Add Terraform Cloud (Run Tasks)

Integrate Prisma Cloud with Terraform Cloud (Run Tasks) to scan workspaces in Terraform Cloud. The integration enables Prisma Cloud to use policies and regulate runs in Terraform Cloud. Through the integration Prisma Cloud manages run-related information of a workspace and communicates the status of the run (either pass or fail) that is accessible on the Prisma Cloud console.
You can choose to integrate Terraform Cloud (Run Tasks) either from a workspace or organization integration. The execution of the run tasks scan in Terraform Cloud is after the Plan phase, where you preview the changes of the infrastructure-as-code policy and before the Apply phase when you provision the infrastructure-as-code policy.
  1. Verify the prerequisites.
    For Terraform Cloud (Run Tasks) integration get the details for enabling authentication to Prisma Cloud.
    • Terraform Cloud Console
      Access to Terraform Cloud console enables you to provide user token or organization token that authorizes Prisma Cloud to access workspaces and helps regulate run configuration in Terraform Cloud console.
    • Terraform Cloud version
      Run Tasks for workspaces on Terraform Cloud is compatible with version 0.12 and above. Ensure your Terraform Cloud version is compliant with the requirement.
    • Terraform Cloud user permission
      Terraform Cloud (Run Tasks) supports both workspace and organization integration.
  2. Access User Token on Terraform Cloud console.
    You can choose to use the existing user token or generate a new user token.
    • To create a user token for an organization select
      Settings > API tokens > Create an organization token
      .
      You can have only one organization user token at a time. An organization token is useful for an initial setup however for more periodic interactions create a Team token. For more information see API tokens.
    • To create a user token for a workspace select User Icon > User Settings > Tokens > Create an API token.
  3. Integrate Terraform Cloud (Run Tasks) with Prisma Cloud.
    1. Select
      Settings > Repositories > Add Repository
      .
    2. Select
      Terraform Cloud (Run Tasks)
      .
  4. Configure Terraform Cloud (Run Tasks) account on Prisma Cloud.
    1. Add
      User Token
      and then select
      Next
      .
  5. Select organization to create event hooks on Prisma Cloud.
    1. Select the organization and then select
      Next
      .
      Prisma Cloud supports only one Terraform Cloud organization for each integration. You can create multiple such integrations for Terraform Cloud organization from a single Prisma Cloud account.
      Prisma Cloud creates event hooks for a Terraform Cloud organization to receive run task notification from Terraform Cloud.
  6. Select workspace to scan during Terraform Cloud run lifecycle.
    1. Select workspace to scan during the Terraform Cloud run lifecycle.
      You can select multiple workspaces for Prisma Cloud to scan during the Terraform Cloud run lifecycle.
      You can optionally choose to select
      Make Prisma Cloud’s run tasks mandatory
      to authorize a Prisma Cloud scan for workspaces at every run task on Terraform Cloud.
      The enforcement level of the mandatory scans are set to
      Advisory
      , where a scan can not block a run task from completing. If the scan fails, the run will proceed and a notification with a scan result displays in the Prisma Cloud console. The run tasks have a reconfigurable enforcement level that you can access in
      Settings > Code Security Configuration
      .
    2. Select
      Next
      .
  7. Verify the Terraform Cloud (Run Tasks) integration with Prisma Cloud.
    1. A
      New integration successfully configured
      message appears after integration is successfully set up and then select
      Done
      .
      Access
      Code Security > Projects
      to view the latest integrated Terraform Cloud (Run Tasks) repository to Suppress or Fix the policy misconfigurations.

Recommended For You