tfe_policy

Policies are rules enforced on Terraform runs. You can use policies to validate that the Terraform plan complies with security rules and best practices. Two policy-as-code frameworks are integrated with Terraform Enterprise: Sentinel and Open Policy Agent (OPA).

Policies are configured on a per-organization level and are organized and grouped into policy sets, which define the workspaces on which policies are enforced during runs.

Example Usage

Basic usage for Sentinel:

resource "tfe_policy" "test" {
  name         = "my-policy-name"
  description  = "This policy always passes"
  organization = "my-org-name"
  kind         = "sentinel"
  policy       = "main = rule { true }"
  enforce_mode = "hard-mandatory"
}

Basic usage for Open Policy Agent(OPA):

resource "tfe_policy" "test" {
  name         = "my-policy-name"
  description  = "This policy always passes"
  organization = "my-org-name"
  kind         = "opa"
  policy       = "package example rule[\"not allowed\"] { false }"
  query        = "data.example.rule"
  enforce_mode = "mandatory"
}

Argument Reference

The following arguments are supported:

Attributes Reference

Import

Policies can be imported; use <ORGANIZATION NAME>/<POLICY ID> as the import ID. For example:

terraform import tfe_policy.test my-org-name/pol-wAs3zYmWAhYK7peR