►
From YouTube: Why to use GitLab with Terraform Cloud
Description
In this video the presenter will demo the why and how to use GitLab Source Code Management and Security Scanning capabilities with Terraform Cloud.
A
Hello,
everyone
and
thank
you
for
your
time
on
the
session
today,
where
we
will
discuss
why
get
lab
with
terraform
cloud
for
doing
that,
let
me
introduce
myself.
My
name
is
emraku,
I'm
a
senior
channels
and
alliances
solutions
architect
for
the
apac
region,
working
with
gitlab.
These
are
my
contacts.
Please
feel
free
to
reach
out
at
the
decision,
I'm
more
than
happy
always
to
add
professional
people
to
my
network.
A
So
so,
basically,
the
scope
of
the
call
today
is
to
answer
a
common
question.
I've
been
getting
in
in
the
field
from
both
partners
and
customers,
which
is
basically
okay.
We
are
already
using
terraform
cloud.
We
are
already
running
our
terraform
scripts
in
under
our
terraform
cloud.
We
know
that
we
can
integrate
git
lab
as
a
back-end
source
code
management
solution
with
terraform
cloud,
but
is
that
really
it
does
it
add
any
other
value?
Does
it
really
worth
the
effort
to
integrate?
Should
we
integrate
it
or
not?
A
So
I
thought
we
need
to
do
this
recording
to
answer
these
questions
and
I
hope
to
be
able
to
clarify
what
I
found.
So,
let's
start
from
the
very
beginning.
This
is
the
typical
use
case
where
I
have
a
github
account
and
I
have
a
terraform
cloud
account.
I
have
my
terraform
scripts
managed
under
gitlab
as
a
version,
control
system
or
source
code
management
solution,
and
I
have
that
integrated
with
my
terraform
cloud
workspace.
A
One
two
can
be
one
too
many
and
my
state
files
are
managed
in
the
terraform
cloud,
so
I'm
not
making
any
comments
on
the
architecture
where,
where
you
should
run
your
telephone
scripts,
whether
in
gitlab
or
telephone
cloud,
this
is
outside
the
scope
of
the
call
today.
But
the
question
is
what
can
be
done
better
right?
What
is
the
value?
What
what
are
the
catches
that
we
should
take
care
of
when
we
do
this
kind
of
setup?
There
is
a
major
thing.
A
The
the
integration
between
the
two
here
between
gitlab
and
terraform
cloud
is
only
done
on
one
branch.
Let
me
show
you
something
so
in
my
I
hope
you
can
see
this
screen
I've.
I've
tried
to
split
the
screen
in
the
middle,
so
you
can
see
both
sides
so
on
the
right
here
I
have
my
terraform
cloud
account,
and
here
I
have
my
gitlab
project
so
under
workspaces.
I
will
not
go
in
this
in
this
session
on
how
to
set
up
the
integration.
It's
a
very
straightforward
system.
A
You
can
find
the
instructions
detailed
even
on
on
the
terraform
website
from
hashicorp,
but
assume
that
you've
already
set
up
a
workspace
and
let's
say
like
this-
is
my
workspace
here
right
and
under
the
workspace
you
have
already,
or
you
have
configured
a
version
control
system
in
the
background,
and
it
is
in
my
case
of
course
gitlab.
So
I
have
gitlab
as
a
version.
Control
provide
sorry
as
source
code
management
solutions
supporting
my
my
script.
So
the
idea
here
is,
I
have
gitlab.
A
I
have
gitlab.com
account-
and
I
have
this
repository
here,
which
is
basically
this
one
here
on
the
on
the
left
and
it
is
integrated
with
that
one
so
that
whenever
I
commit
changes
to
a
branch-
and
this
is
a
major
thing-
a
vcs
branch
like
by
default-
it
takes
the
default
branch
which
is
in
gitlab
the
main
branch.
I
can't
change
that,
but
you
have
to
specify
a
branch,
otherwise
it
will
take
a
main,
the
main
branch
right.
A
So
whenever
I
commit
change
to
the
to
this
branch
here,
a
run
will
automatically
be
triggered
under
the
terraform
cloud,
where
it
will
do
the
planning
initialization.
You
can
see
I've
discussed
many
when
it
runs
before
so
it
will
do
the
initialization,
it
will
do
the
planning
and
then
I
can
do
the
apply
there.
I
don't
have
to
worry
about
running
my
my
my
terraform.
