Add Terraform Enterprise (Run Tasks)

Integrate Prima Cloud with Terraform Enterprise (Run Tasks) to enforce the policy as a code framework for Terraform workspaces that use Sentinel language with a predefined enforcement level that prevents any risky Terraform run. With Terraform Enterprise (Run Tasks) integration, Prisma Cloud will scan your Terraform frameworks for any misconfiguration in Prisma Cloud default policies, out-of-the-box policies and custom policies.
Terraform always performs runs for a workspace. Therefore, the workspace serves as a working directory when running Terraform locally, providing the configuration, state, and variables for the run. Each workspace is associated with a particular Terraform configuration, where Terraform Cloud maintains a queue for runs and processes those runs in order. Each run passes through multiple run stages (pending, plan, cost estimation, policy check, apply, and completion), and this integration communicates the status of the run (either pass or fail) that is accessible on the Prisma Cloud console.
  1. Verify the prerequisites.
    For Terraform Enterprise (Run Tasks) integration get the details for enabling authentication to Prisma Cloud.
    • Terraform Enterprise Console
      Access to Terraform Enterprise console enables you to provide user token that authorizes Prisma Cloud to access workspaces and helps regulate run configuration in Terraform console.
    • Terraform Cloud Enterprise version
      Run Tasks for workspaces on Terraform Cloud is compatible with version 1.1.9 and above. Ensure your Terraform Cloud version is compliant with the requirement.
    • Terraform Cloud Enterprise user permission
      For a workspace integration of run tasks you need organization permission to manage workspace.
  2. Integrate Terraform Enterprise (Run Tasks) with Prisma Cloud.
    1. Select
      Settings > Repositories > Add Repository
      .
    2. Select
      Terraform Enterprise (Run Tasks)
      .
    3. Add
      User Token
      .
    4. Add
      Domain
      and then select
      Next
      .
      Ensure an IP address and your Terraform Enterprise URL are on the allow list for Prisma Cloud. To know more about the allow list see enable access to the Prisma Cloud Console.
  3. Select organization to create event hooks on Prisma Cloud.
    1. Select the organization and then select
      Next
      .
      Prisma Cloud supports only one Terraform Cloud organization for each integration. You can create multiple such integrations for Terraform Cloud organization from a single Prisma Cloud account.
      Prisma Cloud creates event hooks for a Terraform Cloud organization to receive run task notification from Terraform Cloud.
  4. Select workspace to scan during Terraform Cloud run lifecycle.
    1. Select workspace to scan during the Terraform Cloud run lifecycle.
      You can select multiple workspaces for Prisma Cloud to scan during the Terraform Cloud run lifecycle.
    2. Select
      Next
      .
  5. Verify the Terraform Enterprise (Run Tasks) integration with Prisma Cloud.
    1. A
      New integration successfully configured
      message appears after integration is successfully set up and then select
      Done
      .
      Access
      Code Security > Projects
      to view the latest integrated Terraform Enterprise (Run Tasks) repository to Suppress or Fix the policy misconfigurations.
      A Terraform Cloud run may fail if a Run Task configuartion for a workspace is set at
      Mandatory.
      You can re-configure the severity level using
      Enforcement
      .

Recommended For You