HashiCorp : Terraform Cloud

Introduction to Terraform Cloud

Demo Terraform Cloud

This guide provides a quick walkthrough of Terraform Cloud’s core features, including organization setup, workspace management, VCS integration, and the Private Module Registry. By the end, you’ll understand how to log in, configure settings, and use Terraform Cloud for collaboration and automation.

1. Logging In & Selecting an Organization

  1. Navigate to the Terraform Cloud login page and sign in with your credentials.
  2. From the dashboard, select the desired organization (e.g., Enterprise Cloud).
  3. You’ll now see a list of workspaces, each showing its run status, linked repository, and the timestamp of the latest change.

The image shows a dashboard interface listing various workspaces with their run statuses, repository names, and the latest change timestamps. The statuses include "Applied," "Planned and finished," and "Errored."

2. Plan & Billing Overview

Under Organization Settings > Plan & Billing, you can review and upgrade your subscription.

The image shows a "Plan & Billing" page from the HashiCorp Cloud Platform, indicating a free plan with one active user and no invoices yet.

PlanUsersWorkspacesRemote StateVCS IntegrationPrivate Module Registry
FreeUp to 5Unlimited
TeamUp to 10Unlimited
Team & GovernanceUnlimitedUnlimited

The image shows a pricing plan page for a cloud platform, detailing different subscription options: Free, Team, and Team & Governance, with their respective features and costs. The current plan is marked as "Free."

3. Workspace Dashboard

Overview of Runs & Resources

Select a workspace (e.g., devops-aws-myapp-dev) to see details of recent runs, resource changes, and performance metrics.

The image shows a Terraform Cloud workspace overview for "devops-aws-myapp-dev," displaying details of the latest run, including a destroy action triggered via the UI, with metrics and resource information.

A chronological log of all plan and apply events shows branch names, trigger methods, and statuses at a glance.

The image shows a dashboard interface for managing application deployments, displaying a list of runs with their statuses and details such as branch and trigger method.

Terraform Cloud securely stores and versions your state file. Here’s an example of a raw state export:

{
  "version": 4,
  "terraform_version": "1.0.7",
  "serial": 8,
  "lineage": "06f59866-a545-55ba-439a-41e55ed551ba",
  "outputs": {
    "clumsy-bird-ip": {
      "value": "http://52.71.182.141",
      "type": "string"
    },
    "clumsy-bird-url": {
      "value": "http://ec2-52-71-182-141.compute-1.amazonaws.com",
      "type": "string"
    }
  }
}

4. Managing Variables & Secrets

At the workspace level, define Terraform variables and reference organization-level variable sets for sensitive data (e.g., AWS credentials). This ensures secrets never appear in your configuration files.

The image shows a web interface displaying AWS credentials with variable sets, including an access key ID and a sensitive secret access key.

Note

Use organization-level variable sets to centralize credential management and avoid committing secrets to VCS.

5. Execution Modes: Manual & Remote

You can lock a workspace during maintenance to prevent changes. Unlock it to run Plan & Apply or Plan Only directly in Terraform Cloud’s UI.

6. Configuring Workspace Settings

Under General Settings, adjust the workspace ID, name, description, execution mode (remote or local), apply method (auto or manual), and Terraform version.

The image shows a "General Settings" page for a Terraform Cloud workspace, including fields for ID, name, description, execution mode, and apply method.

7. Setting Up Notifications

Create alerts for run events—such as plan completion or apply failures—via Webhook, Email, Slack, Microsoft Teams, or custom channels.

The image shows a "Create a Notification" interface with options to send messages via Webhook, Email, Slack, or Microsoft Teams. It includes fields for entering a name, webhook URL, and token.

8. Version Control Integration

Connect workspaces to GitHub, GitLab, Bitbucket, or Azure DevOps. Commits, pull requests, and merges can automatically trigger plans (and applies, if enabled).

The image shows a settings page for a Terraform workspace connected to a GitHub repository named "clumsy_bird." It includes version control and workspace settings, with options for changing the source and applying methods.

9. Workflow Options

Terraform Cloud supports multiple workflows:

WorkflowTrigger Method
VCS-drivenCommits, PR merges
CLI-driventerraform login + terraform push
API-drivenDirect API calls for runs and applies

The image shows a webpage interface for choosing a Terraform workflow, with options for version control, CLI-driven, and API-driven workflows. It includes navigation steps and links for more information.

10. Reviewing GitHub-Triggered Runs

Click on a Git commit in Terraform Cloud to see what changed. For example, an HCL module definition might look like this:

module "security-group-http" {
  source      = "app.terraform.io/Enterprise-Cloud/security-group/aws//modules/http-80"
  version     = "4.8.0"
  name        = "http-traffic-${var.environment}"
  description = "Security group for ${var.environment} with HTTP ports open within VPC"
}

Back in the workspace, you’ll find run metrics, tags, and access controls for contributors.

The image shows a Terraform Cloud workspace interface for "devops-aws-myapp-dev," displaying details of the latest run, which was a destroy action triggered via the UI. It includes metrics, resource changes, and a README section for the "clumsy_bird" application.

11. Teams, Users & VCS Providers

Invite users or teams, assign roles, and add version control providers under Organization Settings > VCS Providers.

The image shows a user interface for adding a Version Control System (VCS) provider in Terraform Cloud, with options to connect to GitHub, GitLab, Bitbucket, or Azure DevOps. The interface includes a sidebar with organization settings and security options.

12. Exploring the Private Module Registry

Terraform Cloud’s Private Module Registry lets your team browse, version, and share modules securely within your organization.

The image shows a dashboard from the HashiCorp Cloud Platform, listing various workspaces with their run statuses, repository links, and the latest change timestamps. Most workspaces have a status of "Applied" or "Planned and finished," with one showing "Errored."

Use a private module in your configuration:

module "vpc" {
  source  = "app.terraform.io/EnterpriseCloud/vpc"
  version = "2.34.0"
  # insert required variables here
}

credentials "app.terraform.io" {
  # valid user API token
  token = "xxxxxx.atlasv1.zzzzzzzzzzzzz"
}

Browse and filter modules by provider and registry to find exactly what you need.

The image shows a list of Terraform modules with details such as their type (public or private), provider (AWS), version, and download count. There are filters on the left for providers and registries.

13. Monitoring Workspace Health

Keep track of workspaces that need attention, currently running environments, or those with failed runs. Use filters to quickly locate specific environments like “dev.”

The image shows a HashiCorp Cloud Platform workspace interface with a workspace named "server-build-dev" that needs attention, with a run status of "Planned."

The image shows a dashboard from the HashiCorp Cloud Platform, displaying a list of workspaces with their run statuses marked as "Errored." Each workspace entry includes the name, associated repository, and the time since the last change.

The image shows a dashboard from a cloud platform with a list of workspaces, their run statuses, associated repositories, and the latest change timestamps. Some workspaces have statuses like "Applied" or "Planned and finished," while one shows "Errored."


Watch Video

Watch video content

Previous
Introduction to Terraform Cloud