HashiConf 2025 Don't miss the live stream of HashiConf Day 2 happening now View live stream
HVD Home
HVD Home

Introduction

Note

Unless specifically mentioned, concepts that apply to HCP Terraform also apply to its self-hosted version, Terraform Enterprise.

Note

Our objective in these HashiCorp Validated Designs (HVD) is to give you prescriptive guidance based on our experience partnering with hundreds of organizations who have implemented HCP Terraform. We acknowledge that our field is complex and that it is possible to implement the same solution in many permutations. No matter what choices you make, what matters most is that you are able to provision and manage cloud resources at scale and experience the business benefits and value that automated HCP Terraform workflows provide.

Note

This document gives recommendations on how to implement Terraform infrastructure-as-code (IaC) as a shared service for your organization. Different organizations call the team responsible for this task different names, including the platform team or cloud center of excellence (CCoE). Irrespective, this document helps teams responsible for owning Terraform IaC in their organization.

Terraform maturity stages

While working with our customers, we have identified common patterns of maturity, allowing us to categorize customers into three main stages: Adopt, Standardize, and Scale. Separate HVD documents cover these stages.

AdoptStandardizeScale
Infrastructure-as-code (IaC), cloud provisioning, secure variables, VCS integration/pipeline, RBAC (team collaboration), observabilityCentral registry development (policy-as-code, run tasks, modules), image management, day 2 resource management, network infrastructure managementCost management and optimization, private DC provisioning, self-service workflows, event notification, API integration

Adopt: These customers have partnered with HashiCorp in recent months and are investing in adopting IaC for their enterprise. These customers lay the groundwork for growth by embracing fundamental use cases (as listed in the preceding table) facilitated by the HCP Terraform platform.

Standardize: These customers have completed the Adopt use cases and are now prioritizing the availability of the platform as a shared service for the entire organization. At this stage of maturity, the platform team focuses on establishing guardrails by implementing policy-as-code and utilizing modules from the private registry and completing the development of an automated onboarding process for internal customers.

Scale: Once the platform is available to the wider organization and the team provisions workloads using an efficient, unified workflow, the platform team needs to address issues such as cost management, optimization, and other related use cases. These measures ensure efficient scaling of operations for the organization over time.

Prerequisites

If you are using Terraform Enterprise, this guide assumes that you have reviewed and implemented the following HVDs:

Objectives

You are implementing Terraform Enterprise to achieve your company's business and functional objectives. Realize the goals below after implementing the recommendations detailed in this guide.

Business objectives

  1. Reduce time to market: This guide assists you in establishing a robust standard workflow for provisioning, configuring, and managing the lifecycle of hybrid/multi cloud infrastructure. When implemented effectively, developers can provision infrastructure more efficiently, reducing the time it takes for your organization to introduce new products and features to the market.
  2. Mitigate risk: By securing Terraform state, protecting cloud credentials, and implementing RBAC (role-based access control), risk associated with your infrastructure will reduce.
  3. Consistent compliance: Through policy-as-code, organizations achieve compliant infrastructure, automate audit, address asset lineage concerns, manage against cost expectations, and respond proactively to regulatory change.
  4. Improve skills and retention: Through infrastructure as code reuse, organizations reduce the cognitive load associated with onboarding new talent and retain that talent longer by improving productivity for team members.
  5. Optimize cloud cost: By implementing a central shared service for provisioning, you are more able to optimize cloud spend and costs. Standardize and enforcing best practices on visibility into deployments across the organization to enhance this. This guide is a necessary prerequisite towards this goal.

Functional objectives

  1. Adopt a mature golden workflow for infrastructure provisioning.
  2. Enhance security posture.
  3. Improve traceability of actions and ensure audit readiness.

Onboarding/adoption checklist

It is critical to the success of the scale out of your Terraform Enterprise service to operate an automated, end-to-end onboarding process. Having manual tasks required in the onboarding process limits scale-out efficacy and corresponding return on investment.

The time it takes to complete the initial phase varies depending on the complexity of your organization and the level of executive alignment. However, we have found that using HashiCorp Professional Services or partner-provided services accelerates the process.

Project checklist

  1. Identify key people from the platform team own and operate Terraform. In your organization, the platform team may own the architecture but the day-to-day operations may rely on a production services/support team who have 24/7 staffing arrangements. Both teams are stakeholders in the project from the outset.
  2. Identify key executives sponsoring this project.
  3. Establish regular cadences with the HashiCorp account team and participate in quarterly business reviews with sponsoring executives.
  4. Enablement plan:
    • Platform team enablement plan: We recommend that key platform team members attend HashiCorp Academy training. This training also enables the platform team to be able to train trainers for the organization.
    • Application team enablement plan: The platform team can train application teams or they can attend free hands-on workshops offered by HashiCorp solution engineers and architects.
  5. Business unit onboarding schedule: Create a schedule for onboarding business units and application teams. We recommend for the "adopt" phase that you start with one or a handful of business units. (see note below)
  6. Establish key milestones to track progress. We recommend the following key milestones:
    • HCP Terraform onboarding.
    • Platform team enablement.
    • Application team early adopter enablement.
    • Application team early adopter onboarding.

Tip

On onboarding business units/application teams

HashiCorp recommends that you base the initial business unit/application team onboarding schedule on a representative set of early adopter teams with one or more of the following characteristics:

  • A high incentive to use infrastructure as code to achieve their goals.
  • Have a DevOps skill set.

Those characteristics increase the chances of success.

Start with about five teams in the first set, working with them from development to UAT. Then, aim to introduce a second set of about twenty teams into development. This second set would benefit from the feedback the more experienced first set provides as part of pipeline refinement. Try to focus on teams who have a significant DevOps capability in during this period to enable minimal collaboration for speed.

As the first set reaches production and the second set has reached UAT, aim to introduce a third set of about 50-100 application teams into development depending on targets, availability and executive mandate, benefiting from the further refinement brought through feedback and collaboration with the first and second sets of teams. Through working with this third set, increased scale is both visible and demonstrable to senior management, making project success highly likely and standardization, efficiency gains and cost savings visible.

Onboarding checklist

  1. Establish core integrations:
    1. VCS
    2. SSO/IdP
    3. HCP Terraform agents (optional)
    4. System logs and metrics (for Terraform Enterprise)
    5. HCP Terraform agent logs and metrics (optional)
    6. Audit logs
  2. Establish a workflow to onboard application teams to HCP Terraform/Enterprise:
    • Workflow vending
    • Cloud credentials for Terraform
  3. Test of initial end-to-end command line-driven run.
  4. Test of end-to-end VCS-driven run.
  5. Test SSO for the platform team and application teams.
  6. Initial discussions with first set of early adopter teams regarding user onboarding experience and updates to the project backlog with next step improvements

Adoption checklist

  1. Determine the consumption model most suited for your organization.
  2. Establish a GitOps-based workflow for application teams. Map this to your existing organizational git repository standards.
  3. Branching strategy: Decide on the branching strategy for managing environments.
  4. Complete an adoption maturity assessment with a HashiCorp solution architect.

Note

We strongly recommend scheduling time with a HashiCorp solution architect after license acquisition so as to provide key architectural and integration advice for the project. Schedule further time after about three months to ensure transition architecture and associated migration plans are still clear and not blocked. We also recommend regular cadence with your HashiCorp solution engineer throughout the project and into production to ensure business value continues to grow.

Next

People and process