Infrastructure as Code (IaC) with Terraform is the core of building infrastructure, enabling automated code compilation and sharing within teams. However, to ensure the code is accurate, secure, and production-ready, Khun Tong, Senior Platform Services Engineer at SCB TechX is here to share essential tools for Automation Testing, Linting, and Security Scanning that enhance Terraform to its fullest potential. Let’s dive into the first tool
1.Terratest – Automate IaC Testing using Go language to test infrastructure in real-world environments. Its key benefits include:
- Test infrastructure in actual environments to ensure the written infrastructure will function as expected.
- Leverage the powerful Go language to write complex tests easily and mock values as needed.
- Monitor resource behavior when code changes are made.
2. TFLint – A Linting tool that detects syntax errors and anti-patterns before applying changes. Its benefits include:
- Quickly identify syntax errors and anti-patterns before running Terraform Plan/Apply.
- Detect incorrectly formatted resources or attributes.
3. Trivy – A security scanner that identifies vulnerabilities in code and supports compliance standards. Key benefits include:
- Identify vulnerabilities in Terraform code, such as publicly accessible S3 buckets or security groups open to 0.0.0.0/0.
- Supports security compliance standards such as CIS Benchmark, NSA Hardening Guide, and more.
In conclusion, we recommend integrating these three tools: Terratest, TFLint, and Trivy into your CI/CD workflow, such as Jenkins Pipeline, to create a robust and secure automation pipeline.
