Terraform
Organization settings
This topic contains reference information about settings you can configure for organizations. Organization owners can view and manage the entire list of organization settings. Refer to Organization permissions for details. For information about how to create and manage organizations, refer to Organizations overview.
General
The following settings are available in the General Settings section.
Name
Specify the human-readable name for the organization in the Name field.
Deleting or renaming an organization can be very disruptive. We strongly recommend against deleting or renaming organizations with active members. Refer to Rename an organization for more information.
Notification Email
Specify an email address where the system can send notifications in the Notification Email field. HCP Terraform and Terraform Enterprise send all notifications, including workspace and project updates, to this address.
Workspace administrators can force delete workspaces
Enable the Workspace administrators can force delete workspaces option to let workspace administrators to force delete workspaces.
When disabled, only members of the Owners team can force delete workspaces that are locked or managing resources. Force deleting a workspace introduces risk because Terraform cannot track or manage any of the workspace’s remaining infrastructure. The workspace's users must manually delete any remaining resources or import them into another Terraform workspace.
Refer to Delete a workspace with resources under management for more information.
Tests can be generated for private modules
Enable the Tests can be generated for private modules option to let members with module management permissions generate module tests. Refer to Generated module tests for more information.
This setting requires an HCP Terraform Standard subscription.
Stacks
Enable the Stacks option to allow team members with the appropriate permissions to create Stacks. Refer to Stacks overview for more information.
Show Terraform pre-releases
Enable the Show Terraform pre-releases option to allow teams to use features that aren't yet generally available.
Default Execution Mode
The execution mode determines where Terraform operations execute. This setting specifies the default mode for projects and workspaces in the organization. Project and workspace managers can override the default mode.
You can enable one of the following modes:
- Remote: Operations execute on HCP Terraform's infrastructure.
- Local: Operations exeucte on the local machine.
- Agent: Operations execute on an HCP Terrraform agent pool.
Updating this setting discards Terraform operations that are in progress for workspaces configured to inherit the default execution mode. Refer to the workspace execution mode settings documentation for more information.
Destruction and Deletion
Click Delete this organization to delete the organization.
Plan & Billing
You can review your plan and any invoices for previous plan payments on the Plan & Billing page.
Organization owners can also upgrade to one of HCP Terraform's paid plans, downgrade to a free plan, or begin a free trial of paid features.
Tags
The Tags link in the organization settings sidebar opens the Tags Management page. You can view and manage existing tags and create new tags. Refer Create and manage reserved tag keys for more information.
Teams
Note: Team management is available in HCP Terraform Essentials, Standard, and Premium editions. Refer to HCP Terraform pricing for details.
All users in an organization can access the Teams page, which displays a list of teams within the organization. Refer to Teams overview for more information.
Organization owners and users with the Include secret teams permission enabled can perform the following actions on the Teams page:
- View all secret teams
- View each team's membership
- Manage team API tokens
Organization owners and users with the Manage teams permission enabled can perform the following actions:
- Create and manage a team
- Manage team API tokens
Organization owners and users with the Manage membership permission enabled can manage team membership.
Users must accept their organization invitations before you can add them to a team.
Users
The Users page lists active users and users who have been invited to the organization but not yet accepted their invitations. For active users, the list includes usernames, email addresses, avatar icons, two-factor authentication status, and current team memberships.
Organization owners and users with Manage membership permission enabled can perform the following actions on the Users page:
- Invite HCP Terraform users into the organization
- Cancel invitations
- Remove existing members
Use the Search by username or email field to filter these lists.
All permissions in HCP Terraform are managed through teams. Users can join an organization without belonging to any teams, but they cannot use HCP Terraform features until they belong to a team. Refer to the following topics for more information:
Variable sets
The Variable sets page shows all available sets of variable, including the variables in each set. Users with Manage variable set permissions can create variable sets and assign them to one or more projects or workspaces. Assigning a variable set to project gives lets your Stacks within that project access that variable set.
Variable sets let you reuse the same variables across multiple workspaces or projects in an organization. For example, you could define a variable set of provider credentials and automatically apply it to several projects or workspaces, rather than manually defining credential variables in each. Changes to variable sets instantly apply to all appropriate workspaces, saving time and reducing errors from manual updates.
Refer to the variables overview documentation for details about variable types, scope, and precedence. Refer to managing variables for details about how to create and manage variable sets.
Health
Note: Health assessments are available in HCP Terraform Standard and Premium editions. Refer to HCP Terraform pricing for details.
The Health page contains settings for enabling health assessments for eligible workspaces in the organization. You can enable the following settings:
- Enable for all workspaces: Enables health features for all workspaces in the organization.
