Integrate with External Services
This topic describes how to integrate Terraform Enterprise with external services so that Terraform Enterprise can send communications and authenticate users. Refer to the Admin Settings API for instructions on configuring integrations using the API.
Introdution
You can integrate with the following external services:
- Cost Estimation
- SAML Single Sign-On
- SMTP
- Twilio
Cost Estimation Integration
Cost Estimation integration allows Terraform Enterprise to estimate costs for resources during a run. Refer to the usage instructions.
To access the Cost Estimation settings, click Cost Estimation. To enable Cost Estimation, check the Enable Cost Estimation box on the settings page, configure the settings, and click "Save settings." At least one provider needs to be configured in order to save.
- AWS Instance Profile: If checked this option will be used without need to input the Access Key or Secret Key in the above form (fields will be greyed out).
- AWS Access Key ID: The AWS Access Key ID for a given IAM user. The role associated to these credentials must have full access to the "Price List" service and all of that service's resources. Cost Estimation makes API calls in the
us-east-1
region. - AWS Secret Key: The AWS Secret Key pair for the same Access Key ID.
- GCP Credentials: The contents of the JSON that is downloaded when you create a GCP Service Account.
- Azure Client ID: The Azure Client ID for a given Service Account. The role associated to these credentials must have full access to the
RateCard
service and all of that service's resources. - Azure Client Secret: The Azure Client Secret pair for the same Client ID.
- Azure Subscription ID: The Azure Subscription ID for your account.
- Azure Tenant ID: The Azure Subscription ID for your account.
SAML Integration
The SAML integration settings allow configuration of a SAML Single Sign-On integration for Terraform Enterprise. To access the SAML settings, click SAML.
Note: Since enabling SAML is an involved process, there is a separate SAML section of the documentation. Consult those pages for detailed requirements and configuration instructions for both Terraform Enterprise and your IdP.
To enable SAML, click Enable SAML single sign-on under "SAML Settings". Configure the fields below, then click Save SAML settings. To update the settings, update the field values, and save.
The Enable SAML debugging option can be used if sign-on is failing. It provides additional debugging information during login tests. It should not be left on during normal operations.
SMTP Integration
SMTP integration allows Terraform Enterprise to send email-based notifications, such as new user invitations, password resets, and system errors. We strongly recommend configuring SMTP.
To access the SMTP settings, click SMTP. To enable SMTP, check the Enable email sending with SMTP box on the settings page, configure the settings, and click "Save SMTP settings."
- Sender Email: The address that system mails should come from. A plain email address; do not include a display name.
- Send test email to: A sample address to send a test email to. Used to validate the settings when configuring SMTP; not stored.
- Host and Port: The host and port details for the SMTP server that will be used.
- Authentication: The type of authentication used by the server. Options are
none
,login
, andplain
. - Username: Username used to authenticate to the server. Not required if the authentication setting is
none
. - Password: Password to authenticate to the server. Not required if the authentication setting is
none
.
Note: The SMTP server used with Terraform Enterprise must support connection via SSL with a valid certificate and STARTTLS
secure communication; SMTPS
is not supported in Terraform Enterprise.
Twilio Integration
Twilio integration is used to send SMS messages for two-factor authentication. It is optional; application-based 2FA is also supported.
To access the Twilio settings, click Twilio. To enable Twilio, check the Enable SMS sending with Twilio box on the settings page and configure the relevant settings:
- Account SID: The unique identifier for your Twilio application.
- Auth Token: The token that allows authentication with your Account SID.
- From Number: The number the message should come from. Must be registered with Twilio.
You can also verify the Twilio settings by sending a test message. Enter a number in the From Number field and click Send Test SMS.