Businesses are shifting towards infrastructure-as-code, and with that change comes a concern that configuration errors can cause security and governance violations. To address this, security and cloud administrators need to be able to set up guardrails that make sure everyone in their organization follows security best practices. These guardrails are in the form of constraints.
Constraints define your organization's source of truth for security and governance requirements. The constraints must be compatible with tools across every stage of the application lifecycle, from development, to deployment, and even to an audit of deployed resources.
gcloud beta terraform vet
is a tool for
enforcing policy compliance as part of an infrastructure CI/CD pipeline. When
you run this tool, gcloud beta terraform vet
retrieves project data with Google Cloud
APIs that are necessary for accurate validation of your plan. You can use
gcloud beta terraform vet
to detect policy violations and provide warnings or halt
deployments before they reach production. The same set of constraints that you
use with gcloud beta terraform vet
can also be used with any other tool that
supports the same framework.
With gcloud beta terraform vet
you can:
- Enforce your organization's policy at any stage of application development
- Remove manual errors by automating policy validation
- Reduce learning time by using a single paradigm for all policy management
Support
Until gcloud beta terraform vet
is generally available (GA), regular support channels
might not be available. For support with gcloud beta terraform vet
,
open a ticket
on the terraform-google-conversion
GitHub repository.
Documentation
gcloud beta terraform vet
includes the following resources:
- Quickstart – How to implement a constraint that throws an error, and then modify the constraint so the validation check passes.
- Create a policy library – How to create a centralized policy repository.
- Create Terraform constraints – How to add Terraform-based constraints.
- Create CAI constraints – How to add CAI-based constraints.
- Validate policies – How to validate policy compliance with
gcloud beta terraform vet
. - Troubleshooting – Potential problems and solutions to fix them.
- Migrate from terraform-validator - How to migrate to
gcloud beta terraform vet
from terraform-validator.