Checking the compliance of Terraform configurations using OPA in Terraform Cloud
The aspect of Terraform configuration tests was discussed in Chapter 11, Running Test and Compliance Security on Terraform Configuration, such as using Open Policy Agent (OPA), which was covered in the Using Open Policy Agent for Terraform compliance recipe.
In Terraform, compliance tests are carried out after the terraform plan command is executed. They verify that the result of the plan command corresponds to the rules described in the tests. Only if these tests have passed can the terraform apply command be executed.
Among the tools and frameworks for compliance testing, Terraform Cloud offers, in its free and paid plans, the stack, which allows us to write tests using the Sentinel or OPA framework and execute them directly in Terraform Cloud. This is done by using the run action between the plan and apply commands.
In this recipe, we will study a simple case of integrating OPA compliance...
