The Ops Community ⚙️

Cover image for Using a HashiCorp Terraform Cloud Run Task Webhook Trigger in Blink: Event-Based Approvals Flows
Oded Navon for Blink Ops

Posted on • Originally published at blinkops.com

Using a HashiCorp Terraform Cloud Run Task Webhook Trigger in Blink: Event-Based Approvals Flows

HashiCorp Terraform Cloud Run Tasks help you integrate external services like security, compliance, and cost management tools into your Infrastructure-as-Code (IaC) workflows. This is especially useful for automating code review using third-party tools.

Now, you can trigger Blink automations with events from Terraform using run tasks. This can be accomplished using a simple webhook trigger. When triggered, a run task sends an API payload to the external service containing information about your Terraform run, like a callback URL that provides a passed or failed status.

By using Terraform Cloud run tasks, Blink makes it easy to add approvals checks via interactive Slack notifications to your Terraform workflows, or create event-based automations triggered by Terraform Cloud to enforce compliance, security, or business requirements.

In this tutorial, you will set up a Terraform Cloud run task for Blink, a no-code automation platform for managing cloud operations workflows. You will configure a Blink integration for Terraform Cloud and create a corresponding run task in your Terraform Cloud organization.

Extend your Terraform Cloud Workflows with Blink

By integrating your Blink and Terraform Cloud accounts, you can unlock a great deal of flexibility as to what you can automate.

Here is a high-level description of the different steps that occur when an event-based workflow in Blink gets triggered by a Terraform Cloud event:

  1. Blink workflow gets triggered by an event from Terraform Cloud.
  2. Blink workflow executes logic based on your business needs. For example, you can execute automated approvals flows, Slack notifications, code checks, update or create items in ticketing systems, register events in observability tools, or other cloud processes.
  3. Once your Blink workflow has completed successfully (or not), Blink uses the Terraform Cloud run task callback to tell the Terraform workflow to proceed or to cancel based on the outcome of the previous step.

To further illustrate possible automations, here are two common examples for implementing Blink workflows using a trigger from Terraform Cloud run tasks.

Add a Slack Approvals Flow

One of the simplest, yet most impactful ways of improving your infrastructure provisioning process is to streamline approvals processes. For example, when your team is merging new code to your main branch, you’ll likely need approval from a manager.

During the Pre-plan, Post-Plan, or Apply stages, you can invoke a run task that triggers Blink to send a notification via Slack to a manager, with context about the Terraform run and the option to “Approve” or “Deny” the execution. If you want, you can make this a conditional step. For example, you can configure the Blink workflow to require an approval step only if your operation happens on the main branch. Furthermore, your Blink workflow can include just a simple approval step, or you can add multiple steps across different cloud services.

It’s quick and simple to set up your first Blink automation. Check out this introduction to learn more about Blink automations and event-based workflows you can set up using Terraform Cloud run tasks.

Automate Code Scans and Security Workflows

In addition to requiring an approval step as part of your Terraform workflow, you can also introduce third-party tools such as vulnerability scanners, cost management, code scanning, and more into the infrastructure provisioning process. Using Blink, it’s possible to shortcut some of the manual configuration effort required to create efficient workflows using different security tools.

Rapidly create event-based workflows that combine steps across different cloud tools and services. Blink extends your Terraform workflows and automates actions across different cloud services so you can focus on shipping better code faster.

You can find a list of purpose-built automation workflows for Terraform Cloud in the Blink Automation Library.

Prerequisites

In order to successfully complete this tutorial, you will need:

  • A Terraform Cloud account with the Team & Governance tier
  • A Blink account
  • A Slack account

Note: You cannot create a run task unless the Automation is published and active, and has at least one step.

Creating a Terraform Cloud Run Task Webhook Trigger in Blink

The first step is creating and connecting your Terraform Cloud and Blink accounts. This integration generates a unique endpoint URL in Blink. You will use this URL as the Webhook URL when you create a run task in Terraform Cloud.

