scalr_provider_configuration
Resource: scalr_provider_configuration
A provider configuration helps organizations manage provider secrets in a centralized way. It natively supports the management of the major providers like Scalr, AWS, AzureRM, and Google Cloud Platform, but also allows registering any custom provider. Please have a look at the basic usage examples for each provider type.
Example Usage
Scalr provider
resource "scalr_provider_configuration" "scalr" {
name = "scalr"
account_id = "acc-xxxxxxxxxx"
environments = ["*"]
scalr {
hostname = "scalr.host.example.com"
token = "my-scalr-token"
}
}
AWS provider
resource "scalr_provider_configuration" "aws" {
name = "aws_dev_us_east_1"
account_id = "acc-xxxxxxxxxx"
export_shell_variables = false
environments = ["env-xxxxxxxxxx"]
aws {
account_type = "regular"
credentials_type = "access_keys"
secret_key = "my-secret-key"
access_key = "my-access-key"
}
}
resource "scalr_provider_configuration" "oidc" {
name = "oidc_dev_us_east_1"
account_id = "acc-xxxxxxxxxx"
export_shell_variables = false
environments = ["*"]
aws {
credentials_type = "oidc"
role_arn = "arn:aws:iam::123456789012:role/scalr-oidc-role"
audience = "aws.scalr-run-workload"
}
}
resource "scalr_provider_configuration" "aws_tags" {
name = "aws_stage_us_east_1"
account_id = "acc-xxxxxxxxxx"
environments = ["*"]
aws {
account_type = "regular"
credentials_type = "access_keys"
secret_key = "my-secret-key"
access_key = "my-access-key"
default_tags {
tags = {
Environment = "Staging"
Owner = "QATeam"
}
strategy = "update"
}
}
}
To get into more advanced AWS usage please refer to the official AWS module.
AzureRM provider
resource "scalr_provider_configuration" "azurerm" {
name = "azurerm"
account_id = "acc-xxxxxxxxxx"
azurerm {
client_id = "my-client-id"
client_secret = "my-client-secret"
subscription_id = "my-subscription-id"
tenant_id = "my-tenant-id"
}
}
resource "scalr_provider_configuration" "azurerm_oidc" {
name = "azurerm"
account_id = "acc-xxxxxxxxxx"
azurerm {
auth_type = "oidc"
audience = "scalr-workload-identity"
client_id = "my-client-id"
tenant_id = "my-tenant-id"
subscription_id = "my-subscription-id"
}
}
Google provider
resource "scalr_provider_configuration" "google" {
name = "google_main"
account_id = "acc-xxxxxxxxxx"
google {
project = "my-project"
credentials = "my-credentials"
}
}
resource "scalr_provider_configuration" "google" {
name = "google_main"
account_id = "acc-xxxxxxxxxx"
google {
auth_type = "oidc"
project = "my-project"
service_account_email = "[email protected]"
workload_provider_name = "projects/123/locations/global/workloadIdentityPools/pool-name/providers/provider-name"
}
}
Custom providers
resource "scalr_provider_configuration" "kubernetes" {
name = "k8s"
account_id = "acc-xxxxxxxxxx"
custom {
provider_name = "kubernetes"
argument {
name = "host"
value = "my-host"
description = "The hostname (in form of URI) of the Kubernetes API."
}
argument {
name = "username"
value = "my-username"
}
argument {
name = "password"
value = "my-password"
sensitive = true
}
}
}
Schema
Required
name
(String) The name of the Scalr provider configuration. This field is unique for the account.
