scalr_provider_configuration
Resource: scalr_provider_configuration
A provider configuration helps organizations manage provider secrets in a centralized way. It natively supports the management of the major providers like Scalr, AWS, AzureRM, and Google Cloud Platform, but also allows registering any custom provider. Please have a look at the basic usage examples for each provider type.
Example Usage
Scalr provider
resource "scalr_provider_configuration" "scalr" {
name = "scalr"
account_id = "acc-xxxxxxxxxx"
environments = ["*"]
scalr {
hostname = "scalr.host.example.com"
token = "my-scalr-token"
}
}
AWS provider
resource "scalr_provider_configuration" "aws" {
name = "aws_dev_us_east_1"
account_id = "acc-xxxxxxxxxx"
export_shell_variables = false
environments = ["env-xxxxxxxxxx"]
aws {
account_type = "regular"
credentials_type = "access_keys"
secret_key = "my-secret-key"
access_key = "my-access-key"
}
}
resource "scalr_provider_configuration" "oidc" {
name = "oidc_dev_us_east_1"
account_id = "acc-xxxxxxxxxx"
export_shell_variables = false
environments = ["*"]
aws {
credentials_type = "oidc"
role_arn = "arn:aws:iam::123456789012:role/scalr-oidc-role"
audience = "aws.scalr-run-workload"
}
}
resource "scalr_provider_configuration" "aws_tags" {
name = "aws_stage_us_east_1"
account_id = "acc-xxxxxxxxxx"
environments = ["*"]
aws {
account_type = "regular"
credentials_type = "access_keys"
secret_key = "my-secret-key"
access_key = "my-access-key"
default_tags {
tags = {
Environment = "Staging"
Owner = "QATeam"
}
strategy = "update"
}
}
}
To get into more advanced AWS usage please refer to the official AWS module.
AzureRM provider
resource "scalr_provider_configuration" "azurerm" {
name = "azurerm"
account_id = "acc-xxxxxxxxxx"
azurerm {
client_id = "my-client-id"
client_secret = "my-client-secret"
subscription_id = "my-subscription-id"
tenant_id = "my-tenant-id"
}
}
resource "scalr_provider_configuration" "azurerm_oidc" {
name = "azurerm"
account_id = "acc-xxxxxxxxxx"
azurerm {
auth_type = "oidc"
audience = "scalr-workload-identity"
client_id = "my-client-id"
tenant_id = "my-tenant-id"
subscription_id = "my-subscription-id"
}
}
Google provider
resource "scalr_provider_configuration" "google" {
name = "google_main"
account_id = "acc-xxxxxxxxxx"
google {
project = "my-project"
credentials = "my-credentials"
}
}
resource "scalr_provider_configuration" "using_service_account_impersonation" {
name = "google_main"
account_id = "acc-xxxxxxxxxx"
google {
auth_type = "oidc"
project = "my-project"
service_account_email = "[email protected]"
workload_provider_name = "projects/123/locations/global/workloadIdentityPools/pool-name/providers/provider-name"
}
}
resource "scalr_provider_configuration" "using_federated_identities" {
name = "google_main"
account_id = "acc-xxxxxxxxxx"
google {
auth_type = "oidc"
project = "my-project"
workload_provider_name = "projects/123/locations/global/workloadIdentityPools/pool-name/providers/provider-name"
}
}
Custom providers
resource "scalr_provider_configuration" "kubernetes" {
name = "k8s"
account_id = "acc-xxxxxxxxxx"
custom {
provider_name = "kubernetes"
argument {
name = "host"
value = "my-host"
description = "The hostname (in form of URI) of the Kubernetes API."
}
argument {
name = "username"
value = "my-username"
}
argument {
name = "password"
value = "my-password"
sensitive = true
}
argument {
name = "config_path"
value = "~/.kube/config"
hcl = false
}
}
}
Elasticsearch provider
resource "scalr_provider_configuration" "elasticstack" {
name = "elastic"
account_id = "acc-xxxxxxxxxx"
custom {
provider_name = "elasticstack"
argument {
name = "endpoints"
value = "[\"https://elasticsearch.example.com:9200\", \"https://elasticsearch2.example.com:9200\"]"
description = "List of Elasticsearch endpoints."
hcl = true
}
argument {
name = "username"
value = "elastic"
description = "Username for Elasticsearch authentication."
}
argument {
name = "password"
value = "my-elastic-password"
sensitive = true
description = "Password for Elasticsearch authentication."
}
}
}
Schema
Required
name(String) The name of the Scalr provider configuration. This field is unique for the account.
