We just raised $3.5M and we are hiring!

Terraform Provider

Terraform Provider extends CloudQuery with ability to fetch terraform state and store it in PostgreSQL database.

$ cloudquery init terraform
Category
Public Cloud
Version
v0.3.3
License
MPL-2.0
Published at
Tue May 17 2022

The CloudQuery Terraform provider pulls terraform state, normalizes it and stores it in PostgreSQL database.

Install

cloudquery init terraform

Configuration

The following configuration section can be automatically generated by cloudquery init terraform:

provider "terraform" { configuration { // local backend config "mylocal" { backend = "local" path = "./path/to/terraform.tfstate" } // s3 backend config "myremote" { backend = "s3" bucket = "<terraform state bucket>" key = "<terraform state key>" region = "us-east-1" role_arn = "" } } resources = [ "tf.data" ] }

You can have multiple backends at the same time, simply by describing them in the configuration. Every config block describes one backend to handle.

Cloudquery currently supports LOCAL and S3 backends.

S3 backend example:

config "myremote" { backend = "s3" bucket = "<terraform state bucket>" key = "<terraform state key>" region = "us-east-1" role_arn = "" }

Authentication (S3 Backend)

To authenticate cloudquery with your Terraform state in S3 you can use any of the following options (see full documentation at AWS SDK V2):

  • Static Credentials: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN
  • Shared configuration files (via aws configure).
    • SDK defaults to credentials file under .aws folder that is placed in the home folder on your computer.
    • SDK defaults to config file under .aws folder that is placed in the home folder on your computer.
  • If your application uses an ECS task definition or RunTask API operation, IAM role for tasks.
  • If your application is running on an Amazon EC2 instance, IAM role for Amazon EC2.

Query Examples

TBD