Demo

Demo: Enforcing OPA Policies in Terraform Cloud

Published 11:00 AM UTC Sep 09, 2022

If you have Open Policy Agent (OPA) code, you can use it in Terraform Cloud via the Styra DAS run task.

To achieve their security and compliance goals, organizations have to consider input from many business units including security, finance, and legal. That can make it very challenging to implement changes to cloud infrastructure without violating pre-existing policies.

Unsurprisingly, misconfigurations are one of the most significant risks to cloud environments, responsible for up to 70% of security challenges in the cloud. Policy as code allows teams to define security and compliance requirements as part of the code, ensuring that every infrastructure change aligns with pre-existing policies and regulations.

»The Policy as Code Shift

Automated validation and enforcement configurations via static code checks in the CI/CD pipeline are the most common solution to these challenges. A new movement around this idea of policy as code is gaining momentum.

Terraform Cloud and Terraform Enterprise have native policy as code through the Sentinel framework, but sometimes organizations also use a more generalized policy engine like Open Policy Agent (OPA) for Terraform and other tools.

»What You'll Learn: End-to-End Demo

In this Learn Lab demo session, you'll see exactly how OPA can be integrated into the Terraform Cloud CI/CD pipeline through a run task built by Styra, the creators and maintainers of OPA.

More resources can be found on Styra's documentation site.

More resources like this one

  • 3/15/2023
  • Presentation

Advanced Terraform techniques

  • 2/3/2023
  • Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones

  • 2/1/2023
  • Case Study

Should My Team Really Need to Know Terraform?

  • 1/20/2023
  • Case Study

Packaging security in Terraform modules

View all resources