groundcover Terraform Provider

Overview

Terraform is an infrastructure-as-code (IaC) tool for managing cloud and SaaS resources using declarative configuration. The groundcover Terraform provider enables you to manage observability resources such as policies, service accounts, API keys, and monitors as code—making them consistent, versioned, and automated.

Check out our provider Github repository: https://github.com/groundcover-com/terraform-provider-groundcover

Supported Resources

• groundcover_policy – Defines RBAC policies (roles and optional data scope filters) Role-Based Access Control (RBAC)

• groundcover_serviceaccount – Creates service accounts using attaches policies. Service Accounts

• groundcover_apikey – Creates API keys for service accounts. API Keys

• groundcover_monitor – Defines alerting rules and monitors. Monitors

• groundcover_logspipeline - Defines Logs Pipeline configurations Log Parsing with OpenTelemetry Pipelines

• groundcover_ingestionkey - Creates Ingestion keys. Ingestion Keys

Installation and Setup

Requirements

• Terraform ≥ 1.0 (Check required_version if specified in main.tf)

• Go >= 1.21 (to build the provider plugin)

• groundcover Account and API Key.

Install the Provider

terraform {
  required_providers {
    groundcover = {
      source  = "registry.terraform.io/groundcover-com/groundcover"
      version = ">= 0.0.0" # Replace with actual version constraint
    }
  }
}

Run terraform init to install the provider.

Configure the Provider

provider "groundcover" {
  api_key  = "YOUR_API_KEY" # Required
  base_url = "https://api.groundcover.com" # Optional, change if using onprem/airgap deployment
  org_name = "YOUR_BACKEND_ID" # Backend name selected when deployed groundcover
}

Arguments

• api_key (String, Required, Sensitive): Your groundcover API key. It is strongly recommended to configure this using the TF_VAR_groundcover_api_key environment variable rather than hardcoding it.

• base_url (String, Optional): The base URL for the groundcover API. Defaults to api.groundcover.com if not specified.

Examples

For full examples of all existing resources, see: https://github.com/groundcover-com/terraform-provider-groundcover/tree/main/examples/resources

Creating a Read-Only Service Account and API Key

resource "groundcover_policy" "read_only" {
  name        = "Read-Only Policy"
  description = "Grants read-only access"
  claim_role  = "ci-readonly-role"
  roles = {
    read = "read"
  }
}

resource "groundcover_serviceaccount" "ci_account" {
  name         = "ci-pipeline-account"
  description  = "Service account for CI"
  policy_uuids = [groundcover_policy.read_only.id]
}

resource "groundcover_apikey" "ci_key" {
  name               = "CI Key"
  description        = "Key for CI pipeline"
  service_account_id = groundcover_serviceaccount.ci_account.id
}