HashiConf 2025 Don't miss the live stream of HashiConf Day 2 happening now View live stream
HVD Home
HVD Home

Personnel and access

This section defines the roles required from the participants, and includes authority and access needs to the working environment.

Personnel

Focusing on the deployment activity alone, we recommend enlisting a project leader and a cloud administration team. A project leader coordinates events, facilitates resources and assigns duties to the Cloud Administration Team. Members of the Cloud Administration Team carry out functional tasks to install Terraform Enterprise. For cloud administrators, we make assumptions about general knowledge of the following items.

  • Cloud architecture and administration
  • Administration-level experience with Linux
  • Practical knowledge of Docker
  • Practical knowledge of Terraform

In addition, we strongly recommend requesting assistance from a security operations team. The emphasis is on integrating formal security controls required for services hosted in your preferred cloud environment. It is also essential to specify a role for the production services team who take over the deployment when the project goes live.

Access

  • The installation team requires direct access (including administrator) to the following components to install and configure Terraform Enterprise.
    • Compute/storage instances
    • Network objects such as firewall rules, load balancers
    • Certificates: TLS certificate material
    • Identity such as AWS IAM, GCP Cloud Identity, or AAD
    • Secrets management and associated key management services: AWS Secrets Manager, AWS KMS, GCP Secret Manager, GCP Cloud Key Management, Azure KeyVault, VMware vSphere Native Key Provider
  • License File: To deploy Terraform Enterprise you must obtain a license from HashiCorp.
  • Certificate authority:
    • Terraform Enterprise requires a TLS certificate and private key on each node. This certificate must match the Terraform Enterprise hostname, either using the FQDN or being a wildcard certificate.
    • Sign the certificate with a public or private CA.
    • The key and X.509 TLS certificate must be PEM encoded. Terraform Enterprise validates the certificate to ensure it uses a Subject Alternative Name (SAN) for Domain Names (DN) entries and not just a Common Name (CN) entry.
  • DNS: Ensure that a DNS record exists for Terraform Enterprise which matches the SAN in the certificate.
Previous

Architecture

 Next

Deployment (VM + container)