nicholasjackson/opa-rego-language

Rego is the declarative policy language used by Open Policy Agent (OPA). This tile covers writing and testing Rego policies for Kubernetes admission control, Terraform and infrastructure-as-code plan validation, Docker container authorization, HTTP API authorization, RBAC and role-based access control, data filtering, metadata annotations with opa inspect, and OPA policy testing with opa test.

1.19x

Quality

Pending

Does it follow best practices?

Impact

99%

1.19x

Average score across 31 eval scenarios

Securityby

Pending

The risk profile of this skill

Overview

Eval results

Files

Terraform: S3 Bucket Encryption

Name: nicholasjackson/opa-rego-language
Rating: 0.99 (1 reviews)
Author: nicholasjackson

We use OPA to validate Terraform plans before they are applied. Write a Rego policy that prevents S3 buckets from being created without server-side encryption.

The policy must handle both ways encryption can be configured:

Inline on the aws_s3_bucket resource (via the server_side_encryption_configuration block)
As a separate aws_s3_bucket_server_side_encryption_configuration resource

Valid encryption algorithms are AES256 and aws:kms.

The policy must support both raw Terraform input and HCP Terraform / Terraform Enterprise input.

docs

evals

scenario-1

scenario-2

scenario-3

scenario-4

scenario-5

scenario-6

scenario-7

scenario-8

scenario-9

scenario-10

scenario-11

scenario-12

scenario-13

scenario-14

scenario-15

scenario-16

scenario-17

scenario-18

rubric.json

task.md

scenario-19

scenario-20

scenario-21

scenario-22

scenario-23

scenario-24

scenario-25

scenario-26

scenario-27

scenario-28

scenario-29

scenario-30

scenario-31

README.md

rules.md

tile.json

nicholasjackson/opa-rego-language

task.md.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}evals/scenario-18/

Terraform: S3 Bucket Encryption

task.mdevals/scenario-18/