New Features
New Features
September 28, 2022

New Feature: Provider Configurations

By
Sebastian Stadil

Do you use more than one Terraform provider? We sure hope you do, so read on, friend!

At Scalr, we’re on a mission to provide you with a great alternative to Terraform Cloud. This Summer we went beyond it, releasing an important feature that facilitates managing the configurations of all the providers you use, supports role delegation, and makes them easy to reuse across workspaces.

We’re calling the feature Provider Configurations, ‘cause we’re a creative bunch.

If you’re anything like me, you’ve got dozens of services managed via Terraform, from AWS to DNS to Kubernetes to AzureAD to VMware, perhaps even hundreds! See the top 20 providers here. That’s a lot of configurations. Managing who has access to each, rotating keys, and keeping things secure can be a grueling task.

Provider Configurations makes this easy. You write Terraform code to manage the configuration of each provider, and from the same place, define which environments and which workspaces can use the configuration. Here’s some sample code to let a “dev” environment use an AWS configuration.

# Create the provider configuration for AWS
resource "scalr_provider_configuration" "scalr_managed" {
  name                   = var.configuration_name
  account_id             = var.scalr_account_id
  export_shell_variables = false

  # Use role delegation as the configuration for AWS
  aws {
    credentials_type    = "role_delegation"
    account_type        = "regular"
    trusted_entity_type = "aws_account"

    role_arn = aws_iam_role.scalr_aws_integration.arn
    external_id = local.external_id
  }
  # Share the provider configuration with the dev environment
  environments = [data.scalr_environment.dev.id]
}

# Enable the provider configuration in the dev workspace.
resource "scalr_workspace" "dev_vpc_prod" {
  name = "dev_vpc_prod"
  environment_id = data.scalr_environment.dev.id
  provider_configuration {
id = scalr_provider_configuration.scalr_managed.id
  }
}

As you can tell from the code, this makes it super easy to manage the secrets needed by your providers.

  • For providers that support role delegation, you no longer have to think about rotating secrets: the above example configures the provider to use short lived secrets automatically by Scalr and AWS.
  • For providers that don’t support role delegation, you can still achieve similar convenience by using the scheduler.

Provider configurations are a first class citizen in Scalr, allowing you easily manage, share, and scale access to hundreds or thousands of configurations of Terraform providers across the organization, and is the first of many ways in which we’re going beyond Terraform Cloud to create an amazing collaborative platform to centralize administration while decentralizing operations.

How Do I Get Started?

Today, Provider Configurations are available in the API, so we recommend using the Scalr provider to get started. If you prefer a web interface, use the following link after substituting your account name and id: https://<account-name>.scalr.io/app2/a/<account-id>/provider-configurations

Getting started in the product

Note: While this blog references Terraform, everything mentioned in here also applies to OpenTofu. New to OpenTofu? It is a fork of Terraform 1.5.7 as a result of the license change from MPL to BUSL by HashiCorp. OpenTofu is an open-source alternative to Terraform that is governed by the Linux Foundation. All features available in Terraform 1.5.7 or earlier are also available in OpenTofu. Find out the history of OpenTofu here.

Don't take our word for it, try it for yourself.

A screenshot of the modules page in the Scalr Platform