Terraform adds granular permissions to manage agent pools

Today we’d like to share our latest improvement to HashiCorp Terraform’s permissions management capabilities: granular permissions to manage agent pools. Now available in HCP Terraform and coming soon to Terraform Enterprise, this addition lets users delegate permissions for agent pool management at the organization level.

HCP Terraform agents let Terraform manage isolated, private, or on-premises infrastructure securely, without needing intricate networking configurations. HCP Terraform organizes agents into pools, and users can designate which agent pool handles the workloads for specific workspaces.

Previously in HCP Terraform and Terraform Enterprise, managing agent pools could be cumbersome for organization owners, since this functionality was restricted to the owner permission level. Owners needed to review and approve frequent permission requests or elevate other users to the organizational owner team, granting full platform access to users who potentially should not hold such permissions, which could introduce security risks.

»Introducing granular permissions to manage agent pools

Similar to the new manage teams capability added to Terraform in April, the new manage agent pools permission streamlines and secures privilege management efforts by letting organization owners delegate the ability to manage agent pools to individual teams. This enhancement alleviates the bottleneck of relying solely on the owner to manage agent pools, as approved team members can create, update, and delete agent pools without having organization owner membership. Agent pool automation workflows like the HCP Terraform Operator for Kubernetes also benefit from these new permissions capabilities as a key function is managing agent pools within a Kubernetes cluster. Now, users can specifically scope permissions for the agent pool rather than requiring owner-level access and developers are no longer required to handle the highly privileged organization API token, which was risky.

You can now check the Manage agent pool checkbox under the Organization Access section of the team’s Organization Settings page and configure permissions to meet your organizational requirements.

»Getting started

This feature is now available in HCP Terraform and coming soon to Terraform Enterprise. Please refer to Terraform’s permissions documentation for details on getting started.

If you are new to Terraform, you can get started with HashiCorp-managed HCP Terraform for free to begin provisioning and managing your infrastructure in any environment. And don’t forget to link your HCP Terraform and HashiCorp Cloud Platform (HCP) accounts for a seamless sign-in experience.