scalr_provider_configuration

Resource: scalr_provider_configuration

A provider configuration helps organizations manage provider secrets in a centralized way. It natively supports the management of the major providers like Scalr, AWS, AzureRM, and Google Cloud Platform, but also allows registering any custom provider. Please have a look at the basic usage examples for each provider type.

Example Usage

Scalr provider

resource "scalr_provider_configuration" "scalr" {
  name         = "scalr"
  account_id   = "acc-xxxxxxxxxx"
  environments = ["*"]
  scalr {
    hostname = "scalr.host.example.com"
    token    = "my-scalr-token"
  }
}

AWS provider

resource "scalr_provider_configuration" "aws" {
  name                   = "aws_dev_us_east_1"
  account_id             = "acc-xxxxxxxxxx"
  export_shell_variables = false
  environments           = ["env-xxxxxxxxxx"]
  aws {
    account_type     = "regular"
    credentials_type = "access_keys"
    secret_key       = "my-secret-key"
    access_key       = "my-access-key"
  }
}

resource "scalr_provider_configuration" "oidc" {
  name                   = "oidc_dev_us_east_1"
  account_id             = "acc-xxxxxxxxxx"
  export_shell_variables = false
  environments           = ["*"]
  aws {
    credentials_type = "oidc"
    role_arn         = "arn:aws:iam::123456789012:role/scalr-oidc-role"
    audience         = "aws.scalr-run-workload"
  }
}

To get into more advanced AWS usage please refer to the official AWS module.

AzureRM provider

resource "scalr_provider_configuration" "azurerm" {
  name       = "azurerm"
  account_id = "acc-xxxxxxxxxx"
  azurerm {
    client_id       = "my-client-id"
    client_secret   = "my-client-secret"
    subscription_id = "my-subscription-id"
    tenant_id       = "my-tenant-id"
  }
}

resource "scalr_provider_configuration" "azurerm_oidc" {
  name       = "azurerm"
  account_id = "acc-xxxxxxxxxx"
  azurerm {
    auth_type       = "oidc"
    audience        = "scalr-workload-identity"
    client_id       = "my-client-id"
    tenant_id       = "my-tenant-id"
    subscription_id = "my-subscription-id"
  }
}

Google provider

resource "scalr_provider_configuration" "google" {
  name       = "google_main"
  account_id = "acc-xxxxxxxxxx"
  google {
    project     = "my-project"
    credentials = "my-credentials"
  }
}

resource "scalr_provider_configuration" "google" {
  name       = "google_main"
  account_id = "acc-xxxxxxxxxx"
  google {
    auth_type              = "oidc"
    project                = "my-project"
    service_account_email  = "[email protected]"
    workload_provider_name = "projects/123/locations/global/workloadIdentityPools/pool-name/providers/provider-name"
  }
}

Custom providers

resource "scalr_provider_configuration" "kubernetes" {
  name       = "k8s"
  account_id = "acc-xxxxxxxxxx"
  custom {
    provider_name = "kubernetes"
    argument {
      name        = "host"
      value       = "my-host"
      description = "The hostname (in form of URI) of the Kubernetes API."
    }
    argument {
      name  = "username"
      value = "my-username"
    }
    argument {
      name      = "password"
      value     = "my-password"
      sensitive = true
    }
  }
}

Schema

Required

• name (String) The name of the Scalr provider configuration. This field is unique for the account.

Optional

• account_id (String) The account that owns the object, specified as an ID.
• aws (Block List, Max: 1) Settings for the aws provider configuration. Exactly one of the following attributes must be set: scalr, aws, google, azurerm, custom. (see below for nested schema)
• azurerm (Block List, Max: 1) Settings for the azurerm provider configuration. Exactly one of the following attributes must be set: scalr, aws, google, azurerm, custom. (see below for nested schema)
• custom (Block List, Max: 1) Settings for the provider configuration that does not have scalr support as a built-in provider. Exactly one of the following attributes must be set: scalr, aws, google, azurerm, custom. (see below for nested schema)
• environments (Set of String) The list of environment identifiers that the provider configuration is shared to. Use ["*"] to share with all environments.
• export_shell_variables (Boolean) Export provider variables into the run environment. This option is available for built-in (Scalr, AWS, AzureRM, Google) providers only.
• google (Block List, Max: 1) Settings for the google provider configuration. Exactly one of the following attributes must be set: scalr, aws, google, azurerm, custom. (see below for nested schema)
• scalr (Block List, Max: 1) Settings for the Scalr provider configuration. Exactly one of the following attributes must be set: scalr, aws, google, azurerm, custom. (see below for nested schema)

Read-Only

• id (String) The ID of this resource.

Nested Schema for aws

Required:

• credentials_type (String) The type of AWS credentials, available options: access_keys, role_delegation, oidc.

Optional:

• access_key (String) AWS access key. This option is required with access_keys credentials type.
• account_type (String) The type of AWS account, available options: regular, gov-cloud, cn-cloud.
• audience (String) The value of the aud claim for the identity token. This option is required with oidc credentials type.
• external_id (String) External identifier to use when assuming the role. This option is required with role_delegation credentials type and aws_account trusted entity type.
• role_arn (String) Amazon Resource Name (ARN) of the IAM Role to assume. This option is required with the role_delegation and oidc credentials type.
• secret_key (String, Sensitive) AWS secret key. This option is required with access_keys credentials type.
• trusted_entity_type (String) Trusted entity type, available options: aws_account, aws_service. This option is required with role_delegation credentials type.

Nested Schema for azurerm

Required:

• client_id (String) The Client ID that should be used.
• tenant_id (String) The Tenant ID that should be used.

Optional:

• audience (String) The value of the aud claim for the identity token. This option is required with oidc authentication type.
• auth_type (String) Authentication type, either client-secrets (default) or oidc.
• client_secret (String) The Client Secret that should be used, required when auth_type is client-secrets.
• subscription_id (String) The Subscription ID that should be used. If skipped, it must be set as a shell variable in the workspace or as a part of the source configuration.

Nested Schema for custom

Required:

• argument (Block Set, Min: 1) The provider configuration argument. Multiple instances are allowed per block. (see below for nested schema)
• provider_name (String) The name of a Terraform provider.

Nested Schema for custom.argument

Required:

• name (String) The name of the provider configuration argument.

Optional:

• description (String) The description of the provider configuration argument.
• sensitive (Boolean) Set (true/false) to configure as sensitive. Default false.
• value (String) The value of the provider configuration argument.

Nested Schema for google

Optional:

• auth_type (String) Authentication type, either service-account-key (default) or oidc.
• credentials (String, Sensitive) Service account key file in JSON format, required when auth_type is service-account-key.
• project (String) The default project to manage resources in. If another project is specified on a resource, it will take precedence.
• service_account_email (String) The service account email used to authenticate to GCP, required when auth_type is oidc.
• use_default_project (Boolean) If the project a credential is created in will be used by default.
• workload_provider_name (String) The canonical name of the workload identity provider, required when auth_type is oidc.

Nested Schema for scalr

Required:

• hostname (String) The Scalr hostname which should be used.
• token (String, Sensitive) The Scalr token which should be used.

Import

Import is supported using the following syntax:

terraform import scalr_provider_configuration.example pcfg-xxxxxxxxxx