Scribd
Upload
23 views9 pages

CI - CD Pipeline For Terraform Project

This document outlines the creation of an automated CI/CD pipeline for a Terraform project, focusing on security and coding best practices. It details the necessary tools, setup instructions for Jenkins, and the configuration of GitHub webhooks to trigger the pipeline upon code changes. The article also includes troubleshooting tips for common issues encountered during the pipeline execution.

Uploaded by

GYR yuvaraj
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
23 views9 pages

CI - CD Pipeline For Terraform Project

This document outlines the creation of an automated CI/CD pipeline for a Terraform project, focusing on security and coding best practices. It details the necessary tools, setup instructions for Jenkins, and the configuration of GitHub webhooks to trigger the pipeline upon code changes. The article also includes troubleshooting tips for common issues encountered during the pipeline execution.

Uploaded by

GYR yuvaraj
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

4/8/25, 11:37 AM CI/CD pipeline for Terraform Project

Following

CI/CD pipeline for Terraform Project

Palak Bhawsar

Mar 27, 2024 · 4 min read

In this article, we will be creating an automated CI/CD pipeline for a Terraform


project, with a focus on adhering to security and coding best practices. The
pipeline will be designed to trigger automatically upon code push to GitHub, and
will encompass code analysis, security analysis, testing, and the typical
Terraform workflow stages such as initialization, planning, and applying
changes.

https://palak-bhawsar.hashnode.dev/cicd-pipeline-for-terraform-project?source=more_articles_bottom_blogs 1/9
4/8/25, 11:37 AM CI/CD pipeline for Terraform Project

Prerequisite:
4
GitHub and AWS account
Basic knowledge of Terraform and AWS
Knowledge of Jenkins and CI/CD

Let's understand the purpose of all these tools within our CI/CD pipeline.

TFLint is a popular open-source static analysis tool designed for Terraform. It


performs automated checks on Terraform configurations to identify potential
issues, errors, and violations of best practices. TFLint helps maintain code
quality, consistency, and reliability in Terraform projects.

Tfsec is a static analysis tool used to scan Terraform code to identify security
gaps in IaC. It analyzes Terraform codebases to identify potential security
issues such as misconfigurations, insecure settings, and other issues that might
expose infrastructure to risks.

Terratest is an open source testing framework for infrastructure defined using


Terraform. It performs unit tests, integration tests, and end-to-end tests for the
cloud-based infrastructure and helps identify security vulnerabilities early on.

1. Setup Jenkins Server

Launch an EC2 instance and install Jenkins on it to set up the job for running the
pipeline. Follow the blogs below to set up a Jenkins server on an EC2 instance.

https://palak-bhawsar.hashnode.dev/install-jenkins-in-ec2-instance-using-
user-data-script

2. Install tools in Jenkins

Connect to the Jenkins EC2 instance and install all these tools. The Terraform
tool is needed to run Terraform commands. TFLint is required to perform linting
on Terraform configuration files. TFsec is needed to scan Terraform
configuration files to identify any security vulnerabilities. Go is needed to run
Terratest to execute unit and integration test cases.

1. Install Terraform

COPY

https://palak-bhawsar.hashnode.dev/cicd-pipeline-for-terraform-project?source=more_articles_bottom_blogs 2/9
4/8/25, 11:37 AM CI/CD pipeline for Terraform Project

$ wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -


$ echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg
$ sudo apt update && sudo apt install terraform
$ terraform --version

 

2. Install TFLint

COPY

$ apt install unzip


$ curl -s https://raw.githubusercontent.com/terraform-linters/tflint/mas
$ tflint --version

 

3. Install TFSec

COPY

$ curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/sc
$ tfsec --version

 

4. Install go

COPY

$ sudo apt install golang-go


$ sudo vi ~/.profile
$ export PATH=$PATH:/usr/local/go/bin
$ source ~/.profile
$ go version

3. Attach IAM role to Jenkins server

Create an IAM role with the necessary permissions to create resources in AWS,
and then attach this role to the EC2 instance where Jenkins is installed.
Attaching this role to Jenkins is crucial as it grants the necessary permissions
for provisioning resources within the AWS infrastructure.

