# groundcover Terraform Provider

## Overview

Terraform is an infrastructure-as-code (IaC) tool for managing cloud and SaaS resources using declarative configuration. The groundcover Terraform provider enables you to manage observability resources such as policies, service accounts, API keys, and monitors as code—making them consistent, versioned, and automated.

We've partnered up with Hashicorp as an official Terraform provider- <https://registry.terraform.io/providers/groundcover-com/groundcover/latest>

Also available is our provider Github repository: <https://github.com/groundcover-com/terraform-provider-groundcover>

## Supported Resources

* **`groundcover_policy`** – Defines RBAC policies (roles and optional data scope filters) [Role-Based Access Control (RBAC)](/use-groundcover/role-based-access-control-rbac.md)
* **`groundcover_serviceaccount`** – Creates service accounts using attaches policies. [Service Accounts](/use-groundcover/remote-access-and-apis/service-accounts.md)
* **`groundcover_apikey`** – Creates API keys for service accounts. [API Keys](/use-groundcover/remote-access-and-apis/api-keys.md)
* **`groundcover_monitor`** – Defines alerting rules and monitors. [Monitors](/use-groundcover/monitors.md)
* **`groundcover_logspipeline`** - Defines Logs Pipeline configurations. [Logs Pipeline](/use-groundcover/data-pipelines/log-pipelines.md)
* **`groundcover_ingestionkey`** - Creates Ingestion keys. [Ingestion Keys](/use-groundcover/remote-access-and-apis/ingestion-keys.md)
* **`groundcover_dashboard`** - Define Dashboards. [Dashboards](/use-groundcover/dashboards-and-alerts.md)
* **`groundcover_synthetic_test`** - Define Synthetics and their respective monitors. [Synthetics](/capabilities/synthetics.md)
* **`groundcover_connected_app`** - Define Connected Apps. [Connected Apps](/integrations/connected-apps.md)
* **`groundcover_notification_route`** - Define Notification Routes. [Notification Routes](/use-groundcover/monitors/notification-routes.md)

## Installation and Setup

### Requirements

* [Terraform](https://www.terraform.io/downloads.html) ≥ 1.0 (Check `required_version` if specified in `main.tf`)
* [Go](https://golang.org/doc/install) >= 1.21 (to build the provider plugin)
* groundcover Account and API Key.

### Install the Provider

```
terraform {
  required_providers {
    groundcover = {
      source  = "registry.terraform.io/groundcover-com/groundcover"
      version = ">= 0.0.0" # Replace with actual version constraint
    }
  }
}
```

Run `terraform init` to install the provider.

### Configure the Provider

```
provider "groundcover" {
  api_key  = "YOUR_API_KEY" # Required
  base_url = "https://api.groundcover.com" # Optional, change if using onprem/airgap deployment
  backend_id = "groundcover" # Your Backend ID can be found in the groundcover UI under Settings->Access->API Keys
}
```

#### Arguments

* `api_key` (String, Required, Sensitive): Your groundcover API key. It is strongly recommended to configure this using the `TF_VAR_groundcover_api_key` environment variable rather than hardcoding it.
* `base_url` (String, Optional): The base URL for the groundcover API. Defaults to `https://api.groundcover.com` if not specified.
* `backend_id` (String, Required): Your Backend ID can be found in the API Keys screen in the groundcover UI (Under Settings -> Access):

<figure><img src="/files/q4TUVZimrPTju3wHOq33" alt=""><figcaption></figcaption></figure>

## Examples

For full examples of all existing resources, see: <https://github.com/groundcover-com/terraform-provider-groundcover/tree/main/examples/resources>

### Creating a Read-Only Service Account and API Key

```
resource "groundcover_policy" "read_only" {
  name        = "Read-Only Policy"
  description = "Grants read-only access"
  claim_role  = "ci-readonly-role"
  roles = {
    read = "read"
  }
}

resource "groundcover_serviceaccount" "ci_account" {
  name         = "ci-pipeline-account"
  description  = "Service account for CI"
  policy_uuids = [groundcover_policy.read_only.id]
}

resource "groundcover_apikey" "ci_key" {
  name               = "CI Key"
  description        = "Key for CI pipeline"
  service_account_id = groundcover_serviceaccount.ci_account.id
}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.groundcover.com/use-groundcover/groundcover-terraform-provider.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.