Set Up Your Prisma Cloud Configuration File for IaC Scan

Describes the .prismacloud/config.yml file for IaC Scan.
Prisma Cloud IaC Scan requires a Prisma Cloud configuration file in the repository where your templates are stored. This configuration file can include information about your IaC module structure, runtime variables, and tags that help refine your IaC Scan use. It enables Prisma Cloud IaC scan to support complex module structures and variable formats.
Create this file as
.prismaCloud/config.yml
in the root directory of your repository branch.
The content of your Prisma Cloud configuration file depends on the IaC Scan support you need. The following show configuration details.

Configure IaC Scan to Support Terraform

The following shows the parameters in the Prisma Cloud configuration file that enable you to configure the IaC scan for Terraform 0.11 module with a variable file and/or input variables.
# Specify the template type. Valid values are as follows. # - For Terraform: TF # - For AWS CloudFormation: CFT # - For Kubernetes: K8S template_type: TF # The valid values for terraform_version are 0.11 or 0.12 terraform_version: 0.11 # If terraform_version is 0.11, then terraform_011_parameters # is required. # The value for variable_files is an array of custom variable file # names. The path of each file is relative to your repository # branch root directory # The value for variable_values is an array of name/value pairs # that identify the input variables your template uses. terraform_011_parameters: variable_files: - scan/rich-value-types/network/variables.tf variable_values: - name: check value: public-read-write
The following shows the parameters in the Prisma Cloud configuration file that enable you to configure the IaC scan for Terraform 0.12.
# Specify the template type. Valid values are as follows. # - For Terraform: TF # - For AWS CloudFormation: CFT # - For Kubernetes: K8S template_type: TF # Valid values for terraform_version are 0.11 or 0.12. terraform_version: 0.12 # If terraform_version is 0.12, then terraform_012_parameters # is required. # The value of terraform_012_parameters is an # array of root_modules. The value for root_module is relative # to your repository branch root directory. # Each root module can have: # - variable_files, which is an array of variable file names # relative to your repository branch root directory # - variables, which is an array of name/value pairs that # identify the input variables for the module terraform_012_parameters: - root_module: scan/rich-value-types/ variables: - name: check value: public-read-write - name: varName2 value: varValue2 - root_module: scan/rich-value-types/network/ variable_files: - scan/rich-value-types/network/variables.tf - root_module: scan/for-expressions/ variable_files: - scan/rich-value-types/expressions/variables.tf

Configure IaC Scan to Support AWS CloudFormation

The following shows the parameters in the Prisma Cloud configuration file that enable you to configure the IaC scan for Amazon CloudFormation templates with variables.
# Specify the template type. Valid values are as follows. # For Terraform: TF # For AWS CloudFormation: CFT # For Kubernetes: K8S template_type: CFT # If template_type value is CFT, set cft_parameters (optional) # variable_values is an array of name/value pairs, which identifies the # template variables cft_parameters: variable_values: - name: KeyName value: 10 - name: AMI value: ami-45785

Configure IaC Scan to Support Kubernetes

The following shows the parameters in the Prisma Cloud configuration file that enable you to configure the IaC scan for Kubernetes.
# Specify the template type. Valid values are as follows. # For Terraform: TF # For AWS CloudFormation: CFT # For Kubernetes: K8S template_type: K8S

Configure Prisma Cloud Tags

The following shows the parameters in the Prisma Cloud configuration file that enable you to identify Prisma Cloud tags in your template. These tags offer a flexible way to identify and organize your resources in Prisma Cloud.
# Prisma Cloud Tags # tags is an array of labels that enable you to organize your resources # with these key/value pairs in Prisma Cloud tags: - Org:Engineering - Team:Shift_Left

Recommended For You