HashiConf 2025 Don't miss the live stream of HashiConf Day 2 happening now View live stream
Boundary
Boundary Home

Host management in Boundary

Boundary supports built-in host management using static host catalogs and host catalog plugins.

  • Host catalogs: contain hosts and host sets.
  • Host sets: a collection of hosts. These are hosts that are considered the same from an access management perspective. Host sets can be assigned to targets.
  • Hosts: a computing element with a network address reachable by Boundary (often through a worker deployed in same network).

Host catalog domain model diagram - light mode Host catalog domain model diagram - dark mode

Host catalogs can contain hosts directly, host sets, or a combination of both.

Static host catalogs enable operators to manually define host sets for targets. Host catalog plugins enable host discovery, allowing operators to sync host sets from cloud providers like Amazon Web Services, Microsoft Azure, and Google Cloud Platform.

Host discovery

Traditionally, connecting to remote hosts and services requires knowledge of the endpoint’s connection information, such as the IP address and port of the service.

This creates complexity when managing the onboarding of new resources at scale, or dealing with dynamic, ephemeral services whose connection information frequently changes.

The increased operational overhead of having to manually manage and update new or old resources is also an inefficient use of time. Modern cloud resources can be tagged appropriately so that users can automatically access the resources that they are allowed to connect to.

Host discovery focuses on automating the process of onboarding new or changed infrastructure resources – and their connection info – to Boundary as hosts.

Automated host discovery in Boundary

Boundary supports target/host discovery in three primary workflows:

Manual configuration: Boundary administrators can manually configure static hosts and targets via the administrator UI and CLI. Manual configuration of targets with static hosts requires knowledge of the IP address or endpoint used to connect to a host.

Host discovery via configuration as code with Terraform: Boundary is fully programmatically instrumented and the discovery and configuration of new infrastructure targets can be automated with Boundary’s Terraform provider. This allows for dynamic configuration of a host and target without the need for prior knowledge of the target’s connection info.

Runtime host discovery via dynamic host catalogs: Boundary dynamic host catalogs automate the ingestion of resources from infrastructure providers into Boundary. Boundary hosts are automatically created, updated and added to host sets in order to reflect the connection information maintained in these providers. This removes the need to know host connection info or reapply infrastructure as code templates to configure new or changed resources.

Static host catalogs

Static host catalogs contain manual definitions of host sets. They allow operators to onboard and maintain sets of hosts manually.

Dynamic host catalogs

Dynamic host catalogs are an agentless workflow for Boundary to securely query infrastructure providers at runtime to discover and configure new services. Boundary administrators can define rules for which external resources should be ingested into the catalog by creating a host set with an attributes filter. These filters specify which discovered hosts should be members of the host set.

Boundary currently supports dynamic host catalog for AWS, Azure, and GCP. HashiCorp will continue to grow this ecosystem to support additional providers.

Next steps

To get started with static host catalogs, refer to the following:

To get started with dynamic host catalogs, refer to the following topics:

Edit this page on GitHub