I
mean
notes
or
managing
the
state,
that's
all
down
to
the
telephone
cloud,
wonderful
cool!
Thank
you
now.
A
The
thing
is,
I
have
my
project
here
where
I
can
do
like.
Okay
again,
this
is
a
group
group.
As
you
may
already
know,
gitlab
is
organized
in
groups
and
you
can
have
subgroups,
as
in
my
case,
I
have
two.
I
have
one
subgroup
and
then
I
have
my
project
and
the
project
is
where
you
have
your
code
managed.
So
this
is
my
source
code
and
I
will
use
the
built-in
ide
in
gitlab
the
web
ide
here
so
just
to
show
you
something.
So
this
is
the
default
case.
I
have
changes
like
this.
A
That's
nice,
that's
nice,
but
there
is
always
a
button.
What
about
the
vulnerabilities
in
the
terraform
stress
right
so
today,
parameters
are
everywhere
right
and
we
have
to
be
able
to
run
our
scripts
safely
quickly
and
safely
right.
So
the
change
like
in
git
lab
the
pipeline
is
is
running
here.
The
ch
the
run
has
already
been
triggered
on
the
right
and
the
right
for
that.
Terraform
terraform
run
right,
and
this
is
the
that
the
job
that's
been
added
to
my
pipeline,
because
I
have
that
integration
running
right.
A
So
it's
a
normal
normal
pipeline,
but
I'm
already
committed
to
the
main
branch.
So
if
there
are
any
vulnerabilities,
they've
already
been
added
to
the
main
branch,
that's
already
being
pushed
to
the
planning
phase
in
terraform
and
the
therefore
cloud
and
that,
if,
if
it
pass
all
the
sentimental
rules
or
conditions,
it
will
be
applied
right.
A
All
that
I
have
to
do
is
just
click
here
and
like
do
confirm
and
apply,
and
that
will
basically
do
the
changes
to
my
to
my
infrastructure,
and
in
this
case
it
will
create
an
instance
in
aws.
A
That's
not
really
the
best
case
scenario,
the
happy
day
scenario,
because
first,
I
need
to
have
vulnerabilities
a
check
before
I
go
into
the
the
apply
or
the
planning
into
terraform
club.
Second,
I
really
don't
want
to
have
the
changes
only
checked
in
the
main
branch.
I
want
that
to
be
checked
on
on
each
and
every
branch,
our
change
I
do
in
my
in
my
source
code
and
that's
exactly
where
gitlab
comes
in
the
picture
and
add
and
complete
the
solution
for
for
managing
my
terraform
scripts.
A
So
if
I
go
back
to
the
to
the
files
here-
and
if
I
go
back
to
my
pipeline
file,
excuse
me
and
two
things
I
can
do
first,
I
can
add
the
gitlab
terraform
scanning.
Let
me
edit
this.
It
is
in
the
editor.
A
And
so
what
I
can
do
is
I
can
open
this
in
or
add
the
sas
scanning
job
and
from
gitlab
that
is
doing
sas
scanning
for
infrastructure
as
a
code
right
full
details
on
this
can
be
found
on
git
labs
with
with
page
which
is
which
is
here
so
which
is
actually
let
me
open
it.
A
If
the
lab
by
nc-
and
it
will
be
our
link
here
so
full
details
on
the
capabilities
of
this
scanner
or
static
application
security,
testing
scanner
can
be
found.
As
you
can
see
under
the
hood,
it
is
using
the
open
source
tool
kicks
to
do
scanning
and
also
it's
actually.
It
can
not
only
scan
terraform.
It
can
also
scan
scan
cloud
formation,
scripts,
kubernetes,
scripts,
terraform,
scripts
and
and
ansible
scripts.
A
In
our
case,
I'm
using
it
to
you
to
scan
the
telephone
screen
by
the
way
you
don't
have
really
to
I
mean
select
which
script
it
will
automatically
scan
whatever
scripts
available
in
your
a
new
repo.
It
will
audit
it
auto,
auto,
detect
that
and
and
scan
it
good.
So
what
I've
done
here
is
I'm
saying:
okay,
I
will
add,
I
mean
a
change.
I
will
add
that
as
a
scanning,
so
I
will
comment
commit
that
right.
A
So
I'll
still
push
that
to
my
my
main
branch
so
commit,
and
then
let's
have
a
look
on
the
branch
on
the
pipeline
that
has
been
triggered
this
time
as
well.
In
here
I
will
discard
the
previous
run.
