Technical Usage Guide¶
How to use Terraform modules?¶
Compliance-ready Terraform modules are available via the private Terraform registry. The registry is available to the users who have a valid license and have configured an API token for Terraform/OpenTofu CLI.
How to obtain a valid API token to access the private Terraform registry?
If you are running Terraform/OpenTofu in an interactive scenario where it is possible to launch a web browser on the same host where Terraform/OpenTofu is running, run terraform login, and use your Compliance.tf user credentials to obtain a short-lived API token. Be aware that the token will expire after 1 day.
Otherwise, if you are running Terraform/OpenTofu in an unattended automation scenario (such as CI/CD pipeline), you can get a long-lived API token from Your Access Tokens page and configure it manually in the CLI configuration. The token will be valid until you revoke it. Check the official Terraform documentation for more details.
Check documentation for the terraform login or tofu login commands for more details.
Sample usage¶
Once you have a valid API token configured for Terraform/OpenTofu CLI, add the module block to your Terraform code:
module "s3_bucket" {
source = "registry.compliance.tf/terraform-aws-modules/s3-bucket/aws"
version = "~> 5.0"
bucket = "my-secure-bucket"
}
Run terraform init or tofu init to download the module and terraform apply or tofu apply to create the resources.
How to verify results?
The quickest way to verify that the module works is to login to the AWS console and verify that the S3 bucket has been created with the correct configuration and that public access, public bucket policies and ACLs are blocked.
Advanced features¶
There are multiple advanced features provided by Compliance.tf, such as compliance framework endpoints, possibility to enable and disable controls, and more. See the Features page for more details.