HashiCorp Certified: Terraform Associate — Question 280

Your risk management organization requires that new AWS S3 buckets must be private and encrypted at rest. How can Terraform Enterprise automatically and proactively enforce this security control?

Answer options

• A. With a Sentinel policy, which runs before every apply
• B. By adding variables to each TFE workspace to ensure these settings are always enabled
• C. With an S3 module with proper settings for buckets
• D. Auditing cloud storage buckets with a vulnerability scanning tool

Correct answer: A

Explanation

The correct answer is A because a Sentinel policy can enforce compliance rules before any changes are applied, ensuring that S3 buckets are created with the required privacy and encryption settings. Options B and C do not proactively enforce the rules at the time of creation, and D is focused on auditing rather than enforcing policies during the creation process.