Run compliance and security controls to detect Terraform GCP resources deviating from security best practices prior to deployment using Powerpipe and Steampipe.
Currently, the controls use the argument column from table terraform_resource to get the resource attributes and perform the checks.
Based on the latest Terraform plugin changes, the plugin introduces 3 new columns for the table terraform_resource.
address - The absolute address of the resource. It will help identify the resources created using "count" or "for_each".
attributes - The resource attributes. Only populates in case of populating data from a terraform state file.
attributes_std - Similar to the existing arguments column and the newly added attributes column. The column will have the value either from the arguments column (in case of parsing the TF configuration file and TF plan files) or from the attributes column (in case of parsing TF state files).
The compliance controls will use the newly added attributes_std column instead of argument for better support for the terraform state file.
Subhajit97
commented
1 year ago
Currently, the controls use the
argumentcolumn from tableterraform_resourceto get the resource attributes and perform the checks.Based on the latest Terraform plugin changes, the plugin introduces 3 new columns for the table
terraform_resource.address- The absolute address of the resource. It will help identify the resources created using "count" or "for_each".attributes- The resource attributes. Only populates in case of populating data from a terraform state file.attributes_std- Similar to the existingargumentscolumn and the newly addedattributescolumn. The column will have the value either from theargumentscolumn (in case of parsing the TF configuration file and TF plan files) or from theattributescolumn (in case of parsing TF state files).The compliance controls will use the newly added
attributes_stdcolumn instead ofargumentfor better support for the terraform state file.