For some rules we need to validate and compare with the current Account ID. So far, we couldn’t find a way except using data aws_caller_identity {}
or set as workspace variable and use variable "account_id" {}
. Does Sentinel have any smarter way to do it? Without using data lookup or variable?
Hello-
Sentinel only has access to the information available in the JSON representation of the Terraform plan/configuration (for the tfplan
and tfconfig
imports, respectively)
There isn’t a global accessible credentials object or anything that has the equivalent information in the aws_caller_identity
data source.
Is the use of the data source creating issues? If so, would you provide a mock/snippet example on the sentinel playground?