Enhance your HashiCorp Cloud Platform Terraform (Terraform Cloud) workflows with AI-powered analysis using Amazon Bedrock. This module integrates seamlessly as a Run Task to provide:
- Intelligent Terraform plan analysis with concise, human-friendly summaries
- Advanced function calling capabilities for extended analysis (e.g., AMI evaluation)
- Responsible AI implementation with customizable guardrails
-
AI-Powered Plan Summaries
- Generate clear, natural language summaries of Terraform plan outputs
- Quickly understand the impact of infrastructure changes
-
Extensible Analysis with Function Calling
- Leverage AI to perform additional analyses, such as AMI evaluation
- Easily extend to other API-based tools and services
-
Responsible AI Integration
- Implement Amazon Bedrock guardrails tailored to your organization's policies
- Ensure ethical and compliant AI usage in your infrastructure workflows
-
Secure Architecture
- Designed for deployment in a dedicated AWS account
- Optional AWS WAF integration for enhanced endpoint protection
- Adherence to AWS security best practices
-
Seamless Terraform Cloud Integration
- Operates as a native Run Task within your Terraform Cloud workflow
- Provides insights without disrupting existing processes
-
Flexible and Customizable
- Adapt the module to fit your specific organizational needs
- Easily configure and extend guardrails and analysis capabilities
This module leverages a hub-spoke model, designed for deployment in a dedicated AWS account with Amazon Bedrock access. It utilizes AWS Lambda, CloudFront, and other AWS services to provide a scalable and secure solution.
To implement this module, you'll need:
- An AWS account with appropriate credentials
- Access to Amazon Bedrock (default model: Claude 3 Sonnet)
- A HashiCorp Cloud Platform (HCP) Terraform account
For detailed setup instructions and best practices, please refer to the sections below:
Enhance your Terraform workflows with AI-powered insights while maintaining security and responsible AI practices.
-
Build and package the Lambda files
make all -
Enable Bedrock model access for
Claude 3 Sonnet. Refer to this guide for more info. -
Reference the
examples/basicfolder on how to use this modulecd examples/basic terraform init terraform plan terraform apply
-
Do not re-use the Run Tasks URL across different trust-boundary (organizations, accounts, team). We recommend you to deploy separate Run Task deployment per trust-boundary.
-
Do not use Run Tasks URL from untrusted party, remember that Run Tasks execution sent Terraform plan output to the Run Task endpoint. Only use trusted Run Tasks URL.
-
Enable the AWS WAF setup by setting variable
deploy_waftotrue(additional cost will apply). This will add WAF protection to the Run Tasks URL endpoint. -
We recommend you to setup additional CloudWatch alarm to monitor Lambda concurrency and WAF rules.
-
We recommend to add additional topic to the Bedrock Guardrail to fit your organization requirements.