Terraform cloud worker execute remote-exec will be blocked by firewall

LoofahBu · September 7, 2020, 7:17am

Hi, our team use remote-exec to provision remote machine. To make bastion machine more secure, We add a azurerm_network_security_rule to limit source IP address. But we don’t know the IP address of Terraform Cloud worker. When it executes remote-exec , will be blocked by firewall. Is there any way can get worker’s IP address list? Thanks!

Terraform Version

Terraform v0.12.18

Debug Output

bastion (remote-exec):   Host: bastion-ip
bastion (remote-exec):   User: bastion-0
bastion (remote-exec):   Password: true
bastion (remote-exec):   Private key: false
bastion (remote-exec):   Certificate: false
bastion (remote-exec):   SSH Agent: false
bastion (remote-exec):   Checking Host Key: false
Error: timeout - last error: dial tcp bastion-ip: i/o timeout

chrisarcand · September 8, 2020, 1:51pm

Hi!

Although we publish an IP Ranges API, as noted in the documentation those ranges do not allow for execution of Terraform runs against local [non-public] resources.

Running a Terraform Cloud Agent, however, would allow you to provision with the desired limited access you’re looking for, which is included as part of our Business tier.

Thanks!

Topic		Replies	Views
Azure Terraform : Running remote-exec on VM via Bastion Host Terraform	0	1215	February 10, 2021
Remote-exec provisioner connection via Bastion Host Terraform connect , hcp-terraform , azure	2	264	January 4, 2025
Remote-exec with bastion host is not working by using null_resource for OCI Terraform	12	1067	May 13, 2023
How to do remote-exec operation if i am using terraform cloud HCP Terraform	7	3446	March 19, 2022
Terraform Cloud IP Ranges HCP Terraform	4	2041	March 19, 2022

Terraform cloud worker execute remote-exec will be blocked by firewall

Terraform Version

Debug Output

Related topics