: Add Terraform Enterprise (Run Tasks)
Focus
Focus

Add Terraform Enterprise (Run Tasks)

Table of Contents

Add Terraform Enterprise (Run Tasks)

Integrate Prima Cloud with Terraform Enterprise (Run Tasks) to enforce the policy as a code framework for Terraform workspaces that use Sentinel language with a predefined enforcement level that prevents any risky Terraform run. With Terraform Enterprise (Run Tasks) integration, Prisma Cloud will scan your Terraform frameworks for any misconfiguration in Prisma Cloud default policies, out-of-the-box policies and custom policies.
Terraform always performs runs for a workspace. Therefore, the workspace serves as a working directory when running Terraform locally, providing the configuration, state, and variables for the run. Each workspace is associated with a particular Terraform configuration, where Terraform Enterprise maintains a queue for runs and processes those runs in order. Each run passes through multiple run stages (pending, plan, cost estimation, policy check, apply, and completion), and this integration communicates the status of the run (either pass or fail) that is accessible on the Prisma Cloud console.
  1. Verify the prerequisites.
    For Terraform Enterprise (Run Tasks) integration get the details for enabling authentication to Prisma Cloud.
    • Terraform Enterprise Console
      Access to Terraform Enterprise console enables you to provide user or team token that authorizes Prisma Cloud to access workspaces and helps regulate run configuration in Terraform console.
    • Terraform Enterprise version
      Run Tasks for workspaces on Terraform Enterprise is compatible with version 1.1.9 and above. Ensure your Terraform Enterprise version is compliant with the requirement.
    • Terraform Enterprise user or team permission
      For a workspace integration of run tasks you need Manage Run Tasks permissions. The token must also either have the
      Manage workspaces
      permission at the organization level or be granted admin access to the workspace(s) being integrated. This enables Prisma Cloud to configure run tasks in the environment and scan plan files from your runs.
  2. Integrate Terraform Enterprise (Run Tasks) with Prisma Cloud.
    1. Select
      Settings > Repositories > Add Repository
      .
    2. Select
      Terraform Enterprise (Run Tasks)
      .
    3. Add
      User or Team Token
      .
    4. Add
      Domain
      and then select
      Next
      .
      Ensure an IP address and your Terraform Enterprise URL are on the allow list for Prisma Cloud. To know more about the allow list see enable access to the Prisma Cloud Console.
  3. Select organization to create event hooks on Prisma Cloud.
    1. Select the organization and then select
      Next
      .
      Prisma Cloud creates event hooks for a Terraform Enterprise organization to receive run task notification from Terraform Enterprise.
  4. Select workspace to scan during Terraform Enterprise run lifecycle.
    1. Select workspace to scan during the Terraform Enterprise run lifecycle.
      You can select multiple workspaces for Prisma Cloud to scan during the Terraform Enterprise run lifecycle.
    2. Select
      Next
      .
  5. Verify the Terraform Enterprise (Run Tasks) integration with Prisma Cloud.
    1. A
      New integration successfully configured
      message appears after integration is successfully set up and then select
      Done
      .
      Access
      Application Security > Projects
      to view the latest integrated Terraform Enterprise (Run Tasks) repository to Suppress or Fix the policy misconfigurations.
      A Terraform Enterprise run may fail if a Run Task configuration for a workspace is set at
      Mandatory.
      You can re-configure the severity level using Enforcement.

Support for multiple integrations

Prisma Cloud supports multiple integrations for a Terraform Enterprise (Run Tasks) account. After an initial integration with Prisma Cloud, you can continue to add additional organizations and workspaces using a different or a same user token. Multiple integrations from a single Prisma Cloud account enables you to:
  • View a list of integrations on a single console.
  • Update existing integrations by modifying the selection of workspaces.
  • Add additional integrations using user tokens.
  • Delete an existing integration.
  1. Add additional integrations to a configured Terraform Enterprise (Run Tasks) account on Prisma Cloud console.
    1. Select
      Settings > Repositories > Add Repository
      .
    2. Select
      Terraform Enterprise (Run Tasks)
      and then select
      Add an account.
      You are on Step 4 of adding an integration to Terraform Enterprise (Run Tasks) account on Prisma Cloud console. You are required to complete the rest of the steps to see your additional integration on the console.
  2. Select
    Actions
    to modify an existing integration.
    • Reselect Workspaces
      : You can add or remove existing workspaces from your integrated Terraform Enterprise account.
    • Delete integration
      : This removes an integration from the Terraform Enterprise account on Prisma Cloud console.
      If you have a single integration within the account, deleting the existing integration will delete the account configuration on Prisma Cloud console.

Recommended For You