This repository is a simple example of how to use Sentinel with Terraform. It contains a simple Terraform configuration that represents a few resources and validates the Terraform plan using Sentinel policies.
Sentinel is a policy as code tool that lets you control what users of HashiCorp products are allowed to do. It enforces policies proactively, preventing end users from deploying changes that are not allowed.
Sentinel policies are text files written using the Sentinel language. The policies are evaluated top-to-bottom. The value of main after execution determines whether a policy passes or fails.
Resources:
- Docs: https://developer.hashicorp.com/sentinel?ajs_aid=3975cddd-bb64-495a-ab06-df18b7752b75
- Playground: https://play.sentinelproject.io/
- Imports: https://developer.hashicorp.com/terraform/cloud-docs/policy-enforcement/sentinel/import/tfplan-v2
- Start the devcontainer
- Run the following commands:
az login az account show --query id --output tsv
- Rename the file
terraform.tfvars.exampletoterraform.tfvars - Set the
azure_subscription_idvalue in terraform.tfvars using the output from the previous step. - Run the following commands:
cd ./terraform terraform init terraform plan -out=tfplan.plan && terraform show -json ./tfplan.plan > tfplan.json
- Run the following command to test the Sentinel policy:
cd ../sentinel sentinel apply