Integrating Open Policy Agent with Terraform
Summary: In this article i’ll be explaining how i integrated Open Policy Agent (OPA) with Terraform for Security Compliance Check.
Prerequisites: Docker Image consisting OPA
Knowledge of go to write OPA compliance rules
Gitlab repo for setting up CI/CD & runner
Step 1:
Docker Image for OPA, available for free download from dockerhub
Alternatively, you can create your own Docker image by customising Dockerfile provided below.
Step 2:
github repo containing code for CI/CD pipeline
https://github.com/SecurityIsIllusion/opa-integration.gitStep 3:
.gitlab-ci.yml file for CI/CD
Feel free to copy paste entire file and use it in your own repo. Make sure you add your respective gitlab runner in tags.
Step 4:
Passing AWS Credentials
Add AWS Access Keys & AWS Secrets here. You can use your own ways to do this
Also, you can add docker credentials if you want to use private docker repo.
Step 5:
For sake of understanding i’m keeping terraform file and opa’s rego compliance file in the same root/master directory.
Note: Check other rego files as you like it. A sample s3 validation rego file is provided in repo.
Step 6:
Pipeine execution, 4 stages ran successfully
Step 7:
Check AWS console for S3, KMS, and EC2 instances for successful terraform deployment.
P.S: Thank you https://github.com/nyalavarthi Sir, for posting much info in public domain.
