I am new to terraform and have one question regarding the use of Sentinel with Terraform Open source and its dependency on Terraform Cloud
As per above article , if Sentinel polices can be used with github actions in way that developers push the code from dev to main branch and GitHub action will triggered the Sentinel workflow to check the configuration against the rules which already exists in the provided repo by using Sentinel simulator . And particular pull request can only be approved for merging with main branch on the basis of test cases pass or fail.
Separately, tfplan, tfconfig and tfstate file can be generated via Terraform CLI to write and test the Sentinel policies.
I think this will serve the purpose of checking the configuration compliance using Sentinel with Terraform Open Source. Once we have code in the main brach then terraform open source can be used to initiate the terraform plan and apply workflow . Then what is its dependency on using with terraform cloud licensed product ??
I am just a beginner in terraform, please excuse me if the flow does not work as I have mentioned above.
Thanks for posting your question. As you have correctly identified, you can indeed use the Sentinel CLI to evaluate the compliance of any plan that is generated with the Terraform Community Edition. This is a great way to get started, and if you are operating in a single repository, managed by one team, it’s probably the right solution. You’ll need to build a lot of the workflow yourself using GitHub actions, but it is a great learning opportunity.
Then what is its dependency on using with terraform cloud licensed product ??
It’s not so much that Sentinel depends on Terraform Cloud (TFC), but rather that TFC significantly streamlines the scalability of Sentinel when you’re dealing with more than 1,000 workspaces, repositories, teams, and the need for comprehensive compliance visibility across all aspects of your provisioning platform.
This is where complexity can become overwhelming, and the burden of management begins to compound. Our objective with Terraform Cloud is to concentrate on delivering first-class workflows, so you can avoid unnecessary complexity.
I hope this helps, feel free to ask any other questions that you may have
Thanks @hcrhall for the detailed clarification.