The Sentinel governance feature in Terraform Cloud allows you to enable logic-based policy decisions and enforce best practices in your organization. We are excited to announce a new Sentinel Getting Started track on HashiCorp Learn to help you use Sentinel in your Terraform Cloud workflow.
Sentinel is a tool for preventing mistakes and placing guardrails around operations in your organization. Without it, you may find that accidental charges for large EC2 Instances, improperly configured Security Groups, or under-utilzed resources are harder to track and prevent.
Without Sentinel, it is the job of the operator to ensure their resource configuration adheres to the organizations standards.
With Sentinel in Terraform Cloud, the operator will not be allowed to create resources that deviate from the defined parameters of your organization's Sentinel policy. If you would like to learn how to get started with Sentinel in Terraform Cloud, the HashiCorp Learn platform now has a Sentinel Getting Started track with hands-on guides for implementing Policy-As-Code in your organization.
The Sentinel Getting Started track on the Learn platform will teach new users:
The Sentinel Simulator is featured heavily to run tests and mock data, so be sure to download it here.
For an example of how the Sentinel Simulator works, let's start by looking at a real Sentinel policy:
hour = 4
main = rule { hour >= and hour < 12 }
This first line of this example declares a variable named hour with the value 4. The second line declares a rule that will return true if hour is between 0 and 12.
This policy can be applied using Sentinel Simulator to determine whether this policy passed or failed. Save this file as policy.sentinel
and run the Sentinel Simulator against it.
$ sentinel apply policy.sentinel
You should receive an output of PASS
from this command. Check out the guide to find out why!
For those familiar with Sentinel, the Governance team is excited to announce that managing policies is even easier in Sentinel with VCS integrated Policy Sets.
Instead of managing single policies one by one, Sentinel now allows organizations to manage policies in VCS repositories and instantly enforce them across as many Terraform Cloud workspaces as necessary. To learn more about this new feature, visit the HashiCorp Learn platform to see it in action.
A recap of HashiCorp infrastructure and security news and developments from Google Cloud Next, from scaling infrastructure as code to fighting secrets sprawl and more.
New in Terraform 1.8: Provider-defined functions let users extend Terraform with custom capabilities. Plus, refactoring can now be done across resource types.
See usage examples of Terraform 1.8's new launch-day provider-defined functions for AWS, Google Cloud, and Kubernetes.