Integrate security, compliance, and cost management into the Terraform Cloud workflow using Run Tasks. Now generally available.
When we talk to customers about why they choose Terraform Cloud, they often aim to increase their provisioning velocity across their organization. However, provisioning doesn’t happen in a vacuum. Different business units like Finance, Security, and Compliance must ensure that their goals are met any time a change is introduced to infrastructure. This often necessitates a pass-off to other teams for code review, which will slow DevOps teams down.
Policy as code speeds up this review process by enabling organizations to define requirements from these teams as code, which enables automated testing and automated deployment. Our customers have generally defined policy as code using custom policies written in the HashiCorp policy as code framework, Sentinel. We’re now opening up the Terraform Cloud workflow to other third-party security and compliance tools with Run Tasks, which are now generally available.
Figure: An example run task that runs code scans using Bridgecrew.
Your teams can integrate third-party tools into the Terraform Cloud workflow between any plan
and apply
. By opening up the workflow this way, you can set up conditions for runs to pass in minutes, all without having to write Sentinel policies yourself. This reduces manual code review and speeds up provisioning.
What are some use cases for post-plan run task integrations?
Run tasks now support a number of integrations, which you can find on this list If you don’t see a tool you’d like to use from this existing list, you can integrate it yourself.
Run task integrations will be in the Terraform Cloud Team & Governance as well as the Business tier, and are expected to be in a release of Terraform Enterprise very soon. This will also enable Terraform Enterprise customers to gain image compliance checks from HCP Packer. Contact our sales team if you are interested in setting up this integration.
Since releasing run tasks in beta, the Terraform Cloud team made these integrations easier than ever to set up in the UI or the API, ensuring your team can set up and test as many integrations as you’d like prior to committing them to your production workflows.
There are already many useful Terraform Cloud run task integrations available, and there will be more to come soon. Check out the documentation to see how to set up run task integrations via the UI or API, or get started quickly with this hands-on integration tutorial with Snyk.
Version 5.0 of the HashiCorp Terraform AWS provider brings improvements to default tags, allowing practitioners to set tags at the provider level.
Learn how HashiCorp Terraform supports the deployment of Azure Linux container host for Azure Kubernetes Service (AKS).
New CI/CD pipeline templates for GitHub Actions and GitLab CI provide prescriptive guides for integrating with Terraform Cloud, and a new integration tool can help build workflows with other CI/CD platforms.