terraform-aws-opa icon indicating copy to clipboard operation
terraform-aws-opa copied to clipboard

Published 20 hours ago verified publisher icon mjlshen

What is the purpose of the module/data checking?

Open domeales-paloit opened this issue 2 years ago • 2 comments

Hi @mjlshen

Great job on these policies.

Just a question, I am wondering what is the purpose of the module/data deny check? I am not sure I understand the logic here.

Cheers

domeales-paloit avatar Nov 22 '22 23:11 domeales-paloit

No worries! If you are referring to this: https://github.com/mjlshen/terraform-aws-opa/blob/main/policy/aws_common.rego#L94

Sometimes organizations mandate that developers need to use internal Terraform modules (or data), but aren't allowed to use vanilla resources as a way to restrict what's allowed. This is just an example of how one might write that restriction into Rego 😅

mjlshen avatar Nov 23 '22 00:11 mjlshen

Ok that makes sense, I can see how that may be useful in certain scenarios.

Thanks again!

domeales-paloit avatar Nov 23 '22 00:11 domeales-paloit