Optional
account_id
(String) The account that owns the object, specified as an ID.aws
(Block List, Max: 1) Settings for the aws provider configuration. Exactly one of the following attributes must be set:scalr
,aws
,google
,azurerm
,custom
. (see below for nested schema)azurerm
(Block List, Max: 1) Settings for the azurerm provider configuration. Exactly one of the following attributes must be set:scalr
,aws
,google
,azurerm
,custom
. (see below for nested schema)custom
(Block List, Max: 1) Settings for the provider configuration that does not have scalr support as a built-in provider. Exactly one of the following attributes must be set:scalr
,aws
,google
,azurerm
,custom
. (see below for nested schema)environments
(Set of String) The list of environment identifiers that the provider configuration is shared to. Use["*"]
to share with all environments.export_shell_variables
(Boolean) Export provider variables into the run environment. This option is available for built-in (Scalr, AWS, AzureRM, Google) providers only.google
(Block List, Max: 1) Settings for the google provider configuration. Exactly one of the following attributes must be set:scalr
,aws
,google
,azurerm
,custom
. (see below for nested schema)owners
(Set of String) The teams, the provider configuration belongs to.scalr
(Block List, Max: 1) Settings for the Scalr provider configuration. Exactly one of the following attributes must be set:scalr
,aws
,google
,azurerm
,custom
. (see below for nested schema)
Read-Only
id
(String) The ID of this resource.
Nested Schema for aws
aws
Required:
credentials_type
(String) The type of AWS credentials, available options:access_keys
,role_delegation
,oidc
.
Optional:
access_key
(String) AWS access key. This option is required withaccess_keys
credentials type.account_type
(String) The type of AWS account, available options:regular
,gov-cloud
,cn-cloud
.audience
(String) The value of theaud
claim for the identity token. This option is required withoidc
credentials type.default_tags
(Block List, Max: 1) AWS default tags settings. (see below for nested schema)external_id
(String) External identifier to use when assuming the role. This option is required withrole_delegation
credentials type andaws_account
trusted entity type.role_arn
(String) Amazon Resource Name (ARN) of the IAM Role to assume. This option is required with therole_delegation
andoidc
credentials type.secret_key
(String, Sensitive) AWS secret key. This option is required withaccess_keys
credentials type.trusted_entity_type
(String) Trusted entity type, available options:aws_account
,aws_service
. This option is required withrole_delegation
credentials type.
Nested Schema for aws.default_tags
aws.default_tags
Optional:
strategy
(String) On duplicate key behaviour for default tags. Available options:skip
: the existing tags will not be changedupdate
: the existing tags will be replaced with the new onetags
(Map of String) Default tags to be applied to all resources created by this provider configuration.
Nested Schema for azurerm
azurerm
Required:
client_id
(String) The Client ID that should be used.tenant_id
(String) The Tenant ID that should be used.
Optional:
audience
(String) The value of theaud
claim for the identity token. This option is required withoidc
authentication type.auth_type
(String) Authentication type, eitherclient-secrets
(default) oroidc
.client_secret
(String) The Client Secret that should be used, required whenauth_type
isclient-secrets
.subscription_id
(String) The Subscription ID that should be used. If skipped, it must be set as a shell variable in the workspace or as a part of the source configuration.
Nested Schema for custom
custom
Required:
argument
(Block Set, Min: 1) The provider configuration argument. Multiple instances are allowed per block. (see below for nested schema)provider_name
(String) The name of a Terraform provider.
Nested Schema for custom.argument
custom.argument
Required:
name
(String) The name of the provider configuration argument.
Optional:
description
(String) The description of the provider configuration argument.sensitive
(Boolean) Set (true/false) to configure as sensitive. Defaultfalse
.value
(String) The value of the provider configuration argument.
Nested Schema for google
google
Optional:
auth_type
(String) Authentication type, eitherservice-account-key
(default) oroidc
.credentials
(String, Sensitive) Service account key file in JSON format, required whenauth_type
isservice-account-key
.project
(String) The default project to manage resources in. If another project is specified on a resource, it will take precedence.service_account_email
(String) The service account email used to authenticate to GCP, required whenauth_type
isoidc
.use_default_project
(Boolean) If the project a credential is created in will be used by default.workload_provider_name
(String) The canonical name of the workload identity provider, required whenauth_type
isoidc
.
Nested Schema for scalr
scalr
Required:
hostname
(String) The Scalr hostname which should be used.token
(String, Sensitive) The Scalr token which should be used.
Import
Import is supported using the following syntax:
terraform import scalr_provider_configuration.example pcfg-xxxxxxxxxx
Updated 3 days ago