scalr_provider_configuration
Resource: scalr_provider_configuration
A provider configuration helps organizations manage provider secrets in a centralized way. It natively supports the management of the major providers like Scalr, AWS, AzureRM, and Google Cloud Platform, but also allows registering any custom provider. Please have a look at the basic usage examples for each provider type.
Example Usage
Scalr provider
resource "scalr_provider_configuration" "scalr" {
name = "scalr"
account_id = "acc-xxxxxxxxxx"
environments = ["*"]
scalr {
hostname = "scalr.host.example.com"
token = "my-scalr-token"
}
}
AWS provider
resource "scalr_provider_configuration" "aws" {
name = "aws_dev_us_east_1"
account_id = "acc-xxxxxxxxxx"
export_shell_variables = false
environments = ["env-xxxxxxxxxx"]
aws {
account_type = "regular"
credentials_type = "access_keys"
secret_key = "my-secret-key"
access_key = "my-access-key"
}
}
resource "scalr_provider_configuration" "oidc" {
name = "oidc_dev_us_east_1"
account_id = "acc-xxxxxxxxxx"
export_shell_variables = false
environments = ["*"]
aws {
credentials_type = "oidc"
role_arn = "arn:aws:iam::123456789012:role/scalr-oidc-role"
audience = "aws.scalr-run-workload"
}
}
resource "scalr_provider_configuration" "aws_tags" {
name = "aws_stage_us_east_1"
account_id = "acc-xxxxxxxxxx"
environments = ["*"]
aws {
account_type = "regular"
credentials_type = "access_keys"
secret_key = "my-secret-key"
access_key = "my-access-key"
default_tags {
tags = {
Environment = "Staging"
Owner = "QATeam"
}
strategy = "update"
}
}
}
To get into more advanced AWS usage please refer to the official AWS module.
AzureRM provider
resource "scalr_provider_configuration" "azurerm" {
name = "azurerm"
account_id = "acc-xxxxxxxxxx"
azurerm {
client_id = "my-client-id"
client_secret = "my-client-secret"
subscription_id = "my-subscription-id"
tenant_id = "my-tenant-id"
}
}
resource "scalr_provider_configuration" "azurerm_oidc" {
name = "azurerm"
account_id = "acc-xxxxxxxxxx"
azurerm {
auth_type = "oidc"
audience = "scalr-workload-identity"
client_id = "my-client-id"
tenant_id = "my-tenant-id"
subscription_id = "my-subscription-id"
}
}
Google provider
resource "scalr_provider_configuration" "google" {
name = "google_main"
account_id = "acc-xxxxxxxxxx"
google {
project = "my-project"
credentials = "my-credentials"
}
}
resource "scalr_provider_configuration" "using_service_account_impersonation" {
name = "google_main"
account_id = "acc-xxxxxxxxxx"
google {
auth_type = "oidc"
project = "my-project"
service_account_email = "[email protected]"
workload_provider_name = "projects/123/locations/global/workloadIdentityPools/pool-name/providers/provider-name"
}
}
resource "scalr_provider_configuration" "using_federated_identities" {
name = "google_main"
account_id = "acc-xxxxxxxxxx"
google {
auth_type = "oidc"
project = "my-project"
workload_provider_name = "projects/123/locations/global/workloadIdentityPools/pool-name/providers/provider-name"
}
}
Custom providers
resource "scalr_provider_configuration" "kubernetes" {
name = "k8s"
account_id = "acc-xxxxxxxxxx"
custom {
provider_name = "kubernetes"
argument {
name = "host"
value = "my-host"
description = "The hostname (in form of URI) of the Kubernetes API."
}
argument {
name = "username"
value = "my-username"
}
argument {
name = "password"
value = "my-password"
sensitive = true
}
argument {
name = "config_path"
value = "~/.kube/config"
hcl = false
}
}
}
Elasticsearch provider
resource "scalr_provider_configuration" "elasticstack" {
name = "elastic"
account_id = "acc-xxxxxxxxxx"
custom {
provider_name = "elasticstack"
argument {
name = "endpoints"
value = "[\"https://elasticsearch.example.com:9200\", \"https://elasticsearch2.example.com:9200\"]"
description = "List of Elasticsearch endpoints."
hcl = true
}
argument {
name = "username"
value = "elastic"
description = "Username for Elasticsearch authentication."
}
argument {
name = "password"
value = "my-elastic-password"
sensitive = true
description = "Password for Elasticsearch authentication."
}
}
}
Schema
Required
name(String) The name of the Scalr provider configuration. This field is unique for the account.
