Problem
When you attempt to access the HCP Terraform UI from a network with restricted outbound connections, the page may appear blank or fail to load completely after a successful login. While the primary Terraform IP addresses may be whitelisted, essential UI components are still blocked.
Cause
The HCP Terraform UI depends on remote assets, such as stylesheets, scripts, and fonts, that are hosted on various third-party domains. Standard network firewall rules that only whitelist the core HCP Terraform service IP addresses will block these external dependencies, preventing the UI from rendering correctly.
Solution
To resolve this issue, you must update your firewall's outbound rules to whitelist the additional domains required by the HCP Terraform UI.
Required Domains to Whitelist
Ensure the following domains are accessible from your network:
*.algolia.net*.commandbar.com*.launchdarkly.com*.terraform.ioarchivist.terraform.iocsp-report.browser-intake-datadoghq.comd3pbgyccvprzn0.cloudfront.netjs.stripe.comrecaptcha.google.comregistry.terraform.iosentry.iowww.google.comwww.gstatic.com
How to Identify Blocked Domains
You can confirm which specific domains are being blocked by using your web browser's developer tools.
- Open your browser's developer tools and navigate to the Console tab.
- Attempt to load the HCP Terraform UI page.
- Observe the console for connection-related errors, such as
(failed) net::ERR_CONNECTION_TIMED_OUT, which will indicate the specific domain that your browser failed to reach. - Add any domains associated with these errors to your firewall's whitelist.
Outcome
After you have whitelisted all the required domains, the HCP Terraform UI should load and function as expected.
Additional Information
For detailed instructions on capturing network requests for troubleshooting, please refer to the guide on how to get a HAR file from your browser.