nicholasjackson/opa-rego-language

Rego is the declarative policy language used by Open Policy Agent (OPA). This tile covers writing and testing Rego policies for Kubernetes admission control, Terraform and infrastructure-as-code plan validation, Docker container authorization, HTTP API authorization, RBAC and role-based access control, data filtering, metadata annotations with opa inspect, and OPA policy testing with opa test.

1.19x

Quality

Pending

Does it follow best practices?

Impact

99%

1.19x

Average score across 31 eval scenarios

Securityby

Pending

The risk profile of this skill

Overview

Eval results

Files

Terraform: Required Tags Enforcement

Name: nicholasjackson/opa-rego-language
Rating: 0.99 (1 reviews)
Author: nicholasjackson

We use OPA to validate Terraform plans before they are applied. Write a Rego policy that enforces mandatory tags on all taggable AWS resources.

Every aws_instance, aws_s3_bucket, aws_rds_cluster, aws_lambda_function, aws_dynamodb_table, and aws_ebs_volume that is being created or updated (but not deleted) must have the following tags present and non-empty:

Environment
Owner
CostCenter
Project

The policy must support both raw Terraform input and HCP Terraform / Terraform Enterprise input.

docs

evals

scenario-1

scenario-2

scenario-3

scenario-4

scenario-5

scenario-6

scenario-7

scenario-8

scenario-9

scenario-10

scenario-11

scenario-12

scenario-13

scenario-14

scenario-15

scenario-16

scenario-17

rubric.json

task.md

scenario-18

scenario-19

scenario-20

scenario-21

scenario-22

scenario-23

scenario-24

scenario-25

scenario-26

scenario-27

scenario-28

scenario-29

scenario-30

scenario-31

README.md

rules.md

tile.json

nicholasjackson/opa-rego-language

task.md.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}evals/scenario-17/

Terraform: Required Tags Enforcement

task.mdevals/scenario-17/