.webp)
Modern cloud environments often grow rapidly, creating thousands of resources across multiple teams and projects. While Infrastructure as Code (IaC) has become the preferred method for managing cloud infrastructure, many organizations still struggle with resources created manually through cloud consoles, APIs, or other unmanaged processes.
To address this challenge, env0 has introduced Cloud Compass, a powerful feature designed to help organizations track cloud resources, measure Infrastructure as Code coverage, assess risks, and simplify the process of bringing unmanaged resources under IaC management.
👉 Learn how Cloud Compass helps track cloud resources, improve Infrastructure as Code coverage, and simplify Terraform imports in this full demo:
What Is Cloud Compass?
Cloud Compass is a cloud visibility and governance tool within env0 that scans cloud accounts and identifies all resources deployed across your environment.
Its primary purpose is to help organizations understand:
- Which resources are managed through Infrastructure as Code.
- Which resources were created manually through cloud consoles (ClickOps).
- Which resources were created or modified through APIs.
- The overall risk associated with unmanaged infrastructure.
By providing a comprehensive view of cloud resources, Cloud Compass helps teams improve governance, reduce operational risk, and increase Infrastructure as Code adoption.
Why Infrastructure as Code Coverage Matters
Infrastructure as Code enables organizations to define and manage cloud resources using code rather than manual processes.
Benefits include:
- Improved consistency
- Better version control
- Easier auditing
- Faster deployments
- Reduced configuration drift
- Enhanced security and compliance
However, many organizations still have resources created outside their IaC workflows. These unmanaged resources can become security risks and create operational challenges.
Cloud Compass helps identify these gaps and provides a clear picture of how much of your infrastructure is actually managed through code.
Key Features of Cloud Compass
1. Infrastructure as Code Coverage Tracking
One of the core capabilities of Cloud Compass is tracking Infrastructure as Code coverage.
The platform scans your cloud accounts and determines:
- Total number of cloud resources
- Resources managed through Terraform or OpenTofu
- Resources managed manually
- Resources managed through APIs
This visibility allows engineering teams to measure progress toward full Infrastructure as Code adoption.
2. Risk Assessment for Cloud Resources
Not all cloud resources carry the same level of risk.
Cloud Compass categorizes resources based on how they are managed.
Resources created through:
- Infrastructure as Code are considered lower risk.
- APIs carry moderate risk.
- Manual ClickOps processes are generally considered higher risk.
This classification allows teams to focus on the resources that need the most attention.
3. Resource Visibility Across Cloud Accounts
Cloud Compass provides a centralized dashboard where teams can view:
- Cloud provider information
- Scan history
- Resource inventories
- IaC coverage percentages
- Resource management methods
This makes it easier for platform engineers and DevOps teams to understand their cloud environments at a glance.
4. AI-Powered Infrastructure Import Assistance
One of the most innovative features demonstrated in the video is Cloud Compass's AI-assisted code generation.
When unmanaged resources are identified, users can:
- Select the resources.
- Click "Perform Action."
- Choose "Generate IaC Code."
- Select either Terraform or OpenTofu.
- Generate import blocks automatically.
This dramatically simplifies the migration process from manually managed infrastructure to Infrastructure as Code.
Real-World Example Demonstrated in the Video
During the demonstration, an AWS R&D production account was analyzed.
The dashboard showed:
- Approximately 28,000 cloud resources.
- Around 97.5% managed through Infrastructure as Code.
- A small percentage managed through APIs.
- Only 53 resources managed through ClickOps.
The historical trend chart also showed Infrastructure as Code coverage consistently hovering around 97%.
This type of visibility helps organizations track improvements over time and identify areas requiring remediation.
Simplifying Terraform and OpenTofu Imports
Importing existing cloud resources into Terraform or OpenTofu has traditionally been a tedious process.
Teams often struggle with:
- Identifying the correct provider resource type.
- Determining resource identifiers.
- Creating accurate import blocks.
Cloud Compass solves these challenges by automatically generating:
- Terraform import blocks
- OpenTofu import blocks
- Resource mapping information
- Required resource IDs
For example, if IAM Role Policies are being managed through APIs instead of Terraform, Cloud Compass can generate the necessary import configurations to bring those resources under code management.
Integration with Terraform and OpenTofu
Cloud Compass works seamlessly with both:
- Terraform
- OpenTofu
Once import blocks are generated, teams can use:
- terraform plan -generate-config-out
- tofu plan -generate-config-out
These commands help create resource stubs that can then be committed to source control and integrated into existing Infrastructure as Code workflows.
This reduces the manual effort involved in migrating unmanaged infrastructure.
Supported Cloud Platforms
Cloud Compass currently supports:
Amazon Web Services (AWS)
For AWS environments, Cloud Compass reads information from:
- AWS CloudTrail
This allows the platform to determine how resources were created or modified.
Microsoft Azure
Recently, support for Azure was added.
For Azure environments, Cloud Compass leverages:
- Azure Log Analytics
This provides similar visibility into resource creation and modification activities.
Future Support for Google Cloud Platform
The env0 team also mentioned potential future support for Google Cloud Platform (GCP).
Organizations interested in GCP integration are encouraged to provide feedback and request support.
As multi-cloud adoption continues to grow, broader cloud platform coverage will likely become an important feature for many organizations.
Benefits for DevOps and Platform Engineering Teams
Cloud Compass offers several practical advantages:
Improved Governance
Teams gain visibility into how infrastructure is being managed across cloud environments.
Reduced Risk
High-risk manually managed resources can be identified and prioritized for remediation.
Faster IaC Adoption
Automated import block generation significantly reduces migration effort.
Better Compliance
Organizations can demonstrate Infrastructure as Code coverage and improve audit readiness.
Operational Efficiency
Engineers spend less time tracking unmanaged resources and more time improving infrastructure.
Who Should Use Cloud Compass?
Cloud Compass is particularly valuable for:
- DevOps teams
- Platform engineering teams
- Cloud architects
- Infrastructure engineers
- Security teams
- Organizations adopting Terraform or OpenTofu
It is especially useful in environments where multiple teams manage cloud resources and governance has become difficult.
Final Thoughts
Cloud Compass addresses a common challenge faced by cloud teams: understanding what is actually managed through Infrastructure as Code and what remains unmanaged.
By combining cloud resource discovery, risk assessment, Infrastructure as Code coverage tracking, and AI-powered import generation, Cloud Compass provides a practical path toward better cloud governance.
Organizations using Terraform or OpenTofu can leverage Cloud Compass to identify unmanaged resources, assess risk levels, and accelerate Infrastructure as Code adoption without the complexity traditionally associated with resource imports.
For teams looking to strengthen cloud governance and reduce infrastructure drift, Cloud Compass represents a valuable addition to the modern cloud management toolkit.
Watch the complete demonstration here:
https://www.youtube.com/watch?v=wtrYlBwD9P8