Valid Terraform-Associate-003 Dumps shared by ExamDiscuss.com for Helping Passing Terraform-Associate-003 Exam! ExamDiscuss.com now offer the newest Terraform-Associate-003 exam dumps, the ExamDiscuss.com Terraform-Associate-003 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com Terraform-Associate-003 dumps with Test Engine here:
Your risk management organization requires that new AWS S3 buckets must be private and encrypted at rest. How can Terraform Cloud automatically and proactively enforce this security control?
Correct Answer: D
The best way to automatically and proactively enforce the security control that new AWS S3 buckets must be private and encrypted at rest is with a Sentinel policy, which runs before every apply. Sentinel is a policy as code framework that allows you to define and enforce logic-based policies for your infrastructure. Terraform Cloud supports Sentinel policies for all paid tiers, and can run them before any terraform plan or terraform apply operation. You can write a Sentinel policy that checks the configuration of the S3 buckets and ensures that they have the proper settings for privacy and encryption, and then assign the policy to your Terraform Cloud organization or workspace. This way, Terraform Cloud will prevent any changes that violate the policy from being applied. Reference = [Sentinel Policy Framework], [Manage Policies in Terraform Cloud], [Write and Test Sentinel Policies for Terraform]