Using the Terraform Foundational Policies Library with GKE
The usage of Kubernetes continues to grow for most organizations. HashiCorp Terraform is used to simplify the Kubernetes deployment and management process by defining the necessary components as code. This can also be taken a step further by configuring guardrails, which help to protect infrastructure changes that may go against the business’ policies or don’t follow regulatory policies. Similarly to the infrastructure, we can define these policies as code with Sentinel.
To aid in the creation of new policies, we recently released a preview of the Terraform Foundational Policies Library for HashiCorp Terraform Cloud and Enterprise. This fantastic new resource of first-class controls serves to enable our customers to establish a consistent level of security across their workloads using policy as code with Sentinel. The initial set of 50 policies are based on controls, as defined by the Center for Internet Security Benchmarks, for some of the major cloud providers.
The following video walks through the configuration of three policies, which were defined by CIS Benchmarks, and made available as part of the Terraform Foundational Policies Library and how to apply them to a GKE configuration.
» Applying Policy as Code to Kubernetes Clusters
» More Information
If you would like to know more about the Terraform Foundational Policies Library or how to get started with additional policies, please review the documentation. To learn more about using Terraform with Sentinel, visit the HashiCorp Learn Platform.
For more information on Terraform Cloud and Enterprise visit the Terraform product page or to get started today, sign-up for a Terraform Cloud account.
Sign up for the latest HashiCorp news
More blog posts like this one

Scalable, secure infrastructure code the right way: Use a private module registry
How do you ensure standard security, compliance, and reliability best practices are followed across your organization when provisioning infrastructure? A private module registry is the first step.

Vault Enterprise 1.20: SCEP, usage reporting, cloud secret imports
Vault 1.20 adds smarter, streamlined security workflows with encryption updates and UX improvements. The Terraform Vault provider adds ephemeral values.

Automating workload identity for Vault and Nomad with Terraform
Learn how to use HashiCorp Vault and workload identities in your Nomad-orchestrated applications.