Chapter 37 - Terraform Cloud - Sentinel Policies
Investigate and learn about policies https://developer.hashicorp.com/terraform/cloud-docs/policy-enforcement/sentinel
Overview
Types:
- Advisory mode - Just tells you what is wrong
- Soft-Mandatory - ability to override
- Hard-Mandatory - unable to deploy resources
Different Policies
- allowed providers
- mandatory tags
- limit cost
- restrict vm publisher
- restrict vm size
Hashicorp Guidelines
Example policies you can use with your Terraform. https://github.com/hashicorp/terraform-guides
Example Policies:
Demo
- Go to your TF Cloud Organization
- Check your plan and billing so that you can use Sentinel Policies
- Create a demo workspace
- Set up your environment variables for Azure
- Create your Git repo
- Copy your test code from folder 58 and commit and push
- Create your policy sets in Terraform Cloud.
- Select your (or create) your VCS (Git) connection.
- Select your repo
- Click on Policy Source and select the path to the policies.
- Connect the policy set - set on selected workspaces, not all, unless you know what you're doing in that regard.
- Execute the plan and apply commands
- Play with the policies and try to get them to fail.