Terraform
Collaborate using HCP Terraform
In the previous tutorials in this collection, you used Terraform to create, manage, and destroy infrastructure from your local machine. Managing your Terraform workspaces from your local machine creates a single point of failure, and makes it difficult to collaborate on infrastructure projects with your team.
HCP Terraform allows you to collaborate on infrastructure projects within your organization. It provides a secure remote execution environment, letting you collaboratively manage changes to your infrastructure. It also securely stores your Terraform state and variables, including API tokens and access keys. The Terraform CLI integrates with HCP Terraform, so you can trigger remote runs from your local machine.
In this tutorial, you will migrate your local workspace to HCP Terraform and use the CLI-driven workflow to trigger runs. HCP Terraform also supports provisioning your infrastructure using an API-driven workflow, or the VCS-driven workflow, which triggers runs for any changes to a configured repository.
Prerequisites
To follow this tutorial you will need:
- The Terraform CLI (1.2.0+) installed.
- The AWS CLI installed.
- An AWS account and associated
credentials
that allow you to create resources in the
us-west-2region, including an EC2 instance, VPC, and security groups. - The configuration and infrastructure from the previous tutorials tutorials in this collection.
Create resources
In the previous tutorial, you
destroyed the infrastructure you created with Terraform. Apply your
configuration again to recreate your workspace's infrastructure. Respond to the
confirmation prompt with a yes.
$ terraform apply
data.aws_ami.ubuntu: Reading...
data.aws_ami.ubuntu: Read complete after 1s [id=ami-0026a04369a3093cc]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# module.vpc.aws_default_network_acl.this[0] will be created
+ resource "aws_default_network_acl" "this" {
+ arn = (known after apply)
+ default_network_acl_id = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
##...
Plan: 15 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
module.vpc.aws_vpc.this[0]: Creating...
module.vpc.aws_vpc.this[0]: Still creating... [10s elapsed]
module.vpc.aws_vpc.this[0]: Creation complete after 13s [id=vpc-07b6253940b170243]
## ...
module.vpc.aws_route_table_association.public[0]: Creating...
module.vpc.aws_subnet.private[1]: Creation complete after 4s [id=subnet-0daa2b4c37d3d9bd1]
module.vpc.aws_route_table_association.private[0]: Creating...
module.vpc.aws_route_table_association.private[1]: Creating...
module.vpc.aws_route_table_association.public[0]: Creation complete after 0s [id=rtbassoc-0f3b7ed7e1f49d2a1]
module.vpc.aws_route_table_association.private[0]: Creation complete after 0s [id=rtbassoc-01e3f044ca6bb5fe0]
module.vpc.aws_route_table_association.private[1]: Creation complete after 0s [id=rtbassoc-0647d3c7904113d60]
Apply complete! Resources: 15 added, 0 changed, 0 destroyed.
Now that you have re-created your VPC and related resources, migrate your local workspace's state to HCP Terraform.
Sign up for HCP Terraform
You will need an HCP Terraform account to complete this tutorial. Visit HCP Terraform and follow the prompts to create an HCP Terraform account. If you already have an HCP Terraform account, you can use it for this tutorial instead of creating a new one.
When you sign up with HCP Terraform, you will receive an email asking you to confirm your email address. When you click the link to confirm your email address, HCP Terraform will send you to the Organizations page. Click Create organization and create your new organization by following the prompts.
Log into HCP Terraform
Next, log into your HCP Terraform account with the Terraform CLI by running
terraform login in your terminal.
$ terraform login
Terraform will request an API token for app.terraform.io using your browser.
If login is successful, Terraform will store the token in plain text in
the following file for use by subsequent commands:
/Users/YOU/.terraform.d/credentials.tfrc.json
Do you want to proceed?
Only 'yes' will be accepted to confirm.
Enter a value:
Respond to the confirmation prompt with a yes and Terraform will open a
browser window to allow you to create an API token.
Enter a value: yes
---------------------------------------------------------------------------------
Terraform must now open a web browser to the tokens page for app.terraform.io.
If a browser does not open this automatically, open the following URL to proceed:
https://app.terraform.io/app/settings/tokens?source=terraform-login
---------------------------------------------------------------------------------
Generate a token using your browser, and copy-paste it into this prompt.
Terraform will store the token in plain text in the following file
for use by subsequent commands:
/Users/YOU/.terraform.d/credentials.tfrc.json
Token for app.terraform.io:
Enter a value:
Follow the workflow in your browser to generate an API token. Then, paste the API token into your terminal when Terraform prompts you to do so. Terraform will not print your token to the screen when you paste it. For more detail on logging in to HCP Terraform, follow the Authenticate the CLI with HCP Terraform tutorial.
Enter a value:
Retrieved token for user YOU
---------------------------------------------------------------------------------
-
----- -
--------- --
--------- - -----
--------- ------ -------
------- --------- ----------
---- ---------- ----------
-- ---------- ----------
Welcome to HCP Terraform! - ---------- -------
--- ----- ---
Documentation: terraform.io/docs/cloud -------- -
----------
----------
---------
-----
-
New to HCP Terraform? Follow these steps to instantly apply an example configuration:
$ git clone https://github.com/hashicorp/tfc-getting-started.git
$ cd tfc-getting-started
$ scripts/setup.sh
Connect workspace to HCP Terraform
In order to connect your workspace to HCP Terraform, you will need to update your configuration and re-initialize your workspace from the command line. HCP Terraform workspaces work like local Terraform workspaces, but execute Terraform operations and store your state within HCP Terraform. HCP Terraform also supports grouping your workspaces into projects to more easily manage their access and settings.
Update configuration
Update the terraform block in terraform.tf to add a cloud block that
connects your local workspace to HCP Terraform.
terraform.tf
terraform {
cloud {
organization = "your-organization-name"
workspaces {
project = "Learn Terraform"
name = "learn-terraform-aws-get-started"
}
}
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.92"
}
}
required_version = ">= 1.2.0"
}
Replace your-organization-name with your organization name, which you can find
in the HCP Terraform portal.