Access EKS Private API Server from Terraform Cloud

We have an EKS cluster in AWS deployed from Terraform Cloud and would like to make the API server private. However, when the API server is private, Terraform Cloud is unable to reach the cluster. I know we can whitelist IPs / CIDR blocks for API access so I’m curious if anybody knows the proper IPs / CIDR blocks for Terraform Cloud, or has another solution?

I seem to recall that there isn’t a fixed set of IPs for Terraform Cloud, so it isn’t possible to whitelist. Instead you need to run your own worker node connected to Terraform Cloud from inside your infrastructure.

Thanks for the response Stuart!

If I understand you correctly, the worker node would run the Terraform Cloud Agent?

That’s correct yes. :slight_smile:

1 Like

Dang, looks like for agents > 1 you need to have a Plus or Enterprise account.