Commonly the Terraform IP addresses are used to whitelist connections to Terraform services so they can be accessed as needed from behind a restricted network. However, in some cases, you may want to access the HCP Terraform UI from a restricted network and find the UI doesn't load properly. Typically it will be a blank page after login with few UI elements loading.
The issue is that the Terraform UI depends on remote assets to properly load which is not covered by the provided Terraform IP addresses. There is a simple fix, which is to whitelist the resources still being blocked.
Procedure:
For the HCP Terraform UI to properly load assets like the stylesheet the following domains will need to be accessible and whitelisted if outbound connections are restricted.
https://*.commandbar.com
https://www.google.com/recaptcha/
https://www.gstatic.com/recaptcha/
https://js.stripe.com
https://d3pbgyccvprzn0.cloudfront.net
https://recaptcha.google.com/recaptcha/
https://*.terraform.io
https://*.commandbar.com
https://*.launchdarkly.com
https://www.google.com
https://sentry.io
https://csp-report.browser-intake-datadoghq.com
https://*.algolia.net
archivist.terraform.io
registry.terraform.ioThis is the current list but the needed domains can be directly confirmed with your web browser's developer tools. After opening the browser dev tools, navigate to the console page which shows the errors the browser encountered.
Here you may see several errors related to the connection such as "(failed) net::ERR_CONNECTION_TIMED_OUT" with the corresponding domain that the request is for.
Once the domains have been whitelisted you should see the UI load as normal. If you have any issues please don't hesitate to reach out HCP Terraform support for further assistance!