi-account setups need additional validation
3. CloudTrail Latency - AWS CloudTrail has 5-15 minutes latency (S3), 1-5 minutes (SQS)

See [Production Readiness Guide](PRODUCTION_READINESS.md) for comprehensive limitations and best practices.

---

🔐 Security Considerations

GCP Credentials

Recommended: Application Default Credentials (ADC)
```bash
gcloud auth application-default login
```

Alternative: Service Account Key
```yaml
providers:
gcp:
state:
backend: "gcs"
gcs_bucket: "my-terraform-state"
credentials_file: "/path/to/service-account-key.json" # Optional
```

Least Privilege IAM

Minimum Required Permissions:
- `roles/storage.objectViewer` - Read Terraform state from GCS
- `roles/logging.viewer` - Read Audit Logs (for Falco plugin)

Recommended Service Account:
```bash
gcloud iam service-accounts create tfdrift-falco \
--display-name="TFDrift-Falco Service Account"

gcloud projects add-iam-policy-binding my-project-123 \
--member="serviceAccount:tfdrift-falco@my-project-123.iam.gserviceaccount.com" \
--role="roles/storage.objectViewer"

gcloud projects add-iam-policy-binding my-project-123 \
--member="serviceAccount:tfdrift-falco@my-project-123.iam.gserviceaccount.com" \
--role="roles/logging.viewer"
```

---

🎯 Use Cases

1. Multi-Cloud Drift Detection

Monitor infrastructure drift across AWS and GCP simultaneously.

Example:
- AWS EC2 instances managed by Terraform
- GCP Compute Engine instances managed by Terraform
- Single TFDrift-Falco instance monitoring both
- Unified Slack alerts for all drift events

2. GCP-Only Environments

Organizations using only GCP can now benefit from real-time drift detection.

Example:
- 100% GCP infrastructure
- Terraform managing GKE clusters, Cloud SQL, Cloud Run
- Real-time alerts on console-based changes
- Compliance enforcement for Infrastructure-as-Code

3. Hybrid Cloud Security

Ensure all infrastructure changes follow IaC workflows regardless of cloud provider.

Example:
- Multi-cloud environment (AWS + GCP)
- Centralized security monitoring
- Consistent drift detection policies
- Unified audit trail across clouds

---

📊 Technical Architecture

Event Flow

```
GCP Console/API Change
↓
GCP Audit Logs
↓
Cloud Pub/Sub
↓
Falco gcpaudit Plugin
↓
Falco Rules Engine
↓
Falco gRPC Output
↓
TFDrift-Falco Subscriber (Event Router)
↓
┌─────────────┬──────────────┐
│ AWS Parser │ GCP Parser │
└─────────────┴──────────────┘
↓
Drift Detection Engine
↓
Terraform State Comparison (GCS/S3/Local)
↓
Notification Channels (Slack/Webhook/etc.)
```

Code Architecture

```
pkg/
├── gcp/ # NEW - GCP support
│ ├── audit_parser.go # Parse GCP Audit Log events
│ ├── resource_mapper.go # Map events to Terraform resources
│ └── *_test.go # Comprehensive tests
├── terraform/backend/
│ ├── gcs.go # NEW - GCS backend
│ └── gcs_test.go
├── falco/
│ ├── subscriber.go # UPDATED - GCP parser initialization
│ └── event_parser.go # UPDATED - Multi-provider routing
├── types/
│ └── types.go # UPDATED - GCP-specific fields
└── config/
└── config.go # UPDATED - GCP configuration
```

---

🙏 Acknowledgments

This release was made possible by:

- Falco Community - For the excellent gcpaudit plugin
- Google Cloud - For comprehensive Audit Logs documentation
- Terraform Community - For GCS backend specifications
- Our Users - For feature requests and feedback

---

🔗 Resources

Documentation
- [GCP Setup Guide](../gcp-setup.md)
- [AWS Setup Guide](../falco-setup.md)
- [Production Readiness Guide](PRODUCTION_READINESS.md)
- [Architecture Overview](architecture.md)

