Terraform Cloud public CIDRs


I use a TF module to provision an EKS cluster with limited public access to k8s control plane. I want to whitelist a CIDR range of Terraform Cloud for EKS control plane to be able to apply changes.

What’s a CIDR of Terrafrom Cloud service?


I am also interested in this - Terraform Cloud external IPs

1 Like

Yea, we run a private gitlab, we need to have the TF Cloud Public CIDR for the ACL


Have the exact same issue. Trying to manage a GKE cluster with the K8s provider, but do not know which CIDR ranges to whitelist.

Looks like nobody from HashiCorp reading threads at all…

Multiple threads running on this and I wanted to make sure we followed up with the answer!

Unsure if Im replying to the latest thread about this issue. I know there are a few in here.

Ive just sunk a couple of hours into learning how to handle the output of the TFC CIDR API described at https://www.terraform.io/docs/cloud/architectural-details/ip-ranges.html -> https://www.terraform.io/docs/cloud/api/ip-ranges.html.

With great fan-fair I was able to munge the API results into a value that was usable with the azurerm_storage_account network_roles ip_rules resources.

Only to then find out that the values returned by the above API dont give us the ranges we need to whitelist the runners themselves. I really dont want to open up my Azure Storage Account access to the world and rely solely on one item of security to prevent access.

As a learning activity, 5 stars.
Solving the problem I set out to achieve and finding out that the vendors API doesnt give us the values we need? 0 stars.