Terraform Cloud (TFC) Run Task Integration

The Terraform Cloud (TFC) Run Task integration enables automatic scanning of Terraform plans using the Nirmata Control Hub and Kyverno for policy compliance.

This ensures Terraform infrastructure changes are validated against enterprise policies before being applied.

Prerequisites

Before you begin, ensure that you have:

• A Terraform Cloud (TFC) organization with permissions to create Run Tasks.
• A Nirmata Control Hub tenant with administrative access.
• Access to a Git provider (GitHub required for MVP; GitLab and Bitbucket optional for future integrations).

For an explanation of how the integration works and its key components, see Terraform Cloud Integration Overview.

Step-by-Step Configuration

Step 1: Enable Integration in Nirmata Control Hub

1. Log in to your Nirmata Control Hub instance.
2. Navigate to Integrations → Terraform.
3. Copy the generated Webhook URL and Shared HMAC Key.

Step 2: Add a Run Task in Terraform Cloud

1. In Terraform Cloud, go to Settings → Run Tasks → Create Run Task.
2. Provide a descriptive name (e.g., Nirmata Policy Scan).
3. Paste the Webhook URL from Nirmata Control Hub.
4. Enter the Shared HMAC Key into the HMAC Secret field.
5. Assign the Run Task to one or more workspaces where you want policy scans to run.

Step 3: Trigger a Terraform Run

1. Execute a terraform plan or apply in the configured workspace.
2. Terraform Cloud sends the plan payload to the Nirmata Terraform Service.
3. The service runs compliance scans using default public policy sets.
4. The pass/fail status is displayed in the Terraform Cloud run UI.

Step 4: View Results in Nirmata Control Hub

• Go to Integrations → Terraform → Runs in Nirmata Control Hub to view detailed scan results, violations, and policy summaries.

Next Steps

• Explore custom policy sets in Nirmata Control Hub for Terraform security and compliance.
• Visit the Nirmata Documentation Portal for additional configuration and troubleshooting guides.