Examples
- [GCP Configuration Example](../examples/config-gcp.yaml)
- [AWS Configuration Example](../examples/config.yaml)
- [Multi-Cloud Configuration](../examples/config-multi-cloud.yaml)

Community
- [GitHub Repository](https://github.com/keitahigaki/tfdrift-falco)
- [Issue Tracker](https://github.com/keitahigaki/tfdrift-falco/issues)
- [Discussions](https://github.com/keitahigaki/tfdrift-falco/discussions)

---

📞 Support

Getting Help

- 📖 Documentation: Start with [GCP Setup Guide](../gcp-setup.md)
- 🐛 Bug Reports: [GitHub Issues](https://github.com/keitahigaki/tfdrift-falco/issues)
- 💬 Questions: [GitHub Discussions](https://github.com/keitahigaki/tfdrift-falco/discussions)
- 📧 Security Issues: security@example.com

Troubleshooting

Common issues and solutions are documented in:
- [GCP Setup Guide - Troubleshooting Section](../gcp-setup.md#troubleshooting)
- [Production Readiness Guide](PRODUCTION_READINESS.md)

---

🚀 What's Next?

Roadmap

Phase 3: Advanced Features
- [ ] Web dashboard UI
- [ ] Azure Activity Logs support
- [ ] Machine learning-based anomaly detection
- [ ] Auto-remediation actions
- [ ] Policy-as-Code integration (OPA/Rego)

Phase 4: Enterprise Features
- [ ] Multi-account/multi-org support
- [ ] RBAC and team management
- [ ] Compliance reporting (SOC2, PCI-DSS, HIPAA)
- [ ] Integration marketplace

See [Roadmap](../README.md#roadmap) for detailed plans.

---

📊 Statistics

Code Changes

- Files Added: 6 (audit_parser.go, resource_mapper.go, gcs.go, + tests)
- Files Modified: 6 (subscriber.go, event_parser.go, types.go, config.go, factory.go, README.md)
- Lines Added: ~2,000
- Test Coverage: 34 new tests, 100% pass rate
- Documentation: 500+ lines of new documentation

Event Coverage

| Provider | Events | Services | Status |
|----------|--------|----------|--------|
| AWS | 203 | 19 | ✅ Stable (v0.3.0) |
| GCP | 100+ | 12+ | ✅ New (v0.5.0) |
| Azure | - | - | 🚧 Planned |

---

Thank you for using TFDrift-Falco! 🎉

We're excited to bring multi-cloud drift detection to the community. Please share your feedback and help us make TFDrift-Falco even better.

---

Made with ❤️ by the TFDrift-Falco Team

Follow us: [Twitter](https://x.com/keitah0322) | [GitHub](https://github.com/keitahigaki)

View on GitHub Download

v0.2.0-beta: VPC Networking Support and Code Quality Improvements

Pre-release

December 6, 2025

🎉 TFDrift-Falco v0.2.0-beta

エンタープライズAWSサービス対応と本番環境対応

v0.2.0-betaは、TFDrift-Falcoの主要リリースです。AWS環境で広く使われるツールとなるため、イベントカバレッジを+900%増加させ、21のAWSサービスに対応しました。

---

📊 主要な変更

イベントカバレッジの拡大
- 変更前: 5サービス、26イベント
- 変更後: 21サービス、260イベント
- 増加率: +900%

新規対応サービス（16サービス追加）

#### ネットワーキング & コンピュート
- VPC/Networking (33イベント) - Security Groups、VPC、Subnets、Route Tables、Gateways、ACLs、Endpoints
- ELB/ALB (15イベント) - Load Balancers、Target Groups、Listeners、Rules

#### データベース
- RDS/Aurora (28イベント) - DB Instances、Clusters、Snapshots、Parameter Groups、Failover
- DynamoDB (5イベント) - Tables、TTL、Backups
- Redshift (4イベント) - Clusters、Parameter Groups

#### セキュリティ & ID管理
- KMS (10イベント) - Key management、Aliases、Rotation
- Secrets Manager (9イベント) - Secrets、Rotation、Version management
- SSM Parameter Store (4イベント) - Parameters、Versioning

