Terraform Collector
Parse Terraform HCL files to extract configuration data. Writes file validity and full parsed HCL JSON for downstream policy analysis of providers, modules, backends, resources, and infrastructure security posture.
terraform to your lunar-config.yml:uses: github://earthly/lunar-lib/collectors/terraform@v1.0.0
What This Integration Collects
This integration includes 1 collector that gather metadata from your systems.
terraform
Parses all Terraform (.tf) files in the repository using hcl2json and collects:
- File validity and parse errors (.iac.files[])
- Normalized modules with resources and analysis (.iac.modules[])
- Full parsed HCL JSON for terraform-specific policy (.iac.native.terraform.files[])
- Source tool metadata (.iac.source)
How Collectors Fit into Lunar
Lunar watches your code and CI/CD systems to collect SDLC data from config files, test results, IaC, deployment configurations, security scans, and more.
Collectors are the automatic data-gathering layer. They extract structured metadata from your repositories and pipelines, feeding it into Lunar's centralized database where guardrails evaluate it to enforce your engineering standards.
Learn How Lunar Works →Example Collected Data
This collector writes structured metadata to the Component JSON. Here's an example of the data it produces:
{
"iac": {
"source": {"tool": "hcl2json", "version": "0.6.8"},
"files": [
{"path": "deploy/terraform/main.tf", "valid": true},
{"path": "deploy/terraform/variables.tf", "valid": true}
],
"modules": [
{
"path": "deploy/terraform",
"resources": [
{"type": "aws_db_instance", "name": "main", "category": "datastore", "has_prevent_destroy": true},
{"type": "aws_s3_bucket", "name": "logs", "category": "datastore", "has_prevent_destroy": false},
{"type": "aws_lb", "name": "api", "category": "network", "has_prevent_destroy": false, "internet_facing": true},
{"type": "aws_instance", "name": "web", "category": "compute", "has_prevent_destroy": false},
{"type": "aws_wafv2_web_acl", "name": "main", "category": "security"},
{"type": "aws_wafv2_web_acl_association", "name": "api", "category": "security"}
],
"analysis": {
"internet_accessible": true,
"has_waf": true
}
}
],
"native": {
"terraform": {
"files": [
{
"path": "deploy/terraform/main.tf",
"hcl": {
"terraform": [{"required_providers": [{"aws": {"source": "hashicorp/aws", "version": "~> 5.0"}}]}],
"resource": {"aws_db_instance": {"main": [{"engine": "postgres"}]}}
}
}
]
}
}
}
}Documentation
View on GitHubTerraform Collector
Parses Terraform HCL files and collects IaC configuration data for policy analysis.
Overview
This collector finds all .tf files in a repository and parses them using hcl2json. It writes file validity status and the full parsed HCL JSON, enabling downstream policies to analyze providers, modules, backend configuration, resource inventory, and infrastructure security posture.
Collected Data
This collector writes to the following Component JSON paths:
| Path | Type | Description |
|---|---|---|
.iac.source |
object | Tool metadata (tool, version) |
.iac.files[] |
array | File validity: {path, valid, error?} |
.iac.modules[] |
array | Normalized modules: {path, resources[], analysis} |
.iac.native.terraform.files[] |
array | Full parsed HCL per file: {path, hcl} |
Collectors
This integration provides the following collectors (use include to select a subset):
| Collector | Description |
|---|---|
terraform |
Parses .tf files, writes validity and full HCL JSON |
Installation
Add to your lunar-config.yml:
collectors:
- uses: github://earthly/lunar-lib/collectors/terraform@main
on: ["domain:your-domain"] # Or use tags like [infra, terraform]
Open Source
This collector is open source and available on GitHub. Contribute improvements, report issues, or fork it for your own use.
Common Use Cases
Explore guardrails that use data from Terraform Collector.
Ready to Automate Your Standards?
See how Lunar can turn your engineering wiki, compliance docs, or postmortem action items into automated guardrails with our 100+ built-in guardrails.
Infrastructure conventions
Post-mortem action items
Security & compliance policies
Testing & quality requirements