Use case
Enforce policy as code
Enforce policies before your users create infrastructure using Sentinel policy as code.
Challenge
Manual security and compliance checks create bottlenecks
Rapid provisioning opens up tremendous possibilities, but organizations need to maintain security and prevent over provisioning.
Solution
Automated guardrails around multi-cloud provisioning
Terraform Cloud can help you enforce policies on the types of resources teams can provision and use. Ticket-based review processes are a bottleneck that can slow down development. Instead, you can use Sentinel, a policy as code framework, to automatically enforce compliance and governance policies before Terraform makes infrastructure changes.
Resources
Tutorials
Write a Sentinel policy for a Terraform deployment
Create filters and rules for your governance requirements with the Sentinel policy language.
Control costs with policies
Write a soft-mandatory Sentinel policy against example infrastructure to limit its cost to less than $100 a month.
Upload your Sentinel policy set to Terraform cloud
Create and upload a Sentinel policy set. Apply the policy set to your Terraform Cloud organization.
Docs
Defining policies
Sentinel policies can be created for every stage of the Terraform workflow, including the configuration, plan, run, and state.
Managing Sentinel policies
Sentinel Policies are rules which are enforced on Terraform runs to validate that the plan and corresponding resources are in compliance with company policies.
Mocking Terraform Sentinel data
An important part of the test process is mocking the data that you wish your policies to operate on.
Introduction to Sentinel, the HashiCorp policy as code framework
In this video, HashiCorp Co-Founder and CTO Armon Dadgar explains Sentinel.