The latest articles on DEV Community by ひとし 田畑 (@hitoshi1964). https://dev.to/hitoshi1964 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3975979%2F05c5857a-b691-4600-911d-acc268f00185.png https://dev.to/hitoshi1964 en ひとし 田畑 Tue, 09 Jun 2026 12:26:32 +0000 https://dev.to/hitoshi1964/im-62-and-i-built-a-self-hosted-aws-drift-detector-because-i-was-tired-of-spreadsheets-5a8l https://dev.to/hitoshi1964/im-62-and-i-built-a-self-hosted-aws-drift-detector-because-i-was-tired-of-spreadsheets-5a8l <p>I came to programming late — I didn't get into this world until I was past<br> 35, and I'm 62 now, still writing code every day. This is a "build in public"<br> post about a tool I just finished, and I'd genuinely love your feedback.</p> <h2> The itch </h2> <p>For years I watched infrastructure teams keep their AWS inventory in<br> spreadsheets. It always worked — right up until it didn't. Nobody had time to<br> keep it current, and every single one eventually drifted away from reality.<br> Middleware EOL was the same story: a hand-maintained list, no alerts, no<br> dashboard, quietly going stale.</p> <p>One day I asked the obvious question: we have tfstate, we have boto3 — why are<br> we still doing this by hand?</p> <h2> What I built </h2> <p><strong>SyncVey</strong> is a self-hosted web app that:</p> <ul> <li> <strong>Inventories your AWS resources</strong> into a System → Environment → Asset ledger (EC2, ECS, Lambda, RDS, S3, ALB, VPC, EBS), scanned live via boto3/AssumeRole</li> <li> <strong>Detects attribute-level drift</strong> between your tfstate and live AWS — including resources someone built by hand in the console that <code>terraform plan</code> never sees</li> <li> <strong>Tracks the app/middleware layer</strong> per environment and flags end-of-life runtimes</li> </ul> <p>The drift piece is the part I care about most. <code>terraform plan</code> only knows<br> about resources Terraform already manages. The thing that actually bites teams<br> is the resource someone spun up by hand in the console — plan is blind to it.<br> SyncVey diffs your tfstate against the <em>live</em> AWS state, so those show up too.</p> <h2> The stack (and why) </h2> <ul> <li> <strong>Django + htmx + Postgres</strong> — server-rendered, no SPA, no Node build step</li> <li><strong>MIT-licensed, no SaaS, no telemetry</strong></li> <li>One <code>docker compose up</code> and your data stays inside your own infrastructure </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>git clone https://github.com/MR-TABATA/SyncVey <span class="nb">cd </span>SyncVey docker compose up </code></pre> </div> <p>I deliberately leaned on htmx because, for a tool someone has to deploy and<br> maintain themselves, "no frontend toolchain" matters more than a fancy client.</p> <h2> I'd love your honest take </h2> <p>It's AWS-only for now and very much a solo project, so I'm sure there are rough<br> edges. I'm not an AWS specialist — I deliberately leaned on things that don't<br> require me to be one: your tfstate and the live boto3 API as ground truth, all<br> open source so you can audit every call. If you know AWS better than I do (many<br> of you will), I'd love for you to tear into the scanner logic.</p> <p>Does this solve a real problem for you? What's missing? What would stop you<br> from running it?</p> <ul> <li>Repo: <a href="https://github.com/MR-TABATA/SyncVey" rel="noopener noreferrer">https://github.com/MR-TABATA/SyncVey</a> </li> <li>Quick tour: <a href="https://syncvey.com/" rel="noopener noreferrer">https://syncvey.com/</a> </li> </ul> aws devops terraform showdev