1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma Cloud Code Security
    5. Get Started with Prisma Cloud Code Security
    6. Connect Your Repositories to Code Security
    7. Add Terraform Cloud (Sentinel)

    Add Terraform Cloud (Sentinel)

    Integrate Prisma Cloud with Terraform Cloud (Sentinel) to enforce the policy as a code framework for Terraform workspaces that use Sentinel language with a predefined enforcement level that prevents any risky Terraform run. With the integration of Terraform Enterprise, Prisma Cloud will scan your Terraform frameworks for misconfiguration across Prisma Cloud default policies, out-of-the-box policies and custom policies. Each misconfiguration identified can either be resolved or suppressed on the Prisma Cloud console.
    Terraform Cloud is a SaaS alternative for Terraform capabilities. At the basic level Terraform communicates with any number of supported cloud providers using a State file. A State file is used to communicate defined requirements of a policy creation or a policy update between Terraform and your cloud provider. By practice users usually maintain multiple versions of the state files during the creation or update of a policy, however in a larger organization maintenance and access of the state file is limited. Terraform Cloud (Sentinel) helps you store the state file on cloud and maintains version updates for you. Terraform Cloud (Sentinel) gives you control over access privileges giving an insight over who can view or edit your state file. The state file version history gives you an overview of what your infrastructure looks like and can help you restore a previous version in case something goes wrong. The integration of Terraform Cloud (Sentinel) with Prisma Cloud is for a Workspaces. As an owner of a workspace you may have one or more workspaces you want Prisma Cloud to scan. As a user of Terraform Cloud (Sentinel) you are required to integrate each workspace separately.
    1. Verify prerequisites.
      1. For Terraform Cloud (Sentinel) integration with Prisma Cloud Code Security, you need access and information to Terraform environments.
        • Terraform Cloud Console.
          Access to Terraform Cloud console enables you to gather information on Workspace ID, Workspace Name, Workspace Description, User token and Sentinel Parameters all required to help integrate a workspace with the Prisma Cloud console.
          The Terraform Cloud (Sentinel) User token/ Org token authorizes Prisma Cloud to access to your workspaces and helps create sentinel configuration file and policy file.
      2. To create Terraform Cloud (Sentinel) policy sets from your version control system as code, you need two files to ensure a Terraform policy set runs for Prisma Cloud:
        • Sentinel configuration file (sentinel.hcl)
           A Sentinel configuration file contains the policy name, the enforcement level of the policy, and the source path of the policy. You are required to define the actual path for a policy source in the Sentinel configuration file.
        • - Policy file (policyname.sentinel) are individual policy files that are created in the same path as the Sentinel configuration file. The name of the policy file must be the same as the policy name in the configuration file with a .sentinel.
    2. Integrate and configure Terraform Cloud (Sentinel) with Prisma Cloud.
      1. Select
        Settings > Repositories > Add Repository
        .
      2. Select
        Terraform Cloud (Sentinel)
        .
      3. Add
        Workspace
        Id
        ,
        Workspace Name
        ,
        Workspace Description
         and
        Terraform User Token
        .
        If you do not have the specific information access
        Terraform Cloud console > Workspace > Settings > General
         to view and copy the required information.
      4. Select
        Next
        .
    3. Create Sentinel files within your version control system.
      You need two Sentinel files — sentinel.hcl file and prismacloud.sentinel file to ensure Terraform policy set runs with Prisma Cloud configurations.
      1. Create a sentinel.hcl file locally or in your VCS (version control system).
      2. Copy and then paste the code from Prisma Cloud console in the new sentinel.hcl file.
        The code helps you define your policy and the enforcement level of the policy within Terraform Enterprise.
      3. Edit the source path {PATH_TO_FILE} to the location of the sentinel.hcl file in the code and then select
        Next
        .
      4. Create a prismacloud.sentinel file locally or in your VCS (version control system).
      5. Copy and then paste the code from Prisma Cloud console in the new prismacloud.sentinel file and then select
        Next
        .
    4. Connect Policy Set on Terraform Cloud console.
      1. Access Terraform Cloud console and then select
        Settings > Policy sets > Connect a new policy set
        .
      2. Select the version control system, the repository, branch and the repository path.
        If the sentinel files are local then select
        NO VCS connection
        .
      3. Add
        Name
         and
        Description
         of the policy.
      4. Select
        Scope of Policies
        .
        Policies enforced on selected workspaces
         is the default selection.
      5. Select
        Connect policy set
        .
      6. Select
        Settings > Policy Set > Sentinel Parameters
         and select
        Add parameter
        .
      7. Add
        api_key
         and then select
        Sensitive
        .
      8. Access
        Workspaces > Workspace > Actions >Start new plan
         to validate the new policy set against the workspace.
        Access
        Code Security > Projects
         to view the latest integrated Terraform Cloud (Sentinel) repository to Suppress or Fix the policy misconfigurations.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo