Terraform Cloud Run Task Integration


Terraform Cloud Run Task Integration

Terraform Cloud is a managed service by HashiCorp that makes it easy to run Terraform in production. With the beta release of run tasks for Terraform Cloud, we are able to easily integrate into the workflow of a Terraform deployment by executing webhooks after the plan stage but before the apply stage. The run tasks can be set to either advisory or mandatory to show informational errors or fail the pipeline, respectively.

For more information about run tasks and the Terraform cloud workflow, see HashiCorp's articles Run Tasks Integration and Terraform Cloud Run Tasks Beta Now Available.

Run Tasks in Kion

We have two run tasks available:

  • Savings Opportunities. Shows the monthly forecast on a project as well as the available cost savings opportunities.
  • Compliance. Shows the number of compliance findings on a project, and will throw an error if there are any critical findings.

EC2 Instance Deployment

To start using run tasks, set up an EC2 instance in the account where you have Kion installed.

The account you use here must have an elastic IP and a key pair allocated to it.

To deploy an EC2 instance in your account:

  1. Login to the AWS console where Kion is installed.
  2. Navigate to the AWS CloudFormation service.
  3. Click Create stack.
  4. Upload the AWS CloudFormation template from the GitHub repository. It's called ec2-deploy.yaml and is located in the AWS CloudFormation folder.
  5. Fill in the parameters on the stack details page.
  6. Walk through the rest of the wizard, and then click Create stack.

Once it is deployed, ensure the EC2 instance is publicly accessible to Terraform Cloud and can send a webhook to your Kion application.

Terraform Cloud Setup

To add run tasks to your Terraform workspace:

  1. Login to the Terraform Cloud console: https://app.terraform.io/
  2. In your organization, click Settings > Run Tasks.
  3. Click the Create run task button.
  4. In the form, edit the following fields:
    • Name. Enter a friendly name.
    • Hook endpoint URL. Paste in the elastic IP allocated to your account and append to the URL either:
      • /savings Append this for the savings opportunities webhook.
      • /compliance Append this for the compliance webhook.
    • HMAC key. Leave this field blank.
  5. Click Save run task.
  6. Navigate to the workspace where you want to add the run tasks.
  7. Click Settings > Run Tasks.
  8. Click the plus button next to the run task.
  9. Under the Environment Variables section, click Variables > Add variable.
  10. Add a variable named Kion_PROJECT.
  11. Add the ID of the Kion project that the workspace will modify.
  12. Click Save variable.

That's it! You can push changes to your workspace and the run tasks will start.