Platform Setup
Set up the Harness Platform account baseline using the harness-platform-setup module.
Module directory: harness-platform-setup/
$ARGUMENTS
What This Creates
- •Shared Resource Access role — grants access to account-level shared resources
- •Harness Account Admins user group with account_admin role binding
- •All Account Users group updated with Shared Resource Access role binding
- •OPA Governance Policies:
- •Enforce Template Version Schema (templates must use
v{number}versioning) - •Enforce Harness API Token Age (30-day maximum age)
- •Enforce Template Version Schema (templates must use
Required Inputs
| Input | Required | Description |
|---|---|---|
| Harness Account ID | Yes | Your Harness account identifier |
| Platform URL | No | Defaults to https://app.harness.io/gateway for SaaS |
| Tags | No | Custom resource tags |
Steps
- •
Auto-detect the account ID from
HARNESS_ACCOUNT_IDenv var. If not set, ask the user. - •
Ask:
- •Are you using Harness SaaS (app.harness.io) or a self-managed instance?
- •Any custom tags to add to resources? (optional)
- •
Generate
terraform.tfvarsinharness-platform-setup/with the collected values. - •
Ensure
providers.tfexists — copy fromproviders.tf.exampleat repo root if missing. - •
Run
tofu initin the module directory. - •
Run
tofu planand present results in plain language:- •"This will create X roles, Y user groups, and Z OPA governance policies at the account level."
- •
Ask for confirmation, then run
tofu apply -auto-approve -var-file=terraform.tfvars. - •
Show results and next steps:
- •"Account baseline is configured. Next, create an organization with
/harness-factory:org-setup."
- •"Account baseline is configured. Next, create an organization with
Prerequisites
- •None — this is the first module in the dependency chain