I
don't
want
to
apply
and
run
so
I'll
describe
the
previous
turn
and
go
back
to
the
runs
on
the
right
and
the
same
time
under
our
under
my
pipeline.
A
Here
I
will
just
go
to
the
pipeline
in
the
project,
which
is
this
one
here
I
hope
splitting
the
screen
is
making
is
not
making
viewers
life
harder
so
I'll
just
here
so,
okay
cool.
So
this
is
now
the
scanning
job
that
has
been
added
right
and
I
will
wait
just
a
second
to
make
it
to
to
get
it
to
run
and
finish
and
see
the
results.
A
Now,
as
I
said,
we
have,
we
are
aiming
to
solve
two
things.
First,
I
want
to
do
scanning
on
each
and
every
one
ability
before
I
push
that
into
the
telephone.
Second,
I
need
to
do
that
before
I
push
it
into
the
telephone
cloud
or
before
I
push
it
into
the
branch
that
is
connected
to
my
terraform
cloud
workspace
in
my
case
here,
the
branch
is
the
main
branch.
That's
why
this
run
has
been
has
been
triggered,
even
though
I
have
not
finished
the
scanning
on
on
my
testing
on
my
on
my
changes.
A
And
it
should
be
it
should
I
should
it
should
finish
in
seconds
it's
just
running
in
the
background
just
pulling
the
from
the
registry,
the
image
for
the
scanner
by
the
way
github
has.
This
is
one
of
the
many
security
scanning
or
vulnerability
scanning
capabilities
available
in
gitlab.
So
we
here
we
are
using
sas
for
infrastructure,
but
you
can
use
you
can
as
well
add
all
the
other
scanners
secret
detection
desk
license
management,
first
testing
and
dependency
scanning.
So
I
have
the
security
job
here
finished
right.
So,
let's
go
to
the
pipeline.
A
Nice
thing
in
gitlab
is
as
a
developer.
I
can
see
the
results
directly
in
my
in
my
pipeline
or
within
my
pipeline.
If
I
go
to
the
security
okay,
here
we
talk
now
these
are
all
the
vulnerabilities
and
two
of
them
are
critical
vulnerabilities.
Actually,
that
have
been
detected
in
this
very,
very
simple
terraform
cloud
script.
A
Sorry,
terraform
scripting,
I'm
doing
by
the
way
the
term
script
is
just
it's
just
creating
one
one
ubento
so
so
these
are
all
the
or
the
vulnerabilities,
and
so
remember
that's
why
it's
important
to
use
gitlab
security
not
only
for
source
code
management,
but
also
just
to
scan
the
changes
before
I
push
them
now
to
do
that
before
or
to
see
the
changes
before
I
push
them
into
the
terraform
cloud.
A
Let's
pick
one
of
the
of
the
changes
here,
let's
see,
for
example,
this
one
this
vulnerability,
so
it
says:
okay,
the
the
ec2
instance
should
not
have
a
public
ip
address.
Okay,
fair
enough
and
it's
undefined
or
it's
undefined
or
not.
Fine.
That's
that's
why
I
will.
I
will
start
working
on
it,
so
I
will
go
by
the
way
it's
telling
me
directly
in
which
file
it
is
so
it
is
in
this
file
under
this
line.
A
So
what
we
can
do
is
let's
go
back
to
our
ide
and
I
will
do
make
a
change
here.
Say:
okay,
don't
associate
public
ip
address,
make
it
false
and
I
commit.
I
will
commit
that.
But
this
time
I
will
not
commit
that
to
the
main
branch
directly
right.
I
will
make
it
into
my
feature
branch,
so
let's
say
ec2
public
ip
and
I
will
open
a
merge
request
by
the
way
merge
requesting
github
is
similar
to
pull
requests
in
other
platforms.
A
But,
to
be
honest,
it
makes
more
sense
as
a
major
request,
because
imagine
something
so
I'm
saying
here:
I'm
opening
a
new
branch
for
my
change.
I'm
opening
also
I'm
doing
comments
here,
which
we
should
open
for
me
this
page
to
fill
in
the
details
of
the
match
request
I
can
assign
it.
I
can
send
the
reviewers
milestones
labels
all
that,
so
that's
a
another
day
story
to
go
to
the
details
of
the
measure
quest.
A
A
This
one
go
back
to
commit.
