groundcover Terraform Provider
Overview
Terraform is an infrastructure-as-code (IaC) tool for managing cloud and SaaS resources using declarative configuration. The groundcover Terraform provider enables you to manage observability resources such as policies, service accounts, API keys, and monitors as code—making them consistent, versioned, and automated.
Check out our provider Github repository: https://github.com/groundcover-com/terraform-provider-groundcover
Supported Resources
groundcover_policy
– Defines RBAC policies (roles and optional data scope filters) Role-Based Access Control (RBAC)groundcover_serviceaccount
– Creates service accounts using attaches policies. Service Accountsgroundcover_apikey
– Issues API keys for service accounts. API Keysgroundcover_monitor
– Defines alerting rules and monitors. Monitorsgroundcover_logspipeline
- Defines Logs Pipeline configurations Log Parsing with OpenTelemetry Pipelines
Installation and Setup
Requirements
Terraform ≥ 1.0 (Check
required_version
if specified inmain.tf
)Go >= 1.21 (to build the provider plugin)
groundcover Account and API Key.
Install the Provider
terraform {
required_providers {
groundcover = {
source = "registry.terraform.io/groundcover-com/groundcover"
version = ">= 0.0.0" # Replace with actual version constraint
}
}
}
Run terraform init
to install the provider.
Configure the Provider
provider "groundcover" {
api_key = "YOUR_API_KEY" # Required
base_url = "https://api.groundcover.com" # Optional, change if using onprem/airgap deployment
org_name = "YOUR_BACKEND_ID" # Backend name selected when deployed groundcover
}
Arguments
api_key
(String, Required, Sensitive): Your groundcover API key. It is strongly recommended to configure this using theTF_VAR_groundcover_api_key
environment variable rather than hardcoding it.base_url
(String, Optional): The base URL for the groundcover API. Defaults toapi.groundcover.com
if not specified.
Examples
For full examples of all existing resources, see: https://github.com/groundcover-com/terraform-provider-groundcover/tree/main/examples/resources
Creating a Read-Only Service Account and API Key
resource "groundcover_policy" "read_only" {
name = "Read-Only Policy"
description = "Grants read-only access"
claim_role = "ci-readonly-role"
roles = {
read = "read"
}
}
resource "groundcover_serviceaccount" "ci_account" {
name = "ci-pipeline-account"
description = "Service account for CI"
policy_uuids = [groundcover_policy.read_only.id]
}
resource "groundcover_apikey" "ci_key" {
name = "CI Key"
description = "Key for CI pipeline"
service_account_id = groundcover_serviceaccount.ci_account.id
}
Last updated