Add Terraform Cloud (Run Tasks)
Integrate Prisma Cloud with Terraform Cloud (Run Tasks) to scan workspaces in Terraform Cloud. The integration enables Prisma Cloud to use policies and regulate runs in Terraform Cloud. Through the integration, Prisma Cloud manages run-related information of a workspace and communicates the status of the run (either pass or fail) accessible on the Prisma Cloud console.
Run Tasks enable you to integrate third-party tools and services at specific stages in the Terraform Cloud run lifecycle. Each run tasks scan passes through pending, plan, cost estimation, policy check, apply, and completion stage that is viewable on the Prisma Cloud console and Terraform Cloud console. Along with run tasks scan after the Plan phase, where you preview the changes of the infrastructure-as-code policy, and before the Apply phase, when you provision the infrastructure-as-code policy, you can execute the Pre-plan phase and Post-plan phase.
Pre-plan phase includes enabling run tasks to scan for workspaces that have a pre-configuration to begin a scan before the plan phase. While Terraform Cloud performs a run tasks scan for the Post-plan phase after the plan phase is complete, only on workspaces that have run tasks enabled. During both the pre-plan and post-plan phases, Terraform Cloud communicates with the third-party tools and services to determine the run tasks scan status (either pass or fail) to choose if the run can continue with the run, including [speculative plans] that perform scans during editing and code review.
- Verify the prerequisites.For Terraform Cloud (Run Tasks) integration get the details for enabling authentication to Prisma Cloud.
- Terraform Cloud ConsoleAccess to Terraform Cloud console enables you to provide user token that authorizes Prisma Cloud to access workspaces and helps regulate run configuration in Terraform Cloud console.
- Terraform Cloud versionRun Tasks for workspaces on Terraform Cloud is compatible with version 0.12 and above. Ensure your Terraform Cloud version is compliant with the requirement.
- Terraform Cloud user permissionFor a workspace integration of run tasks you need Manage Workspace Run Tasks permission.
- Access User Token on Terraform Cloud console.You can choose to use the existing user token or generate a new user token.
- SelectUser Icon > User Settings > Tokens > Create an API token.
- Integrate Terraform Cloud (Run Tasks) with Prisma Cloud.
- SelectSettings > Repositories > Add Repository.
- SelectTerraform Cloud (Run Tasks).
- Configure Terraform Cloud (Run Tasks) account on Prisma Cloud.
- AddUser Tokenand then selectNext.
- Select organization to create event hooks on Prisma Cloud.
- Select the organization and then selectNext.
Prisma Cloud currently supports one Terraform Cloud organization for a single integration instance.Prisma Cloud creates event hooks for a Terraform Cloud organization to receive run task notification from Terraform Cloud.
- Select workspace and Run Stage to scan during Terraform Cloud run lifecycle.
- Select workspace to scan during the Terraform Cloud run lifecycle.
You can select multiple workspaces for Prisma Cloud to scan during the Terraform Cloud run lifecycle. - Select Run Stage for the specific workspace.
- Post-plan: Choose post-plan run stage to enable a run tasks scan on Prisma Cloud for workspaces after Terraform Cloud creates a plan.
- Pre-plan: Choose pre-plan run stage to enable a run tasks scan on Prisma Cloud for workspaces before Terraform Cloud creates a plan.
The enforcement level of the mandatory scans are set toAdvisory, where a scan can not block a run task from completing. If the scan fails, the run will proceed and a notification with a scan result displays in the Prisma Cloud console. The run tasks have a reconfigurable enforcement level that you can access inSettings > Code Security Configuration.
- SelectNext.
- Verify the Terraform Cloud (Run Tasks) integration with Prisma Cloud.
