Policy validation

Businesses are shifting towards infrastructure-as-code, and with that change comes a concern that configuration errors can cause security and governance violations. To address this, security and cloud administrators need to be able to set up guardrails that make sure everyone in their organization follows security best practices. These guardrails are in the form of constraints.

Constraints define your organization's source of truth for security and governance requirements. The constraints must be compatible with tools across every stage of the application lifecycle, from development, to deployment, and even to an audit of deployed resources.

gcloud beta terraform vet is a tool for enforcing policy compliance as part of an infrastructure CI/CD pipeline. When you run this tool, gcloud beta terraform vet retrieves project data with Google Cloud APIs that are necessary for accurate validation of your plan. You can use gcloud beta terraform vet to detect policy violations and provide warnings or halt deployments before they reach production. The same set of constraints that you use with gcloud beta terraform vet can also be used with any other tool that supports the same framework.

With gcloud beta terraform vet you can:

  • Enforce your organization's policy at any stage of application development
  • Remove manual errors by automating policy validation
  • Reduce learning time by using a single paradigm for all policy management


Until gcloud beta terraform vet is generally available (GA), regular support channels might not be available. For support with gcloud beta terraform vet, open a ticket on the terraform-google-conversion GitHub repository.


gcloud beta terraform vet includes the following resources: