SaaS Security
Onboard a Terraform App to SSPM
Table of Contents
Expand All
|
Collapse All
SaaS Security Docs
Onboard a Terraform App to SSPM
Connect a Terraform instance to SSPM to detect posture and account risks.
Where Can I Use This? | What Do I Need? |
---|---|
|
Or any of the following licenses that include the Data Security license:
|
For SSPM to detect posture risks in your Terraform Cloud instance, you must onboard
your Terraform instance to SSPM. Through the onboarding process, SSPM connects to a
Terraform API by using an Organization API Token that you generate from an
Organization Owner account in Terraform. After connecting to the Terraform API, SSPM
scans the Terraform organization for misconfigured settings and account risks.
All Terraform Cloud plans are supported for SSPM scans.
By following these steps, you onboard only one Terraform
organization. If you want SSPM to scan for multiple organizations, you can onboard
each organization separately.
To access your Terraform instance, SSPM requires the following information, which you
will specify during the onboarding process.
Item | Description |
---|---|
Organization API Token |
An API token available in Terraform Cloud that provides
organization-wide administrative permissions. There is only one
Organization API Token for your organization.
|
To onboard your Terraform instance, you complete the following actions:
- Generate an Organization API Token.
- Open a web browser to the Terraform login page, and log in as an Organization Owner for the organization that you want SSPM to scan.Required Permissions: To generate an Organization API Token, you must use an account assigned to the Organization Owner role.If necessary, select the Terraform organization for SPPM to scan.If you're a member of multiple Terraform organizations, select the organization that you want SSPM to scan. You can select the organization from the Choose an Organization list, which is located in the lower-left corner of the Terraform page.In the left-hand navigation pane, select Settings.Navigate to the organization's API Token settings. In the left-hand navigation pane, select API Tokens.On the API Tokens page, select the Organization Tokens tab.Generate an organization token.You can have only one active Organization API Token at a time. If your organization already has an API Token, you will need its alphanumeric string to provide to SSPM during onboarding. Terraform displays this string only when the Organization API Token is generated, and you can’t view it later. If you don’t have the Organization API Token saved, you can Regenerate token. However, be aware that Terraform will immediately invalidate the current API token.In the Generate an organization token dialog, select an expiration period for the token and Generate token.Terraform generates the Organization API Token and displays it on the Organization Token page.Copy the Organization API Token and paste it into a text file.Don’t continue to the next step unless you have copied the Organization API Token. You will provide this token to SSPM during the onboarding process.Connect SSPM to your Terraform instance.In SSPM, complete the following steps to enable SSPM to connect to your Terraform instance.
- Log in to Strata Cloud Manager.Select ManageConfigurationSaaS SecurityPosture SecurityApplicationsAdd Application and click the Terraform tile.On the Posture Security tab, Add New instance.Log in with Credentials.Enter your Organization API Token and Connect.