Provider Configurations

Note

We recommend following the Getting Started - Scalr Provider prior to continuing in this tutorial.

Provider configurations are how users can manage provider credentials that need to be assigned/shared with environments. In this tutorial, we will focus on the set up of provider configurations through the Scalr provider, please go to the Provider Configurations page for more general information.

Prerequisites:

The following prerequisites are required before proceeding:

  • A Scalr account

  • The Terraform CLI

  • Access to an AWS account and ability to use IAM permissions. Other providers can be used as well, but you will need to adapt the instruction as needed.

  • A Scalr service account already created with permissions to manage Scalr provider configurations and environments. If you followed the previous guide (Getting Started - Scalr Provider), you have already assigned admin permissions to the service account. If you want to narrow those permissions, the following can be used:

  • cloud-credentials:read

  • cloud-credentials:create

  • cloud-credentials:update

  • environments:create

  • environments:read

  • environments:update

Use Case

The use case we will go through is the process of creating an environment, then the creation of a provider configuration, and then linking the configuration to the environment. The workflow in this case will use the Terraform CLI, but the same can be accomplished with a VCS or Module based workspace. We will create two workspaces, one that manages environments and one that manages the provider configurations.

Terraform Login

Since we are using the CLI, we need to ensure that our credentials have been stored locally to allow for the Terraform CLI to work with Scalr. To do this, run terraform login <account-name>.scalr.io:

terraform login <account-name>.scalr.io

Terraform will request an API token for <account-name>.scalr.io using your browser.

If login is successful, Terraform will store the token in plain text in
the following file for use by subsequent commands:
    /Users/name/.terraform.d/credentials.tfrc.json

Do you want to proceed?
  Only 'yes' will be accepted to confirm.

 Enter a value: yes

This will redirect you to the Scalr UI to create the API token. Copy the token and paste it in the command prompt:

---------------------------------------------------------------------------------

Terraform must now open a web browser to the tokens page for docs.scalr.io.

If a browser does not open this automatically, open the following URL to proceed:
    https://<account-name>.scalr.io/app/settings/tokens?source=terraform-login

---------------------------------------------------------------------------------

Generate a token using your browser, and copy-paste it into this prompt.

Terraform will store the token in plain text in the following file
for use by subsequent commands:
    /Users/name/.terraform.d/credentials.tfrc.json

Token for <account-name>.scalr.io:
  Enter a value:

Retrieved token for user [email protected]

---------------------------------------------------------------------------------

Success! Terraform has obtained and saved an API token.

The new API token will be used for any future Terraform command that must make
authenticated requests to <account-name>.scalr.io.

Great, we can now execute the Terraform CLI remotely in Scalr.

Provider Configuration Creation

Lets start by creating our first workspace to manage the provider configuration. To do this, create a new directory for the workspace and add a providers.tf file, which will contain the code for the Scalr provider. Get the latest provider information from https://registry.scalr.io/:

terraform {
    required_providers {
        scalr = {
            source = "registry.scalr.io/scalr/scalr"
            version= "1.0.0-rc36"
        }
    }
}

Now, we’ll create a main.tf file, let’s add Scalr as the remote backend. Please update the following with your Scalr URL and environment ID:

terraform {
  backend "remote" {
    hostname = "<account>.scalr.io"
    organization = "<environment-id>"

    workspaces {
      name = "manage_providers"
    }
  }
}

Lets define the Scalr account in the main.tf as a local in the event it needs to be used frequently. Be sure to update the following with your actual account ID.

The account ID can be found on your account dashboard:

../../_images/account_id.png
locals {
    account_id  = "<account-id>"
}

Now, to the same main.tf, let’s add a provider configuration for an AWS account and make it available to all environments. There are many types of AWS credentials that can be linked, today we are just going with keys (make sure to add your keys in the code):

resource "scalr_provider_configuration" "aws" {
  name                   = "tutorial"
  account_id             = local.account_id
  export_shell_variables = false
  environments           = ["*"]
  aws {
    account_type     = "regular"
    credentials_type = "access_keys"
    secret_key       = "<secret key>"
    access_key       = "<access key>"
  }
}

output provider_config_id {
  value = scalr_provider_configuration.aws.id
}

Lets execute terraform init and terraform apply to create the provider configuration!

../../_images/provider_apply_complete.png

Environment Creation

Now that the the provider configuration is done, lets create an environments and link the configuration that was created. Start by creating a new directory/workspace to execute the code in.

In the new workspace, let’s set up the Scalr provider in a providers.tf file. Get the provider information from https://registry.scalr.io/:

terraform {
  required_providers {
      scalr = {
          source = "registry.scalr.io/scalr/scalr"
          version= "1.0.0-rc36"
      }
  }
}

Now, we’ll create a main.tf file, let’s add Scalr as the remote backend. Please update the following with your Scalr URL and environment ID:

terraform {
  backend "remote" {
    hostname = "<account>.scalr.io"
    organization = "<environment-id>"

    workspaces {
      name = "manage_environments"
    }
  }
}

Now, we’re going to add code to create the environment and use the remote data source from the previous workspace to pull in the provider configuration ID. The remote data can be found in the previous workspace’s dashboard. Update your Scalr URL, environment ID, and account ID in the code below.

##Pull the remote data from the workspace managing the providers##
data "terraform_remote_state" "manage_providers" {
  backend = "remote"

  config = {
    hostname = "<account>.scalr.io"
    organization = "<environment-id>"
    workspaces = {
      name = "manage_providers"
    }
  }
}

##Set a local for the account and define the provider config ID##
locals {
  account_id  = "<your-account-id>"
  provider_config_id = data.terraform_remote_state.manage_providers.outputs.provider_config_id
}

##Create the workspace and set the default provider configuration##
resource "scalr_environment" "example" {
  name       = "example-env"
  account_id = local.account_id
  cost_estimation_enabled = true
  default_provider_configurations = [local.provider_config_id]
}

output env_id {
  value = scalr_environment.example.id
}

Lets execute terraform init and terraform apply to create the environment!

By the end of the run, a new environment will be created and have the default AWS provider configuration attached to it. You can now use this new environment and to create workspaces which deploy AWS resources via Terraform.

../../_images/env_apply_complete.png

Summary

Congrats on working through the basics of using the Scalr provider to manage provider configurations! There is a lot more you can do with this provider including setting default credentials for workspace, linking the credentials to specific environments, and much more. Find the full details in the Provider Configurations and the Scalr Terraform Provider pages.