Open Policy Agent
OPA policy for my terraform resource. #394
-
|
Hi, I'm new to OPA and rego and I'm testing Atlantis for terraform automation. I learned that we can also add policies for our terraform plan and test our plan using those policies. so, I dig a little but didn't get my head around it. I have a terraform resource that creates an IAM policy for admin access and I want the policy to check against that IAM policy plan and deny the terraform plan if the terraform plan has a policy that creates an IAM policy that has admin access. {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}I want a rego policy which I will pass to the Atlantis server via a custom workflow. If anyone has worked on the rego policies before need a little help here. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
It's possible to do these kinds of checks using confest. They have an example of how to use the tool with HCL here: https://github.com/open-policy-agent/conftest/tree/master/examples/hcl2 - hope that helps! |
Beta Was this translation helpful? Give feedback.
-
|
Thank you @charlieegan3 I have figured it out and created a sample policy for my terraform plan. |
Beta Was this translation helpful? Give feedback.
-
|
Amazing, glad to hear you got something sorted! |
Beta Was this translation helpful? Give feedback.
It's possible to do these kinds of checks using confest. They have an example of how to use the tool with HCL here: https://github.com/open-policy-agent/conftest/tree/master/examples/hcl2 - hope that helps!