Guides
Step-by-step guides for getting started, migrating, integrating CI/CD, and evaluating compliance.tf.
Get StartedSet up compliance.tf and run your first compliant terraform plan typically in under 10 minutesMigration GuideMigrate from terraform-aws-modules in 7 stepsBrownfield Migration KitModule playbooks, version matrix, and assessment checklistAudit EvidenceGenerate compliance artifacts for your auditorsMake the CaseJustify compliance.tf to your leadership team
Migration
Migrate S3 BucketBefore/after diffs, common issues, SOC 2 and PCI DSS controlsMigrate RDSEncryption, backup retention, deletion protection, Multi-AZMigrate VPCFlow logs, public IP auto-assign, default security groupsMigrate EC2 InstanceIMDSv2, EBS encryption, monitoring, instance type restrictionsVersion CompatibilitySupported upstream versions for all 34 modulesAssessment ChecklistEvaluate your migration readiness step by step
Operational Rules
Getting Started with Operational RulesEnable lifecycle blocks, tagging, provisioner removal, and instance restrictions β without forks or wrapper modulesPreview Rule Diffs (Coming Soon)See exactly what Operational Rules will change in a module before downloading it
CI/CD Integration
CI/CD OverviewPrerequisites, authentication, multi-environment setup, and troubleshootingGitHub ActionsToken setup, complete workflow example, and Checkov verificationGitLab CIProtected CI/CD variables and pipeline YAML configurationTerraform CloudWorkspace environment variables and variable sets for the TFC runnerOther PlatformsSpacelift, Atlantis, env0, Jenkins, and generic CI environments
Compare Approaches
Compare ApproachesHow compliance.tf works alongside Checkov, OPA, Control Tower, and custom wrappersvs Checkov / TrivyPreventive enforcement vs IaC scanning β how the layers combinevs OPA / SentinelSecure defaults vs policy gating β when to use eachvs Custom WrappersManaged compliance modules vs in-house wrapper maintenancevs AWS Control TowerResource-level controls vs account-level governance