Skip to main content

Styra DAS Terraform System Type Overview

Terraform is an open-source tool to describe, manage, and automate your infrastructure as code on any cloud. The Styra DAS Terraform system type enforces guardrails on cloud resources you manage with Terraform by evaluating policies against Terraform plans. Terraform plans enable you to see what changes Terraform needs to make before it makes them to your cloud resources.

note

The Styra DAS Terraform system type supports Terraform plans generated by Terraform v0.12 and higher and requires OPA version 0.42 or above.

Terraform Plan Evaluation

Styra DAS Terraform systems support evaluation of Terraform plans generated both via Terraform Cloud or Terraform Enterprise and via the Terraform CLI. For example, require all AWS S3 buckets created use at least AES-256 encryption to ensure your S3 data is always encrypted at rest and satisfies your organization's compliance and security requirements.

Using Styra DAS with the Terraform CLI

Terraform can run locally and in CI/CD workflows by using the Terraform CLI to plan, apply, and manage cloud resource changes. Then use the Styra CLI to pass in the Terraform plan and evaluate it against policies defined in Styra DAS by your organization. The diagram below shows how the Styra CLI fits in with a typical Terraform plan and apply flow.

Figure 1 - Styra DAS Integration with TerraformFigure 1 - Styra DAS Integration with Terraform

Using Styra DAS with Terraform Cloud or Terraform Enterprise

Terraform Cloud is HashiCorp's managed Terraform service offering which enables running Terraform across multiple cloud environment securely and at scale. Terraform Enterprise is the self-hosted edition of Terraform Cloud.

The Styra DAS Terraform system type supports a direct integration with Terraform Cloud/Enterprise using Terraform run tasks, a feature which allows integrating third-party tools in the post-plan/pre-apply stage of a Terraform Cloud/Enterprise run for workspaces using Terraform v0.12 or later. The diagram below shows the run task integration architecture for Terraform Cloud, including the post-plan invocation of Styra DAS policy evaluation with the Terraform plan and run details. The run task integration architecture for Terraform Enterprise is identical to the Terraform Cloud architecture.

Figure 2 - Architecture of Styra DAS for Terraform CloudFigure 2 - Architecture of Styra DAS for Terraform Cloud

By configuring the run task integration with Styra DAS, Terraform Cloud/Enterprise plans are always evaluated against your Styra DAS Terraform policies before the plan's changes can be applied to cloud resources. No infrastructure or agents to deploy—just connect your Styra DAS workspace with your Terraform Cloud/Enterprise organization and start enforcing infrastructure-as-code guardrails with Styra DAS.

note

While the Styra DAS Free and DAS Enterprise plans both include support for the run task integration with Terraform Cloud, the run tasks feature in Terraform Cloud is available only to Terraform Cloud organizations on a Team & Governance or Business plan.

If your organization is currently using the Terraform Cloud free plan, you can upgrade to the Team & Governance plan trial in your Terraform Cloud organization billing settings to gain access to the run tasks feature in Terraform Cloud for the duration of your Team & Governance plan trial.

Integration with Terraform Enterprise run tasks is only available on Styra DAS Enterprise.

Learning Topics

Learn more about how to use the Styra DAS Terraform system type.

See it in Action

If you prefer to see the Styra DAS Terraform system type in action, refer to our tutorials: