The CloudQuery Terraform provider pulls terraform state, normalizes it and stores it in PostgreSQL database.

Install

copied!
cloudquery init terraform

Configuration

The following configuration section can be automatically generated by cloudquery init terraform:

copied!
provider "terraform" {
  configuration {
    // local backend
    config "mylocal" {
      backend = "local"
      path = "./path/to/terraform.tfstate"
    }

    // s3 backend
    config "myremote" {
      backend = "s3"
      bucket = "<terraform state bucket>"
      key = "<terraform state key>"
      region = "us-east-1"
      role_arn = ""
    }
  }
  resources = [
    "tf.data"
  ]
}

You can have multiple backends at the same time, simply by describing them in the configuration. Every config block describes one backend to handle.

Cloudquery currently supports LOCAL and S3 backends.

S3 backend example:

copied!
    config "myremote" {
      backend = "s3"
      bucket = "<terraform state bucket>"
      key = "<terraform state key>"
      region = "us-east-1"
      role_arn = ""
    }

Authentication (S3 Backend)

To authenticate cloudquery with your Terraform state in S3 you can use any of the following options (see full documentation at AWS SDK V2):

• Static Credentials: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN
• Shared configuration files (via aws configure).
  • SDK defaults to credentials file under .aws folder that is placed in the home folder on your computer.
  • SDK defaults to config file under .aws folder that is placed in the home folder on your computer.
• If your application uses an ECS task definition or RunTask API operation, IAM role for tasks.
• If your application is running on an Amazon EC2 instance, IAM role for Amazon EC2.

Query Examples

TBD