Definition: Policy as Code Write policy for allowed/denied actions, Sentinel then actively/passively deny and check for violations Can sit between terraform plan and terraform apply two