»Terraform Cloud Plans and Features
Terraform Cloud is a platform that performs Terraform runs to provision infrastructure, either on demand or in response to various events. Unlike a general-purpose continuous integration (CI) system, it is deeply integrated with Terraform's workflows and data, which allows it to make Terraform significantly more convenient and powerful.
Hands On: Try our What is Terraform Cloud - Intro and Sign Up tutorial on HashiCorp Learn.
»Free and Paid Plans
Terraform Cloud is a commercial SaaS product developed by HashiCorp. Many of its features are free for small teams, including remote state storage, remote runs, and VCS connections. We also offer paid plans for larger teams that include additional collaboration and governance features.
Terraform Cloud manages plans and billing at the organization level. Each Terraform Cloud user can belong to multiple organizations, which might subscribe to different billing plans. The set of features available depends on which organization you are currently working in.
Refer to Terraform pricing for details about available plans and their features.
Small teams can use most of Terraform Cloud's features for free, including remote Terraform execution, VCS integration, the private module registry, and more.
Free organizations are limited to five active members.
Some of Terraform Cloud's features are limited to particular paid upgrade plans.
Each higher paid upgrade plan is a strict superset of any lower plans — for example, the Team & Governance plan includes all of the features of the Team plan. Paid feature callouts in the documentation indicate the lowest tier at which the feature is available, but any higher plans also include that feature.
Terraform Enterprise generally includes all of Terraform Cloud's paid features, plus additional features geared toward large enterprises. However, some features are implemented differently due to the differences between self-hosted and SaaS environments, and some features might be absent due to being impractical or irrelevant in the types of organizations that need Terraform Enterprise. Cloud-only or Enterprise-only features are clearly indicated in documentation.
»Changing Your Payment Plan
Organization owners can manage an organization's billing plan. The plan and billing settings include an integrated storefront, and you can subscribe to paid plans with a credit card.
To change an organization's plan:
- Click Settings in the navigation bar.
- Click Plan and billing. The Plan and Billing page appears showing your current plan and any available invoices.
- Click Change plan.
- Select a plan, enter your billing information, and click Update plan.
Terraform Cloud runs Terraform CLI to provision infrastructure.
In its default state, Terraform CLI uses a local workflow, performing operations on the workstation where it is invoked and storing state in a local directory.
Since teams must share responsibilities and awareness to avoid single points of failure, working with Terraform in a team requires a remote workflow. At minimum, state must be shared; ideally, Terraform should execute in a consistent remote environment.
Terraform Cloud offers a team-oriented remote Terraform workflow, designed to be comfortable for existing Terraform users and easily learned by new users. The foundations of this workflow are remote Terraform execution, a workspace-based organizational model, version control integration, command-line integration, remote state management with cross-workspace data sharing, and a private Terraform module registry.
»Remote Terraform Execution
Terraform Cloud runs Terraform on disposable virtual machines in its own cloud infrastructure by default. You can leverage Terraform Cloud Agents to run Terraform on your own isolated, private, or on-premises infrastructure. Remote Terraform execution is sometimes referred to as "remote operations."
Remote execution helps provide consistency and visibility for critical provisioning operations. It also enables powerful features like Sentinel policy enforcement, cost estimation, notifications, version control integration, and more.
- More info: Terraform Runs and Remote Operations
»Support for Local Execution
Remote execution can be disabled on specific workspaces with the "Execution Mode" setting. The workspace will still host remote state, and Terraform CLI can use that state for local runs via the Terraform Cloud CLI integration.
»Workspaces for Organizing Infrastructure
Terraform's local workflow manages a collection of infrastructure with a persistent working directory, which contains configuration, state data, and variables. Practitioners can use separate directories to organize infrastructure resources into meaningful groups, and Terraform will use content from whichever directory it is invoked from.
Terraform Cloud organizes infrastructure with workspaces instead of directories. Each workspace contains everything necessary to manage a given collection of infrastructure, and Terraform uses that content whenever it executes in the context of that workspace.
- More info: Workspaces
»Remote State Management, Data Sharing, and Run Triggers
Terraform Cloud acts as a remote backend for your Terraform state. State storage is tied to workspaces, which helps keep state associated with the configuration that created it.
Terraform Cloud also enables you to share information between workspaces with root-level outputs. Separate groups of infrastructure resources often need to share a small amount of information, and workspace outputs are an ideal interface for these dependencies.
Workspaces that use remote operations can use
terraform_remote_state data sources to access other workspaces' outputs, subject to per-workspace access controls. And since new information from one workspace might change the desired infrastructure state in another, you can create workspace-to-workspace run triggers to ensure downstream workspaces react when their dependencies change.
