My use case should be fairly common I guess: I want to manage a Google Cloud SQL instance using the Terraform PostgreSQL provider. I don’t want to open my instance to the whole world though, so I’d like to whitelist a range of addresses or networks from which Terraform Cloud runs originate.
I know it’s not top notch security: there’ll be nothing stopping an informed attacker from deploying their hits on Terraform Cloud. I just want to avoid the bots.
I’m looking for the same information. My use case is exactly the same. Any answers?
I am also looking for the same information. Anyoen found anything yet?
Looking for the same. Having the same issue managing azure storageaccounts with firewalling enabled.
Hello all,
I wanted to follow-up and confirm the answer. Currently, Terraform Cloud does not run on a predefined range of IP addresses. I understand that the ability to whitelist is important, there is a possibility we may have a solution for this in the future. At this time, the runners are fairly dynamic.
too bad. this is kind of a dealbreaker for using terraform cloud. Was in touch with hashicorp support, the the suggesting is to move to terraform enterprise.
Half-way through migrating to Terraform Cloud I realised this is a total dealbreaker. Disappointing 
Shouldn’t be too hard to route the runners’ traffic through a bunch of NAT gateways with publicly known IP addresses should it?
Same here, trying to manage Azure KeyVault, any update so far?
Encountered this issue while trying to manage a Kubernetes cluster with a public API endpoint. Any update on this would be appreciated.
Hi, just going to jump in here. 
Wasn’t this one of the selling features of the Business Tier, announced back near the end of the summer? It’s only for certain Terraform Cloud features, though; maybe that’s the bit I’m missing.
Hello, everyone!
@jlj7 is correct that the IPs for Terraform Cloud are obtained with the API from this page.
Note that those IP ranges are for Version Control Systems, Sentinel, and Notifications only. HashiCorp Terraform Cloud Business Tier allows for agents that solve the remainder of this scenario by providing the ability to use Terraform Cloud Agents which allow Terraform Cloud to communicate with isolated, private, or on-premises infrastructure.
Please let us know if that answers your questions, and if you have any other concerns!
Hello everyone!
@onlydole could you please tell me what IP addresses should I whitelist for Terraform Cloud runs which connect to public Vultr API using official Vultr provider?
I tried all the addresses which I can find here https://app.terraform.io/api/meta/ip-ranges, but I get an error {"error":"Unauthorized IP address.","status":401}. I’m sure I use the correct access token, also I contacted Vultr support and they said there were no problems on their side.
Howdy, @alex-feel 
Do you know if you’re getting a 401 response from the Vultr provider or when trying to authenticate with Terraform Cloud?
I’m happy to jump on a call with you if you’d like to troubleshoot.
@onlydole, I was getting the response from Vultr and saw it in a Terraform Cloud run frontend, here it is:
And after I whitelisted all IPv4 addresses in my Vultr account everything worked:
It turns out that the IP addresses highlighted in red are wrong, I took them here https://app.terraform.io/api/meta/ip-ranges
Could you please tell me where can I get the correct IP addresses which are used by Terraform Cloud runs?
Hey, @alex-feel,
Thank you for providing those screenshots and additional information! That makes a lot more sense to me now what was going on.
Your screenshots helped show that the issue is occurring due to the runner IP not having access to Vultr.
Please let me know if there’s anything more I can clarify to that end, and I hope that helps shed more light on why those issues arose when working with the Vultr provider and Terraform Cloud runs!
@onlydole, now it’s clear, I just got confused by this message and thought there are now IPs for runners. Thanks for the clarification!
Is there a plan in place to document the list of ips used by TFC runners/workers?
Having to manage and run our own self hosted agents is not an option for us.
@onlydole Any improvement now available since your last comment on this thread. I need to figure out the best option right now, end of 2021.
Howdy, everyone!
The latest information for Terraform Cloud IP Ranges can be found here: IP Ranges - Terraform Cloud and Terraform Enterprise - Terraform by HashiCorp
Not the best option but you could modify the firewall rules on the fly using something like this but adapted to your needs and creating a dependency so the rule is changed before access is needed.
How to programmatically use your public Internet IP address in Terraform?
