Skip to content
Example Code along with the blog post at https://blokje5/dev
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Validating Terraform plans using the Open Policy Agent

This repository contains the code for the blog post here:


The following tools are needed in order to execute the code:

Additionally, if you want to execute the unit tests for the policies, the OPA binary needs to be installed.

Generating a terraform plan

execute the following commands (note that valid AWS credentials need to be available, as we are deploying AWS resources).

terraform init
terraform plan -out=tfplan
terraform show -json ./tfplan > tfplan.json

Evaluating the plan

conftest test ./tfplan.json

Which returns the following output:

   Invalid tags (missing minimum required tags) for the following resources: ["aws_s3_bucket.helm_repo"]
   Invalid tags (not pascal case) for the following resources: ["aws_s3_bucket.terraform_state_bucket"]

Unit testing Rego policies

cd policy
opa test -v *.rego
You can’t perform that action at this time.