Terraform cloud worker execute remote-exec will be blocked by firewall

LoofahBu · September 7, 2020, 7:17am

Hi, our team use remote-exec to provision remote machine. To make bastion machine more secure, We add a azurerm_network_security_rule to limit source IP address. But we don’t know the IP address of Terraform Cloud worker. When it executes remote-exec , will be blocked by firewall. Is there any way can get worker’s IP address list? Thanks!

Terraform Version

Terraform v0.12.18

Debug Output

bastion (remote-exec):   Host: bastion-ip
bastion (remote-exec):   User: bastion-0
bastion (remote-exec):   Password: true
bastion (remote-exec):   Private key: false
bastion (remote-exec):   Certificate: false
bastion (remote-exec):   SSH Agent: false
bastion (remote-exec):   Checking Host Key: false
Error: timeout - last error: dial tcp bastion-ip: i/o timeout

chrisarcand · September 8, 2020, 1:51pm

Hi!

Although we publish an IP Ranges API, as noted in the documentation those ranges do not allow for execution of Terraform runs against local [non-public] resources.

Running a Terraform Cloud Agent, however, would allow you to provision with the desired limited access you’re looking for, which is included as part of our Business tier.

Thanks!