Terraform Cloud run tasks let you directly integrate third-party tools and services at certain stages in the Terraform Cloud run lifecycle. You can use run tasks to validate Terraform configuration files, analyze execution plans before applying them, scan for security vulnerabilities, or perform other custom actions.
Run tasks send data about a run to an external service at specific run stages. The external service processes the data, evaluates whether the run passes or fails, and sends a response to Terraform Cloud. Terraform Cloud then uses this response and the run task enforcement level to determine if a run can proceed.
Note: Terraform Cloud Free Edition includes one run task integration that you can apply to up to ten workspaces. Refer to Terraform Cloud pricing for details.
You can manage run tasks through the Terraform Cloud UI or the Run Tasks API.
Hands-on: Try the HCP Packer validation run task tutorial.
Terraform Version - You can assign run tasks to workspaces that use a Terraform version of 1.1.9 and later. You can downgrade a workspace with existing runs to use a prior Terraform version without causing an error. However, Terraform Cloud no longer triggers the run tasks during plan and apply operations.
Permissions - To create a run task, you must have a user account with the Manage Run Tasks permission. To associate run tasks with a workspace, you need the Manage Workspace Run Tasks permission on that particular workspace.
Run tasks send an API payload to an external service. This payload contains run-related information, including a callback URL, which the service uses to return a pass or fail status to Terraform Cloud.
You can access a complete list of all run tasks in the Terraform Registry. These run tasks include the HCP Packer integration and run tasks that our HashiCorp Technology Partners develop and maintain.
To create a new run task:
Navigate to the desired workspace, open the Settings menu, and select Run Tasks.
Click Create a new run task. The Run Tasks page appears.
Enter the information about the run task to be configured:
- Enabled (optional): Whether the run task will run across all associated workspaces. New tasks are enabled by default.
- Name (required): A human-readable name for the run task. This will be displayed in workspace configuration pages and can contain letters, numbers, dashes and underscores.
- Endpoint URL (required): The URL for the external service. Run tasks will POST the run tasks payload to this URL.
- Description (optional): A human-readable description for the run task. This information can contain letters, numbers, spaces, and special characters.
- HMAC key (optional): A secret key that may be required by the external service to verify request authenticity.
Click Create run task. The run task is now available within the organization, and you can associate it with one or more workspaces.
Click Workspaces and then go to the workspace where you want to associate run tasks.
Open the Settings menu and select Run Tasks.
Click the + next to the task you want to add to the workspace.
Choose when Terraform Cloud should start the run task:
- Pre-plan: Before Terraform creates the plan.
- Post-plan: After Terraform creates the plan.
- Pre-apply: Before Terraform applies a plan.
Choose an enforcement level:
- Advisory: Run tasks can not block a run from completing. If the task fails, the run will proceed with a warning in the UI.
- Mandatory: Run tasks can block a run from completing. If the task fails (including a timeout or unexpected remote error condition), the run will transition to an Errored state with a warning in the UI.
Click Create. Your run task is now configured.
Run tasks perform actions before and after, the plan and apply stages of a Terraform run. Once all run tasks complete, the run ends based on the most restrictive enforcement level in each associated run task.
For example, if a mandatory task fails and an advisory task succeeds, the run fails. If an advisory task fails, but a mandatory task succeeds, the run succeeds and proceeds to the apply stage. Regardless of the exit status of a task, Terraform Cloud displays the status and any related message data in the UI.
Removing a run task from a workspace does not delete it from the organization. To remove a run task from a specific workspace:
Navigate to the desired workspace, open the Settings menu and select Run Tasks.
Click the ellipses (...) on the associated run task, and then click Remove. The run task will no longer be applied to runs within the workspace.
You must remove a run task from all associated workspaces before you can delete it. To delete a run task:
Navigate to Settings and click Run Tasks.
Click the ellipses (...) next to the run task you want to delete, and then click Edit.
Click Delete run task.
You cannot delete run tasks that are still associated with a workspace. If you attempt this, you will see a warning in the UI containing a list of all workspaces that are associated with the run task.