As a user of AWS so a user who deploy on the cloud his softwares, would it be an option to move to SonarCloud.io instead of using SonarQube to get the scan of your Terraform files?
Or is it mandatory for you to get this feature on SonarQube? In that case, why?
It would be really good to be able to create a qualitygate to prevent a merge when the cost of the deployment exceeds a given threshhold… This would be great way to catch fat-finger typos and would stop you getting a huge EC2 bill at the end of the month.
This is a default part of analysis on SonarCloud and in recent versions of SonarQube. Just make sure your Terraform files are included in your sonar.sources directory and the rest should happen automatically.
If this is just about Terraform files, then yes. If this is part of a Java or .NET project, then use the scanner related to your build system (and you may need some extra configuration in that case to get your Terraform files included in analysis).