Welcome to the AWS Compute Sentinel Policies library for managing AWS EC2 instances provisioned through Terraform. In this library, you can find policies that can be seamlessly implemented with Terraform Cloud and Terraform Enterprise to enhance your infrastructure provisioning and management processes.
NOTE:
- This Policy Library does not provide an exhaustive list of all possible policy configurations for an AWS instance.
- Generate your own mocks to test the policies against your planned infrastructure.
- Avoid pushing real infrastructure mocks to the VCS, as they may contain sensitive information.
- Feel free to open an issue to suggest additional policies or any recommendations for improvement.
- I used HashiCorp repositories [ Terraform-Sentinel-Policies, policy-library-aws-networking ] as a reference for creating this Library
- restricting volume termination in prod based on Environment tag | Code
- restricting volume size | Code
- restricting instance types for development and testing based on Environment tag | Code
- enforcing volume encryption | Code
- enforcing mandatory tags | Code
- denying public ip association to instances | Code
To simplify running the sentinel test for each policy, a Makefile has been created that helps run the sentinel test <policy-path> command in a shorter format from the repo root directory:
# Format
make <policy-directory-name>
# Example
make enforce-mandatory-tags