Terraform Cloud Run Tasks are Now Generally Available
Integrate security, compliance, and cost management into the Terraform Cloud workflow using Run Tasks. Now generally available.
When we talk to customers about why they choose Terraform Cloud, they often aim to increase their provisioning velocity across their organization. However, provisioning doesn’t happen in a vacuum. Different business units like Finance, Security, and Compliance must ensure that their goals are met any time a change is introduced to infrastructure. This often necessitates a pass-off to other teams for code review, which will slow DevOps teams down.
Policy as code speeds up this review process by enabling organizations to define requirements from these teams as code, which enables automated testing and automated deployment. Our customers have generally defined policy as code using custom policies written in the HashiCorp policy as code framework, Sentinel. We’re now opening up the Terraform Cloud workflow to other third-party security and compliance tools with Run Tasks, which are now generally available.
Figure: An example run task that runs code scans using Bridgecrew.
» Automate Code Review Using Third Party Tools
Your teams can integrate third-party tools into the Terraform Cloud workflow between any plan
and apply
. By opening up the workflow this way, you can set up conditions for runs to pass in minutes, all without having to write Sentinel policies yourself. This reduces manual code review and speeds up provisioning.
What are some use cases for post-plan run task integrations?
- Security: Ensure that you’re not provisioning misconfigurations that cause security issues using tools like Snyk, Bridgecrew, Tenable, Moderne, Sophos, Aqua Security, Firefly, and Lightlytics
- Cost control: Provide visibility into the costs of infrastructure prior to any change using Infracost, Vantage, or Kion
- Regulatory compliance: Ensure compliance with various regulations like HIPAA, GDPR, or PCI-DSS with Bridgecrew or Kion
Run tasks now support a number of integrations, which you can find on this list If you don’t see a tool you’d like to use from this existing list, you can integrate it yourself.
» Available in the Terraform Cloud Business Tier; Coming Soon to Terraform Enterprise
Run task integrations will be in the Terraform Cloud Team & Governance as well as the Business tier, and are expected to be in a release of Terraform Enterprise very soon. This will also enable Terraform Enterprise customers to gain image compliance checks from HCP Packer. Contact our sales team if you are interested in setting up this integration.
» Getting Started with Run Tasks
Since releasing run tasks in beta, the Terraform Cloud team made these integrations easier than ever to set up in the UI or the API, ensuring your team can set up and test as many integrations as you’d like prior to committing them to your production workflows.
There are already many useful Terraform Cloud run task integrations available, and there will be more to come soon. Check out the documentation to see how to set up run task integrations via the UI or API, or get started quickly with this hands-on integration tutorial with Snyk.
Sign up for the latest HashiCorp news
More blog posts like this one
Fix the developers vs. security conflict by shifting further left
Resolve the friction between dev and security teams with platform-led workflows that make cloud security seamless and scalable.
HashiCorp at AWS re:Invent: Your blueprint to cloud success
If you’re attending AWS re:Invent in Las Vegas, Dec. 2 - Dec. 6th, visit us for breakout sessions, expert talks, and product demos to learn how to take a unified approach to Infrastructure and Security Lifecycle Management.
Speed up app delivery with automated cancellation of plan-only Terraform runs
Automatic cancellation of plan-only runs allows customers to easily cancel any unfinished runs for outdated commits to speed up application delivery.