Terraform Cloud PAT
Service Name: Terraform Cloud
Service Description: Terraform Cloud is a managed service offering from HashiCorp that provides a consistent workflow for Terraform users to provision infrastructure efficiently in a collaborative environment.
Service Address: https://app.terraform.io/
Validation Type: API Auth
IP Allow list: Does not exist
Secret Access Scope: Grants access to Terraform Cloud resources including workspaces, state files, and organization settings according to the token's permissions.
Secret Revokement URL: https://app.terraform.io/app/settings/tokens
Secret Example: AtlasV1.d2Fsa2VyLmNocmlzdG9waGVyQGV4YW1wbGUuY29tCg.TQVuEjKO1JxE3B24gV3JHeZ1AVPnXqyJvnbdwHdZ3wZUFYMqOY7UKQ7890PoiYhqW
Suspicious Activity Investigation Instructions:
- Check Terraform Cloud audit logs for unauthorized workspace access or state modifications
- Review recent runs and plan/apply operations for unexpected infrastructure changes
- Verify organization membership and team permissions for unauthorized additions
- Examine API request logs for unusual patterns or unauthorized access from unknown IP addresses Terraform Cloud Personal Access Token
- Check for unauthorized variable or environment variable changes in workspaces
Mitigation Instructions:
- Immediately revoke the compromised token in Terraform Cloud user settings
- Generate a new token with appropriate permissions if needed
- Review and revert any unauthorized infrastructure changes
- Verify workspace settings and permissions to ensure no unauthorized access remains
- Enable two-factor authentication for all organization members
- Consider implementing shorter token lifetimes for future tokens