Mastering Multi-Cloud Visibility: A Step-by-Step Guide to Using HCP Terraform with Infragraph

Introduction

Moving infrastructure to the cloud was supposed to simplify provisioning and management. Yet for many organizations, the reality is far more complex. New challenges arise: infrastructure data scattered across silos, making it nearly impossible to get a unified view of hybrid and multi-cloud environments. Platform teams often resort to manual data gathering or purchase additional tools, which only adds to the sprawl. They struggle to track resource ownership, face mounting security risks, and watch costs spiral. This is where HCP Terraform powered by Infragraph comes in. Infragraph is a centralized, event-driven knowledge graph that provides dynamic, unified visibility across your entire infrastructure estate. By replacing static snapshots with real-time updates, it empowers teams to secure, optimize, and ultimately prepare for AI-driven automation. In this guide, we'll walk you through everything you need to get started with HCP Terraform and Infragraph, now in public preview for qualified US customers.

What You Need

• An active HCP Terraform account (Business or Enterprise tier) for a US-based organization.
• Access to the public preview sign-up: contact your HashiCorp account team or request via the HCP Terraform console.
• At least one cloud provider connected (AWS, Azure, GCP, or on-premises). Multiple providers recommended for full multi-cloud benefit.
• Permissions to create and manage workspaces and API tokens in HCP Terraform.
• Basic familiarity with Terraform configuration (HCL) and cloud resource provisioning.
• A browser or REST client (like curl or Postman) to test API endpoints if desired.

Step 1: Understand the Infragraph Advantage

Before diving into setup, it's critical to grasp what Infragraph does differently. Traditional infrastructure management tools rely on periodic scans that produce dirty data—outdated, incomplete information that leads to slow responses and unexpected costs. Infragraph, by contrast, is an event-driven knowledge graph. It ingests data from your entire hybrid estate continuously, updates its graph in real time, and surfaces a single source of truth. This means you can instantly see relationships between resources, ownership details, security posture, and cost allocation. For example, you can detect a newly exposed vulnerability in a VM and trace it to the application owner immediately, rather than digging through siloed spreadsheets.

Step 2: Enable Infragraph in Your HCP Terraform Organization

If you are a qualified US HCP Terraform customer, follow these steps to activate the public preview:

1. Log in to your HCP Terraform account and navigate to Organization Settings.
2. Look for the Infragraph section under “Integrations” or “Beta Features.” (If you don't see it, contact your account team to be added to the preview.)
3. Click Enable Infragraph and confirm the terms. A system prompt may ask you to authorize data exchange between Terraform and Infragraph.
4. Once enabled, you’ll see a new Infragraph Dashboard tab in the left navigation. This is your centralized view.

Note: The preview is limited to US-based organizations only. International availability will be announced later.

Step 3: Connect Your Infrastructure Sources

Infragraph needs access to your cloud accounts and on-premises resources to build the knowledge graph. For each provider:

1. Go to Infragraph → Data Sources and click Add Source.
2. Select your cloud provider (AWS, Azure, GCP, or custom API). Follow the authentication wizard to grant read-only permissions using IAM roles or service principals.
3. Add any additional filters (regions, resource groups, tags) to focus the graph on relevant assets.
4. For on-premises infrastructure, install the Infragraph Agent (a lightweight collector) on a bastion host within your network. The agent will securely stream data.
5. Once connected, Infragraph begins an initial sync. Depending on scale, this may take minutes to hours. You can check progress under Sync Status.

After the first sync, the graph updates continuously via event-driven triggers—no more manual polling.

Step 4: Explore the Knowledge Graph Dashboard

With data flowing, it’s time to explore. The Infragraph Dashboard provides several views:

• Resource Graph: A visual map of all assets and their relationships (e.g., VMs connected to subnets, load balancers tied to backend pools). Hover over any node to see metadata.
• Ownership View: Filter by teams or individuals to see who is responsible for each resource. This is built from tags and workspace assignments.
• Security Alerts: Real-time notifications about vulnerabilities (e.g., unpatched CVEs, public S3 buckets). Click an alert to see the affected resources and remediation steps.
• Cost Insights: Spend breakdown by resource, team, or environment. Detect unexpected spikes and drill down into the root cause.

Use the search bar to query natural language, such as “show all untagged resources in production” or “list VMs with critical vulnerabilities.” The graph responds instantly.

Step 5: Act on Insights with Terraform Workspaces

The real power of Infragraph comes when you turn insights into actions. HCP Terraform workspaces are deeply integrated:

1. From any Infragraph node (say, a vulnerable VM), click Create Run to launch a Terraform run that patches or replaces the resource. The workspace is pre-populated with the resource's current state.
2. You can also set Automated Remediation Rules: for example, “if a new S3 bucket has public access, automatically run a policy check and apply a private-access configuration.”
3. Infragraph feeds data back to Terraform state, ensuring your configuration always reflects reality. When a resource changes outside Terraform (drift), the graph flags it and allows you to reconcile via a plan/apply cycle.

Step 6: Establish Continuous Monitoring and Security Patching

Security teams love Infragraph because it eliminates the lag between vulnerability disclosure and remediation. Set up recurring checks:

1. Go to Infragraph → Policies and create a security baseline policy (e.g., “no public access to databases”).
2. Attach notification channels (Slack, email, PagerDuty) so your team is alerted instantly when a violation occurs.
3. Infragraph’s event-driven engine triggers the policy evaluation as soon as any change is detected—no waiting for the next scan.

To patch a critical vulnerability, simply select the affected resources and run a Terraform plan from within Infragraph. The action is logged for compliance auditing.

Tips for Success

• Start small, then expand: Begin with one cloud provider and a handful of workspaces to get comfortable with Infragraph’s interface before adding all providers.
• Use consistent tagging: Infragraph relies on tags for ownership and cost allocation. Enforce tagging policies via Sentinel or OPA policies in Terraform.
• Leverage the API: Infragraph exposes a REST API. You can build custom dashboards or integrate with your existing monitoring tools (e.g., Grafana). Check the API documentation in the HCP portal.
• Prepare for AI automation: HashiCorp plans to overlay AI on Infragraph to auto-remediate common issues. Keep your graph clean and well-structured to maximize future AI benefits.
• Review preview limitations: The current preview has a limit on the number of resources and data sources. Ensure your organization fits within the preview quota.
• Provide feedback: As a preview user, your input shapes the product. Use the in-app feedback button to report bugs or suggest features.

With HCP Terraform powered by Infragraph, you finally have the unified visibility needed to tame multi-cloud complexity. Follow these steps to start your journey toward real-time infrastructure intelligence, better security posture, and lower costs.