Today we’re announcing availability of the new Business tier offering for HashiCorp Terraform Cloud. This new tier includes enterprise features for advanced security, compliance and governance, the ability to execute multiple runs concurrently, and flexible support options.
Over the past several years, hundreds of the world’s largest companies have relied upon Terraform Enterprise to automate the provisioning, compliance, and management of their infrastructure. As more and more workloads have shifted into public clouds, customer expectations have also shifted, and organizations increasingly want enterprise-class features without the need to host and operate Terraform Enterprise themselves.
HashiCorp offers Terraform Cloud as a service and it has provided the best way for practitioners and teams to securely store the state of their infrastructure, remotely apply changes, and collaborate with others in a way that ensures consistency. Terraform Cloud has added more than 5,000 new users per month since the initial release in 2019, with over 500,000 runs executed monthly, and we continue to see growing demand for Terraform Cloud from organizations that want to consume infrastructure as a managed service.
Practitioners, teams, and smaller organizations have been able to take advantage of the existing Free, Team, and Governance offerings to collaborate, automate compliance processes, and ensure the consistent application of best practices via the private module registry. However, large enterprises that operate in more complex and higher scale environments have had additional requirements for Terraform Cloud.
Today we’re announcing the addition of the new Business tier in Terraform Cloud to meet these expanded needs. New capabilities include:
When we spoke to customers about what they wanted to add to Terraform Cloud to help them onboard their teams more effectively, SSO using their existing federated identity provider was at the top of that list. However, we didn’t want to just tick a box on a feature list, we wanted to give our customers the best SSO experience possible. Since a large number of our customers use Okta, we made a first-class Okta experience the priority. Here’s a glimpse at how simple this is:
Integrating Okta as your IdP is simply a matter of providing Terraform Cloud with the Okta metadata URL. Fill in a single field, and it’s ready to be enabled. All of the required SAML 2.0 compliant configuration options (i.e., X.509 Certificate, IdP Sign-on URL, Single Logout URL) are applied behind the scenes, and you’ll be ready to enable SSO in a matter of seconds.
We have heard from organizations that would like to use SSO with Azure AD and other SAML 2.0 compliant IdPs, and we look forward to providing the integration options for that in the future.
Many organizations have a significant and often growing investment in their existing on-premises datacenters. Even if those organizations have gone all-in on the public cloud, they frequently have the need to manage resources that they don’t want accessible from the public internet. This presents a challenge for a managed service that operates on the public internet and needs to be able to reach those private resources.
With the Business tier, our Terraform Cloud Agents will now allow entitled customers to decide where they want to have their Terraform runs execute. Have a private environment that you want Terraform Cloud to manage, but also need to keep ingress from the internet blocked so it stays private? Just deploy a Terraform Cloud Agent inside that network and it will connect back to Terraform Cloud securely, retrieve any work it needs to complete, apply the changes, and then update the results back in Terraform Cloud.
You also have the flexibility to choose which workspaces use your self-hosted agents, and which ones continue to use the fully managed Terraform Cloud alternative. This new capability gives you the benefit of a self-hosted option when you need that extra control, with the simplicity of a managed option when you don’t.
Additionally, Terraform Cloud now supports an IP Ranges API endpoint that makes it easy for organizations to limit their exposure in situations where they do want to make certain services available to Terraform Cloud. For example, if a private Version Control System (VCS) is in play, this new API will make it simple for the security team to be very specific about what is allowed to access it and from where. The IP Ranges API also comes with a 24-hour advance notice policy, where any changes will be published at least 24 hours before taking effect.
Once you have multiple teams collaborating and resources being managed through a blend of Terraform Cloud and self-hosted agents, it becomes more important than ever to understand what’s happening and when. Our customers told us they didn’t want yet another place to look to find this information. Many have already made an investment in centralized logging using Splunk. So again, we wanted to give people the best out-of-the-box experience possible that works with the services they are already using.
The Terraform Cloud for Splunk app is now available in Splunkbase. It’s available for use within Splunk Cloud or Splunk Enterprise, and once installed and configured it presents a number of preconfigured dashboards and data tables within the Splunk interface:
Data is regularly pulled into Splunk and the app provides near real-time visibility into key actions. You can quickly see which workspaces are generating the most frequent changes, which Sentinel policies are being evaluated most frequently, and which users are most active. For deeper analysis, you can then filter by a number of attributes to inspect individual events.
For customers that aren’t using Splunk, we’ve also made the audit events available via a JSON API, allowing them to be integrated into any other system.
Collaborating with a large number of colleagues across thousands of workspaces will mean a constant stream of changes being planned and applied. The standard approach within Terraform Cloud is to queue and process this work sequentially. Business tier customers are now able to purchase additional concurrency. This enables multiple jobs to be processed in parallel reducing the duration any team has to wait for their work to be completed.
We’ve been operating Terraform Cloud for customers for just under a year now, and our status page shows a historical uptime that we’re incredibly proud of. Simply pointing to historical performance isn’t always enough though, and customers have asked us for SLA commitments going forward. So alongside this launch and the recent announcement of HashiCorp Cloud Platform, we’ve announced Service Level Agreements for all of our cloud offerings.
Terraform Cloud is free to get started and organizations can upgrade to the Team and Governance or the Business tier at any time. To get started, sign-up for Terraform Cloud and follow our Get Started tutorial or contact HashiCorp Sales.
Watch the live announcement and demo of Terraform Cloud Business Tier with HashiCorp co-founder and CTO Armon Dadgar and HashiCorp Technical Marketing Manager Kyle Ruddy.
AWS and HashiCorp are collaborating to develop Terraform modules.
With a live demo, two engineers from Mozilla’s Pocket show how they use CDK for Terraform to define and provision infrastructure in a TypeScript application.
Read this curated list of HashiCorp learning resources to help practitioners and organizations better understand the cloud operating model.