Terraform Cloud Integration
Overview
Terraform Cloud provides infrastructure as code workflow with audit logging. KYRA MDR collects Terraform audit logs for monitoring infrastructure changes and compliance. Supports Terraform Cloud and Enterprise.
Prerequisites
- A KYRA MDR Collector installed and running
- Terraform Cloud or Enterprise organization
- Organization token with audit trail access
- Terraform Cloud Business tier (for audit trails)
Configuration
Configure Terraform Cloud audit log collection:
- Generate an Organization API token:
- Navigate to Organization > Settings > API Tokens
- Create an Organization Token
- Configure the KYRA MDR collector:
sources: - type: terraform api_url: https://app.terraform.io organization: <org-name> token: <organization-token> poll_interval: 300s- Restart the collector service
Collected Log Types
| Log Type | Description | Security Use |
|---|---|---|
| Workspace | Workspace creation and configuration | Infrastructure management |
| Run | Plan and apply execution events | Change management |
| State | State access and modification | State integrity monitoring |
| Variable | Variable creation and updates | Secret management |
| Team | Team membership and permission changes | Access control |
| Organization | Organization setting changes | Security policy monitoring |
Troubleshooting
No audit data: Terraform Cloud audit trails require the Business tier.
API rate limiting: Set poll interval to 300 seconds or more.
Sensitive variables: KYRA MDR receives audit events about variable changes but not actual values.
Contact kyra@seekerslab.com for support.