I’ve written a blog post on Terraform compliance and governance:
Getting started with Terraform is as easy as installing the Terraform binary on your local machine, typing a few lines of HCL into
main.tfand runningterraform apply. This description glosses over a few details, including installing providers, authenticating to provider platforms, running terraform plan, and more, but the general idea is valid.Running Terraform at scale for an entire organization is a different story. First of all, you may have a large number of teams running Terraform.
In this context, you don’t want to allow developers to freely roam and do as they please. This is not necessarily because you don’t trust your developers, but your organization has a reputation to uphold, and one or more governance frameworks to abide by.
When you reach a certain Terraform footprint in your organization, there is a clear need for compliance and governance around the use of Terraform in order to just stay in business.
In this blog post, we will learn about compliance and governance for Terraform, and the concept of policy as code will be central in this discussion.
Read more at spacelift.io
