Since yesterday, we noticed our builds stopped working because it seems like the ip addresses for releases.hashicorp.com changed. We used to work with the Fastly terraform provided to whitelist a list of ip ranges in our firewall. Apparently somewhere since yesterday the releases.hashicorp.com points to cloudfront? Was this change announced somewhere? And how can we whitelist this new ip list?
We do not guarantee any particular IP addresses for the releases service, and the only way we “announce” changes to them is by changing the DNS records.
If you intend to use Terraform on a system with restricted connectivity to external network services then it would be more robust to copy the providers you intend to use to either a local directory on the systems where you will run Terraform or to a local HTTPS server which provides the network mirror protocol (which is in practice just a convention for laying out some files on a static file server).
Using these alternative installation methods can avoid depending on our external servers altogether.
Exactly which vendors we use for content distribution is an implementation detail and subject to change at any time. Our DNS records are how we will communicate changes to the location of these services. I would recommend against making any other assumptions about how Terraform Registry or the releases service are deployed.