Access EKS Private API Server from Terraform Cloud

deasydoesit · August 11, 2023, 2:47pm

We have an EKS cluster in AWS deployed from Terraform Cloud and would like to make the API server private. However, when the API server is private, Terraform Cloud is unable to reach the cluster. I know we can whitelist IPs / CIDR blocks for API access so I’m curious if anybody knows the proper IPs / CIDR blocks for Terraform Cloud, or has another solution?

stuart-c · August 11, 2023, 3:27pm

I seem to recall that there isn’t a fixed set of IPs for Terraform Cloud, so it isn’t possible to whitelist. Instead you need to run your own worker node connected to Terraform Cloud from inside your infrastructure.

deasydoesit · August 11, 2023, 4:08pm

Thanks for the response Stuart!

If I understand you correctly, the worker node would run the Terraform Cloud Agent?

stuart-c · August 11, 2023, 4:20pm

That’s correct yes.

deasydoesit · August 11, 2023, 4:56pm

Dang, looks like for agents > 1 you need to have a Plus or Enterprise account.

Topic		Replies	Views
Terraform Cloud public CIDRs Terraform	6	2237	November 1, 2020
Terraform Cloud - IP Range Whitelist through Proxy HCP Terraform	3	1185	October 20, 2021
Connecting to Private EKS API - Invalid x509 Certificate Boundary	2	1282	June 25, 2021
Terraform Cloud IP Ranges HCP Terraform	4	2092	March 19, 2022
Configuring a static IP for an EKS cluster Terraform	0	428	May 3, 2020

Access EKS Private API Server from Terraform Cloud

Related topics