Add an IaCM approval step
If you want to see the result and impact of the Terraform plan before applying it against the resources, you can add an approval step to your flow.
The approval step provides the following information:
- The resources that were added (including Terraform outputs).
- The resources that were deleted.
- The resources that were changed.
- Cost estimation.
- OPA rules that were evaluated so far in the flow.
Once you've reviewed the plan and are confident in the proposed changes, you can approve it. Approving the plan acknowledges that you understand the modifications that will be made to your infrastructure.
To use the approval plan step, perform the following steps:
- Interactive guide
- Step-by-step
The following example adds an IaCM Approval step to a provision pipeline, placing the approval step between terraform plan
and terraform apply
.
- Go to the pipeline where you want to add an approval step to the infrastructure stage.
- Edit the stage, and then select the Execution tab.
- Hover between the Plan and Apply steps, and then select Add Step.
- From the Step Library, select IaCM Approval and add it to the pipeline.
The approval plan step has a timeout of up to 60 minutes. You can configure this setting when you are editing the step. Upon timeout, the pipeline fails.
During pipeline execution, once the approval plan appears, you can see all the changes and decide whether to approve or reject the changes. Approving runs the Apply command. Rejecting causes the pipeline to fail.
As an additional safeguard, you can add a Wiz Scan to scan your proposed infrastructure change for security vulnerabilities.
The Wiz scan feature is part of the Harness STO module and requires an STO license.
If you have the right access control, you can select each resource and see which attributes have changed.