Terraform Cloud Integration Overview
How the Nirmata Control Hub Terraform Cloud Run Task integration works — key components and data flow.
Applies to: Nirmata Control Hub 4.0 and later
When a Terraform run reaches the Plan stage, Terraform Cloud triggers a webhook to the Nirmata Terraform Service. This service evaluates the Terraform plan using NCTL (Nirmata CLI) and policy sets managed within Nirmata Control Hub. The results are returned to TFC as pass/fail compliance checks.
Key Components
| Component | Description |
|---|---|
| Nirmata Control Hub Webapp & API | Manages integrations, authentication keys, and displays scan results. |
| Terraform Service | Receives webhooks, fetches policy sets, and invokes NCTL scans. |
| NCTL | CLI tool that evaluates Terraform plans against Nirmata and Kyverno policy sets. |
| TFC Run Task | Executes during Terraform plan runs and triggers compliance scans. |
Architecture
flowchart TD
A[TFC Run Task Triggered] --> B[Nirmata Terraform Service (Webhook)]
B --> C[Policy Fetch (from Nirmata Control Hub / Git)]
C --> D[NCTL Policy Scan]
D --> E[Results sent to Terraform Cloud & Nirmata Control Hub]
Flow Summary:
Terraform Cloud Run → Webhook (Terraform Service) → Policy Fetch (Nirmata Control Hub/Git) → NCTL Scan → Results → TFC/Nirmata Control Hub
Key Notes:
- Run data, credentials, and findings are securely stored in Nirmata for auditability.
- Observability is available through integrated logs, metrics, and traces.
Next Steps
To configure this integration, see Terraform Cloud Run Task Integration for step-by-step instructions.