November 14, 2023

Scalr Offers Free Terraform Agents

Ryan Fee

When looking into options for running Terraform or OpenTofu in a hosted solution, like Scalr or Terraform Cloud, self-hosted agents are a critical component to review. In this blog post, we'll delve into Terraform agents, exploring the use cases, benefits, best practices, and the impact they can have on your infrastructure workflows. In Terraform Cloud you are limited to one "Terraform Cloud Agent'' unless you subscribe to a more expensive tier or purchase more. In Scalr, there is no charge for extra agents no matter what plan you are on, even the free version. 

There are two types of self-hosted agents:

Self-Hosted Run Agents: These agents allow you to execute Terraform runs on your own cloud infrastructure, whether on public cloud resources or in on-premise infrastructure, giving you more control over the execution environment.

Self-Hosted VCS Agents: These agents allow you to pull Terraform configuration files and modules from a VCS provider that is not accessible to the internet.

First, we’ll talk about the benefits of using self-hosted agents for Terraform runs:

  • Security: Self-hosted agents can be configured to comply with specific security and compliance standards. This is particularly important for organizations with strict regulatory requirements or anyone wanting to limit the exposure of sensitive information. The agent pool can be assigned an instance profile, if using an AWS example, and the runs can inherit the credentials of the profile to avoid having to put any access tokens or secrets in the Scalr itself.
  • Customization: Self-hosted agents enable users to run Terraform operations in an environment that they control. This includes the ability to customize the operating system, install specific software dependencies, and configure network settings. Rather than having to install dependencies before every Terraform plan and apply, the dependencies can be built into the agent.
  • Performance: Users have more control over the hardware specifications and resource allocation for self-hosted agents that are running on their own cloud infrastructure. This can be useful for optimizing performance based on the specific needs of your Terraform plan and apply.

How to Use Run Agents in Scalr?

In Scalr, agents are deployed with what is called an agent pool. Agent pools can be deployed on virtual machines, docker, or in Kubernetes. When a Terraform run is triggered from, Scalr will hand off the run operations through an HTTP relay to the Terraform agent. Any information like Terraform configuration files, secrets, environment variables, custom hooks, and more will be passed to the agent.  The agent spins up a container, executes the Terraform plan, and apply in the container while relaying all of the information back to for the developers to view. Once the Terraform run has finished, the agent will go back into idle mode waiting for the next run.

How to Use VCS Agents in Scalr?

For any organization that has its VCS provider internally or behind a firewall, it is highly unlikely that it would be opened to the internet due to the possibility of their being sensitive information or just general code leaked. In most cases, all of the Terraform configuration files as well as Terraform modules come from VCS providers which is why VCS agents could act as a critical component in the setup. VCS agents allow developers to connect their VCS providers to Scalr without opening the VCS provider to the internet. This also uses a secure HTTP relay that will pass the configuration files to Scalr securely. 

Why Doesn’t Scalr Charge for Agents?

Scalr only charges for a Terraform run, nothing else. We don’t believe that if you want to follow best practices and make your environment more secure that you should be penalized for it. We also don’t believe that if you are hosting the agent pool on your own virtual machine or Kubernetes cluster that we should charge you more, the value of Scalr is completely around a Terraform run, and the tooling we supply to help with automation, collaboration, visibility, and more.

Wrap up

The option to use a self-hosted agent pool gives you more control over your Terraform operations when using a product like Scalr or Terraform Cloud. They allow you to keep control over your Terraform execution environment, while still using a SaaS platform to help scale, manage, and structure the Terraform deployments. For highly secure environments, agents are considered a best practice to ensure you meet your security and compliance requirements.

Note: While this blog references Terraform, everything mentioned in here also applies to OpenTofu. New to OpenTofu? It is a fork of Terraform 1.5.7 as a result of the license change from MPL to BUSL by HashiCorp. OpenTofu is an open-source alternative to Terraform that is governed by the Linux Foundation. All features available in Terraform 1.5.7 or earlier are also available in OpenTofu. Find out the history of OpenTofu here.

Start using the Terraform platform of the future.

A screenshot of the modules page in the Scalr Platform