Using Terraform Cloud and Version Control Systems
HashiCorp Terraform provides practitioners a simple way to define and manage their infrastructure as code, as part of a broader application or infrastructure pipeline, or via automated processes. This model has helped many of you improve repeatability, reduce failures, and increase provisioning speed. But, as all of these code objects are created and need to be managed, one capability of Terraform Cloud that’s often overlooked is its native integration with many popular Version Control Systems (VCS).
It’s always been HashiCorp’s position that the best way to provision infrastructure is to store your infrastructure as code (IaC) configuration files in a VCS repository and use Terraform to create resources based on them. This process typically has three steps:
- Write infrastructure as code
- Manage configuration files in VCS
- Automate infrastructure provisioning
» Why Version Control System Integration?
Terraform Cloud can integrate directly to popular on-premises and SaaS distributions of GitHub, GitLab, Atlassian BitBucket, and Azure DevOps. This integration provides a streamlined and seamless workflow for practitioners to store and manage their code directly in the VCS of their choice, while bringing a new level of automated functionality to their process.
Linking your Terraform Cloud workspace to a VCS repository automatically establishes a connection which notifies Terraform Cloud of any commits, pull requests, and merges to your repository. This notification can invoke automated plans that show you the potential impact of your changes, or can even begin a deployment to ensure that your running infrastructure always represents the most current declared state of your code.
Once you’ve established the integration between your Terraform Cloud workspace and your VCS repository, Terraform will be notified any time the repository sees committed code, and will automatically produce a speculative plan. These speculative plans present as integrated checks, let you see at a glance exactly what will happen if you merge the request, as well as what, if any, policy violations may have occurred. All this without any risk to your existing infrastructure!
![](https://www.datocms-assets.com/2885/1580162705-vcs-commit-pr-checks.png)
Here you can see a simple pull request into a GitHub repository containing Terraform configurations. Because this repo is linked to the `tfe-demo-app` workspace in Terraform Cloud, the speculative plan and Sentinel policy checks were automatically run, and the results returned directly to the PR. Both passed, so there’s not much reason to dig deeper—but you always can if the situation calls for it.
![](https://www.datocms-assets.com/2885/1580162686-tfc-pr-plan.png)
Clicking on the **Details** link in the check will bring you directly into your Terraform Cloud workspace, where you can see the details of your plan; including any changes to provisioned resources, estimated cost changes should the plan be applied, policy violations, and more.
For a video of this in action, see our previous blog post highlighting the integration between Terraform Cloud and Azure DevOps.
» Getting Started
To get started, sign up for a free Terraform Cloud account. Or to learn more, head over to our documentation for details on how to link your specific VCS provider, or visit the HashiCorp Learn platform and see Terraform in action today!
Sign up for the latest HashiCorp news
More blog posts like this one
Fix the developers vs. security conflict by shifting further left
Resolve the friction between dev and security teams with platform-led workflows that make cloud security seamless and scalable.
HashiCorp at AWS re:Invent: Your blueprint to cloud success
If you’re attending AWS re:Invent in Las Vegas, Dec. 2 - Dec. 6th, visit us for breakout sessions, expert talks, and product demos to learn how to take a unified approach to Infrastructure and Security Lifecycle Management.
Speed up app delivery with automated cancellation of plan-only Terraform runs
Automatic cancellation of plan-only runs allows customers to easily cancel any unfinished runs for outdated commits to speed up application delivery.