Optional
account_id(String) The account that owns the object, specified as an ID.aws(Block List, Max: 1) Settings for the aws provider configuration. Exactly one of the following attributes must be set:scalr,aws,google,azurerm,custom. (see below for nested schema)azurerm(Block List, Max: 1) Settings for the azurerm provider configuration. Exactly one of the following attributes must be set:scalr,aws,google,azurerm,custom. (see below for nested schema)custom(Block List, Max: 1) Settings for the provider configuration that does not have scalr support as a built-in provider. Exactly one of the following attributes must be set:scalr,aws,google,azurerm,custom. (see below for nested schema)environments(Set of String) The list of environment identifiers that the provider configuration is shared to. Use["*"]to share with all environments.export_shell_variables(Boolean) Export provider variables into the run environment. This option is available for built-in (Scalr, AWS, AzureRM, Google) providers only.google(Block List, Max: 1) Settings for the google provider configuration. Exactly one of the following attributes must be set:scalr,aws,google,azurerm,custom. (see below for nested schema)owners(Set of String) The teams, the provider configuration belongs to.scalr(Block List, Max: 1) Settings for the Scalr provider configuration. Exactly one of the following attributes must be set:scalr,aws,google,azurerm,custom. (see below for nested schema)
Read-Only
id(String) The ID of this resource.
Nested Schema for aws
awsRequired:
credentials_type(String) The type of AWS credentials, available options:access_keys,role_delegation,oidc.
Optional:
access_key(String) AWS access key. This option is required withaccess_keyscredentials type.account_type(String) The type of AWS account, available options:regular,gov-cloud,cn-cloud.audience(String) The value of theaudclaim for the identity token. This option is required withoidccredentials type.default_tags(Block List, Max: 1) AWS default tags settings. (see below for nested schema)external_id(String) External identifier to use when assuming the role. This option is required withrole_delegationcredentials type andaws_accounttrusted entity type.role_arn(String) Amazon Resource Name (ARN) of the IAM Role to assume. This option is required with therole_delegationandoidccredentials type.secret_key(String, Sensitive) AWS secret key. This option is required withaccess_keyscredentials type.trusted_entity_type(String) Trusted entity type, available options:aws_account,aws_service. This option is required withrole_delegationcredentials type.
Nested Schema for aws.default_tags
aws.default_tagsOptional:
strategy(String) On duplicate key behaviour for default tags. Available options:skip: the existing tags will not be changedupdate: the existing tags will be replaced with the new onetags(Map of String) Default tags to be applied to all resources created by this provider configuration.
Nested Schema for azurerm
azurermRequired:
client_id(String) The Client ID that should be used.tenant_id(String) The Tenant ID that should be used.
Optional:
audience(String) The value of theaudclaim for the identity token. This option is required withoidcauthentication type.auth_type(String) Authentication type, eitherclient-secrets(default) oroidc.client_secret(String) The Client Secret that should be used, required whenauth_typeisclient-secrets.subscription_id(String) The Subscription ID that should be used. If skipped, it must be set as a shell variable in the workspace or as a part of the source configuration.
Nested Schema for custom
customRequired:
argument(Block Set, Min: 1) The provider configuration argument. Multiple instances are allowed per block. (see below for nested schema)provider_name(String) The name of a Terraform provider.
Nested Schema for custom.argument
custom.argumentRequired:
name(String) The name of the provider configuration argument.
Optional:
description(String) The description of the provider configuration argument.hcl(Boolean) Set (true/false) to configure as HCL. When true, the value is treated as a string from which an arbitrary HCL type (list, map, etc.) will be extracted. Defaultfalse.sensitive(Boolean) Set (true/false) to configure as sensitive. Defaultfalse.value(String) The value of the provider configuration argument.
Nested Schema for google
googleOptional:
auth_type(String) Authentication type, eitherservice-account-key(default) oroidc.credentials(String, Sensitive) Service account key file in JSON format, required whenauth_typeisservice-account-key.project(String) The default project to manage resources in. If another project is specified on a resource, it will take precedence.service_account_email(String) The service account email used to authenticate to GCP, required whenauth_typeisoidc.use_default_project(Boolean) If the project a credential is created in will be used by default.workload_provider_name(String) The canonical name of the workload identity provider, required whenauth_typeisoidc.
Nested Schema for scalr
scalrRequired:
hostname(String) The Scalr hostname which should be used.token(String, Sensitive) The Scalr token which should be used.
Import
Import is supported using the following syntax:
terraform import scalr_provider_configuration.example pcfg-xxxxxxxxxx
Updated 16 days ago