Edit this page on GitHub
Terraform Cloud Agents
Cloud agents let Terraform manage isolated, private, or on-premises infrastructure. Learn to install, configure, and manage cloud agents.
Hands-on: Try the Manage Private Environments with Terraform Cloud Agents tutorial on HashiCorp Learn.
Note: Terraform Cloud Agents are available in the Terraform Cloud Business Tier. The number of agents you can deploy depends on the number of concurrent runs allowed in your organization.
Terraform Cloud Agents allow Terraform Cloud to communicate with isolated, private, or on-premises infrastructure. By deploying lightweight agents within a specific network segment, you can establish a simple connection between your environment and Terraform Cloud which allows for provisioning operations and management. This is useful for on-premises infrastructure types such as vSphere, Nutanix, OpenStack, enterprise networking providers, and anything you might have in a protected enclave.
The agent architecture is pull-based, so no inbound connectivity is required. Any agent you provision will poll Terraform Cloud for work and carry out execution of that work locally.
Terraform Enterprise supports Terraform Cloud Agents. Refer to Terraform Cloud Agents on TFE for Terraform Enterprise specific documentation and requirements.
Agents allow you to run Terraform operations from a Terraform Cloud workspace on your private infrastructure. Agents do not support:
- Connecting to private infrastructure from Sentinel policies using the http import.
- Connecting Terraform Cloud workspaces to VCS instances that do not allow access from the public internet. For example, you cannot use agents to connect to a GitHub Enterprise Server instance that requires access to your VPN.
For these use cases, we recommend you leverage the information provided by the IP Ranges documentation to permit direct communication from the appropriate Terraform Cloud service to your internal infrastructure.