Created
May 11, 2023 18:33
-
-
Save ericreeves/6e0c8ea7fac62b44f34e50c0b4c0520e to your computer and use it in GitHub Desktop.
Sentinel Policy to Deny Deployment of Specific Resource Types
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This policy uses the tfconfig/v2 import to deny resources | |
| # from an denied list | |
| # Import common-functions/tfconfig-functions/tfconfig-functions.sentinel | |
| # with alias "config" | |
| import "tfconfig-functions" as config | |
| # List of denied resources | |
| denied_list = ["aws_instance", "azurerm_virtualmachine", "google_compute_instance"] | |
| # Get all Resources | |
| allResources = config.find_all_resources() | |
| # Filter to resources with violations | |
| # Warnings will be printed for all violations since the last parameter is true | |
| violatingResources = config.filter_attribute_in_list(allResources, "type", denied_list, true) | |
| # Main rule | |
| main = rule { | |
| length(violatingResources["messages"]) is 0 | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment