|
| 1 | +--- |
| 2 | +layout: "stax" |
| 3 | +page_title: "Managing Stax Resources with Terraform Cloud" |
| 4 | +description: A Guide to managing Stax Resources with Terraform Cloud |
| 5 | +--- |
| 6 | + |
| 7 | +# Managing Stax Resources with Terraform Cloud |
| 8 | + |
| 9 | +[Terraform Cloud](https://www.terraform.io/) is a hosted service by HashiCorp that allows you to manage your Terraform configurations in a collaborative and secure manner. This guide will walk through how to manage Stax resources using Terraform Cloud. |
| 10 | + |
| 11 | +Before you begin you should read through the [Get Started - Terraform Cloud](https://developer.hashicorp.com/terraform/tutorials/cloud-get-started) provided by hashicorp, this will familiarize you with the basics of Terraform Cloud. |
| 12 | + |
| 13 | +# Initial project setup |
| 14 | + |
| 15 | +Before running Terraform, you'll need to: |
| 16 | +1. Create a Terraform Cloud Organization and Workspace |
| 17 | +2. Configure [Terraform Cloud workspace variables](https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables) for your Stax credentials |
| 18 | +3. Setup a git repository, which will store your Terraform configuration |
| 19 | +4. [Connect the VCS Provider to Terraform Cloud](https://developer.hashicorp.com/terraform/cloud-docs/vcs) |
| 20 | + |
| 21 | +# Configuring Credentials |
| 22 | + |
| 23 | +A Stax [API Token](https://www.stax.io/developer/api-tokens/) is required to authenticate with the Stax API. You need to configure these credentials as [Terraform Cloud workspace variables](https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables), using the values as follows: |
| 24 | + |
| 25 | +| Key | Category | Sensitive | |
| 26 | +|---|---|---| |
| 27 | +| STAX_ACCESS_KEY | env | false | |
| 28 | +| STAX_SECRET_KEY | env | true | |
| 29 | + |
| 30 | +**Note:** |
| 31 | +1. The access key (`STAX_ACCESS_KEY`) is not considered `SENSITIVE` and enables customers to track which API token is being used in terraform cloud. |
| 32 | +2. The secret key (`STAX_SECRET_KEY`) however **must** be marked as `SENSITIVE`. |
| 33 | + |
| 34 | +# Provider configuration |
| 35 | + |
| 36 | +Following the conventions in the terraform cloud documentation, you will define our provider configuration in the `provider.tf` file in our project repository: |
| 37 | + |
| 38 | +``` |
| 39 | +terraform { |
| 40 | + cloud { |
| 41 | + organization = "ORGANIZATION_NAME" |
| 42 | + workspaces { |
| 43 | + name = "WORKSPACE_NAME" |
| 44 | + } |
| 45 | + } |
| 46 | + required_providers { |
| 47 | + stax = { |
| 48 | + source = "registry.terraform.io/stax-labs/stax" |
| 49 | + } |
| 50 | + } |
| 51 | + # enables the use of config-driven imports |
| 52 | + required_version = ">= 1.5.0" |
| 53 | +} |
| 54 | +
|
| 55 | +# The credentials from the API token are exported as environment variables named as follows: |
| 56 | +# * STAX_ACCESS_KEY |
| 57 | +# * STAX_SECRET_KEY |
| 58 | +# |
| 59 | +# This is typically how ci pipelines will run this infra code. |
| 60 | +# |
| 61 | +provider "stax" { |
| 62 | + installation = "au1" |
| 63 | +} |
| 64 | +``` |
| 65 | + |
| 66 | +You will need to replace `ORGANIZATION_NAME` with your organization name, as well as the `WORKSPACE_NAME` placeholder for workspace name, these are manually setup in terraform cloud when you [Create a workspace](https://developer.hashicorp.com/terraform/cloud-docs/workspaces/creating). |
| 67 | + |
| 68 | +Now you can add stax resources to the `main.tf` in your project and they will be provisioned in stax as a part of the Terraform Cloud workflow. |
0 commit comments