2014-07-28 19:43:00 +02:00
|
|
|
---
|
|
|
|
layout: "docs"
|
|
|
|
page_title: "Configuring Providers"
|
|
|
|
sidebar_current: "docs-config-providers"
|
2014-10-22 05:21:56 +02:00
|
|
|
description: |-
|
|
|
|
Providers are responsible in Terraform for managing the lifecycle of a resource: create, read, update, delete.
|
2014-07-28 19:43:00 +02:00
|
|
|
---
|
|
|
|
|
|
|
|
# Provider Configuration
|
|
|
|
|
|
|
|
Providers are responsible in Terraform for managing the lifecycle
|
2015-05-04 20:41:18 +02:00
|
|
|
of a [resource](/docs/configuration/resources.html): create,
|
2014-07-28 19:43:00 +02:00
|
|
|
read, update, delete.
|
|
|
|
|
|
|
|
Most providers require some sort of configuration to provide
|
2017-11-09 00:23:38 +01:00
|
|
|
authentication information, endpoint URLs, etc. Where explicit configuration
|
|
|
|
is required, a `provider` block is used within the configuration as
|
|
|
|
illustrated in the following sections.
|
|
|
|
|
|
|
|
By default, resources are matched with provider configurations by matching
|
|
|
|
the start of the resource name. For example, a resource of type
|
|
|
|
`vsphere_virtual_machine` is associated with a provider called `vsphere`.
|
2014-07-28 19:43:00 +02:00
|
|
|
|
|
|
|
This page assumes you're familiar with the
|
|
|
|
[configuration syntax](/docs/configuration/syntax.html)
|
|
|
|
already.
|
|
|
|
|
|
|
|
## Example
|
|
|
|
|
|
|
|
A provider configuration looks like the following:
|
|
|
|
|
2017-04-05 17:29:27 +02:00
|
|
|
```hcl
|
2014-07-28 19:43:00 +02:00
|
|
|
provider "aws" {
|
2017-04-05 17:29:27 +02:00
|
|
|
access_key = "foo"
|
|
|
|
secret_key = "bar"
|
2017-06-03 02:10:11 +02:00
|
|
|
region = "us-east-1"
|
2014-07-28 19:43:00 +02:00
|
|
|
}
|
|
|
|
```
|
|
|
|
|
2014-08-07 09:19:56 +02:00
|
|
|
## Description
|
2014-07-28 19:43:00 +02:00
|
|
|
|
2017-11-09 00:23:38 +01:00
|
|
|
A `provider` block represents a configuration for the provider named in its
|
|
|
|
header. For example, `provider "aws"` above is a configuration for the
|
|
|
|
`aws` provider.
|
2014-07-28 19:43:00 +02:00
|
|
|
|
2017-11-09 00:23:38 +01:00
|
|
|
Within the block body (between `{ }`) is configuration for the provider.
|
2014-07-28 19:43:00 +02:00
|
|
|
The configuration is dependent on the type, and is documented
|
|
|
|
[for each provider](/docs/providers/index.html).
|
|
|
|
|
2017-11-09 00:23:38 +01:00
|
|
|
The arguments `alias` and `version`, if present, are special arguments
|
|
|
|
handled by Terraform Core for their respective features described above. All
|
|
|
|
other arguments are defined by the provider itself.
|
|
|
|
|
|
|
|
A `provider` block may be omitted if its body would be empty. Using a resource
|
|
|
|
in configuration implicitly creates an empty provider configuration for it
|
|
|
|
unless a `provider` block is explicitly provided.
|
|
|
|
|
2017-06-03 02:10:11 +02:00
|
|
|
## Initialization
|
|
|
|
|
|
|
|
Each time a new provider is added to configuration -- either explicitly via
|
|
|
|
a `provider` block or by adding a resource from that provider -- it's necessary
|
|
|
|
to initialize that provider before use. Initialization downloads and installs
|
|
|
|
the provider's plugin and prepares it to be used.
|
|
|
|
|
|
|
|
Provider initialization is one of the actions of `terraform init`. Running
|
|
|
|
this command will download and initialize any providers that are not already
|
|
|
|
initialized.
|
|
|
|
|
|
|
|
For more information, see
|
|
|
|
[the `terraform init` command](/docs/commands/init.html).
|
|
|
|
|
|
|
|
## Provider Versions
|
|
|
|
|
|
|
|
Providers are released on a separate rhythm from Terraform itself, and thus
|
|
|
|
have their own version numbers. For production use, it is recommended to
|
|
|
|
constrain the acceptable provider versions via configuration, to ensure that
|
|
|
|
new versions with breaking changes will not be automatically installed by
|
|
|
|
`terraform init` in future.
|
|
|
|
|
|
|
|
When `terraform init` is run _without_ provider version constraints, it
|
|
|
|
prints a suggested version constraint string for each provider:
|
|
|
|
|
|
|
|
```
|
|
|
|
The following providers do not have any version constraints in configuration,
|
|
|
|
so the latest version was installed.
|
|
|
|
|
|
|
|
To prevent automatic upgrades to new major versions that may contain breaking
|
|
|
|
changes, it is recommended to add version = "..." constraints to the
|
|
|
|
corresponding provider blocks in configuration, with the constraint strings
|
|
|
|
suggested below.
|
|
|
|
|
|
|
|
* provider.aws: version = "~> 1.0"
|
|
|
|
```
|
|
|
|
|
|
|
|
To constrain the provider version as suggested, add a `version` argument to
|
|
|
|
the provider configuration block:
|
|
|
|
|
|
|
|
```hcl
|
|
|
|
provider "aws" {
|
|
|
|
version = "~> 1.0"
|
|
|
|
|
|
|
|
access_key = "foo"
|
|
|
|
secret_key = "bar"
|
|
|
|
region = "us-east-1"
|
|
|
|
}
|
|
|
|
```
|
|
|
|
|
|
|
|
This special argument applies to _all_ providers.
|
|
|
|
[`terraform providers`](/docs/commands/providers.html) can be used to
|
|
|
|
view the specified version constraints for all providers used in the
|
|
|
|
current configuration.
|
|
|
|
|
2017-08-28 20:48:39 +02:00
|
|
|
When `terraform init` is re-run with providers already installed, it will
|
|
|
|
use an already-installed provider that meets the constraints in preference
|
|
|
|
to downloading a new version. To upgrade to the latest acceptable version
|
|
|
|
of each provider, run `terraform init -upgrade`. This command also upgrades
|
|
|
|
to the latest versions of all Terraform modules.
|
|
|
|
|
2015-04-21 01:54:56 +02:00
|
|
|
## Multiple Provider Instances
|
|
|
|
|
2017-11-09 00:23:38 +01:00
|
|
|
You can define multiple configurations for the same provider in order to support
|
2016-09-08 05:55:03 +02:00
|
|
|
multiple regions, multiple hosts, etc. The primary use case for this is
|
2017-11-09 00:23:38 +01:00
|
|
|
using multiple cloud regions. Other use-cases include targeting multiple
|
2015-04-21 01:54:56 +02:00
|
|
|
Docker hosts, multiple Consul hosts, etc.
|
|
|
|
|
2017-11-09 00:23:38 +01:00
|
|
|
To include multiple configurations fo a given provider, include multiple
|
|
|
|
`provider` blocks with the same provider name, but set the `alias` field to an
|
|
|
|
instance name to use for each additional instance. For example:
|
2015-04-21 01:54:56 +02:00
|
|
|
|
2017-04-05 17:29:27 +02:00
|
|
|
```hcl
|
2017-11-09 00:23:38 +01:00
|
|
|
# The default provider configuration
|
2015-04-21 01:54:56 +02:00
|
|
|
provider "aws" {
|
2017-04-05 17:29:27 +02:00
|
|
|
# ...
|
2015-04-21 01:54:56 +02:00
|
|
|
}
|
|
|
|
|
2017-11-09 00:23:38 +01:00
|
|
|
# Additional provider configuration for west coast region
|
2015-04-21 01:54:56 +02:00
|
|
|
provider "aws" {
|
2017-04-05 17:29:27 +02:00
|
|
|
alias = "west"
|
|
|
|
region = "us-west-2"
|
2015-04-21 01:54:56 +02:00
|
|
|
}
|
|
|
|
```
|
|
|
|
|
2017-11-09 00:23:38 +01:00
|
|
|
A `provider` block with out `alias` set is known as the _default_ provider
|
|
|
|
configuration. When `alias` is set, it creates an _additional_ provider
|
|
|
|
configuration. For providers that have no required configuration arguments, the
|
|
|
|
implied _empty_ configuration is also considered to be a _default_ provider
|
|
|
|
configuration.
|
|
|
|
|
|
|
|
Resources are normally associated with the default provider configuration
|
|
|
|
inferred from the resource type name. For example, a resource of type
|
|
|
|
`aws_instance` uses the _default_ (un-aliased) `aws` provider configuration
|
|
|
|
unless otherwise stated.
|
|
|
|
|
|
|
|
The `provider` argument within any `resource` or `data` block overrides this
|
|
|
|
default behavior and allows an additional provider configuration to be
|
|
|
|
selected using its alias:
|
2015-04-21 01:54:56 +02:00
|
|
|
|
2017-04-05 17:29:27 +02:00
|
|
|
```hcl
|
2015-04-21 01:54:56 +02:00
|
|
|
resource "aws_instance" "foo" {
|
2017-04-05 17:29:27 +02:00
|
|
|
provider = "aws.west"
|
2015-04-21 01:54:56 +02:00
|
|
|
|
2017-04-05 17:29:27 +02:00
|
|
|
# ...
|
2015-04-21 01:54:56 +02:00
|
|
|
}
|
|
|
|
```
|
|
|
|
|
2017-11-09 00:23:38 +01:00
|
|
|
The value of the `provider` argument is always the provider name and an
|
|
|
|
alias separated by a period, such as `"aws.west"` above.
|
2014-07-28 19:43:00 +02:00
|
|
|
|
2017-11-09 00:23:38 +01:00
|
|
|
Provider configurations may also be passed from a parent module into a
|
|
|
|
child module, as described in
|
|
|
|
[_Providers within Modules_](/docs/modules/usage.html#providers-within-modules).
|
2017-04-06 10:19:37 +02:00
|
|
|
|
|
|
|
## Interpolation
|
2017-11-09 00:23:38 +01:00
|
|
|
|
|
|
|
Provider configurations may use [interpolation syntax](/docs/configuration/interpolation.html)
|
|
|
|
to allow dynamic configuration:
|
2017-04-06 10:19:37 +02:00
|
|
|
|
2017-04-07 11:26:30 +02:00
|
|
|
```hcl
|
2017-04-06 10:19:37 +02:00
|
|
|
provider "aws" {
|
2017-04-07 11:26:30 +02:00
|
|
|
region = "${var.aws_region}"
|
2017-04-06 10:19:37 +02:00
|
|
|
}
|
|
|
|
```
|
|
|
|
|
2017-11-09 00:23:38 +01:00
|
|
|
Interpolation is supported only for the per-provider configuration arguments.
|
|
|
|
It is not supported for the special `alias` and `version` arguments.
|
2017-09-28 18:54:23 +02:00
|
|
|
|
2017-11-09 00:23:38 +01:00
|
|
|
Although in principle it is possible to use any interpolation expression within
|
|
|
|
a provider configuration argument, providers must be configurable to perform
|
|
|
|
almost all operations within Terraform, and so it is not possible to use
|
|
|
|
expressions whose value cannot be known until after configuration is applied,
|
|
|
|
such as the id of a resource.
|
2017-09-29 00:21:08 +02:00
|
|
|
|
2017-11-09 00:23:38 +01:00
|
|
|
It is always valid to use [input variables](/docs/configuration/variables.html)
|
|
|
|
and [data sources](/docs/configuration/data-sources.html) whose configurations
|
|
|
|
do not in turn depend on as-yet-unknown values. [Local values](/docs/configuration/locals.html)
|
|
|
|
may also be used, but currently may cause errors when running `terraform destroy`.
|
2017-09-08 01:43:13 +02:00
|
|
|
|
|
|
|
## Third-party Plugins
|
|
|
|
|
|
|
|
At present Terraform can automatically install only the providers distributed
|
|
|
|
by HashiCorp. Third-party providers can be manually installed by placing
|
|
|
|
their plugin executables in one of the following locations depending on the
|
|
|
|
host operating system:
|
|
|
|
|
|
|
|
* On Windows, in the sub-path `terraform.d/plugins` beneath your user's
|
|
|
|
"Application Data" directory.
|
|
|
|
* On all other systems, in the sub-path `.terraform.d/plugins` in your
|
|
|
|
user's home directory.
|
|
|
|
|
|
|
|
`terraform init` will search this directory for additional plugins during
|
|
|
|
plugin initialization.