Optional
account_id(String) The account that owns the object, specified as an ID.aws(Block List, Max: 1) Settings for the aws provider configuration. Exactly one of the following attributes must be set:scalr,aws,google,azurerm,custom. (see below for nested schema)azurerm(Block List, Max: 1) Settings for the azurerm provider configuration. Exactly one of the following attributes must be set:scalr,aws,google,azurerm,custom. (see below for nested schema)custom(Block List, Max: 1) Settings for the provider configuration that does not have scalr support as a built-in provider. Exactly one of the following attributes must be set:scalr,aws,google,azurerm,custom. (see below for nested schema)environments(Set of String) The list of environment identifiers that the provider configuration is shared to. Use["*"]to share with all environments.export_shell_variables(Boolean) Export provider variables into the run environment. This option is available for built-in (Scalr, AWS, AzureRM, Google) providers only.google(Block List, Max: 1) Settings for the google provider configuration. Exactly one of the following attributes must be set:scalr,aws,google,azurerm,custom. (see below for nested schema)owners(Set of String) The teams, the provider configuration belongs to.scalr(Block List, Max: 1) Settings for the Scalr provider configuration. Exactly one of the following attributes must be set:scalr,aws,google,azurerm,custom. (see below for nested schema)
Read-Only
id(String) The ID of this resource.
Nested Schema for aws
awsRequired:
credentials_type(String) The type of AWS credentials, available options:access_keys,role_delegation,oidc.
Optional:
access_key(String) AWS access key. This option is required withaccess_keyscredentials type.account_type(String) The type of AWS account, available options:regular,gov-cloud,cn-cloud.audience(String) The value of theaudclaim for the identity token. This option is required withoidccredentials type.default_tags(Block List, Max: 1) AWS default tags settings. (see below for nested schema)external_id(String) External identifier to use when assuming the role. This option is required withrole_delegationcredentials type andaws_accounttrusted entity type.role_arn(String) Amazon Resource Name (ARN) of the IAM Role to assume. This option is required with therole_delegationandoidccredentials type.secret_key(String, Sensitive) AWS secret key. This option is required withaccess_keyscredentials type.trusted_entity_type(String) Trusted entity type, available options:aws_account,aws_service. This option is required withrole_delegationcredentials type.
Nested Schema for aws.default_tags
aws.default_tagsOptional:
strategy(String) On duplicate key behaviour for default tags. Available options:skip: the existing tags will not be changedupdate: the existing tags will be replaced with the new one
tags(Map of String) Default tags to be applied to all resources created by this provider configuration.
Nested Schema for azurerm
azurermRequired:
client_id(String) The Client ID that should be used.tenant_id(String) The Tenant ID that should be used.
Optional:
audience(String) The value of theaudclaim for the identity token. This option is required withoidcauthentication type.auth_type(String) Authentication type, eitherclient-secrets(default) oroidc.client_secret(String) The Client Secret that should be used, required whenauth_typeisclient-secrets.subscription_id(String) The Subscription ID that should be used. If skipped, it must be set as a shell variable in the workspace or as a part of the source configuration.
Nested Schema for custom
customRequired:
argument(Block Set, Min: 1) The provider configuration argument. Multiple instances are allowed per block. (see below for nested schema)provider_name(String) The name of a Terraform provider.
Nested Schema for custom.argument
custom.argumentRequired:
name(String) The name of the provider configuration argument.
Optional:
description(String) The description of the provider configuration argument.hcl(Boolean) Set (true/false) to configure as HCL. When true, the value is treated as a string from which an arbitrary HCL type (list, map, etc.) will be extracted. Defaultfalse.sensitive(Boolean) Set (true/false) to configure as sensitive. Defaultfalse.value(String) The value of the provider configuration argument.
Nested Schema for google
googleOptional:
auth_type(String) Authentication type, eitherservice-account-key(default) oroidc.credentials(String, Sensitive) Service account key file in JSON format, required whenauth_typeisservice-account-key.project(String) The default project to manage resources in. If another project is specified on a resource, it will take precedence.service_account_email(String) The service account email used to authenticate to GCP, required whenauth_typeisoidc.use_default_project(Boolean) If the project a credential is created in will be used by default.workload_provider_name(String) The canonical name of the workload identity provider, required whenauth_typeisoidc.
Nested Schema for scalr
scalrRequired:
hostname(String) The Scalr hostname which should be used.token(String, Sensitive) The Scalr token which should be used.
Import
Import is supported using the following syntax:
terraform import scalr_provider_configuration.example pcfg-xxxxxxxxxx
Updated 8 days ago