Skip to main content

Install Styra CLI and OPA

The installation instructions for Terraform are located on Your System >> Settings >> Install button. This shows you how to use Terraform along with the Styra CLI to check Terraform plans against OPA policies.

The Styra CLI embeds OPA in a command called vet that was designed to evaluate policies against a JSON file on a laptop or a CICD pipeline. You provide vet a Terraform plan encoded in JSON, and it will download your policies from Styra DAS (caching them locally for multiple runs), evaluate your policies, show you the results, and log those results to the DAS for safe-keeping and impact analysis.

The above installation instructions recommend you to run the following commands to generate and validate a Terraform plan:

$ terraform plan --out tfplan.binary
$ terraform show -json tfplan.binary > tfplan.json
$ ./styra vet tfplan.json

If you are using Terraform Cloud you may receive the following error:

โ”‚ Error: Saving a generated plan is currently not supported
โ”‚
โ”‚ The "remote" backend does not support saving the generated execution plan
โ”‚ locally at this time.

To fix this error, adjust the settings for the Terraform Cloud workspace as detailed in these docs:

  1. Go to the settings for Terraform Cloud workspace.

  2. Change Execution mode from remote to local.