#### サーバーレス & 統合
- API Gateway (27イベント) - REST API、HTTP API、WebSocket API
- Lambda (拡張) - Permissions

#### モニタリング & 運用
- CloudWatch (16イベント) - Alarms、Log Groups、Metric Filters、Dashboards
- SNS (8イベント) - Topics、Subscriptions
- SQS (6イベント) - Queues、Attributes
- CloudTrail (7イベント) - Trails、Event Selectors

#### ストレージ & コンテンツ
- ECR (9イベント) - Repositories、Lifecycle Policies、Replication
- S3 (拡張) - Public Access Block、ACL

#### ネットワーキングサービス
- Route53 (6イベント) - DNS Records、Hosted Zones、VPC Associations
- CloudFront (4イベント) - Distributions、Invalidations

#### コンテナオーケストレーション
- EKS (6イベント) - Cluster Config、Addons、Node Groups

---

🚀 主要機能

1. VPC/Networking対応（最優先事項）
カバレッジ分析で特定された最重要ギャップに対応：

- Security Groups: 不正なルール追加/削除の検知
- VPC Core: VPC、Subnet の作成/削除/変更
- Route Tables: ルーティング変更の監視
- Gateways & Endpoints: Internet/NAT Gateway、VPC Endpoint

2. RDS/Aurora対応（クリティカル）
包括的なデータベースドリフト検知：
- DB Instances、Aurora Clusters の完全なライフサイクル
- Failover検知 - 本番環境で重要
- Snapshots、Parameter Groups、Subnet Groups

3. CloudWatch対応（クリティカル）
監視インフラのドリフト検知：
- Metric Alarms、Alarm Actions
- Log Groups、Retention Policies
- Metric Filters、Dashboards

4. API Gateway対応
完全なAPIマネジメント監視：
- REST API、HTTP/WebSocket API
- Methods、Deployments、Stages
- Authorizers、API Keys、Usage Plans

5. その他のエンタープライズ重要サービス
- Route53: DNS変更検知
- SNS/SQS: アラート基盤の監視
- ECR: コンテナレジストリ管理
- KMS: 暗号化キー管理
- Secrets Manager/SSM: シークレット管理

---

📖 ドキュメント & ツール

本番環境対応ガイド（10,000語以上）
`docs/PRODUCTION_READINESS.md`

以下を網羅：
- ✅ 既知の制限事項（スケール、CloudTrailレイテンシ、マルチアカウント）
- ✅ 本番前検証チェックリスト
- ✅ 推奨アーキテクチャ（小/中/大規模）
- ✅ セキュリティベストプラクティス
- ✅ トラブルシューティングガイド
- ✅ アラート閾値チューニング

AWSリソースカバレッジ分析（8,000語以上）
`docs/AWS_RESOURCE_COVERAGE_ANALYSIS.md`

以下を含む：
- ✅ サービス別カバレッジ詳細
- ✅ 優先度マトリックス（スコアリング）
- ✅ 実装ロードマップ（Phase 1-3）
- ✅ ギャップ分析と推奨事項

負荷テストフレームワーク
`tests/load/`

完全なパフォーマンス検証スイート：
1. CloudTrailイベントシミュレータ - 100～10,000 events/min生成
2. Terraform Stateジェネレータ - 500～50,000リソース生成
3. メトリクス収集スクリプト - Docker、Prometheus、Loki監視
4. テストランナー - 小/中/大規模シナリオ（1～8時間）

受入基準:
| シナリオ | Events/min | リソース | CPU | メモリ | 処理時間(p95) |
|---------|-----------|---------|-----|--------|--------------|
| Small | 100 | 500 | <10%| <512MB | <100ms |
| Medium | 1,000 | 5,000 | <30%| <2GB | <500ms |
| Large | 10,000 | 50,000 | <50%| <4GB | <1s |

Grafana強化
- ✅ 6つの事前設定アラートルール（Critical/High/Medium）
- ✅ アラート設定ガイド
- ✅ ダッシュボードカスタマイズガイド（15以上のクエリ例）
- ✅ 統合テストスクリプト（9シナリオ）

---

🔧 技術的変更

変更されたファイル
- `pkg/falco/event_parser.go` - 234の新しいCloudTrailイベント追加
- `pkg/falco/resource_mapper.go` - 100以上のTerraformリソースマッピング追加
- `README.md` - v0.2.0-betaサービスカバレッジ表で更新

新規ファイル
- `CHANGELOG.md` - 完全なリリースノート
- `VERSION` - バージョン管理
- `docs/PRODUCTION_READINESS.md` - 本番環境対応ガイド
- `docs/AWS_RESOURCE_COVERAGE_ANALYSIS.md` - カバレッジ分析
- `tests/load/*` - 完全な負荷テストスイート
- `dashboards/grafana/ALERTS.md` - アラート設定ガイド
- その他多数のドキュメント

Terraformリソースタイプマッピング（100以上追加）
```

ネットワーキング & コンピュート
aws_security_group, aws_vpc, aws_subnet, aws_route, aws_route_table
aws_lb, aws_lb_target_group, aws_lb_listener, aws_lb_listener_rule

データベース
aws_db_instance, aws_rds_cluster, aws_rds_cluster_endpoint
aws_dynamodb_table, aws_redshift_cluster

セキュリティ & ID管理
aws_kms_key, aws_secretsmanager_secret, aws_ssm_parameter

サーバーレス & 統合
aws_api_gateway_rest_api, aws_apigatewayv2_api, aws_lambda_permission

モニタリング & 運用
aws_cloudwatch_metric_alarm, aws_cloudwatch_log_group
aws_sns_topic, aws_sqs_queue, aws_cloudtrail

その他多数...
```

---

🔄 破壊的変更

なし - このリリースはv0.1.xと完全に後方互換性があります。

既存の設定はすべて変更なしで動作し続けます。

---

📝 マイグレーションガイド

マイグレーション不要。v0.2.0-betaへの更新で自動的に以下を獲得：
- 拡張されたAWSサービスカバレッジ
- 本番環境対応ツール
- パフォーマンス検証フレームワーク

---

✅ テスト状況

完了
- ✅ イベントパーサーユニットテスト（更新済み）
- ✅ リソースマッパーテスト（更新済み）
- ✅ 負荷テストフレームワーク実装
- ✅ Grafana統合テスト（9シナリオ）
- ✅ ドキュメントレビュー

保留中
- ⬜ 新サービスの統合テスト（VPC、ELB、KMS、RDS、API Gateway、CloudWatch等）
- ⬜ エンドツーエンド負荷テスト実行（AWS環境が必要）
- ⬜ マルチアカウント/マルチリージョン検証

---

🎯 次のステップ

1. 負荷テストの実行:
```bash
cd tests/load
./run_load_test.sh small
```

2. 本番環境デプロイ前チェックリストを確認:
- `docs/PRODUCTION_READINESS.md`

3. Grafanaアラート設定:
- `dashboards/grafana/ALERTS.md`

4. v0.3.0に向けた計画:
- ECS/Fargate対応
- Step Functions対応
- ElastiCache対応

---

📚 関連ドキュメント

- [CHANGELOG.md](./CHANGELOG.md) - 完全なリリースノート
- [AWS Resource Coverage Analysis](./docs/AWS_RESOURCE_COVERAGE_ANALYSIS.md)
- [Production Readiness Checklist](./docs/PRODUCTION_READINESS.md)
- [Load Testing Guide](./tests/load/README.md)
- [Grafana Alerts Setup](./dashboards/grafana/ALERTS.md)

---

🙏 謝辞

このリリースは、AWS環境でのTerraformドリフト検知を真に実用的なものにするための大きな一歩です。フィードバックや貢献をお待ちしています！

---

v0.2.0-beta をお楽しみください！ 🚀

問題がある場合は、[Issues](https://github.com/higakikeita/tfdrift-falco/issues)でご報告ください。

View on GitHub Download