Styra DAS Terraform System Type Overview
Terraform is an open-source tool to describe, manage, and automate your infrastructure as code on any cloud. The Styra DAS Terraform system type enforces guardrails on cloud resources you manage with Terraform by evaluating policies against Terraform plans. Terraform plans enable you to see what changes Terraform needs to make before it makes them to your cloud resources.
Terraform Plan Evaluation
Styra DAS Terraform systems support evaluation of Terraform plans generated both via Terraform Cloud or Terraform Enterprise and via the Terraform CLI. For example, require all AWS S3 buckets created use at least AES-256 encryption to ensure your S3 data is always encrypted at rest and satisfies your organization's compliance and security requirements.
Using Styra DAS with the Terraform CLI
Terraform can run locally and in CI/CD workflows by using the Terraform CLI to plan, apply, and manage cloud resource changes. Then use the Styra CLI to pass in the Terraform plan and evaluate it against policies defined in Styra DAS by your organization. The diagram below shows how the Styra CLI fits in with a typical Terraform plan and apply flow.
Using Styra DAS with Terraform Cloud or Terraform Enterprise
Terraform Cloud is HashiCorp's managed Terraform service offering which enables running Terraform across multiple cloud environment securely and at scale. Terraform Enterprise is the self-hosted edition of Terraform Cloud.
The Styra DAS Terraform system type supports a direct integration with Terraform Cloud/Enterprise using Terraform run tasks, a feature which allows integrating third-party tools in the post-plan/pre-apply stage of a Terraform Cloud/Enterprise run for workspaces using Terraform v0.12 or later. The diagram below shows the run task integration architecture for Terraform Cloud, including the post-plan invocation of Styra DAS policy evaluation with the Terraform plan and run details. The run task integration architecture for Terraform Enterprise is identical to the Terraform Cloud architecture.
By configuring the run task integration with Styra DAS, Terraform Cloud/Enterprise plans are always evaluated against your Styra DAS Terraform policies before the plan's changes can be applied to cloud resources. No infrastructure or agents to deploy—just connect your Styra DAS workspace with your Terraform Cloud/Enterprise organization and start enforcing infrastructure-as-code guardrails with Styra DAS.
While the Styra DAS Free and DAS Enterprise plans both include support for the run task integration with Terraform Cloud, the run tasks feature in Terraform Cloud is available only to Terraform Cloud organizations on a Team & Governance or Business plan.
If your organization is currently using the Terraform Cloud free plan, you can upgrade to the Team & Governance plan trial in your Terraform Cloud organization billing settings to gain access to the run tasks feature in Terraform Cloud for the duration of your Team & Governance plan trial.
Integration with Terraform Enterprise run tasks is only available on Styra DAS Enterprise.
Learn more about how to use the Styra DAS Terraform system type.
- Terraform Policy Authoring - Use Styra's pre-built Terraform policy rules or author custom policies.
- Terraform Decision Masking - Mask sensitive values in the Terraform plan input before logging to the decision log.
- Terraform Policy Library Rules - Styra's pre-built library of Terraform policy rules for AWS, Azure, and GCP.
See it in Action
If you prefer to see the Styra DAS Terraform system type in action, refer to our tutorials: