Hi,
Since yesterday, we noticed our builds stopped working because it seems like the ip addresses for releases.hashicorp.com changed. We used to work with the Fastly terraform provided to whitelist a list of ip ranges in our firewall. Apparently somewhere since yesterday the releases.hashicorp.com points to cloudfront? Was this change announced somewhere? And how can we whitelist this new ip list?
Hi @nico.brys,
We do not guarantee any particular IP addresses for the releases service, and the only way we “announce” changes to them is by changing the DNS records.
If you intend to use Terraform on a system with restricted connectivity to external network services then it would be more robust to copy the providers you intend to use to either a local directory on the systems where you will run Terraform or to a local HTTPS server which provides the network mirror protocol (which is in practice just a convention for laying out some files on a static file server).
Using these alternative installation methods can avoid depending on our external servers altogether.
Hi,
It seems like you did not just switch ip addresses, but CDN provider? This was fastly and now AWS Cloudfront?
Exactly which vendors we use for content distribution is an implementation detail and subject to change at any time. Our DNS records are how we will communicate changes to the location of these services. I would recommend against making any other assumptions about how Terraform Registry or the releases service are deployed.
You did announce it last time you switched…
A new heads up would have been nice
Thanks for your feedback! We appreciate it, and I hope the solutions discussed by @apparentlymart above help work around this issue in the future. Thanks again!