Scalr Offers Free Terraform Agents
Learn about agents and why they are included on every plan
- Scalr charges no extra fee for self-hosted agents on any plan, including the free version, whereas Terraform Cloud limits you to one agent unless you pay for a higher tier or buy more.
- Scalr offers two agent types: self-hosted run agents that execute Terraform runs on your own infrastructure, and VCS agents that pull configuration from internal version control without exposing it to the internet.
- Self-hosted agents improve security, allow custom execution environments with pre-built dependencies, and give control over hardware and performance.
- Scalr does not charge for agents because it only bills for Terraform runs, not for following security best practices or hosting your own agent pools.
If you're comparing hosted options for running Terraform or OpenTofu, like Scalr or Terraform Cloud, self-hosted agents are worth a close look. This post walks through what Terraform agents do, when you'd reach for them, and how they fit into a real infrastructure workflow. In Terraform Cloud you are limited to one "Terraform Cloud Agent'' unless you subscribe to a more expensive tier or purchase more. In Scalr, there is no charge for extra agents no matter what plan you are on, even the free version.
There are two types of self-hosted agents:
- Self-Hosted Run Agents: These agents allow you to execute Terraform runs on your own cloud infrastructure, whether on public cloud resources or in on-premise infrastructure, giving you more control over the execution environment.
- Self-Hosted VCS Agents: These agents allow you to pull Terraform configuration files and modules from a VCS provider that is not accessible to the internet.
Here's what you gain by running self-hosted agents for Terraform runs:
- Security: Self-hosted agents can be configured to comply with specific security and compliance standards. This is particularly important for organizations with strict regulatory requirements or anyone wanting to limit the exposure of sensitive information. The agent pool can be assigned an instance profile, if using an AWS example, and the runs can inherit the credentials of the profile to avoid having to put any access tokens or secrets in the Scalr itself.
- Customization: Self-hosted agents enable users to run Terraform operations in an environment that they control. This includes the ability to customize the operating system, install specific software dependencies, and configure network settings. Rather than having to install dependencies before every Terraform plan and apply, the dependencies can be built into the agent.
- Performance: Users have more control over the hardware specifications and resource allocation for self-hosted agents that are running on their own cloud infrastructure. This can be useful for optimizing performance based on the specific needs of your Terraform plan and apply.
How to Use Run Agents in Scalr?
In Scalr, agents are deployed with what is called an agent pool. Agent pools can be deployed on virtual machines, docker, or in Kubernetes. When a Terraform run is triggered from scalr.io, Scalr will hand off the run operations through an HTTP relay to the Terraform agent. Any information like Terraform configuration files, secrets, environment variables, custom hooks, and more will be passed to the agent. The agent spins up a container, executes the Terraform plan, and apply in the container while relaying all of the information back to scalr.io for the developers to view. Once the Terraform run has finished, the agent will go back into idle mode waiting for the next run.
How to Use VCS Agents in Scalr?
For any organization that has its VCS provider internally or behind a firewall, it is highly unlikely that it would be opened to the internet due to the possibility of there being sensitive information or just general code leaked. In most cases, all of the Terraform configuration files as well as Terraform modules come from VCS providers which is why VCS agents could act as a critical component in the setup. VCS agents allow developers to connect their VCS providers to Scalr without opening the VCS provider to the internet. This also uses a secure HTTP relay that will pass the configuration files to Scalr securely.
Why Doesn't Scalr Charge for Agents?
Scalr only charges for a Terraform run, nothing else. We don't believe that if you want to follow best practices and make your environment more secure that you should be penalized for it. We also don't believe that if you are hosting the agent pool on your own virtual machine or Kubernetes cluster that we should charge you more, the value of Scalr is completely around a Terraform run, and the tooling we supply to help with automation, collaboration, visibility, and more.
Wrap up
A self-hosted agent pool gives you more control over your Terraform operations when you run a product like Scalr or Terraform Cloud. You keep ownership of the execution environment while a SaaS platform still handles the scaling and management around your deployments. For highly secure environments, agents are considered a best practice to ensure you meet your security and compliance requirements.
