Terraform Demo¶
Please download the demo code here to follow along.
Command options¶
Usage: policy_sentry write-policy-dir [OPTIONS]
write_policy, but this time with an input directory of YML/YAML files, and
an output directory for all the JSON files
Options:
--input-dir TEXT Relative path to Input directory that contains policy_sentry .yml files (CRUD mode only) [required]
--output-dir TEXT Relative path to directory to store AWS JSON policies [required]
--crud Use the CRUD functionality. Defaults to false
--minimize INTEGER Minimize the resulting statement with *safe* usage of wildcards to reduce policy length. Set this to the character length you want - for example, 4
--help Show this message and exit.
Tutorial¶
- Install policy_sentry
pip3 install policy_sentry
- Initialize policy_sentry
policy_sentry initialize
- Execute the first Terraform module:
cd environments/standard-resources
tfjson install 0.12.8
terraform init
terraform plan
terraform apply -auto-approve
This will create a YML file to be used by policy_sentry in the environments/iam-resources/files/ directory titled example-role-randomid.yml.
- Write the policy using policy_sentry:
cd ../iam-resources
policy_sentry write-policy-dir --crud --input-dir files --output-dir files
This will create a JSON file to be consumed by Terraform’s aws_iam_policy
resource to create an IAM policy.
- Now create the policies with Terraform:
terraform init
terraform plan
terraform apply -auto-approve
- Don’t forget to cleanup
terraform destroy -auto-approve
cd ../standard-resources
terraform destroy -auto-approve