»Version Control Integration
Like other kinds of code, infrastructure-as-code belongs in version control, so Terraform Cloud is designed to work directly with your version control system (VCS) provider.
Each workspace can be linked to a VCS repository that contains its Terraform configuration, optionally specifying a branch and subdirectory. Terraform Cloud automatically retrieves configuration content from the repository, and will also watch the repository for changes:
- When new commits are merged, linked workspaces automatically run Terraform plans with the new code.
- When pull requests are opened, linked workspaces run speculative plans with the proposed code changes and post the results as a pull request check; reviewers can see at a glance whether the plan was successful, and can click through to view the proposed changes in detail.
VCS integration is powerful, but optional; if you use an unsupported VCS or want to preserve an existing validation and deployment pipeline, you can use the API or Terraform CLI to upload new configuration versions. You'll still get the benefits of remote execution and Terraform Cloud's other features.
»Command Line Integration
Remote execution offers major benefits to a team, but local execution offers major benefits to individual developers; for example, most Terraform users run
terraform plan to interactively check their work while editing configurations.
Terraform Cloud offers the best of both worlds, allowing you to run remote plans from your local command line. Configure the Terraform Cloud CLI integration, and the
terraform plan command will start a remote run in the configured Terraform Cloud workspace. The output of the run streams directly to your terminal, and you can also share a link to the remote run with your teammates.
Remote CLI-driven runs use the current working directory's Terraform configuration and the remote workspace's variables, so you don't need to obtain production cloud credentials just to preview a configuration change.
The Terraform Cloud CLI integration also supports state manipulation commands like
terraform import or
Note: When used with Terraform Cloud, the
terraform plan command runs speculative plans, which preview changes without modifying real infrastructure. You can also use
terraform apply to perform full remote runs, but only with workspaces that are not connected to a VCS repository. This helps ensure that your VCS remains the source of record for all real infrastructure changes.
- More info: CLI-driven Runs
Even small teams can benefit greatly by codifying commonly used infrastructure patterns into reusable modules.
Terraform can fetch providers and modules from many sources. Terraform Cloud makes it easier to find providers and modules to use with a private registry. Users throughout your organization can browse a directory of internal providers and modules, and can specify flexible version constraints for the modules they use in their configurations. Easy versioning lets downstream teams use private modules with confidence, and frees upstream teams to iterate faster.
The private registry uses your VCS as the source of truth, relying on Git tags to manage module versions. Tell Terraform Cloud which repositories contain modules, and the registry handles the rest.
- More info: Private Registry
In addition to providing powerful extensions to the core Terraform workflow, Terraform Cloud makes it simple to integrate infrastructure provisioning with your business's other systems.
Nearly all of Terraform Cloud's features are available in its API, which means other services can create or configure workspaces, upload configurations, start Terraform runs, and more. There's even a Terraform provider based on the API, so you can manage your Terraform Cloud teams and workspaces as a Terraform configuration.
- More info: API
Terraform Cloud can send notifications about Terraform runs to other systems, including Slack and any other service that accepts webhooks. Notifications can be configured per-workspace.
- More info: Notifications
Run Tasks allow Terraform Cloud to execute tasks in external systems at specific points in the Terraform Cloud run lifecycle.
- More info: Run Tasks
»Access Control and Governance
Larger organizations are more complex, and tend to use access controls and explicit policies to help manage that complexity. Terraform Cloud's paid upgrade plans provide extra features to help meet the control and governance needs of large organizations.
- More info: Free and Paid Plans
»Team-Based Permissions System
With Terraform Cloud's team management, you can define groups of users that match your organization's real-world teams and assign them only the permissions they need. When combined with the access controls your VCS provider already offers for code, workspace permissions are an effective way to follow the principle of least privilege.
- More info: Users, Teams, and Organizations
Terraform Cloud embeds the Sentinel policy-as-code framework, which lets you define and enforce granular policies for how your organization provisions infrastructure. You can limit the size of compute VMs, confine major updates to defined maintenance windows, and much more.
Policies can act as firm requirements, advisory warnings, or soft requirements that can be bypassed with explicit approval from your compliance team.
- More info: Sentinel Policies
Before making changes to infrastructure in the major cloud providers, Terraform Cloud can display an estimate of its total cost, as well as any change in cost caused by the proposed updates. Cost estimates can also be used in Sentinel policies to provide warnings for major price shifts.
- More info: Cost Estimation