Skip to main content

Use Styra DAS with the Terraform CLI

The installation instructions for your Styra DAS Terraform system are located in Your System >> Settings >> Install. These instructions show you how to install the Terraform CLI along with the Styra CLI.

The Styra CLI's vet command evaluates your Styra DAS policies in an embedded OPA agent against a JSON plan file on a local machine or in a CI/CD pipeline.

note

Ensure your Styra CLI version is up to date to make use of new OPA built-ins used by the latest Styra DAS Terraform system type version.

Process Flow Overview

When you provide the vet command a JSON-encoded Terraform plan, it will:

  1. Fetch your published policy bundle from Styra DAS (caching it locally for multiple runs).
  2. Evaluate the policies in the bundle against the JSON input.
  3. Display the policy decision results.
  4. Log the decision results to the Styra DAS Decision Log.

Review the decision results in the Styra CLI directly or access your Styra DAS tenant console to view the decision results, replay the decision and step through each evaluated policy, or use the decision input for previewing policy change results and impact analysis.

Generate a JSON Terraform Plan

Using the Terraform CLI, run the following commands to generate a JSON-encoded Terraform plan:

terraform plan --out tfplan.binary
terraform show -json tfplan.binary > tfplan.json

If using Terraform Cloud as your remote backend, you may encounter the following error:

│ Error: Saving a generated plan is currently not supported

│ The "remote" backend does not support saving the generated execution plan
│ locally at this time.

You can resolve this error by changing your Terraform Cloud workspace execution mode from remote to local as detailed in the Terraform Cloud Workspace Settings documentation.

Using Terraform Cloud

Use the Styra DAS direct integration with Terraform Cloud, which keeps the Terraform Cloud workspace execution mode set to remote. See the Terraform Cloud Setup Instructions for more details.

Evaluate Policies Against the Terraform Plan

With the generated tfplan.json file as an input, run the Styra CLI vet command:

./styra vet tfplan.json

Once evaluation of the plan completes, policy decision details in the Styra CLI and in your Styra DAS dashboard.