Terraform

HashiCorp Terraform Provider

To support modern GitOps practices Hava has built a provider for Terraform. This will allow teams that utilize Terraform to deploy and manage their cloud environments to use the same tools to manage their integration with Hava. Making it simple to automatically add new cloud environments to Hava as new environments are deployed.

Hava's Terraform provider can be found in the official HashiCorp Terraform registry.

Example Usage

The below example shows how the Terraform provider can be used to configure an AWS account source using a cross account role.

terraform {
  required_providers {
    hava = {
      source = "teamhava/hava"
      version = "~> 0.1"
    }

    aws = {
      source = "hashicorp/aws"
      version = "~> 4.39"
    }
  }
}

// Get the ARN for the AWS Read Only Managed Policy
data "aws_iam_policy" "example" {
  name = "ReadOnlyAccess"
}

// Create the role that will be used for cross account role accesss
resource "aws_iam_role" "hava_ro" {
  name                = "hava-read-only-role"
  assume_role_policy  = jsonencode({
      "Version": "2012-10-17",
      "Statement": [
          {
              "Effect": "Allow",
              "Principal": {
                  // Hava CAR account
                  "AWS": "arn:aws:iam::281013829959:root"
              },
              "Action": "sts:AssumeRole",
              "Condition": {
                  "StringEquals": {
                      // unique id for your Hava account, 
                      "sts:ExternalId": var.external_id
                  }
              }
          }
      ]
    })
  
  managed_policy_arns = [data.aws_iam_policy.example.arn]
}

// 
resource "hava_source_aws_car_resource" "example" {
  name        = "Example Source"
  role_arn    = aws_iam_role.hava_ro.arn 
  external_id = var.external_id
}

More details on the available providers can be found in the documentation for the Terraform provider on the HashiCorp Terraform registry.

Authentication

The provider relies on the Hava API and requires any requests to be authenticated using an API token.

The recommended approach to providing an API token to the terraform provider is by setting the HAVA_TOKEN environment variable in the shell you are executing Terraform commands from.

See our API documentation for details on how to generate an API token for your account.

PreviousGitHub NextTypes Of Hava Accounts

Last updated 2 years ago

Was this helpful?

Example Usage

The below example shows how the Terraform provider can be used to configure an AWS account source using a cross account role.

terraform {
  required_providers {
    hava = {
      source = "teamhava/hava"
      version = "~> 0.1"
    }

    aws = {
      source = "hashicorp/aws"
      version = "~> 4.39"
    }
  }
}

// Get the ARN for the AWS Read Only Managed Policy
data "aws_iam_policy" "example" {
  name = "ReadOnlyAccess"
}

// Create the role that will be used for cross account role accesss
resource "aws_iam_role" "hava_ro" {
  name                = "hava-read-only-role"
  assume_role_policy  = jsonencode({
      "Version": "2012-10-17",
      "Statement": [
          {
              "Effect": "Allow",
              "Principal": {
                  // Hava CAR account
                  "AWS": "arn:aws:iam::281013829959:root"
              },
              "Action": "sts:AssumeRole",
              "Condition": {
                  "StringEquals": {
                      // unique id for your Hava account, 
                      "sts:ExternalId": var.external_id
                  }
              }
          }
      ]
    })
  
  managed_policy_arns = [data.aws_iam_policy.example.arn]
}

// 
resource "hava_source_aws_car_resource" "example" {
  name        = "Example Source"
  role_arn    = aws_iam_role.hava_ro.arn 
  external_id = var.external_id
}

More details on the available providers can be found in the documentation for the Terraform provider on the HashiCorp Terraform registry.

Authentication

The provider relies on the Hava API and requires any requests to be authenticated using an API token.

The recommended approach to providing an API token to the terraform provider is by setting the HAVA_TOKEN environment variable in the shell you are executing Terraform commands from.

See our API documentation for details on how to generate an API token for your account.