Accurics enables you to scan your Terraform IaC files through Terraform Cloud or Terraform Enterprise.
Perform the following steps:
- Integrate Accurics with Terraform Cloud / Enterprise
- Create a Policy Set
- Create a Sentinel policy
- Run the Terraform Plan
Integrate Accurics with Terraform Cloud / Enterprise
- Sign in to the Accurics Console.
- In the left pane, click Integrations.
- In the available integrations options, click Terraform Cloud.
- In the Configure Terraform Cloud dialog box, specify the following information to integrate Accurics with Terraform Cloud.
|Provider||Select the cloud provider for which you are creating the resources through the Terraform Cloud.|
|Token||This could be either:|
Personal API token: Generate the Personal API token from Terraform Cloud Console by going to User Settings > Tokens.
Team API token: Get the team API token from your Terraform administrator. Team API tokens can be generated on the Terraform Cloud Console by going to Organization Settings > Teams > Select Team > Generate Team API Token.
|Workspace ID||Provide the ID of the Terraform target workspace that you want Accurics to scan. You can get the workspace ID from the Terraform Cloud Console by going to the General Settings of the workspace.|
If you are using a Team API token, ensure that the Team Permission is set to Admin by going to Workspace > Settings > Team Settings.
|Workspace Name||You can either provide the name of your Terraform target workspace or provide a custom name. Accurics uses this name to create a new environment on the Accurics Console.|
|Description||Description of the workspace.|
- Click Save.
Accurics creates a policy code that can be used to create a Sentinel policy on the Terraform Cloud Console. A new environment with the workspace name gets created on the Accurics Console to display and manage the IaC scan results.
Create a Policy Set
- Sign in to the Terraform Cloud Console, and create a policy set. See Managing Policy Sets.
- Ensure that No VCS connection is selected.
- Set the scope of policies to all/specific workspace.
- To limit to a specific workspace, add the target workspace that you want Accurics to scan.
Create a Sentinel policy
- Create a new Sentinel policy on the Terraform Cloud Console.
- Select the appropriate policy enforcement level.
- Paste the policy code generated during Accurics – Terraform Cloud integration.
- Add the required policy set and then save the policy.
Run the Terraform Plan
- Queue a new plan on Terraform Cloud Console.
The Policy Check section displays the IaC scan result. The IaC scan results can also be seen on the Accurics Console in the new environment that gets created during Accurics – Terraform Cloud integration. The Policy Check may fail or proceed depending on the Policy Enforcement Mode selected while creating the Sentinel Policy.