Enhance your Terraform Cloud workflow by adding run tasks before the plan and/or apply stages.
Today, we are pleased to announce the general availability of pre-plan/pre-apply run tasks in Terraform Cloud. This release expands the run task feature and teams can now integrate third-party tools and services at multiple stages of the Terraform run lifecycle.
You can now check Terraform configuration before the plan is generated, reevaluate compliance prior to applying, or you can trigger customized workflows in whichever stage is most suitable to your needs. With customizable run tasks, the options are endless.
There is a common theme that comes up repeatedly when speaking with customers about run tasks: the need to do more at all stages of the run lifecycle.
The most prevalent use case for run tasks is ensuring that teams adhere to the organization's security and compliance requirements. Earlier this year we announced the general availability of post-plan run tasks which let you evaluate the compliance of your infrastructure based on Terraform plan data.
Pre-plan run tasks build on this capability by shifting the execution to occur earlier in the Terraform run lifecycle. You can now integrate tasks that analyze your Terraform configuration files, allowing you to implement custom logic that can detect issues in the Terraform configuration before the planning phase.
Several partners have already created and validated pre-plan run tasks and are committed to providing support to our mutual customers. These partners include BlinkOps, Check Point, Tines, and Torq.
Here’s how each solution can help enhance your Terraform Cloud experience with pre-plan run tasks:
Running a check before you apply your Terraform configuration is an important part of day-to-day operations when provisioning infrastructure. Typically, teams will adopt a review and approval process that often results in a delay between when a plan is initially generated and when it is applied.
A lot can happen in this time. Infrastructure can change, maintenance windows can be enforced, and new compliance rules can get added to the same run task integration that reported that your Terraform configuration was compliant.
Now, you can configure run tasks to trigger pre-apply, just before the plan is applied, implementing a final gate that your Terraform configuration needs to pass through before your configuration is applied.
Pre-plan and pre-apply run task integrations are now available in Terraform Cloud Team & Governance as well as the Business tier, and they will be released in Terraform Enterprise very soon. There are already many Terraform Cloud run task integrations available with more on the way. Check out the run tasks documentation to learn how to set up run task integrations via the UI or API.
If you don’t see a tool or service that you’d like to use, please get in touch because we love feedback!
Dynamic provider credentials for Terraform Cloud provide a simple and safe authentication workflow for Vault and official cloud providers.
CDK for Terraform (CDKTF) 0.15 improves on its ease of use with Terraform Cloud and Terraform Enterprise through automatic Terraform workspace creation.
Projects in Terraform Cloud allow users to isolate particular subsets of workspaces and define permissions within a single organization.