• Overview
    • Enforce Policy as Code
    • Infrastructure as Code
    • Inject Secrets into Terraform
    • Integrate with Existing Workflows
    • Manage Kubernetes
    • Manage Virtual Machine Images
    • Multi-Cloud Deployment
    • Network Infrastructure Automation
    • Terraform CLI
    • Terraform Cloud
    • Terraform Enterprise
  • Registry
  • Tutorials
    • About the Docs
    • Intro to Terraform
    • Configuration Language
    • Terraform CLI
    • Terraform Cloud
    • Terraform Enterprise
    • Provider Use
    • Plugin Development
    • Registry Publishing
    • Integration Program
    • Terraform Tools
    • CDK for Terraform
    • Glossary
  • Community
GitHubTerraform Cloud
Download

    Terraform Cloud and Enterprise

  • Overview
  • Plans and Features
  • Getting Started
    • API Docs template
    • Overview
    • Account
    • Agent Pools
    • Agent Tokens
    • Applies
    • Audit Trails
    • Comments
    • Configuration Versions
    • Cost Estimates
    • Feature Sets
    • Invoices
    • IP Ranges
    • Notification Configurations
    • OAuth Clients
    • OAuth Tokens
    • Organizations
    • Organization Memberships
    • Organization Tags
    • Organization Tokens
    • Plan Exports
    • Plans
    • Policies
    • Policy Checks
    • Policy Sets
    • Policy Set Parameters
      • Modules
      • Providers
      • Private Provider Versions and Platforms
      • GPG Keys
    • Runs
      • Run Tasks
      • Stages and Results
      • Custom Integration
    • Run Triggers
    • SSH Keys
    • State Versions
    • State Version Outputs
    • Subscriptions
    • Team Access
    • Team Membership
    • Team Tokens
    • Teams
    • User Tokens
    • Users
    • Variables
    • VCS Events
    • Workspaces
    • Workspace-Specific Variables
    • Workspace Resources
    • Variable Sets
      • Overview
      • Module Sharing
      • Organizations
      • Runs
      • Settings
      • Terraform Versions
      • Users
      • Workspaces
    • Changelog
    • Stability Policy
    • Overview
    • Creating Workspaces
    • Naming
    • Terraform Configurations
      • Overview
      • Managing Variables
      • Overview
      • VCS Connections
      • Access
      • Drift Detection
      • Notifications
      • SSH Keys for Modules
      • Run Triggers
      • Run Tasks
    • Terraform State
    • JSON Filtering
    • Remote Operations
    • Viewing and Managing Runs
    • Run States and Stages
    • Run Modes and Options
    • UI/VCS-driven Runs
    • API-driven Runs
    • CLI-driven Runs
    • The Run Environment
    • Installing Software
    • Users
    • Teams
    • Organizations
    • Permissions
    • Two-factor Authentication
    • API Tokens
      • Overview
      • Microsoft Azure AD
      • Okta
      • SAML
      • Linking a User Account
      • Testing
    • Overview
    • GitHub.com
    • GitHub.com (OAuth)
    • GitHub Enterprise
    • GitLab.com
    • GitLab EE and CE
    • Bitbucket Cloud
    • Bitbucket Server and Data Center
    • Azure DevOps Services
    • Azure DevOps Server
    • Troubleshooting
    • Overview
    • Adding Public Providers and Modules
    • Publishing Private Providers
    • Publishing Private Modules
    • Using Providers and Modules
    • Configuration Designer
  • Migrating to Terraform Cloud
    • Overview
    • Using Sentinel with Terraform 0.12
    • Manage Policies
    • Enforce and Override Policies
    • Mocking Terraform Sentinel Data
    • Working With JSON Result Data
      • Overview
      • tfconfig
      • tfconfig/v2
      • tfplan
      • tfplan/v2
      • tfstate
      • tfstate/v2
      • tfrun
    • Example Policies
    • Overview
    • AWS
    • GCP
    • Azure
      • Overview
      • Service Catalog
      • Admin Guide
      • Developer Reference
      • Example Customizations
      • V1 Setup Instructions
    • Splunk Integration
    • Kubernetes Integration
    • Run Tasks Integration
    • Overview
    • IP Ranges
    • Data Security
    • Security Model
    • Overview
    • Part 1: Overview of Our Recommended Workflow
    • Part 2: Evaluating Your Current Provisioning Practices
    • Part 3: How to Evolve Your Provisioning Practices
    • Part 3.1: From Manual Changes to Semi-Automation
    • Part 3.2: From Semi-Automation to Infrastructure as Code
    • Part 3.3: From Infrastructure as Code to Collaborative Infrastructure as Code
    • Part 3.4: Advanced Workflow Improvements

  • Terraform Cloud Agents

  • Terraform Enterprise Admin

  • Other Docs

  • Intro to Terraform
  • Configuration Language
  • Terraform CLI
  • Terraform Cloud
  • Terraform Enterprise
  • Provider Use
  • Plugin Development
  • Registry Publishing
  • Integration Program
  • Terraform Tools
  • CDK for Terraform
  • Glossary
Type '/' to Search

»Notifications

Terraform Cloud can use webhooks to notify external systems about drift detection and run progress. Each workspace has its own notification settings and can notify up to 20 destinations.

