> For the complete documentation index, see [llms.txt](https://docs.groundcover.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.groundcover.com/~/revisions/ETrLpNk6KtHjyaVUTLoE/use-groundcover/groundcover-terraform-provider.md).

# groundcover Terraform Provider

## Overview

Terraform is an infrastructure-as-code (IaC) tool for managing cloud and SaaS resources using declarative configuration. The groundcover Terraform provider enables you to manage observability resources such as policies, service accounts, API keys, and monitors as code—making them consistent, versioned, and automated.

Check out our provider Github repository: <https://github.com/groundcover-com/terraform-provider-groundcover>

## Supported Resources

* **`groundcover_policy`** – Defines RBAC policies (roles and optional data scope filters) [Role-Based Access Control (RBAC)](/~/revisions/ETrLpNk6KtHjyaVUTLoE/use-groundcover/role-based-access-control-rbac.md)
* **`groundcover_serviceaccount`** – Creates service accounts using attaches policies. [Service Accounts](/~/revisions/ETrLpNk6KtHjyaVUTLoE/use-groundcover/remote-access-and-apis/service-accounts.md)
* **`groundcover_apikey`** – Creates API keys for service accounts. [API Keys](/~/revisions/ETrLpNk6KtHjyaVUTLoE/use-groundcover/remote-access-and-apis/api-keys.md)
* **`groundcover_monitor`** – Defines alerting rules and monitors. [Monitors](/~/revisions/ETrLpNk6KtHjyaVUTLoE/use-groundcover/monitors.md)
* **`groundcover_logspipeline`** - Defines Logs Pipeline configurations [Log Parsing with OpenTelemetry Pipelines](/~/revisions/ETrLpNk6KtHjyaVUTLoE/log-parsing-with-opentelemetry-pipelines.md)
* **`groundcover_ingestionkey`** - Creates Ingestion keys. [Ingestion Keys](/~/revisions/ETrLpNk6KtHjyaVUTLoE/use-groundcover/remote-access-and-apis/ingestion-keys.md)

## Installation and Setup

### Requirements

* [Terraform](https://www.terraform.io/downloads.html) ≥ 1.0  (Check `required_version` if specified in `main.tf`)
* [Go](https://golang.org/doc/install) >= 1.21 (to build the provider plugin)
* groundcover Account and API Key.

### Install the Provider

```
terraform {
  required_providers {
    groundcover = {
      source  = "registry.terraform.io/groundcover-com/groundcover"
      version = ">= 0.0.0" # Replace with actual version constraint
    }
  }
}
```

Run `terraform init` to install the provider.

### Configure the Provider

```
provider "groundcover" {
  api_key  = "YOUR_API_KEY" # Required
  base_url = "https://api.groundcover.com" # Optional, change if using onprem/airgap deployment
  backend_id = "groundcover" # Your Backend ID can be found in the groundcover UI under Settings->Access->API Keys
}
```

#### Arguments

* `api_key` (String, Required, Sensitive): Your groundcover API key. It is strongly recommended to configure this using the `TF_VAR_groundcover_api_key` environment variable rather than hardcoding it.
* `base_url` (String, Optional): The base URL for the groundcover API. Defaults to `https://api.groundcover.com` if not specified.
* `backend_id` (String, Required): Your Backend ID can be found in the API Keys screen in the groundcover UI (Under Settings -> Access):

<figure><img src="/files/q4TUVZimrPTju3wHOq33" alt=""><figcaption></figcaption></figure>

## Examples

For full examples of all existing resources, see: <https://github.com/groundcover-com/terraform-provider-groundcover/tree/main/examples/resources>&#x20;

### Creating a Read-Only Service Account and API Key

```
resource "groundcover_policy" "read_only" {
  name        = "Read-Only Policy"
  description = "Grants read-only access"
  claim_role  = "ci-readonly-role"
  roles = {
    read = "read"
  }
}

resource "groundcover_serviceaccount" "ci_account" {
  name         = "ci-pipeline-account"
  description  = "Service account for CI"
  policy_uuids = [groundcover_policy.read_only.id]
}

resource "groundcover_apikey" "ci_key" {
  name               = "CI Key"
  description        = "Key for CI pipeline"
  service_account_id = groundcover_serviceaccount.ci_account.id
}
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.groundcover.com/~/revisions/ETrLpNk6KtHjyaVUTLoE/use-groundcover/groundcover-terraform-provider.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.