Introduction
Terraform Enterprise and Terraform Cloud are offering a Private Registry this works similar to the Terraform Public Registry and it allows you to share Terraform providers and Terraform modules across your organization. This article explains the use of Public Terraform providers in a Private Terraform Registry.
Prerequisites
- The user should be member of the Organization Owners team
- The Terraform Enterprise instance has network access to:
-
https://registry.terraform.io
https://yy0ffni7mf-dsn.algolia.net/
-
How to add a Public Terraform provider in Terraform Private Registry
Visit your Terraform Enterprise (TFE) fully qualified domain (FQDN) or Terraform Cloud.
Select your Organization, for this example the organization name is example-organization-public-providers.
Now on the left menu
- Click on Registry and then
- Click Search public registry
Type a few letters of the provider name in the search box. In the example we search for aws.
- Select Providers
- Hover your mouse over the provider you want to add and click the '+ Add' button.
- A confirmation window will pop up, click Add
- Hover your mouse over the provider you want to add and click the '+ Add' button.
If you want to add more public providers repeat the process. If you want to add public modules select the Modules tab under the search bar.
When done click Back to your registry button.
Under Providers tab you can now see the public provider you just added. There are also some details like provider version and a label that is a public provider.
If you click on the provider and select the Documentation tab you can see the provider documentation (for example aws) the same way as visiting https://registry.terraform.io/providers/hashicorp/aws/latest/docs
FAQs about Public providers in Private registry
When a public provider is added in private registry is it downloaded in the private registry?
When you add a public provider to your private registry from your TFE UI it does not move the provider to your private registry. It only adds a pointer in your private registry to these public providers and modules so that you can view their data from within HCP Terraform. Please see more information here
Public providers should be added in private registry in order to use them in Terraform Enterprise/Cloud?
You can use public providers and modules even if they are not added in the private registry
Are public providers in private registry automatically updated?
As long as your Terraform Enterprise instance has network access tohttps://registry.terraform.io and
https://yy0ffni7mf-dsn.algolia.net/ the public provider information is in sync with the public registry.
What is the benefit of adding public providers in the private registry?
Providers can be added in private registry only by the Organization Owners team. Adding public providers in private registry lets you clearly designate which public providers and modules are recommended for the organization and makes their supporting documentation and examples centrally accessible.
Can I use in my terraform configuration code the public providers from my private registry?
As long as your source in your provider definition code block points to a public provider, the public provider will be used from the terraform public registry. See the example here
Can I add public providers in private registry as private providers?
You can publish public providers as private following the process described here
Keep in mind that a private provider is maintained and updated by the organization admin and it is not automatically synced with public registry.
Can I restrict the use of public providers only to an approved list by my organization?
If you want to have a list of allowed providers public or private, you can consider using Sentinel policies as described here
You can find a hands on example using Sentinel policies Here
Here there is a sentinel policy example that uses the tfconfig/v2 import to restrict providers to those in an allowed list. You can use this example to create your own list of allowed providers, public and private.
Additional information
Explore the capabilities of Terraform Private registry on the private registry documentation here