When running a Terraform Plan and Apply on cloud (Azure) resources that are firewall protected, how can one find and add the correct ip address(es) of the Terraform Cloud Workspace runner to that Azure resource's firewall whitelist? Otherwise, we see errors in the Plan (403s) because Terraform Cloud is doing a GET request on the remote cloud resource but doesn't have access.
I ran curl --request GET https://app.terraform.io/api/meta/ip-ranges | jq '.' which returned a series of objects that had ip addresses:
{
"api": [
...
],
"notifications": [
...
],
"sentinel": [
...
],
"vcs": [
...
]
}
Phind suggested to use the ip addresses from the api key. I added those to the Azure Firewall whitelist and re-ran the Plan, however, it still came back with the 403 errors. Only when I temporarily opened the Azure resource to all networks does the Terraform Plan succeed without errors and is able to be Applied. This is obviously less than ideal but for now is what I am doing and then I reapply the select ip addresses to the whitelist to the resource in Azure Portal after the Terraform Apply is done.