Enforce Fine-Grained Policy Control Across Development and Production Environments

Deployment is hard. Enforcing policy on how the resources can be deployed is even harder. In this workshop, I’ll leverage two popular open-source tools, Terraform and Open Policy Agent, to show you step-by-step how to enforce fine-grained control on large-scale deployments across environments for data-related services.

Breakdown of the workshop:

  • Module 0: Pre-requisites and setup
  • Module 1: A quick overview of Terraform and deploying a single service using Terraform
  • Module 2: An overview of Open Policy Agent and how it works
  • Module 3:
    • Creating multiple data services across development and production environments using Terraform
    • Using Open Policy Agent to enforce policies that limit cloud costs and regions where resources can be created
  • Module 4:
    • Ensuring that the policies were followed
    • Cleaning up the resources

At the end of this workshop, you’ll have a fairly good understanding of both tools (Terraform and Open Policy Agent). You’ll be able to use a general-purpose policy engine to enforce policies across the stack in your own organization when dealing with large-scale deployment across development and production environments.



Dewan Ahmed


Dewan Ahmed is a Senior Developer Advocate at Aiven, a company that offers a fully managed, open source cloud data platform. Before joining Aiven, he worked at IBM and Red Hat as a developer, QA lead,


Peter ONeill


Peter ONeill is a community builder focused on Open Source and Developer Relations. He works with both large and small communities. Currently he is building the Open Policy Agent community, as a