Here’s how to connect Terraform Cloud from Blink:

  1. From your Blink workspace, click Add Automation.

  2. Enter Automation name and select in which Pack to place the new Automation.

  3. In Type of trigger, select Event-based Automation.
    Screenshot of Blink "Create New Automation Screen." Shown is a field for Automation Name, and an option to choose your trigger type. There are options for Event-based, Scheduled, and On-demand automations.

  4. Select Terraform Cloud, Run Task Webhook Event > Continue. The Trigger setup dialog box will open.
    Screenshot of Blink trigger setup screen with options to select which app you would like to integrate with. Options shown are Custom Webhook, Active Directory, AWS, Bitbucket, DataDog, GCP, GitHub, GitLab, Google Workspace, Grafana, Jira, Okta, PagerDuty, Slack, Terraform Cloud, and Wiz.

  5. Copy the Webhook URL. You will need this later to create a run task in Terraform Cloud.

Screenshot of Trigger Setup window with Terraform Cloud selected and displaying webhook.

Creating a Run Task in Terraform Cloud

Next, you will need to create a Terraform Cloud run task. You will configure this run task with a webhook that serves as an endpoint URL for communication between Terraform Cloud and Blink. When triggered, this run task will initiate the automated approvals process via an interactive Slack notification sent to a Terraform account administrator.

To create a Terraform Cloud Run Task:

  1. In Terraform Cloud, go to Workspaces > Select a workspace > Settings > run tasks.
    Screenshot of Terraform Workspaces run tasks screen.

  2. Click Create a new Run Task. The Create a Run Task page will open.

  3. Enter all values on the Create a Run Task page. Select enable run task will run across all workspaces. For Name, select a meaningful name. For Endpoint URL, paste the copied Blink Webhook URL. For description, you can describe what the run task is (optional).
    Select a run task stage screenshot

  4. Click Create Run Task. Run Tasks will open.

  5. Under Available run Tasks, next to Relevant Run Tasks, click +. The Associated Run Task page will open.

  6. Under Run Stage, select your desired run stage. The Blink integration works with all run stages. Under Enforcement Level, select Advisory or Mandatory according to your preference. Click Create.

Select a run task stage screenshot.

Adding a Run Task Callback in a Blink Automation

Finally, you need to set up the callback that informs Terraform Cloud a code review has received an approval and is ready to proceed.

In order for the run task to finish successfully, the Blink automation must return a callback request to Terraform Cloud. This can be done using the Terraform Cloud Run Task Callback action.

To set up a Terraform Cloud Run Task Callback:

  1. In the Blink platform, in the Edit page of your Automation, click the empty space under Steps > Action > Run Task Callback.
  2. In the Run Task Callback URL and Access Token: It is recommended to leave the default values pre-defined in this action. Enter the rest of the parameters by your preference.
  3. In the top-right corner of the canvas, Publish the Automation. Screenshot of step in Blink workflow showing Terraform callback URL and Access Token

Creating Event-Based Approvals Flows in Blink

Blink makes it easy to create event-based workflows. You can create triggers using schedules, polling, if-this-then-that (IFTTT) flows, REST APIs, polling, and many other actions. Whether your automation is triggered in Terraform Cloud run tasks, Slack, or from elsewhere in your cloud, Blink is the fastest way to deliver impactful automations that empower your developer and business teams.

Blink even has an Automation Library with purpose-built workflows for cloud services like AWS, Terraform, and Slack. Blink helps DevOps, SecOps, and FinOps achieve flow in their everyday work, by making it easy to create automations across the cloud platforms and services they use every day.

Get Started with Blink

The best part? The no-code future for cloud operations is available today. Sign up to create a Blink account.

Top comments (1)

Collapse
 
johnson_brad profile image
Brad Johnson

Curious what #Terraform users like @phil @the_cozma @jatin think about the new HashiCorp Terraform Cloud Run Tasks.

Has anyone used this feature yet? Thoughts or recommendations?