← back to readtheplan

▸ Blog

Compliance engineering, Terraform security, and infrastructure-as-code.

Why Every Terraform Change Is a Compliance Event

May 12, 2026

Most teams treat Terraform plans as deployment artifacts. They're actually compliance evidence. Here's how to map every resource change to a SOC 2 control before it hits production.

Automating SOC 2 Evidence Collection with Terraform

April 28, 2026

Manual evidence collection is the bottleneck in every SOC 2 audit. We built a pipeline that maps Terraform state to control IDs and generates auditor-ready attestations automatically.

Designing an AI Agent Gate for Infrastructure Changes

April 15, 2026

AI coding agents are writing Terraform now. How do you enforce compliance when the author is non-human? The agent gate pattern — policy-as-code meets AI safety.