In HCP Terraform (Terraform Cloud), is it possible to prevent a plan from making external HTTP calls to non-whitelisted URLs?
It seems to be possible to use Sentinel policies to only allow whitelisted URLs to be used in the http provider, but since these policies run after the plan, it may be possible for the plan to reach non-whitelisted URLs. Additionally, it wouldn’t prevent external HTTP calls through other providers.
One option seems to be using HCP Terraform Agents and configuring network-level access controls on our own compute that runs the agents, but not sure if there is a simpler solution. Thanks!