Unable to resolve local value

Hello there,

We want to create a Sentinel policy that checks whether the region for the AWS provider belongs to a list of approved regions (like eu-west-1, eu-west-2 but not us-east-1). Policy works like a charm when the region attribute is a static string or a variable but it is not possible to evaluate it when it is a local value.
How do you suggest making sure we are able to evaluate local values in Sentinel? Is that even possible?

tfplan-v2.sentinel extract:

"module.creds:aws.local": {
	"alias": "local",
	"expressions": {
		"region": {
			"references": [
	"full_name":      "registry.terraform.io/hashicorp/aws",
	"module_address": "module.creds",
	"name":           "aws",


At present, governing locals with Sentinel does not work. This is because Sentinel mocks are generated based on information in the underlying Terraform run’s plan, and Terraform itself does not expose locals there.

The absence of the locals can be observed by using terraform show -json against a given plan file from a run that uses them.