Skip to main content

Terraform Learning Resources: Getting Started with Sentinel in Terraform Cloud

Aug 28 2019Rachel Sharp

The Sentinel governance feature in Terraform Cloud allows you to enable logic-based policy decisions and enforce best practices in your organization. We are excited to announce a new Sentinel Getting Started track on HashiCorp Learn to help you use Sentinel in your Terraform Cloud workflow.

»An introduction to Sentinel with Terraform Cloud

Sentinel is a tool for preventing mistakes and placing guardrails around operations in your organization. Without it, you may find that accidental charges for large EC2 Instances, improperly configured Security Groups, or under-utilzed resources are harder to track and prevent.

An example of a standard TFC workflow without Sentinel

Without Sentinel, it is the job of the operator to ensure their resource configuration adheres to the organizations standards.

A workflow with Sentinel

With Sentinel in Terraform Cloud, the operator will not be allowed to create resources that deviate from the defined parameters of your organization's Sentinel policy. If you would like to learn how to get started with Sentinel in Terraform Cloud, the HashiCorp Learn platform now has a Sentinel Getting Started track with hands-on guides for implementing Policy-As-Code in your organization.

»What You'll Learn

The Sentinel Getting Started track on the Learn platform will teach new users:

  • Policy vocabulary
  • How to build policies
  • How to create policy sets
  • Mocking and testing policies with the Sentinel Simulator
  • How to use the Terraform Sentinel Provider

The Sentinel Simulator is featured heavily to run tests and mock data, so be sure to download it here.

For an example of how the Sentinel Simulator works, let's start by looking at a real Sentinel policy:

hour = 4
main = rule { hour >= and hour < 12 }

This first line of this example declares a variable named hour with the value 4. The second line declares a rule that will return true if hour is between 0 and 12.

This policy can be applied using Sentinel Simulator to determine whether this policy passed or failed. Save this file as policy.sentinel and run the Sentinel Simulator against it.

$ sentinel apply policy.sentinel

You should receive an output of PASS from this command. Check out the guide to find out why!

»New Sentinel Features

For those familiar with Sentinel, the Governance team is excited to announce that managing policies is even easier in Sentinel with VCS integrated Policy Sets.

Instead of managing single policies one by one, Sentinel now allows organizations to manage policies in VCS repositories and instantly enforce them across as many Terraform Cloud workspaces as necessary. To learn more about this new feature, visit the HashiCorp Learn platform to see it in action.

Sentinel

Sign up for the latest HashiCorp news

By submitting this form, you acknowledge and agree that HashiCorp will process your personal information in accordance with the Privacy Policy.

More blog posts like this one

HashiCorp and Red Hat, better together
March 06 2025 | Products & Technology
HashiCorp and Red Hat, better together

The IBM acquisition of HashiCorp sets up a vision for more tightly integrating HashiCorp Terraform and Vault with Red Hat Ansible and OpenShift

Terraform migrate now generally available
March 05 2025 | Products & Technology
Terraform migrate now generally available

The GA release of Terraform migrate introduces several improvements and new capabilities based on feedback from our beta users.

Simplify policy adoption in Terraform with pre-written Sentinel policies for AWS
March 04 2025 | Products & Technology
Simplify policy adoption in Terraform with pre-written Sentinel policies for AWS

The new pre-written policy library co-developed by HashiCorp and AWS is now generally available, aiming to reduce the barrier of adoption for policy as code infrastructure workflows.