steampipe plugin install tfe

Table: tfe_sentinel_policy - Query Terraform Enterprise Sentinel Policies using SQL

Sentinel Policies in Terraform Enterprise (TFE) are a set of rules that define the behavior of resources and modules in a Terraform workspace. They provide a means to enforce certain standards and best practices across your organization. This includes rules for security, compliance, and cost management that are enforced when making changes to infrastructure.

Table Usage Guide

The tfe_sentinel_policy table provides insights into Sentinel Policies within Terraform Enterprise. As a DevOps engineer or security analyst, explore policy-specific details through this table, including enforcement levels, policy code, and associated metadata. Utilize it to uncover information about policies, such as those with strict enforcement levels, the specific rules defined in the policy code, and the overall management of policies within your Terraform workspace.

Examples

Basic info

Explore the policies in your Sentinel infrastructure to understand the rules that are currently in place. This can help in assessing your security posture and identifying areas for improvement.

select
*
from
tfe_sentinel_policy;
select
*
from
tfe_sentinel_policy;

List policies that have policy sets

Discover the Sentinel policies that are associated with one or more policy sets. This can be useful to understand the application of these policies across different sets, helping to manage and optimize policy usage.

select
id,
name,
policy_set_count
from
tfe_sentinel_policy
where
policy_set_count > 0;
select
id,
name,
policy_set_count
from
tfe_sentinel_policy
where
policy_set_count > 0;

Get policy by ID

Explore the specific details of a policy by using its unique identifier. This is particularly useful when you need to quickly assess the characteristics of a single policy in your Terraform Enterprise environment.

select
*
from
tfe_sentinel_policy
where
id = 'pol-vjgEm4UE6hCsU6a2';
select
*
from
tfe_sentinel_policy
where
id = 'pol-vjgEm4UE6hCsU6a2';

Schema for tfe_sentinel_policy

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
descriptiontextA description of the policy's purpose. This field supports Markdown and will be rendered in the Terraform Cloud UI.
enforcejsonbAn array of enforcement configurations which map Sentinel file paths to their enforcement modes. Currently policies only support a single file, so this array will consist of a single element. If the path in the enforcement map does not match the Sentinel policy (<NAME>.sentinel), then the default hard-mandatory will be used.
idtext=The ID of the policy.
nametextName of the policy.
organizationjsonbThe organization information.
organization_nametextName of the organization containing the policy.
policy_set_countbigintThe number of policy sets in the policy
updated_attimestamp with time zoneThe update timestamp of the policy.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- tfe

You can pass the configuration to the command with the --config argument:

steampipe_export_tfe --config '<your_config>' tfe_sentinel_policy