Styra DAS Terraform System Type Overview
Terraform is an open-source tool to describe, manage, and automate your infrastructure as code on any cloud. The Styra DAS Terraform system type enforces guardrails on cloud resources you manage with Terraform by evaluating policies against Terraform plans. Terraform plans enable you to see what changes Terraform needs to make before it makes them to your cloud resources.
Terraform Plan Evaluation
Styra DAS Terraform systems support evaluation of Terraform plans generated both via Terraform Cloud and via the Terraform CLI. For example, require all AWS S3 buckets created use at least AES-256 encryption to ensure your S3 data is always encrypted at rest and satisfies your organization's compliance and security requirements.
Using Styra DAS with the Terraform CLI
Terraform can run locally and in CI/CD workflows by using the Terraform CLI to plan, apply, and manage cloud resource changes. Then use the Styra CLI to pass in the Terraform plan and evaluate it against policies defined in Styra DAS by your organization. The diagram below shows how the Styra CLI fits in with a typical Terraform plan and apply flow.
Figure 1 - Styra DAS Integration with TerraformUsing Styra DAS with Terraform Cloud
Terraform Cloud is HashiCorp's managed Terraform service offering which enables running Terraform across multiple cloud environment securely and at scale.
The Styra DAS Terraform system type supports a direct integration with Terraform Cloud using Terraform Cloud's run tasks, a feature which allows integrating third-party tools in the post-plan/pre-apply stage of a Terraform Cloud run for workspaces using Terraform v0.12 or later. The diagram below shows the run task integration architecture, including the post-plan invocation of Styra DAS policy evaluation with the Terraform plan and run details.
Figure 2 - Architecture of Styra DAS for Terraform CloudBy configuring the run task integration with Styra DAS, Terraform Cloud plans are always evaluated against your Styra DAS Terraform policies before the plan's changes can be applied to cloud resources. No infrastructure or agents to deploy—just connect your Styra DAS workspace with your Terraform Cloud organization and start enforcing infrastructure-as-code guardrails with Styra DAS.
note
While the Styra DAS Free and DAS Enterprise plans both include support for the run task integration with Terraform Cloud, the run tasks feature in Terraform Cloud is available only to Terraform Cloud organizations on a Team & Governance or Business plan.
If your organization is currently using the Terraform Cloud free plan, you can upgrade to the Team & Governance plan trial in your Terraform Cloud organization billing settings to gain access to the run tasks feature in Terraform Cloud for the duration of your Team & Governance plan trial.
Learning Topics
Learn more about how to use the Styra DAS Terraform system type.
System Setup:
- Terraform CLI - Use Styra DAS with the Terraform CLI and Styra CLI.
- Terraform Cloud - User Styra DAS with Terraform Cloud.
- Styra DAS Terraform System Troubleshooting - Resolutions to Terraform system setup issues.
Terraform Policies:
- Terraform Policy Authoring - Use Styra's pre-built Terraform policy rules or author custom policies.
- Terraform Decision Masking - Mask sensitive values in the Terraform plan input before logging to the decision log.
- Terraform Policy Library Rules - Styra's pre-built library of Terraform policy rules for AWS, Azure, and GCP.
See it in Action
If you prefer to see the Styra DAS Terraform system type in action, refer to our tutorials: