Terraform Cloud

Overview

Integrating Bridgecrew with Terraform Cloud via Sentinel embeds Bridgecrew's library of hundreds of out-of-the-box policies into every workspace run. Bridgecrew scans the workspace plans you choose and displays the results in the Bridgecrew platform.You can configure the correction settings to either manual or auto apply if Bridgecrew finds errors.

How to Integrate with Terraform Cloud

The integration requires setup in Bridgecrew Cloud and Terraform Cloud.

  • In Bridgecrew Cloud, initiate the Integration, then enter the Terraform token and get integration snippets.
  • In Terraform Cloud, create two files in a VCS repository or locally, enter Bridgecrew's integration snippets, and create a new Sentinel Policy

In Bridgecrew Cloud

  1. From Integrations, select Terraform Cloud under Continuous Integration and press ADD WORKSPACE.
  1. In Terraform Cloud, go to your workspace. Navigate to Settings> General. Under General Settings you should find your Workspace ID and Workspace Name.
  2. In Bridgecrew, enter:
  • Terraform Cloud Workspace ID (as copied from Terraform Cloud)
  • Terraform Cloud Workspace Name (as copied from Terraform Cloud)
  • Terraform Cloud Workspace Description
  • Token - enter a User or Team token (Organization tokens do not work) - see Terraform help for more details about your API Tokens.

Currently the integration requires one policy per workspace.

  1. Press Create Policy.
  2. Create in your VCS, or locally, two new files named ״sentinel.hcl״ and ״bridgecrew.sentinel״.
  3. Copy each of the code snippets that now appear into the new files respectively . Note that {PATH_TO_FILE} should be replaced with the actual path.

In Terraform Cloud

  1. Under Settings, Policy sets, press Connect a New Policy Set.
  2. Connect to the VCS and the repository where your new policy files are located or select No VCS connection if they are local .
  3. Enter a policy name and description. Then select the scope of policies to be enforced only on the integrated workspace.
  4. Press Connect policy set.
  5. Once your policy set is connected, go to the settings for that Policy Set and under "Sentinel Parameters", click on "Add parameter". Set the key as "bc_api_key", copy the token below for the value and check the "Sensitive" option.
Create Sentinel Policy in Terraform CloudCreate Sentinel Policy in Terraform Cloud

Create Sentinel Policy in Terraform Cloud

Whenever a work plan update is triggered in Terraform Cloud for the configured workspaces, Bridgecrew checks will be run. If the check fails, details are shown including a link to Bridgecrew Cloud for further details.

See Terraform Cloud documentation for further details on Sentinel Policies.


Did this page help you?