groundcover Terraform Provider

Last updated 1 day ago

groundcover Terraform Provider

Overview

Terraform is an infrastructure-as-code (IaC) tool for managing cloud and SaaS resources using declarative configuration. The groundcover Terraform provider enables you to manage observability resources such as policies, service accounts, API keys, and monitors as code—making them consistent, versioned, and automated.

Check out our provider Github repository:

Supported Resources

groundcover_policy – Defines RBAC policies (roles and optional data scope filters) Role-Based Access Control (RBAC)
groundcover_serviceaccount – Creates service accounts using attaches policies. Service Accounts
groundcover_apikey – Issues API keys for service accounts. API Keys
groundcover_monitor – Defines alerting rules and monitors. Monitors
groundcover_logspipeline - Defines Logs Pipeline configurations Log Parsing with OpenTelemetry Pipelines

Installation and Setup

Requirements

≥ 1.0 (Check required_version if specified in main.tf)
>= 1.21 (to build the provider plugin)
groundcover Account and API Key.

Install the Provider

terraform {
  required_providers {
    groundcover = {
      source  = "registry.terraform.io/groundcover-com/groundcover"
      version = ">= 0.0.0" # Replace with actual version constraint
    }
  }
}

Run terraform init to install the provider.

Configure the Provider

provider "groundcover" {
  api_key  = "YOUR_API_KEY" # Required
  base_url = "https://api.groundcover.com" # Optional, change if using onprem/airgap deployment
  org_name = "YOUR_BACKEND_ID" # Backend name selected when deployed groundcover
}

Arguments

api_key (String, Required, Sensitive): Your groundcover API key. It is strongly recommended to configure this using the TF_VAR_groundcover_api_key environment variable rather than hardcoding it.
base_url (String, Optional): The base URL for the groundcover API. Defaults to api.groundcover.com if not specified.

Examples

Creating a Read-Only Service Account and API Key

resource "groundcover_policy" "read_only" {
  name        = "Read-Only Policy"
  description = "Grants read-only access"
  claim_role  = "ci-readonly-role"
  roles = {
    read = "read"
  }
}

resource "groundcover_serviceaccount" "ci_account" {
  name         = "ci-pipeline-account"
  description  = "Service account for CI"
  policy_uuids = [groundcover_policy.read_only.id]
}

resource "groundcover_apikey" "ci_key" {
  name               = "CI Key"
  description        = "Key for CI pipeline"
  service_account_id = groundcover_serviceaccount.ci_account.id
}