OPA Ecosystem / Terraform

Terraform

These projects from the OPA ecosystem integrate OPA with either Terraform source code in HCL or Terraform plans in JSON.

Styra Declarative Authorization Service

Policy as Code Control Plane by Styra

Styra DAS has native support for the validation of Terraform code and plans via a prebuilt ‘system-type’, this is documented here.

View Details

Conftest

Rego policy for configuration files

Conftest has generic support for Terraform source files defined in HCL. There is an example provided here on GitHub.

View Conftest Details

env0

env0 is a Terraform automation platform that allows you to manage your infrastructure as code (IaC) at scale. It has a built-in integration with OPA. See docs here.

View env0 Details

Scalr

Policy enforcement for Terraform by Scalr

These policies can be run using OPA at the command line against a Terraform plan JSON. See the example in the README.

View Scalr Details

Spacelift

Spacelift supports Rego as a language to describe policies for Terraform JSON plans. This blog outlines how the integration works.

View Spacelift Details

Torque

Quali

Torque supports Terraform policy enforcement and defines some sample policies here.

View Torque Details

Atmos

Cloud Posse

Atmos can validate Terraform stack before applying them. This is done using the validate component command documented here.

View Atmos Details

Terraform Cloud

HashiCorp

Terraform cloud has native support for enforcing Rego policy on plans. The feature is documented here.

View Terraform Cloud Details

Integrations are ordered by the amount of linked content.

Do you have an OPA-based project or integration to share? Follow these instructions to get it listed or go to the #ecosystem channel in the OPA Slack if you have any questions.