You
see
that
there
is
no
a
new
pipeline
or
new
run
in
the
terraform
cloud
and
if
I
go
to
my
pipeline
here,
you'll
see
that
I
only
have
my
normal
jobs
and
my
security
testing
job,
because
this
is
not
the
main
branch.
This
branch
I'm
working
on
is
my
branch.
It
is
my
feature
request
or
feature
not
feature
is
my
the
branch
I'm
adding
the
feature
into,
which
is
I'm
fixing
the
easy
to
public
ip
address
thing.
A
So
I
will
just
let
it
run
the
build
for
a
second,
and
we
will
see
that.
Hopefully
we
should
not
have
that
severe
error
here
again
and
you
like,
okay,
now
it
is
running
by
the
way.
If
I
click
on
the
mesh
request
link
itself,
it
will
show
me
that
I
have
a
pipeline
running.
I
have
a
mirror
for
that
match
request
and
once
it
is
done,
I
will
be
able
to
see
the
findings
in
this
in
this
pipeline.
So.
A
Okay,
so
it
is,
it
is
running,
but
it's
very
important
to
note
that
nothing
has
been
pushed
into
the
terraform
cloud
while
it
is
running.
Let
me
summarize
here
initially.
I
have
therefore
cloud
account
excellent
and
I
have
I've
connected
that
to
gitlab
project
as
source
code
management,
for,
in
the
background
perfect.
Now,
when
you
do
this
configuration
in
the
in
the
settings,
you
will
need
to
specify
a
branch
where
you
are
connecting
the
changes
to
the
back-end
system
right
in
in
in
in
gitlab
cool.
A
A
Cool,
so
this
is
now
in
very,
very
important
in
my
gitlab
project.
I
can
let
me
just
maximize
this
for
a
second
in
my
gitlab
project,
I
can
do
a
conditional
or
I
can
customize
the
conditions
for
approving,
merge,
requests.
I'll,
show
you
something
so
under
here
under
settings
under
ci,
yeah,
general
and
under
merge,
request
approvals.
I'll
show
you
something
what
I
have.
I
have
the
normal
condition,
and
I
have
added
this
condition
as
well.
You
see
this
one
which
says.
A
Basically,
if
I
add
it,
it
says
for
all
scanners,
if
you
have
across
all
the
branches,
if
you
have
any
any
vulnerability
with
any
any
status
or
state
with
any
severity,
please
include
this
person
by
the
way.
This
is
the
other
me
using
my
hotmail
account.
Please
include
this
person
to
do
the
approval
and
that
person
can
be
a
user
or
a
group.
This
is
very
useful
because
I
can
dynamically
include
my
security
team
to
have
another
look
on
these
changes
in
newly
introduced
vulnerabilities
in
my
branch
and
to
get
their
approval.
A
So,
if
no
severity
or
of
these
conditions
do
not
apply
to
my
change,
the
the
team
will
not
be
included
included
in
my
approval
cycle.
Otherwise
they
will
be
dynamically
added
to
the
approvals
prerequisites
or
people
who
should
approve
the
measure
quest
in
order
to
be
merged
so
opened
here.
So
this
is
my
other
other
me
and
if
I
go
under
my
the
match
request-
and
this
is
the
one
and
now
I
can
go
here
and
I
can
go
yep
approve
so
now
this
is
this
has
been
approved.
A
So
if
I
go
back
to
my
message,
my
pipeline,
if
I
go
actually,
if
I
go
direct
to
the
manager
quest,
I
can
see
that
directly
there,
which
is
this
one
and
good.
Now
I
can
measure
once
the
other
approvals
have
this
guy
who's.
The
other
me
have
approved
or
has
approved
that
that
change.
So
now
I
can
click
merge
and
that
will
merge
the
change
into
the
main
branch
and
again,
then
it
will
trigger
the
pipeline
and
then
it
will
now
it
should
at
some
point
trigger
the
run
and
yep.
A
Here
we
go,
you
see
the
change
here.
This
is
the
planning
now
it
is
triggering
the
run
in
the
telephone
cloud.
So
so
I
hope
I
hope
that
gives
you
an
idea
on
why
we
should
be
using
a
git
lab
security
scanning,
along
with
the
gitlab
source
code
management
capabilities,
to
support
my
terraform
cloud
scripts
and
telephone
cloud
account.
I
hope
that
was
useful.
Thank
you
very
much
for
watching.
Please
feel
free
to
send
me
back
if
you
have
any
questions
or
feedback.
Thank
you
very
much.