Links

Terraform

Reference for the humanitec/template driver
The Terraform driver is not available as part of the free trial. Please contact Humanitec if you would like to use the terraform driver as part of an evaluation of Humanitec.
This driver runs Terraform to provision resources. The Terraform definition can be provided in-line or reference a Terraform module in a Git repository.

Property

Property
Description
Resource Type
Any
Account Type
None

Inputs

Values

Name
Type
Description
source
object
[Optional] A Git repository to use for the Terraform definition.
script
string
[Optional] An inline terraform definition in HCL format. If specified with source, it works as override.tf
variables
object
A Map of variable names that are used as inputs to the Terraform definition and their values.
At least one of source or script must be specified.
Source object
The source object defines how the driver will use Terraform definitions that are stored in Git. In order for the driver to use the source based Terraform definitions, the repository must be accessible to the driver and credentials must be supplied if necessary.
Property
Type
Description
path
string
[Optional] Relative path to the scripts: path/to/scripts.
rev
string
[Optional] Branch name, tag, or commit SHA. E.g. /refs/heads/main
url
object
Repository URL. E.g. github.com:my-org/project.git for SSH or https://github.com/my-org/project.git for HTTPS.
username
object
[Optional] User Name to authenticate. Default is git.

Secrets

Name
Type
Description
source
object
[Optional] Credentials for the git repo.
variables
object
A Map of variable names that are used as sensitive inputs to the Terraform definition.
Source object
Credentials to be used to access the git repository. The choice of credentials depends on the url format.
Property
Type
Description
password
string
[Optional] Password or Personal Account Token - for HTTPS.
ssh_key
string
[Optional] SSH Private key - for connections over SSH.

Notes

Interaction with Humanitec Resources

Resource Types in Humanitec have a specified Resource Output Schema. In order for a resource to be usable in Humanitec, the Terraform definition must specify output variables that exactly match this schema.
Name
Type
Description
aws_access_key_id
string, secret
Specifies an AWS access key associated with an IAM user or role.
aws_secret_access_key
string, secret
Specifies the secret key associated with the access key. This is essentially the "password" for the access key.
bucket
string
The bucket name.
region
string
The region the bucket is hosted in.
Therefore, the Terraform definition should have outputs defined similar to:
output "region" {
value = module.aws_s3.s3_bucket_region
}
output "bucket" {
value = module.aws_s3.s3_bucket_bucket_domain_name
}
output "aws_access_key_id" {
value = var.credentials.access_key
sensitive = true
}
output "aws_secret_access_key" {
value = var.credentials.secret_key
sensitive = true
}

Example

Here is an example of using the Terraform driver to provision an S3 bucket using a public git repository:
curl "https://api.humanitec.io/orgs/${HUMANITEC_ORG}/resources/defs" \
-H "Authorization: Bearer ${HUMANITEC_TOKEN}" \
-H "Content-Type: application/json" \
--data-binary '{
"id": "s3-terraform",
"name": "s3-terraform",
"type": "s3",
"driver_type": "angus-demo/terraform",
"driver_inputs": {
"values": {
"source": {
"path": "s3",
"rev": "refs/heads/main",
"url": "https://github.com/chrishumanitec/terraform-demo.git"
},
"variables": {
"bucket": "humanitec-terraform-demo-${context.app.id}-${context.env.id}",
"region": "eu-west-3"
}
},
"secrets": {
"variables": {
"credentials": {
"access_key": "...",
"secret_key": "..."
}
}
}
},
"criteria": [
{"env_type":"test-envs"}
]
}'