---
title: "Terraform"
description: "Kyverno JSON policies for Terraform plans, configurations, and state files. Enforce infrastructure-as-code security and compliance before resources are provisioned."
diataxis: reference
applies_to:
  product: "kyverno"
audience: ["platform-engineer","devsecops"]
last_updated: 2026-03-25
url: https://docs.nirmata.io/docs/policy-sets/terraform/
---


Kyverno JSON policies for scanning Terraform IaC artifacts with `nctl scan terraform`.

## What's Covered

- S3 bucket encryption and access control
- IAM role and policy validation
- Security group rules
- Resource tagging enforcement
- Cost control guardrails

All Terraform policies are available in the [Nirmata policy library on GitHub](https://github.com/nirmata/kyverno-policies/tree/main/terraform).