HCP Terraform - HashiCorp Cloud Platform (Terraform Cloud)
HCP Terraform, also known as Terraform Cloud, is a managed service offered by HashiCorp that facilitates collaborative Terraform usage, allowing teams to plan, apply, and manage infrastructure as code in a centralized and secure manner. It is designed to simplify infrastructure workflow, automating repetitive tasks, ensuring access control, and providing visibility on infrastructure changes.
Key features:
- Remote Execution: Allows plans (terraform plan) and applies (terraform apply) to be executed on HashiCorp servers, eliminating the need to run these commands locally.
- State Management: Stores the infrastructure's remote state securely, with automatic backups and state locking to prevent concurrency issues in executions.
- If you already have some experience with Terraform, you know it's necessary to store state files remotely so everyone has access with proper control. For example, in AWS we typically use S3 for storage and DynamoDB for locking to prevent race conditions.
- Repository Integration: Connects to Git repositories to detect code changes and automatically execute plans on Pull Requests, helping to bring the GitOps concept.
- Access Control (RBAC): Defines detailed permissions for different users and teams, ensuring security and compliance. Helps reduce the use of cloud roles.
- Workspaces: Organizes multiple states and configurations in separate environments, such as development, staging, and production.
- Manual Approvals: Allows changes to be reviewed and approved before being applied to the infrastructure.
- Notifications and Logs: Offers centralized logs and integration with tools like Slack and Microsoft Teams for real-time alerts.
- High service availability.
- Secure variable and secret sharing: Allows secure sharing of variables and secrets between team members, without the need to expose them in unencrypted text or use cloud resources for key management.
- Can be integrated with HashiCorp Vault for secure credential and secret management. This provides an additional layer of security for your infrastructure.
- Cost Estimation: Analyzes your Terraform code (.tf files) and, based on the resources you're declaring, calculates an estimate of how much these resources will cost in the cloud. HCP Terraform queries pricing information from cloud providers (AWS, Azure, GCP, etc.) to get resource prices. It also shows a Cost Delta which is the difference between the current cost of your infrastructure and the estimated cost after the changes you're planning to apply.
There is another tool called Atlantis which is open source.
When to use each one?
| Feature | Atlantis | HCP Terraform |
|---|---|---|
| Model | Open source, self-hosted | SaaS (Software as a Service) managed |
| Management | You manage the infrastructure | Managed by HashiCorp |
| Costs | Infrastructure costs for hosting | HashiCorp pricing plan |
| State management | Requires external configuration (S3, Azure Storage) | Centralized integrated management |
| Collaboration | Simpler, based on configured workflows | Advanced features like workspaces and access control |
| Execution | Local (on infrastructure where Atlantis runs) | Remote (on HCP Terraform infrastructure) |
| Customization | High, with atlantis.yaml | Configuration via web interface and some customization options |
| Scalability | Depends on your infrastructure | Highly scalable |
| Security | You are responsible for security | Security managed by HashiCorp |
| Additional features | Limited | Cost Estimation, Sentinel, private modules, etc. |
Atlantis: Ideal for teams that need a high degree of customization, control over the execution environment, and prefer an open-source solution.
HCP Terraform: Ideal for teams seeking a ready-to-use solution with advanced collaboration features, centralized state management, automation, and security. Good for teams that want to minimize operational overhead and focus on infrastructure development.
Create a free account to start using.