- Per workspace settings: Lets workspace managers enable or disable health features for their workspaces.
HCP Terraform can perform the following types of health assessments:
- Drift detection: Determines whether your real-world infrastructure matches your Terraform configuration.
- Continuous validation: Determines whether custom conditions in the workspace’s configuration continue to pass after Terraform provisions the infrastructure.
Refer to Health in the workspaces documentation for instructions on how to use drift detection and continuous validation features.
Runs
The Runs page shows all Terraform runs with that are currently in progress, need attention, or are on hold in your organization's workspaces. Refer to the following topics for more information:
- View organization runs
- Viewing and managing runs in your workspace
To learn how to view Stack deployment runs, refer to Review deployment runs.
Cost estimation
You can toggle the Enable cost estimation for all workspaces option to enable and disable the cost estimation feature for all workspaces.
Policies
Note: HCP Terraform Free edition includes one policy set of up to five policies. In HCP Terraform Standard and Premium editions, you can connect a policy set to a version control repository or create policy set versions with the API. Refer to HCP Terraform pricing for details.
You can create and view policies on the Policies page. Policies define and enforce rules for runs in workspaces. Stacks do not support executing policies.
You can policies using either the Sentinel or Open Policy Agent (OPA) policy-as-code frameworks and then group them into policy sets that you can apply to workspaces in your organization. To create policies and policy sets, you must have permission to manage policies.
Refer to the policy enforcement documentation for more information.
Policy sets
Note: HCP Terraform Free edition includes one policy set of up to five policies. In HCP Terraform Standard and Premium editions, you can connect a policy set to a version control repository or create policy set versions with the API. Refer to HCP Terraform pricing for details.
You can create and view sets of policies in the Policy sets page. You can enforce policies in a set globally or on specific projects and workspaces. Stacks do not support executing policies.
You can create policy sets through the Terraform API, by connecting a VCS repository containing policies, or directly in HCP Terraform. To create policies and policy sets, you must have permission to manage policies.
Refer to the policy enforcement documentation for more information.
Run tasks
Note: HCP Terraform Free edition includes one run task integration that you can apply to up to ten workspaces. Refer to HCP Terraform pricing for details.
You can create and view run tasks in the Run Tasks page. Run tasks add custom logic to your workflow so that you can integrate third-party tools and services at specific stages in the HCP Terraform run lifecycle. Refer to the following topics for more information:
- Run task workspace configuration
- Set up run task integrations
Agents
Note: HCP Terraform Free edition includes one self-hosted agent. Refer to HCP Terraform pricing for details.
Create and manage HCP Terraform agent pools on the Agents page. Agents let HCP Terraform communicate with isolated, private, or on-premises infrastructure. This is useful for on-premises infrastructure types, such as vSphere, Nutanix, OpenStack, enterprise networking providers, and infrastructure within a protected enclave.
Refer to the HCP Terraform agents documentation for more information, including deploying and configuring agents.
API tokens
Create and and manage tokens that grant various levels of access throughout the organization. Refer to API Tokens for instructions.
Authentication
Organization owners can disable the Use default option for the Idle Session Timeout and Forced Re-Authentication settings and manually specify when users must reauthenticate. The default for idle sessions and re-authentication is 20160 minutes, which is 14 days.
Organization owners can also require two-factor authentication for all members of the organization.
SSH keys
Add a private SSH key on the SSH Keys page so that HCP Terraform can use the key to download modules from Git-based sources. This does not include keys to access a connected VCS provider.
You can specify the following values:
- Specify a name for a private SSH key in the Name field.
- Enter the contents of your SSH key in the Private SSH Key field.
Refer to Use SSH Keys for cloning modules for more information.
SSO
Organization owners can set up an SSO provider for the organization. For instructions and other details, refer to Configure and manage single sign-on.
VCS General
Configure general behavior when connected to version control systems in the VCS General page.
- Automatically cancel plan-only runs triggered by outdated commits: When this option is enabled, HCP Terraform automatically cancel unfinished plan-only runs in VCS workflows. Refer to Automatically cancel plan-only workspace runs for more information.
You enable one of the following options to configure how HCP Terraform reports status checks for plan-only runs triggered from VCS commits:
- Aggregated status check: HCP Terraform aggregates and reports status checks for each organization connected to version control.
- Non-aggregated status check: HCP Terraform reports a status check for each workspace connected to version control.
Events
You can review the event logs for GitLab.com connections on the VCS Events page.
VCS Providers
On the VCS Providers page, add and configure VCS providers for use in the organization. You must have permission to manage VCS settings to add and configure VCS providers.
Refer to VCS providers for more information.