LogoLogo
HomePricingSelf-hosted docsAPI docsLogin
  • Home
  • Login to hava
  • Developer
  • Getting Started
    • Quickstart
      • Create New Account
      • Import Demo Data
      • Creating Environments
      • Exporting Diagrams
  • AWS Marketplace
  • Using Hava
    • Providers & Sources
    • Environments
      • Creating Environments
      • Filtering Environments
  • Importing Data
    • Demo Data
    • AWS
      • Getting Started with AWS
        • Cross Account Role
        • Read Only IAM User
        • Minimum Access IAM User
      • AWS Supported Resources
      • AWS Views
        • Infrastructure
        • Security
        • Container - ECS
        • List
    • Azure
      • Getting Started with Azure
        • Powershell
        • Azure Portal
      • Azure Supported Resources
      • Azure Views
        • Infrastructure
        • Azure Security View
        • List
    • Google Cloud
      • Getting Started with GCP
        • Service Account
        • Import Multiple Projects
        • Enabling APIs
      • GCP Supported Resources
      • GCP Views
        • Infrastructure
        • List
    • Kubernetes
      • Getting Started with Kubernetes
        • Read Only Kubeconfig
        • Automatic Import of Managed Kubernetes
          • AWS EKS Cluster Configuration
        • Converting certificate files to certificate data fields
      • Kubernetes Supported Resources
      • Kubernetes Views
        • Container
        • List
    • Import Errors
  • Discover
    • Importing
    • Searching
      • Search Overview
      • Search Syntax
        • VPC Search
        • Wildcard Search
        • Tag Search
        • Deep Search
      • Search Examples
        • Discover Resources From Regions
        • Create a multiple VPC diagram
        • Defining Custom Environments
    • Versioning
      • Tracking Changes in Cloud Architecture
    • Manual Sync
  • Diagram
    • Listing Environments
      • Filtering Environments
      • Favouriting Environments
    • Viewing Environments
      • Diagram Controls
      • Diagram Layout
      • Switch Between Views
      • Diagram Canvas Resource Filters
    • Draw Custom Connections
  • Diagnose
    • Architectural Monitoring Alerts
    • Attributes
    • Cost Estimation
    • Diff View - Comparing Diagrams
    • Infrastructure
      • View Route Tables
      • View ACLs
      • View Security Groups
    • Reports
      • AWS Compliance Reports
  • Document
    • Environment Notes
    • Embed
    • Exporting Diagrams
    • Edit
      • Draw.io
  • Collaboration
    • Teams
    • Inviting Users
    • Disabling users
    • SSO/SAML
      • Overview
      • Azure AD - SAML Setup
      • Azure AD - OIDC Setup
      • Okta - SAML Setup
      • Okta - OIDC Setup
      • Trouble Shooting SSO
    • Project folders
  • Integrations
    • AWS Control Tower
    • CLI
    • Confluence Cloud
    • GitHub
    • Terraform
  • API
    • API Docs
  • Account & Billing
    • Types Of Hava Accounts
    • Change Subscription
    • Switch to AWS marketplace
    • Change Password
    • MFA
    • Download Invoice
    • Cancel Account
    • Account Audit Log
  • Quick Look
    • Quick AWS Overview
    • Security Overview
    • Customize the Hava Dashboard
Powered by GitBook
On this page
  • Example Usage
  • Authentication

Was this helpful?

  1. Integrations

Terraform

HashiCorp Terraform Provider

PreviousGitHubNextTypes Of Hava Accounts

Last updated 2 years ago

Was this helpful?

To support modern GitOps practices Hava has built a provider for Terraform. This will allow teams that utilize Terraform to deploy and manage their cloud environments to use the same tools to manage their integration with Hava. Making it simple to automatically add new cloud environments to Hava as new environments are deployed.

Hava's Terraform provider can be found in the official .

Example Usage

The below example shows how the Terraform provider can be used to configure an AWS account source using a cross account role.

terraform {
  required_providers {
    hava = {
      source = "teamhava/hava"
      version = "~> 0.1"
    }

    aws = {
      source = "hashicorp/aws"
      version = "~> 4.39"
    }
  }
}

// Get the ARN for the AWS Read Only Managed Policy
data "aws_iam_policy" "example" {
  name = "ReadOnlyAccess"
}

// Create the role that will be used for cross account role accesss
resource "aws_iam_role" "hava_ro" {
  name                = "hava-read-only-role"
  assume_role_policy  = jsonencode({
      "Version": "2012-10-17",
      "Statement": [
          {
              "Effect": "Allow",
              "Principal": {
                  // Hava CAR account
                  "AWS": "arn:aws:iam::281013829959:root"
              },
              "Action": "sts:AssumeRole",
              "Condition": {
                  "StringEquals": {
                      // unique id for your Hava account, 
                      "sts:ExternalId": var.external_id
                  }
              }
          }
      ]
    })
  
  managed_policy_arns = [data.aws_iam_policy.example.arn]
}

// 
resource "hava_source_aws_car_resource" "example" {
  name        = "Example Source"
  role_arn    = aws_iam_role.hava_ro.arn 
  external_id = var.external_id
}

Authentication

The provider relies on the Hava API and requires any requests to be authenticated using an API token.

The recommended approach to providing an API token to the terraform provider is by setting the HAVA_TOKEN environment variable in the shell you are executing Terraform commands from.

More details on the available providers can be found in the documentation for the Terraform provider on the .

See our for details on how to generate an API token for your account.

HashiCorp Terraform registry
HashiCorp Terraform registry
API documentation