Terraform Cloud is a service that makes it easy for teams to manage shared infrastructure with Terraform. This guide provides a brief overview of the components of Terraform Cloud and how to use it as part of your Terraform workflow.
The Terraform Cloud application, located at https://app.terraform.io, provides a UI and API to manage Terraform projects. The application manages projects in terms of organizations and workspaces:
A workspace is a named container for a single timeline of Terraform state, used to manage a collection of infrastructure resources over time. Each workspace belongs to an organization, and only members of that organization can access it.
An organization is a group of users who can collaborate on a shared set of workspaces. An organization is created by an initial user, who can then add other members.
The application manages access in two ways:
UI access is managed with usernames and passwords, with optional two-factor authentication.
API and CLI access is managed with API tokens, which can be generated in the UI. Each user can generate any number of personal API tokens, which allow access with their own identity and permissions. Organizations and teams can also generate tokens for automating tasks that aren't tied to an individual user.
Terraform Cloud offers a number of core features for free, as well as additional features in paid tiers. You can see a feature comparison here. When you host your project with Terraform Cloud, you can:
Integrate with most popular version control systems.
Manage your project's state, including state locking.
Plan and apply configuration changes from within the Terraform Cloud UI.
Securely store variables, including secret values.
Store and use private Terraform modules.
Collaborate with other users.
After you have signed up for Terraform Cloud, instead of using the Terraform CLI, you can use Terraform Cloud to manage, plan, and apply your Terraform configurations. The basic workflow is:
- Create a new workspace.
- Connect the workspace to your Version Control System, where your configuration is stored.
- Configure variables and their values.
- Plan your changes.
- Apply your changes.
- Review the results.
Since Terraform Cloud supports multiple users, you can collaborate with your team on each of these steps. For instance, each time you plan a new change, your team can see and approve the plan before it is applied.
While you can use Terraform Cloud for your entire Terraform workflow, replacing the CLI, you can also use Terraform Cloud along with the Terraform CLI:
Remote workspaces are automatically created when you need them. To create a new workspace, specify a new workspace name in a Terraform configuration's
When commands like
terraform applyare run from the command line, Terraform Cloud will perform the action, and the results will be available both in the command line and from within the Terraform Cloud UI.
Terraform protects state from conflicts by locking the remote state during plans and applies; other users can't begin new plans or applies until the current one ends.
Variables are handled differently when using a remote backend. Currently, you will either need to configure variables in the Terraform Cloud UI, with default values, or using
terraformcommand will not prompt you for variable values, and the
-var-filecommand line arguments are not supported at this time.
Access management tasks outside the scope of Terraform's CLI workflow are available in the Terraform Cloud UI and API. These tasks include:
Adding and removing organization members.
Locking workspaces out-of-band, to prevent plans and applies for an arbitrary period.
Viewing historical state, either raw or as a diff against the previous state.
Creating or disabling API tokens.
This track will walk you through setting up your Terraform Cloud account with an example configuration. You can also read the full Terraform Cloud documentation.
In the next guide, you will sign up for a free Terraform Cloud account.