Terraform Collector
Parse Terraform HCL files to extract configuration data. Writes file validity and full parsed HCL JSON for downstream policy analysis of providers, modules, backends, resources, and infrastructure security posture.
terraform to your lunar-config.yml:uses: github://earthly/lunar-lib/collectors/terraform@v1.0.5
What This Integration Collects
This integration includes 2 collectors that gather metadata from your systems.
terraform
Parses all Terraform (.tf) files in the repository using hcl2json and collects:
- File validity and parse errors (.iac.files[])
- Normalized modules with resources and analysis (.iac.modules[])
- Full parsed HCL JSON for terraform-specific policy (.iac.native.terraform.files[])
- Source tool metadata (.iac.source)
cicd
Records every terraform command executed in CI pipelines along with the Terraform CLI version. Writes command strings and version info to .iac.native.terraform.cicd for audit trails and build reproducibility.
How Collectors Fit into Lunar
Lunar watches your code and CI/CD systems to collect SDLC data from config files, test results, IaC, deployment configurations, security scans, and more.
Collectors are the automatic data-gathering layer. They extract structured metadata from your repositories and pipelines, feeding it into Lunar's centralized database where guardrails evaluate it to enforce your engineering standards.
Learn How Lunar Works →Example Collected Data
This collector writes structured metadata to the Component JSON. Here's an example of the data it produces:
{
"iac": {
"source": {"tool": "hcl2json", "version": "0.6.8"},
"files": [
{"path": "deploy/terraform/main.tf", "valid": true},
{"path": "deploy/terraform/variables.tf", "valid": true}
],
"modules": [
{
"path": "deploy/terraform",
"resources": [
{"type": "aws_db_instance", "name": "main", "category": "datastore", "has_prevent_destroy": true},
{"type": "aws_s3_bucket", "name": "logs", "category": "datastore", "has_prevent_destroy": false},
{"type": "aws_lb", "name": "api", "category": "network", "has_prevent_destroy": false, "internet_facing": true},
{"type": "aws_instance", "name": "web", "category": "compute", "has_prevent_destroy": false},
{"type": "aws_wafv2_web_acl", "name": "main", "category": "security"},
{"type": "aws_wafv2_web_acl_association", "name": "api", "category": "security"}
],
"analysis": {
"internet_accessible": true,
"has_waf": true
}
}
],
"native": {
"terraform": {
"files": [
{
"path": "deploy/terraform/main.tf",
"hcl": {
"terraform": [{"required_providers": [{"aws": {"source": "hashicorp/aws", "version": "~> 5.0"}}]}],
"resource": {"aws_db_instance": {"main": [{"engine": "postgres"}]}}
}
}
],
"cicd": {
"cmds": [
{"cmd": "terraform init", "version": "1.9.8"},
{"cmd": "terraform plan -out=tfplan", "version": "1.9.8"},
{"cmd": "terraform apply -auto-approve tfplan", "version": "1.9.8"}
],
"source": {"tool": "terraform", "integration": "ci"}
}
}
}
}
}Documentation
View on GitHubTerraform Collector
Parses Terraform HCL files and collects IaC configuration data for policy analysis.
Overview
This collector finds all .tf files in a repository and parses them using hcl2json. It writes file validity status and the full parsed HCL JSON, enabling downstream policies to analyze providers, modules, backend configuration, resource inventory, and infrastructure security posture.
Collected Data
This collector writes to the following Component JSON paths:
| Path | Type | Description |
|---|---|---|
.iac.source |
object | Tool metadata (tool, version) |
.iac.files[] |
array | File validity: {path, valid, error?} |
.iac.modules[] |
array | Normalized modules: {path, resources[], analysis} |
.iac.native.terraform.files[] |
array | Full parsed HCL per file: {path, hcl} |
.iac.native.terraform.cicd |
object | CI command tracking: {cmds[], source} |
Collectors
This integration provides the following collectors (use include to select a subset):
| Collector | Description |
|---|---|
terraform |
Parses .tf files, writes validity and full HCL JSON |
cicd |
Records every terraform command run in CI with the CLI version |
Installation
Add to your lunar-config.yml:
collectors:
- uses: github://earthly/lunar-lib/collectors/terraform@main
on: ["domain:your-domain"] # Or use tags like [infra, terraform]
Open Source
This collector is open source and available on GitHub. Contribute improvements, report issues, or fork it for your own use.
Common Use Cases
Explore guardrails that use data from Terraform Collector.
Ready to Automate Your Standards?
See how Lunar can turn your AGENTS.md, engineering wiki, compliance docs, or postmortem action items into automated guardrails with our 200+ built-in guardrails.
AI agent rules & prompt files
Post-mortem action items
Security & compliance policies
Testing & quality requirements