Why understanding your cloud maturity will help you boost your business
Cloud computing has become an integral component for organisations striving to remain competitive and agile. The benefits of the cloud encompass...
Toward the mention of "Coding Best Practices," what comes to your mind? As for me, I immediately consider coding best practices, such as writing neater, cleaner, and more efficient code. Though we all have definitions, we can all agree that best practices are essential to our code, deployments, and infrastructures whenever possible.
Our focus today is to inspect the infrastructure management tool Terraform, and how its Sentinel Policies feature can help us apply best practices to our infrastructure deployments via Terraform.
To start, let's refresh ourselves on Terraform. Terraform is an open-source Infrastructure-as-Code (IaC) tool crafted by HashiCorp. It enables you to define and compose infrastructure resources as code and then deploy anywhere you desire, whether Cloud or On-premises.
One of the best aspects of Terraform is that it is Cloud-agnostic. In addition to Cloud, you can use Terraform to deploy resources to any platform if a provider is available. A provider in Terraform is a wrapper written on top of platform-specific APIs that Terraform can use to connect to the platform. Thousands of providers are available on the official Terraform registry.
Let's examine what Sentinel is about. Sentinel is a language and framework designed by HashiCorp, allowing us to write logic-based and straightforward policies/rules as code. Like Terraform implementing Infrastructure-as-Code, Sentinel implements Policy-as-Code. A policy can be any standard or rule that governs the deployment of Terraform resources defined in Terraform configuration files.
Sentinel policies are available in both the Terraform Cloud and the Terraform Enterprise solutions offered by HashiCorp. We will refer to Sentinel policies concerning Terraform Cloud as the same holds true for Terraform Enterprise. These policies are added at the top level (called an organisation) as single or separate policies or can be combined into a set. The policies in a policy set can be accessed by storing them in a version-controlled system (VCS) and connecting the VCS repository with Terraform Cloud.
Sentinel policies can be available to all or specific workspaces on Terraform Cloud. The policy check runs after a Terraform plan (a Terraform plan detects new changes to deploy) but before a Terraform apply (an apply implements the changes detected in the plan step), ensuring that resources will only be created if the policy passes.
This approach is better than documenting rules and regulations in a file because the policy check is an automated part of your deployment process. You don't have to worry about going back to check every rule in a file whenever a new resource is created.
To understand how Sentinel works, let's take an example. Suppose we add a rule that any AWS S3 bucket created from Terraform must have versioning enabled. We can write this policy in Sentinel language. The policy will access the Terraform plan generated, the state at that time, and the resource configuration defined in Terraform code files. The policy will then deduce if a bucket is being created or not; if yes, it will check whether versioning is enabled on the bucket. If versioning is enabled, the policy check will pass, and we will move on to Terraform apply. If the policy fails, we have several options for how to proceed. We can set the policy as a warning, override it, or let it fail the entire run.
For example, you can classify three different levels of enforcement.
Having delved into the intricacies of Sentinel, stay tuned for our next blog, where we'll explore its role in enhancing security, compliance, and operational best practices in our cloud deployments.
If you're looking to delve deeper into Terraform or implement it into your company, DEMICON's cloud specialists are available to provide assistance. Discover how we can support you by clicking here.
Cloud computing has become an integral component for organisations striving to remain competitive and agile. The benefits of the cloud encompass...
Banks are the backbone of the financial system. They manage vast amounts of sensitive data, provide complex financial services, and keep pace with...
The expertise of our client from the automotive industry lies in digitalisation and autonomous driving in the mobility sector.