Terraform adds granular permissions to manage agent pools
HCP Terraform and Terraform Enterprise eliminate the need to rely on owner permissions to manage agent pools, streamlining permissions workflows and reducing risk.
Today we’d like to share our latest improvement to HashiCorp Terraform’s permissions management capabilities: granular permissions to manage agent pools. Now available in HCP Terraform and coming soon to Terraform Enterprise, this addition lets users delegate permissions for agent pool management at the organization level.
HCP Terraform agents let Terraform manage isolated, private, or on-premises infrastructure securely, without needing intricate networking configurations. HCP Terraform organizes agents into pools, and users can designate which agent pool handles the workloads for specific workspaces.
Previously in HCP Terraform and Terraform Enterprise, managing agent pools could be cumbersome for organization owners, since this functionality was restricted to the owner permission level. Owners needed to review and approve frequent permission requests or elevate other users to the organizational owner team, granting full platform access to users who potentially should not hold such permissions, which could introduce security risks.
»Introducing granular permissions to manage agent pools
Similar to the new manage teams capability added to Terraform in April, the new manage agent pools permission streamlines and secures privilege management efforts by letting organization owners delegate the ability to manage agent pools to individual teams. This enhancement alleviates the bottleneck of relying solely on the owner to manage agent pools, as approved team members can create, update, and delete agent pools without having organization owner membership. Agent pool automation workflows like the HCP Terraform Operator for Kubernetes also benefit from these new permissions capabilities as a key function is managing agent pools within a Kubernetes cluster. Now, users can specifically scope permissions for the agent pool rather than requiring owner-level access and developers are no longer required to handle the highly privileged organization API token, which was risky.
You can now check the Manage agent pool checkbox under the Organization Access section of the team’s Organization Settings page and configure permissions to meet your organizational requirements.
Grant team permissions to create, update, and delete agent pools.
»Getting started
This feature is now available in HCP Terraform and coming soon to Terraform Enterprise. Please refer to Terraform’s permissions documentation for details on getting started.
If you are new to Terraform, you can get started with HashiCorp-managed HCP Terraform for free to begin provisioning and managing your infrastructure in any environment. And don’t forget to link your HCP Terraform and HashiCorp Cloud Platform (HCP) accounts for a seamless sign-in experience.
Sign up for the latest HashiCorp news
More blog posts like this one
Fix the developers vs. security conflict by shifting further left
Resolve the friction between dev and security teams with platform-led workflows that make cloud security seamless and scalable.
HashiCorp at AWS re:Invent: Your blueprint to cloud success
If you’re attending AWS re:Invent in Las Vegas, Dec. 2 - Dec. 6th, visit us for breakout sessions, expert talks, and product demos to learn how to take a unified approach to Infrastructure and Security Lifecycle Management.
Speed up app delivery with automated cancellation of plan-only Terraform runs
Automatic cancellation of plan-only runs allows customers to easily cancel any unfinished runs for outdated commits to speed up application delivery.