Second Edition of Sentinel Guide

I wanted to announce the second edition of my Writing and Testing Sentinel Policies for Terraform guide that was originally published in March 2019. This comprehensive guide teaches you how to write and test governance policies that restrict the infrastructure provisioned by Terraform.

I’ve completely rewritten the guide for two reasons:

1. I wanted to incorporate new second-generation Sentinel policies that give the full addresses of resources that violate policies and that report all violations that occur. This makes it easier for a user who causes violations to fix their Terraform code to remove them.
2. I also wanted to incorporate the Sentinel Simulator into the guide’s basic methodology. Originally, this instructed users to test new policies by running plans against a Terraform server in order to trigger Sentinel policy checks. Using the simulator was only discussed at the end of the guide. After the first edition was written, however, HashiCorp added the generation of mocks from Terraform Cloud plans. Testing new Terraform Sentinel policies with the simulator using mocks is now easier and faster than the old way. So, it made sense to use the simulator as the primary testing method.

Mocks can now be generated from Terraform Cloud plans

I hope you’ll find the second edition of the guide helpful and will agree that the new second-generation policies and the revised methodology are better than those given in the first edition.

I also gave a talk and demo, Testing Terraform Sentinel Policies Using Mocks, at HashiConf 2019 on September 11. I’ll post a link to the video of the talk and demo in this post after it is available.