|
|
|
|
|
2017-11-19 03:44:57 +01:00
|
|
|
The naming scheme for provider plugins is `terraform-provider-NAME_vX.Y.Z`,
|
2017-09-08 01:43:13 +02:00
|
|
|
and Terraform uses the name to understand the name and version of a particular
|
|
|
|
provider binary. Third-party plugins will often be distributed with an
|
|
|
|
appropriate filename already set in the distribution archive so that it can
|
|
|
|
be extracted directly into the plugin directory described above.
|
2017-09-08 02:40:00 +02:00
|
|
|
|
|
|
|
## Provider Plugin Cache
|
|
|
|
|
|
|
|
By default, `terraform init` downloads plugins into a subdirectory of the
|
|
|
|
working directory so that each working directory is self-contained. As a
|
|
|
|
consequence, if you have multiple configurations that use the same provider
|
|
|
|
then a separate copy of its plugin will be downloaded for each configuration.
|
|
|
|
|
|
|
|
Given that provider plugins can be quite large (on the order of hundreds of
|
|
|
|
megabytes), this default behavior can be inconvenient for those with slow
|
|
|
|
or metered Internet connections. Therefore Terraform optionally allows the
|
|
|
|
use of a local directory as a shared plugin cache, which then allows each
|
|
|
|
distinct plugin binary to be downloaded only once.
|
|
|
|
|
|
|
|
To enable the plugin cache, use the `plugin_cache_dir` setting in
|
|
|
|
[the CLI configuration file](https://www.terraform.io/docs/commands/cli-config.html).
|
|
|
|
For example:
|
|
|
|
|
|
|
|
```hcl
|
|
|
|
# (Note that the CLI configuration file is _not_ the same as the .tf files
|
|
|
|
# used to configure infrastructure.)
|
|
|
|
|
|
|
|
plugin_cache_dir = "$HOME/.terraform.d/plugin-cache"
|
|
|
|
```
|
|
|
|
|
2017-11-30 00:04:08 +01:00
|
|
|
This directory must already exist before Terraform will cache plugins;
|
|
|
|
Terraform will not create the directory itself.
|
|
|
|
|
2017-09-08 02:40:00 +02:00
|
|
|
Please note that on Windows it is necessary to use forward slash separators
|
|
|
|
(`/`) rather than the conventional backslash (`\`) since the configuration
|
|
|
|
file parser considers a backslash to begin an escape sequence.
|
|
|
|
|
|
|
|
Setting this in the configuration file is the recommended approach for a
|
|
|
|
persistent setting. Alternatively, the `TF_PLUGIN_CACHE_DIR` environment
|
|
|
|
variable can be used to enable caching or to override an existing cache
|
|
|
|
directory within a particular shell session:
|
|
|
|
|
|
|
|
```bash
|
2017-10-04 03:34:22 +02:00
|
|
|
export TF_PLUGIN_CACHE_DIR="$HOME/.terraform.d/plugin-cache"
|
2017-09-08 02:40:00 +02:00
|
|
|
```
|
|
|
|
|
|
|
|
When a plugin cache directory is enabled, the `terraform init` command will
|
|
|
|
still access the plugin distribution server to obtain metadata about which
|
|
|
|
plugins are available, but once a suitable version has been selected it will
|
|
|
|
first check to see if the selected plugin is already available in the cache
|
|
|
|
directory. If so, the already-downloaded plugin binary will be used.
|
|
|
|
|
|
|
|
If the selected plugin is not already in the cache, it will be downloaded
|
|
|
|
into the cache first and then copied from there into the correct location
|
|
|
|
under your current working directory.
|
|
|
|
|
|
|
|
When possible, Terraform will use hardlinks or symlinks to avoid storing
|
|
|
|
a separate copy of a cached plugin in multiple directories. At present, this
|
|
|
|
is not supported on Windows and instead a copy is always created.
|
|
|
|
|
|
|
|
The plugin cache directory must *not* be the third-party plugin directory
|
|
|
|
or any other directory Terraform searches for pre-installed plugins, since
|
|
|
|
the cache management logic conflicts with the normal plugin discovery logic
|
|
|
|
when operating on the same directory.
|
|
|
|
|
|
|
|
Please note that Terraform will never itself delete a plugin from the
|
|
|
|
plugin cache once it's been placed there. Over time, as plugins are upgraded,
|
|
|
|
the cache directory may grow to contain several unused versions which must be
|
|
|
|
manually deleted.
|