4. Create Webhook
https://palak-bhawsar.hashnode.dev/cicd-pipeline-for-terraform-project?source=more_articles_bottom_blogs 3/9
4/8/25, 11:37 AM CI/CD pipeline for Terraform Project

Webhook in Jenkins triggers the pipeline automatically when any changes are
done in the GitHub repository like commit and push. Go to Jenkins dashboard
and copy the Jenkins URL. Go to GitHub repository settings. In the left pane
select Webhooks. Click Add webhook and paste the Jenkins URL in the
Payload URL by appending the URL with /github-webhook/ in the end of URL.
Select the events when you want to trigger the pipeline, I have selected Just the
push event and click Add webhook.

5. Project struture and Code

In this project, I am creating an AWS EC2 instance named "test_instance" with a


specified AMI and instance type. It enables HTTP access to instance metadata
and follows best practices by encrypting both the root block device and an
additional EBS volume.

Under test folder, I have created main_test.go file to verify the changes in
Terraform configuration, an EC2 instance of type t2.micro is created with the
creator name as Palak. If any of these conditions fail, the test will report a
failure.

The tflint.hcl file is used to configure TFLint. We can specify which plugins
TFLint should use and their versions. If your Terraform code interacts with AWS
resources, you might enable the AWS plugin and specify its version.

https://github.com/palakbhawsar98/Terraform-CI-CD-Pipeline

6. Create Jenkins pipeline

https://palak-bhawsar.hashnode.dev/cicd-pipeline-for-terraform-project?source=more_articles_bottom_blogs 4/9
4/8/25, 11:37 AM CI/CD pipeline for Terraform Project

Go to Jenkins Dashboard click New Item -> Give a name to the pipeline ->
Select Pipeline -> Click Ok. Add Description of your pipeline -> Build Triggers ->
GitHub hook trigger for GITScm polling.

Scroll to the last in the Pipeline section and from the dropdown select Pipeline
script from SCM. Under SCM, select Git and enter your GitHub project
repository URL. If your GitHub repository is private then add credentials. Also,
enter the branch name in Branches to build and the Jenkinsfile name in Script
Path and click Save. Finally, Click Build Now to run the pipeline.

7. Troubleshooting

The pipeline failed at the TFlint stage due to my Terraform configuration


explicitly utilizing undeclared variables.

The Tfsec stage failed because encryption was not enabled for the EBS volume
attached to the EC2 instance.

https://palak-bhawsar.hashnode.dev/cicd-pipeline-for-terraform-project?source=more_articles_bottom_blogs 5/9
4/8/25, 11:37 AM CI/CD pipeline for Terraform Project

Finally, all pipeline stages ran successfully once it met best practices and
security requirements.

Terraform workflow: init, plan, apply

https://palak-bhawsar.hashnode.dev/cicd-pipeline-for-terraform-project?source=more_articles_bottom_blogs 6/9
4/8/25, 11:37 AM CI/CD pipeline for Terraform Project

Thank you for taking time to read my article. If I've overlooked any steps or
missed any details, please don't hesitate to get in touch.

Feel free to reach out to me anytime Contact me

~ Palak Bhawsar ✨

AWS Devops Terraform Jenkins GitHub

MORE ARTICLES

Palak Bhawsar

https://palak-bhawsar.hashnode.dev/cicd-pipeline-for-terraform-project?source=more_articles_bottom_blogs 7/9
4/8/25, 11:37 AM CI/CD pipeline for Terraform Project

Automate the Shutdown and Start of Idle Non-


Prod Resources to Optimize Costs
In this project, we will see how we can automate the process of both
shutting down and starting non-…

Palak Bhawsar

The Power of Words: AI-Driven Journaling with


AWS ✨
An intelligent journaling app that analyzes your entries, uplifts you during
tough times, and celebr…

Palak Bhawsar

AI-Powered Sentiment Analysis for Product


Reviews & Visualization
In this project, we will create an automated pipeline for analyzing the
sentiment of product reviews…

https://palak-bhawsar.hashnode.dev/cicd-pipeline-for-terraform-project?source=more_articles_bottom_blogs 8/9
4/8/25, 11:37 AM CI/CD pipeline for Terraform Project

©2025 Palak Bhawsar

Archive · Privacy policy · Terms

Powered by Hashnode - Build your developer hub.

Start your blog Create docs

https://palak-bhawsar.hashnode.dev/cicd-pipeline-for-terraform-project?source=more_articles_bottom_blogs 9/9

You might also like