Introduction
This article is for users who have blocked github.com from their Terraform Cloud/Enterprise Agents or Terraform Enterprise servers and are unable to download custom or community providers.
Options
In an environment where Terraform is unable to reach out to download public providers due to a block on GitHub access, users can follow the options below to use those providers:
Option 1: Include the Binary in Configuration
This option works for both Terraform Cloud and Enterprise.
Users can include the binary in their configuration at terraform.d/plugins/linux_amd64/<PLUGIN NAME> as a relative path from the root of the working directory. Alternatively, users can use a git submodule for the binary. Details on configuring a git submodule can be found in this article. This option allows users to use custom and community providers with Terraform.
Option 2: Use the terraform-bundle Tool
This option works for Terraform Enterprise only.
The terraform-bundle tool can be used to create a custom Terraform bundle that includes the Terraform binary and required providers. The custom Terraform version can then be uploaded to the TFE instance and configured to be used for the workspace. This option is particularly useful for airgap installations. For information on the terraform-bundle tool, refer to this article.
Option 3: Configure a Provider Mirror
This option works for both Terraform Cloud and Enterprise.
A provider mirror can be configured, which is accessible by the agents and/or Terraform Enterprise servers. Users of Terraform Enterprise can configure a custom worker image with a CLI configuration that references that mirror. Details on creating a provider network mirror can be found in this article. The terraform providers mirror command can be used to copy all active providers to the appropriate directory tree. Serving the directory with SSL will allow any Terraform run with a network_mirror section in their Terraform configuration file to search the mirror instead of the public registry.
Option 4: Use the Terraform Cloud/Enterprise Private Registry
This option works for both Terraform Cloud and Enterprise.
Lastly, users can use the Terraform Cloud/Enterprise private registry. Users would need to upload the build artifacts manually via the API and reference the custom providers in the workspace configuration. Details on publishing providers to the private registry can be found in this article. This option provides an easy way to use custom providers without the need to manually include the binary in the configuration or use the terraform-bundle tool.
Additional Information
For more information on using custom and community providers in Terraform Cloud and Enterprise, refer to this documentation and this article.