Hamburger Cross Icon
Terraform Collector - Lunar Collector

Terraform Collector

Collector Beta SecurityOrchestration

Parse Terraform HCL files to extract configuration data. Writes file validity and full parsed HCL JSON for downstream policy analysis of providers, modules, backends, resources, and infrastructure security posture.

Add terraform to your lunar-config.yml:
uses: github://earthly/lunar-lib/collectors/terraform@v1.0.0

What This Integration Collects

This integration includes 1 collector that gather metadata from your systems.

Collector code

terraform

Parses all Terraform (.tf) files in the repository using hcl2json and collects:

  • File validity and parse errors (.iac.files[])
  • Normalized modules with resources and analysis (.iac.modules[])
  • Full parsed HCL JSON for terraform-specific policy (.iac.native.terraform.files[])
  • Source tool metadata (.iac.source)
terraform iac infrastructure hcl aws providers modules backend
Book a demo

How Collectors Fit into Lunar

Lunar watches your code and CI/CD systems to collect SDLC data from config files, test results, IaC, deployment configurations, security scans, and more.

Collectors are the automatic data-gathering layer. They extract structured metadata from your repositories and pipelines, feeding it into Lunar's centralized database where guardrails evaluate it to enforce your engineering standards.

Learn How Lunar Works
1
Collectors Gather Data This Integration
Triggered by code changes or CI pipelines, collectors extract metadata from config files, tool outputs, test results, and scans
2
{ } Centralized as JSON
All data merged into each component's unified metadata document
3
Guardrails Enforce Standards
Real-time feedback in PRs and AI workflows

Example Collected Data

This collector writes structured metadata to the Component JSON. Here's an example of the data it produces:

{ } component.json Component JSON
{
  "iac": {
    "source": {"tool": "hcl2json", "version": "0.6.8"},
    "files": [
      {"path": "deploy/terraform/main.tf", "valid": true},
      {"path": "deploy/terraform/variables.tf", "valid": true}
    ],
    "modules": [
      {
        "path": "deploy/terraform",
        "resources": [
          {"type": "aws_db_instance", "name": "main", "category": "datastore", "has_prevent_destroy": true},
          {"type": "aws_s3_bucket", "name": "logs", "category": "datastore", "has_prevent_destroy": false},
          {"type": "aws_lb", "name": "api", "category": "network", "has_prevent_destroy": false, "internet_facing": true},
          {"type": "aws_instance", "name": "web", "category": "compute", "has_prevent_destroy": false},
          {"type": "aws_wafv2_web_acl", "name": "main", "category": "security"},
          {"type": "aws_wafv2_web_acl_association", "name": "api", "category": "security"}
        ],
        "analysis": {
          "internet_accessible": true,
          "has_waf": true
        }
      }
    ],
    "native": {
      "terraform": {
        "files": [
          {
            "path": "deploy/terraform/main.tf",
            "hcl": {
              "terraform": [{"required_providers": [{"aws": {"source": "hashicorp/aws", "version": "~> 5.0"}}]}],
              "resource": {"aws_db_instance": {"main": [{"engine": "postgres"}]}}
            }
          }
        ]
      }
    }
  }
}

Documentation

View on GitHub

Terraform Collector

Parses Terraform HCL files and collects IaC configuration data for policy analysis.

Overview

This collector finds all .tf files in a repository and parses them using hcl2json. It writes file validity status and the full parsed HCL JSON, enabling downstream policies to analyze providers, modules, backend configuration, resource inventory, and infrastructure security posture.

Collected Data

This collector writes to the following Component JSON paths:

Path Type Description
.iac.source object Tool metadata (tool, version)
.iac.files[] array File validity: {path, valid, error?}
.iac.modules[] array Normalized modules: {path, resources[], analysis}
.iac.native.terraform.files[] array Full parsed HCL per file: {path, hcl}

Collectors

This integration provides the following collectors (use include to select a subset):

Collector Description
terraform Parses .tf files, writes validity and full HCL JSON

Installation

Add to your lunar-config.yml:

collectors:
  - uses: github://earthly/lunar-lib/collectors/terraform@main
    on: ["domain:your-domain"]  # Or use tags like [infra, terraform]

Open Source

This collector is open source and available on GitHub. Contribute improvements, report issues, or fork it for your own use.

View Repository

Ready to Automate Your Standards?

See how Lunar can turn your engineering wiki, compliance docs, or postmortem action items into automated guardrails with our 100+ built-in guardrails.

Works with any process
check Infrastructure conventions
check Post-mortem action items
check Security & compliance policies
check Testing & quality requirements
Automate Now
Turn any process doc into guardrails
Book a Demo