Table: tfe_sentinel_policy - Query Terraform Enterprise Sentinel Policies using SQL
Sentinel Policies in Terraform Enterprise (TFE) are a set of rules that define the behavior of resources and modules in a Terraform workspace. They provide a means to enforce certain standards and best practices across your organization. This includes rules for security, compliance, and cost management that are enforced when making changes to infrastructure.
Table Usage Guide
The tfe_sentinel_policy table provides insights into Sentinel Policies within Terraform Enterprise. As a DevOps engineer or security analyst, explore policy-specific details through this table, including enforcement levels, policy code, and associated metadata. Utilize it to uncover information about policies, such as those with strict enforcement levels, the specific rules defined in the policy code, and the overall management of policies within your Terraform workspace.
Examples
Basic info
Explore the policies in your Sentinel infrastructure to understand the rules that are currently in place. This can help in assessing your security posture and identifying areas for improvement.
select *from tfe_sentinel_policy;select *from tfe_sentinel_policy;List policies that have policy sets
Discover the Sentinel policies that are associated with one or more policy sets. This can be useful to understand the application of these policies across different sets, helping to manage and optimize policy usage.
select id, name, policy_set_countfrom tfe_sentinel_policywhere policy_set_count > 0;select id, name, policy_set_countfrom tfe_sentinel_policywhere policy_set_count > 0;Get policy by ID
Explore the specific details of a policy by using its unique identifier. This is particularly useful when you need to quickly assess the characteristics of a single policy in your Terraform Enterprise environment.
select *from tfe_sentinel_policywhere id = 'pol-vjgEm4UE6hCsU6a2';select *from tfe_sentinel_policywhere id = 'pol-vjgEm4UE6hCsU6a2';Schema for tfe_sentinel_policy
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form, e.g. connection_name. | |
| description | text | A description of the policy's purpose. This field supports Markdown and will be rendered in the Terraform Cloud UI. | |
| enforce | jsonb | An array of enforcement configurations which map Sentinel file paths to their enforcement modes. Currently policies only support a single file, so this array will consist of a single element. If the path in the enforcement map does not match the Sentinel policy (<NAME>.sentinel), then the default hard-mandatory will be used. | |
| id | text | = | The ID of the policy. |
| name | text | Name of the policy. | |
| organization | jsonb | The organization information. | |
| organization_name | text | Name of the organization containing the policy. | |
| policy_set_count | bigint | The number of policy sets in the policy | |
| updated_at | timestamp with time zone | The update timestamp of the policy. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- tfeYou can pass the configuration to the command with the --config argument:
steampipe_export_tfe --config '<your_config>' tfe_sentinel_policy