Add Terraform Cloud (Run Tasks)
Integrate Prisma Cloud with Terraform Cloud (Run Tasks) to scan workspaces in Terraform Cloud. The integration enables Prisma Cloud to use policies and regulate runs in Terraform Cloud. Through the integration Prisma Cloud manages run-related information of a workspace and communicates the status of the run (either pass or fail) that is accessible on the Prisma Cloud console.
You can choose to integrate Terraform Cloud (Run Tasks) either from a workspace or organization integration. The execution of the run tasks scan in Terraform Cloud is after the Plan phase, where you preview the changes of the infrastructure-as-code policy and before the Apply phase when you provision the infrastructure-as-code policy.
- Verify the prerequisites.For Terraform Cloud (Run Tasks) integration get the details for enabling authentication to Prisma Cloud.
- Terraform Cloud ConsoleAccess to Terraform Cloud console enables you to provide user token or organization token that authorizes Prisma Cloud to access workspaces and helps regulate run configuration in Terraform Cloud console.
- Terraform Cloud versionRun Tasks for workspaces on Terraform Cloud is compatible with version 0.12 and above. Ensure your Terraform Cloud version is compliant with the requirement.
- Terraform Cloud user permissionTerraform Cloud (Run Tasks) supports both workspace and organization integration.
- For a workspace integration of run tasks you need Manage Workspace Run Tasks permission.
- For an organization integration of run tasks you need Manage Run Tasks permission.
- Access User Token on Terraform Cloud console.You can choose to use the existing user token or generate a new user token.
- To create a user token for an organization selectSettings > API tokens > Create an organization token.You can have only one organization user token at a time. An organization token is useful for an initial setup however for more periodic interactions create a Team token. For more information see API tokens.
- To create a user token for a workspace select User Icon > User Settings > Tokens > Create an API token.
- Integrate Terraform Cloud (Run Tasks) with Prisma Cloud.
- SelectSettings > Repositories > Add Repository.
- SelectTerraform Cloud (Run Tasks).
- Configure Terraform Cloud (Run Tasks) account on Prisma Cloud.
- AddUser Tokenand then selectNext.
- Select organization to create event hooks on Prisma Cloud.
- Select the organization and then selectNext.
Prisma Cloud supports only one Terraform Cloud organization for each integration. You can create multiple such integrations for Terraform Cloud organization from a single Prisma Cloud account.Prisma Cloud creates event hooks for a Terraform Cloud organization to receive run task notification from Terraform Cloud.
- Select workspace to scan during Terraform Cloud run lifecycle.
- Select workspace to scan during the Terraform Cloud run lifecycle.
You can select multiple workspaces for Prisma Cloud to scan during the Terraform Cloud run lifecycle.You can optionally choose to selectMake Prisma Cloud’s run tasks mandatoryto authorize a Prisma Cloud scan for workspaces at every run task on Terraform Cloud.
The enforcement level of the mandatory scans are set toAdvisory, where a scan can not block a run task from completing. If the scan fails, the run will proceed and a notification with a scan result displays in the Prisma Cloud console. The run tasks have a reconfigurable enforcement level that you can access inSettings > Code Security Configuration. - SelectNext.
- Verify the Terraform Cloud (Run Tasks) integration with Prisma Cloud.
