Pre-Plan/Pre-Apply Run Tasks Now Available in Terraform Cloud
Enhance your Terraform Cloud workflow by adding run tasks before the plan and/or apply stages.
Today, we are pleased to announce the general availability of pre-plan/pre-apply run tasks in Terraform Cloud. This release expands the run task feature and teams can now integrate third-party tools and services at multiple stages of the Terraform run lifecycle.
You can now check Terraform configuration before the plan is generated, reevaluate compliance prior to applying, or you can trigger customized workflows in whichever stage is most suitable to your needs. With customizable run tasks, the options are endless.
» Pre-Plan Run Tasks
There is a common theme that comes up repeatedly when speaking with customers about run tasks: the need to do more at all stages of the run lifecycle.
The most prevalent use case for run tasks is ensuring that teams adhere to the organization's security and compliance requirements. Earlier this year we announced the general availability of post-plan run tasks which let you evaluate the compliance of your infrastructure based on Terraform plan data.
Pre-plan run tasks build on this capability by shifting the execution to occur earlier in the Terraform run lifecycle. You can now integrate tasks that analyze your Terraform configuration files, allowing you to implement custom logic that can detect issues in the Terraform configuration before the planning phase.
Several partners have already created and validated pre-plan run tasks and are committed to providing support to our mutual customers. These partners include BlinkOps, Check Point, Tines, and Torq.
Here’s how each solution can help enhance your Terraform Cloud experience with pre-plan run tasks:
- Blink: Enables no-code automation for managing infrastructure as code workflows across cloud tools and services
- Check Point: Detects security misconfigurations before the planning phase
- Tines: Helps users to approve and record infrastructure requests from Terraform Cloud
- Torq: Creates automated no-code workflows for infrastructure scans, approval lifecycle, and tracking with ticketing systems like Jira
» Pre-Apply Run Tasks
Running a check before you apply your Terraform configuration is an important part of day-to-day operations when provisioning infrastructure. Typically, teams will adopt a review and approval process that often results in a delay between when a plan is initially generated and when it is applied.
A lot can happen in this time. Infrastructure can change, maintenance windows can be enforced, and new compliance rules can get added to the same run task integration that reported that your Terraform configuration was compliant.
Now, you can configure run tasks to trigger pre-apply, just before the plan is applied, implementing a final gate that your Terraform configuration needs to pass through before your configuration is applied.
» Try Run Tasks on Terraform Cloud
Pre-plan and pre-apply run task integrations are now available in Terraform Cloud Team & Governance as well as the Business tier, and they will be released in Terraform Enterprise very soon. There are already many Terraform Cloud run task integrations available with more on the way. Check out the run tasks documentation to learn how to set up run task integrations via the UI or API.
If you don’t see a tool or service that you’d like to use, please get in touch because we love feedback!
Sign up for the latest HashiCorp news
More blog posts like this one
Fix the developers vs. security conflict by shifting further left
Resolve the friction between dev and security teams with platform-led workflows that make cloud security seamless and scalable.
HashiCorp at AWS re:Invent: Your blueprint to cloud success
If you’re attending AWS re:Invent in Las Vegas, Dec. 2 - Dec. 6th, visit us for breakout sessions, expert talks, and product demos to learn how to take a unified approach to Infrastructure and Security Lifecycle Management.
Speed up app delivery with automated cancellation of plan-only Terraform runs
Automatic cancellation of plan-only runs allows customers to easily cancel any unfinished runs for outdated commits to speed up application delivery.