Terraform Cloud - Governance

The Terraform Enterprise Provider for Sentinel

Sentinel Policy as Code is an embedded policy as code framework integrated with Terraform Cloud. Depending on your workflow, you can use the Terraform Enterprise provider to create an manage Sentinel policy sets as well.

Basic usage:

resource "tfe_policy_set" "test" {
  name                   = "my-policy-set"
  description            = "A brand new policy set"
  organization           = "my-org-name"
  policies_path          = "policies/my-policy-set"
  workspace_external_ids = ["${tfe_workspace.test.external_id}"]

  vcs_repo {
    identifier         = "my-org-name/my-policy-set-repository"
    branch             = "master"
    ingress_submodules = false
    oauth_token_id     = tfe_oauth_client.test.oauth_token_id
  }
}

The policy set workflow can be managed with the tfe_policy_set resource. The policies_path attribute is the sub-path within the attached VCS repository to ingress when using vcs_repo. All files and directories outside of this sub-path will be ignored.