Resourcely
Resourcely is a tool that helps businesses create secure-by-default infrastructure resources and prevents security misconfigurations in the cloud. By integrating Resourcely with Terrateam, you can automatically evaluate your Terraform plans against Resourcely Guardrails on every pull request and receive feedback directly within your pull request.
Enabling Resourcely Integration
To enable the Resourcely integration in Terrateam, you need to add the following configuration to your Terrateam configuration file (.terrateam/config.yml
):
Storing the Resourcely API Token
Terrateam needs access to your Resourcely API token to communicate with the Resourcely service and evaluate your Terraform plans. To securely store your Resourcely API token, you need to create a GitHub Secret named RESOURCELY_API_TOKEN
with your Resourcely API token as the value.
-
In your GitHub repository, navigate to “Settings” > “Secrets” > “Actions”.
-
Click on “New repository secret”.
-
Enter
RESOURCELY_API_TOKEN
as the secret name and paste your Resourcely API token as the value. -
Click “Add secret” to save the API token.
How It Works
Once the Resourcely integration is enabled and the API token is stored, Terrateam will automatically run the Resourcely CLI against the generated Terraform plan file(s) during the plan operation.
-
Open a pull request with changes to your Terraform code.
-
Terrateam automatically runs a plan operation and generates Terraform plan file(s).
-
The Resourcely CLI evaluates the plan file(s) against the configured Resourcely Guardrails.
-
If the plan file evaluation fails any of the Resourcely Guardrails, Terrateam will provide feedback directly in the pull request, indicating which guardrails were violated.
-
Review the Resourcely evaluation results and make necessary adjustments to your Terraform code to ensure compliance with the guardrails.
-
Once the pull request is approved and changes are applied with Terrateam, the infrastructure resources will be provisioned securely according to the Resourcely Guardrails.
Resourcely Guardrails
Resourcely Guardrails govern how cloud resources can be created and altered, preventing infrastructure misconfigurations. Guardrails are applied to Blueprints to ensure they are verified before resource provisioning. Resourcely provides a catalog with a wide set of available guardrails that can be further configured. Guardrails are available for the following categories:
- Access Control
- Best Practices
- Cost Efficiency
- And more
See the Resourcely Documentation to learn more.
Viewing Resourcely Evaluation Results
When a pull request is created or updated, Terrateam will automatically run the Resourcely CLI evaluation as part of the plan operation. The evaluation results will be displayed directly in the pull request comments.
If any guardrails are violated, merging and apply operations will be blocked until the issues are resolved. The Resourcely evaluation results will provide detailed information about the violated guardrails.
Considerations
- Resourcely integration adds an additional layer of security and compliance checks to your Terraform workflows, ensuring that your infrastructure resources are provisioned securely and adhere to best practices.
- Encourage your team to address Resourcely evaluation failures promptly to maintain a secure and compliant infrastructure.
- Integrating Resourcely with Terrateam enables you to catch potential security misconfigurations early in the development process, reducing the risk of deploying insecure resources to your production environment.