Terraform
Providers
Hands-on: Try the Perform CRUD Operations with Providers tutorial.
Terraform relies on plugins called providers to interact with cloud providers, SaaS providers, and other APIs.
Terraform configurations must declare which providers they require so that Terraform can install and use them. Additionally, some providers require configuration (like endpoint URLs or cloud regions) before they can be used.
What Providers Do
Each provider adds a set of resource types and/or data sources that Terraform can manage.
Every resource type is implemented by a provider; without providers, Terraform can't manage any kind of infrastructure.
Most providers configure a specific infrastructure platform (either cloud or self-hosted). Providers can also offer local utilities for tasks like generating random numbers for unique resource names.
Where Providers Come From
Providers are distributed separately from Terraform itself, and each provider has its own release cadence and version numbers.
The Terraform Registry is the main directory of publicly available Terraform providers, and hosts providers for most major infrastructure platforms.
Provider Documentation
Each provider has its own documentation, describing its resource types and their arguments.
The Terraform Registry includes documentation for a wide range of providers developed by HashiCorp, third-party vendors, and our Terraform community. Use the "Documentation" link in a provider's header to browse its documentation.
Provider documentation in the Registry is versioned; you can use the version menu in the header to change which version you're viewing.
For details about writing, generating, and previewing provider documentation, see the provider publishing documentation.
How to Use Providers
Providers are released separately from Terraform itself and have their own version numbers. In production we recommend constraining the acceptable provider versions in the configuration's provider requirements block, to make sure that terraform init
does not install newer versions of the provider that are incompatible with the configuration.
To use resources from a given provider, you need to include some information about it in your configuration. See the following pages for details:
Provider Requirements documents how to declare providers so Terraform can install them.
Provider Configuration documents how to configure settings for providers.
Dependency Lock File documents an additional HCL file that can be included with a configuration, which tells Terraform to always use a specific set of provider versions.
Provider Installation
HCP Terraform and Terraform Enterprise install providers as part of every run.
Terraform CLI finds and installs providers when initializing a working directory. It can automatically download providers from a Terraform registry, or load them from a local mirror or cache. If you are using a persistent working directory, you must reinitialize whenever you change a configuration's providers.
To save time and bandwidth, Terraform CLI supports an optional plugin cache. You can enable the cache using the
plugin_cache_dir
setting in the CLI configuration file.
To ensure Terraform always installs the same provider versions for a given configuration, you can use Terraform CLI to create a dependency lock file and commit it to version control along with your configuration. If a lock file is present, HCP Terraform, CLI, and Enterprise will all obey it when installing providers.
Hands-on: Try the Lock and Upgrade Provider Versions tutorial.
Private Providers
If you are using a provider that is not in a Hashicorp-hosted registry, you may need to attach additional credentials to your requests to external registries. You do not need these credentials if your provider is in the Terraform public registry or the HCP Terraform private registry.
By default, Terraform only authenticates the opening request from a provider to
the registry. The registry responds with
follow-up URLs
that Terraform makes requests to, such as telling Terraform to download the
provider or the SHASUMS
file. Hashicorp-hosted registries do not require
additional authentication for these follow-up requests. If your registry does
require additional credentials for follow-up requests, you can use a .netrc
file to provide those credentials.
By default, Terraform searches for the .netrc
file in your HOME
directory.
However, you can override the default filesystem location by setting the NETRC
environment variable. For information on the format of.netrc
, refer to the
curl
documentation.
How to Find Providers
To find providers for the infrastructure platforms you use, browse the providers section of the Terraform Registry.
Some providers on the Registry are developed and published by HashiCorp, some are published by platform maintainers, and some are published by users and volunteers. The provider listings use the following badges to indicate who develops and maintains a given provider.
Tier | Description | Namespace |
---|---|---|
Official | Official providers are owned and maintained by HashiCorp | hashicorp |
Partner | Partner providers are written, maintained, validated and published by third-party companies against their own APIs. To earn a partner provider badge the partner must participate in the HashiCorp Technology Partner Program. | Third-party organization, e.g. mongodb/mongodbatlas |
Community | Community providers are published to the Terraform Registry by individual maintainers, groups of maintainers, or other members of the Terraform community. | Maintainer’s individual or organization account, e.g. DeviaVir/gsuite |
Archived | Archived Providers are Official or Partner Providers that are no longer maintained by HashiCorp or the community. This may occur if an API is deprecated or interest was low. | hashicorp or third-party |
How to Develop Providers
Providers are written in Go, using the Terraform Plugin SDK. For more information on developing providers, see:
- The Plugin Development documentation
- The Call APIs with Terraform Providers tutorials