In this tutorial, you will learn how to use the Styra CLI and its embedded OPA to run OPA policies against your Terraform plans. You will also learn how to manage OPA policies using Styra's Declarative Authorization Service (DAS).
This tutorial guides you through the following tasks:
- Add a Terraform DAS System (the core unit of policy management within DAS).
- Choose the rules you want to enforce.
- Download the Styra CLI and its embedded OPA.
- Use the Styra CLI to evaluate your rules against some sample Terraform plans.
At the end of this tutorial, you will be able to embed the Styra CLI into your CICD pipeline to enforce the policies that you manage through DAS. The following architecture shows the interaction between Terraform, Styra-CLI/OPA, and your CICD pipeline.
Figure 1: Architecture of DAS for Terraform
A DAS account is required for this tutorial.
Styra will provide sample Terraform plans (converted to JSON) that you can use, therefore it is not required to install Terraform.