Configuring notifications requires admin access to the workspace. Refer to Permissions for details.

API: Refer to Notification Configuration APIs.

»Viewing and Managing Notification Settings

To add, edit, or delete notifications for a workspace, go to the workspace and click Settings > Notifications. The Notifications page appears, showing existing notification configurations.

»Creating a Notification Configuration

A notification configuration specifies a destination URL, a payload type, and the events that should generate a notification. To create a notification configuration:

  1. Click Settings > Notifications. The Notifications page appears.

  2. Click Create a Notification. The Create a Notification form appears.

  3. Configure the notifications:

    • Destination: Terraform Cloud can deliver either a generic payload or a payload formatted specifically for Slack, Microsoft Teams, or Email. Refer to Notification Payloads for details.

    • Name: A display name for this notification configuration.

    • Webhook URL This is only available for generic, Slack, and Microsoft Teams webhooks. The webhook URL is the destination for the webhook payload. This URL must accept HTTP or HTTPS POST requests and should be able to use the chosen payload type. For details, refer to the Slack documentation - Create an Incoming Webhook and the Microsoft Teams documentation - Create an Incoming Webhook.

    • Token (Optional) This is only available for generic webhooks. A token is an arbitrary secret string that Terraform Cloud will use to sign its notification webhooks. Refer to Notification Authenticity for details. The token is encrypted for storage, so you cannot view it after saving the notification configuration.

    • Email Recipients This is only available for emails. Select users that should receive notifications.

    • Workspace Events: Terraform Cloud can send notifications for all events or only for specific events. The following events are available:

      • Drift: Terraform Cloud detected configuration drift. This notification is only available if drift detection is enabled for the workspace.
      • Drift Check Fail: A drift detection assessment failed. This notification is only available if drift detection is enabled for the workspace.
    • Run Events: Terraform Cloud can send notifications for all events or only for specific events. The following events are available:

      • Created: A run is created and enters the Pending stage.
      • Planning: A run acquires the lock and starts to execute.
      • Needs Attention: A plan has changes and Terraform requires user input to continue. This may include approving the plan or a policy override.
      • Applying: A run enters the Apply stage, where Terraform makes the infrastructure changes described in the plan.
      • Completed: A run has completed successfully.
      • Errored: A run has terminated early due to error or cancellation.
  4. Click Create a notification.

»Enabling and Verifying a Configuration

To enable or disable a configuration, toggle the Enabled/Disabled switch on its detail page. Terraform Cloud will attempt to verify the configuration for generic and slack webhooks by sending a test message, and will enable the notification configuration if the test succeeds.

For a verification to be successful, the destination must respond with a 2xx HTTP code. If verification fails, Terraform Cloud displays the error message and the configuration will remain disabled.

For both successful and unsuccessful verifications, click the Last Response box to view more information about the verification results. You can also send additional test messages with the Send a Test link.

»Notification Payloads

»Slack

Notifications to Slack will contain the following information:

  • The run's workspace (as a link)
  • The Terraform Cloud username and avatar of the person that created the run
  • The run ID (as a link)
  • The reason the run was queued (usually a commit message or a custom message)
  • The time the run was created
  • The event that triggered the notification and the time that event occurred

»Microsoft Teams

Notifications to Microsoft Teams contain the following information:

  • The run's workspace (as a link)
  • The Terraform Cloud username and avatar of the person that created the run
  • The run ID
  • A link to view the run
  • The reason the run was queued (usually a commit message or a custom message)
  • The time the run was created
  • The event that triggered the notification and the time that event occurred

Note: Microsoft Teams notifications are available in Terraform Enterprise v202206-1 and later.

»Email

Email notifications will contain the following information:

  • The run's workspace (as a link)
  • The run ID (as a link)
  • The event that triggered the notification, and if the run needs to be acted upon or not

»Generic

A generic notification will contain information about a run and its state at the time the triggering event occurred. The complete generic notification payload is described in the API documentation.

Some of the values in the payload can be used to retrieve additional information through the API, such as:

  • The run ID
  • The workspace ID
  • The organization name

»Notification Authenticity

Slack notifications use Slack's own protocols for verifying Terraform Cloud's webhook requests.

Generic notifications can include a signature for verifying the request. For notification configurations that include a secret token, Terraform Cloud's webhook requests will include an X-TFE-Notification-Signature header, which contains an HMAC signature computed from the token using the SHA-512 digest algorithm. The receiving service is responsible for validating the signature. More information, as well as an example of how to validate the signature, can be found in the API documentation.

github logoEdit this page
  • Overview
  • Docs
  • Extend
  • Privacy
  • Security
  • Press Kit
  • Consent Manager