awesome-terraform-compliance
github.com/antonbabenko/awesome-terraform-compliance ↗Awesome Terraform Compliance - tools, frameworks, and resources for implementing compliance, security, and governance controls in Terraform and OpenTofu infrastructure.
Use this list with your AI agent
Add the Context Awesome MCP server to Claude, Cursor, or any MCP client, then ask:
"Show me articles resources from awesome-terraform-compliance"
Installation instructions →What's inside
Learning Resources
- A Deep Dive into Terraform Static Code Analysis ToolsArticles
Side-by-side comparison of Terraform security scanning tools with feature matrices.
- CloudSecListNewsletters
Curated cloud security newsletter covering IaC security, CSPM, and compliance tools.
- Compliant Secrets with TerraformArticles
Patterns for managing secrets in Terraform without exposing sensitive values in state files, covering AWS Secrets Manager and compliant credential handling.
- HashiCorp Sentinel TrainingCourses
Official tutorials for writing Sentinel policies in Terraform Cloud/Enterprise.
- Infrastructure as CodeBooks
Kief Morris' guide to managing infrastructure with automation covering compliance and governance patterns.
- ISO 27001 on AWS with TerraformArticles
Practical implementation of ISO 27001 controls on AWS infrastructure provisioned with Terraform, with control-to-resource mappings.
CI/CD and Platform Integration
- Atlantis
Self-hosted Terraform pull request automation with pre-apply policy check hooks.
- Cloud Security Plugin
JetBrains IDE plugin (IntelliJ, PyCharm, etc.) for IaC security scanning including Terraform, enabling shift-left detection in the editor.
- grept
Extensible repository linter with HCL-defined rules and a plan/apply workflow, used by Azure Verified Modules to enforce license, file-structure, and content standards across Terraform module repos.
- Pre-commit Terraform
Collection of Git pre-commit hooks for Terraform including linting, validation, and security scanning.
- Terraform Cloud Run Tasks
Integration point for adding compliance checks to Terraform Cloud/Enterprise runs.
- Terraform Risk Assessor
GitHub Action that analyses Terraform plan JSON and comments risk levels on pull requests.
Evidence and Audit
- atlantis-drift-detectionDrift Detection
Runs Atlantis-driven
- cloud-conciergeDrift Detection
Open-source tool that surfaces infrastructure drift, security findings, and cost estimates as pull requests against your Terraform codebase.
- Compliance TrestleOSCAL Tooling
SDK and CLI for creating and validating OSCAL documents, part of the OSCAL Compass project.
- DiggerDrift Detection
Open-source Terraform CI/CD with drift detection capabilities.
- DrataEvidence Generation
Compliance automation platform with infrastructure evidence collection including Terraform state integration. 💲
- DriftHoundDrift Detection
Receives Terraform drift reports via API and provides a web dashboard with historical tracking, analytics, and Slack notifications.
Related Awesome Lists
- awesome-cloud-security
Cloud security resources across AWS, Azure, and GCP.
- awesome-devsecops
DevSecOps tools and resources including IaC security.
- awesome-opa
Open Policy Agent tools, frameworks, and articles.
- awesome-oscal
OSCAL ecosystem tools and resources.
- awesome-tf
Curated Terraform and OpenTofu resources.
Cloud Provider Compliance Tools
- AWS Config RulesAWS
Managed and custom rules evaluating AWS resource configurations against compliance baselines, deployable via Terraform.
- AWS Control TowerAWS
Managed landing zone service with SCPs and Config rules as guardrails for multi-account AWS environments, configurable via Terraform.
- AWS Control Tower Controls with TerraformAWS
Official AWS sample showing how to implement and administer preventive, detective, and proactive Control Tower guardrails via Terraform IaC.
- AWS Security HubAWS
Aggregated security and compliance findings across AWS accounts with CIS, PCI DSS, and NIST benchmarks.
- AWS Service Control PoliciesAWS
Preventive governance policies at the AWS Organizations level, deployable via Terraform to enforce compliance boundaries across all accounts.
- Azure PolicyAzure
Policy enforcement service for Azure resources with built-in compliance definitions deployable via Terraform.
Policy Libraries and Rulesets
- AWS Guard Rules RegistryGuard Rule Libraries
Official AWS registry of Guard rules covering CIS, NIST, PCI DSS, HIPAA, and SOC 2 compliance frameworks, applicable to Terraform plan JSON via cfn-guard.
- ConftestOPA/Rego Libraries
Utility for writing tests against structured configuration data using OPA/Rego, widely used for Terraform plan validation.
- Prancer Compliance TestOPA/Rego Libraries
Rego policy library with a dedicated
- RegalOPA/Rego Libraries
Linter for Rego policies with 50+ built-in rules covering correctness, style, and performance. Catches bugs and anti-patterns before policies reach production.
- terraform-sentinel-policiesSentinel Libraries
Example Sentinel policies for Terraform Cloud/Enterprise demonstrating common compliance patterns.
- tflint-ruleset-opaOPA/Rego Libraries
TFLint plugin for writing custom compliance rules in Rego, bridging tflint's Terraform-native linting with OPA policy evaluation.
Compliance-Ready Modules
- Azure CAF TerraformAzure
Cloud Adoption Framework landing zone modules with built-in governance and compliance patterns.
- Compliance.tfAWS
Compliance-ready Terraform modules wrapping terraform-aws-modules with enforced compliance controls and audit evidence generation for SOC 2, HIPAA, PCI DSS, NIS2, DORA, and ISO 27001. 💲 🆓
- GCP Hardening Toolkit (GHT)GCP
Google-maintained Terraform modules and blueprints for incrementally hardening brownfield GCP environments, with custom IAM role generation and organization policy constraints.
- Google Cloud Foundation ToolkitGCP
Google-maintained Terraform blueprints for secure GCP deployments with organizational policy compliance.
- opsZeroAWS
Compliance automation platform providing Terraform modules for AWS infrastructure meeting HIPAA, PCI DSS, FedRAMP, StateRamp, and CMMC requirements. 💲
- Secure Cloud FoundationGCP
Protected B/Medium/Medium GCP landing zone with Canadian government compliance patterns. 🏛️
IaC Security Scanners
- CheckovMulti-Framework Scanners
Static analysis tool with 1,000+ built-in policies covering CIS, SOC 2, HIPAA, PCI DSS, and NIST benchmarks for Terraform, CloudFormation, Kubernetes, and more.
- CloudFormation Guard (cfn-guard)Terraform-Specific Scanners
Policy-as-code DSL from AWS for writing rules that validate JSON and YAML data, including Terraform plan JSON and HCL configurations.
- DrogonMulti-Framework Scanners
High-performance open-source scanner combining SAST, SCA, secret detection, and IaC analysis for Terraform and other formats, built for CI/CD pipelines.
- KICSMulti-Framework Scanners
Open-source scanner by Checkmarx with 1,900+ queries across Terraform, Ansible, Docker, and Kubernetes.
- pikeTerraform-Specific Scanners
Scans Terraform and OpenTofu code to calculate the minimum IAM permissions required for deployment across AWS, GCP, and Azure.
- sadcloudIntentionally Vulnerable Terraform
NCC Group's tool for spinning up intentionally misconfigured AWS infrastructure via Terraform to test detection coverage.
Showing a sample of 109 resources. View the full list on GitHub →