Accurics enables you to scan your Terraform IaC files through Terraform Cloud or Terraform Enterprise.
Perform the following steps:
- Integrate Accurics with Terraform Cloud / Enterprise
- Create a Policy Set
- Create a Sentinel policy
- Run the Terraform Plan
Integrate Accurics with Terraform Cloud / Enterprise
- Login to the Accurics Console, and then go to Integrations.
- Click Terraform Cloud among the available integrations.
- Provide the following information to integrate Accurics with Terraform Cloud.
|Provider||Select the cloud provider for which you are creating the resources through the Terraform Cloud.|
|Token||This could be either:|
Personal API token: Generate the Personal API token from Terraform Cloud Console by going to User Settings > Tokens.
Team API token: Get the team API token form your Terraform administrator. Team API tokens can be generated on the Terraform Cloud Console by going to Organization Settings > Teams > Select Team > Generate Team API Token.
|Workspace ID||Provide the ID of the Terraform target workspace that you want Accurics to scan. You can get the workspace ID from the Terraform Cloud Console by going to the General Settings of the workspace.|
If you are using a Team API token, ensure that the Team Permission is set to Admin by going to Workspace > Settings > Team Settings.
|Workspace Name||You can either provide the name of your Terraform target workspace or provide a custom name. Accurics uses this name to create a new environment on the Accurics Console.|
|Description||Description of the workspace.|
- Click Save.
Accurics creates a policy code which can be used to create a Sentinel policy on the Terraform Cloud Console. A new environment with the workspace name gets created on the Accurics Console to display and manage the IaC scan results.
Create a Policy Set
- Login to the Terraform Cloud Console, and create a policy set. See Managing Policy Sets.
- Ensure that No VCS connection is selected.
- Set the scope of policies to all/specific workspace.
- If you want to limit to a specific workspace, then add the target workspace that you want Accurics to scan.
Create a Sentinel policy
- Create a new Sentinel policy on the Terraform Cloud Console.
- Select the appropriate policy enforcement level.
- Paste the policy code generated during Accurics – Terraform Cloud integration.
- Add the required policy set and then save the policy.
Run the Terraform Plan
Queue a new plan on Terraform Cloud Console.
The Policy Check section displays the IaC scan result. The IaC scan results can also be seen on the Accurics Console in the new environment that gets created during Accurics – Terraform Cloud integration.
The Policy Check may fail or proceed depending on the Policy Enforcement Mode selected while creating the Sentinel Policy.