I have use case in which I want to whitelist the IP address of the registry.terraform.io for a private VM which has internet connectivity to only limited IP addresses…how can we connect to registry.terraform.io using an IP address?
You might be better off opening a HashiCorp support ticket for this - as only the company can say for sure whether this is something they support or not.
As an unaffiliated community member, all I can say is I have never seen any documentation about this, so I would assume it is not supported.
Terraform Registry is deployed behind a content delivery network (CDN) which can potentially use many different IP addresses depending on the client location and can change them over time without notice to respond to various changing network conditions. It’s therefore not really practical to use an outgoing IP-based firewall to filter connections to there.
Furthermore, the public registry allows third-parties to publish arbitrary content without any review gate and so I think filtering at the level of that entire host may not be as valuable as you think; you will presumably still need to screen individual modules and providers from there if your threat model is access to untrusted content.
Instead, I would suggest using either a local filesystem mirror or a network mirror to host the providers you need inside your local network, and to fork any public modules you intend to use onto a server inside your network. You can then avoid allowing outbound connections at all, and can pre-screen the providers you intend to use to ensure that no others are available for use.
You can read more about the alternative provider installation methods in the Provider Installation section of the CLI Configuration docs. Note that this page is discussing the configuration of Terraform CLI itself when running on your machine, which is separate from the
.tf files you use to describe your infrastructure and so it can be used to impose different provider installation methods on any Terraform configuration you run under a particular user account on a particular computer.