Terraform
Providers
Hands-on: Try the Perform CRUD Operations with Providers tutorial.
Terraform relies on plugins called providers to interact with cloud providers, SaaS providers, and other APIs.
Terraform configurations must declare which providers they require so that Terraform can install and use them. Additionally, some providers require configuration (like endpoint URLs or cloud regions) before they can be used.
What Providers Do
Each provider adds a set of resource types and/or data sources that Terraform can manage.
Every resource type is implemented by a provider; without providers, Terraform can't manage any kind of infrastructure.
Most providers configure a specific infrastructure platform (either cloud or self-hosted). Providers can also offer local utilities for tasks like generating random numbers for unique resource names.
Where Providers Come From
Providers are distributed separately from Terraform itself, and each provider has its own release cadence and version numbers.
The Terraform Registry is the main directory of publicly available Terraform providers, and hosts providers for most major infrastructure platforms.
Provider Documentation
Each provider has its own documentation, describing its resource types and their arguments.
The Terraform Registry includes documentation for a wide range of providers developed by HashiCorp, third-party vendors, and our Terraform community. Use the "Documentation" link in a provider's header to browse its documentation.
Provider documentation in the Registry is versioned; you can use the version menu in the header to change which version you're viewing.
For details about writing, generating, and previewing provider documentation, see the provider publishing documentation.
How to Use Providers
Providers are released separately from Terraform itself and have their own version numbers. In production we recommend constraining the acceptable provider versions in the configuration's provider requirements block, to make sure that terraform init
does not install newer versions of the provider that are incompatible with the configuration.
To use resources from a given provider, you need to include some information about it in your configuration. See the following pages for details:
Provider Requirements documents how to declare providers so Terraform can install them.
Provider Configuration documents how to configure settings for providers.
Dependency Lock File documents an additional HCL file that can be included with a configuration, which tells Terraform to always use a specific set of provider versions.
Provider Installation
HCP Terraform and Terraform Enterprise install providers as part of every run.
Terraform CLI finds and installs providers when initializing a working directory. It can automatically download providers from a Terraform registry, or load them from a local mirror or cache. If you are using a persistent working directory, you must reinitialize whenever you change a configuration's providers.
To save time and bandwidth, Terraform CLI supports an optional plugin cache. You can enable the cache using the
plugin_cache_dir
setting in the CLI configuration file.
To ensure Terraform always installs the same provider versions for a given configuration, you can use Terraform CLI to create a dependency lock file and commit it to version control along with your configuration. If a lock file is present, HCP Terraform, CLI, and Enterprise will all obey it when installing providers.
Hands-on: Try the Lock and Upgrade Provider Versions tutorial.
Private Providers
If you have a provider that isn't available in a Hashicorp-hosted registry, such as the Terraform Public Registry or a HCP Terraform Private Registry, you may need to attach additional credentials to your requests to the external registry.
By default, Terraform only authenticates the opening request to the registry for
the provider. The registry then responds with
additional URLs
that should be followed in order to, for example, download the provider itself
or the SHASUMS
file. Hashicorp-hosted registries do not require additional
authentication for these requests. If your registry does require additional
credentials for these requests, you can use a .netrc
file to provide
credentials for these additional requests.
By default, Terraform searches for the .netrc
file in your HOME
directory. However, you can override the default filesystem location by setting
the NETRC
environment variable. For information on the .netrc
format, refer
to the documentation for using it in curl
.
How to Find Providers
To find providers for the infrastructure platforms you use, browse the providers section of the Terraform Registry.
Some providers on the Registry are developed and published by HashiCorp, some are published by platform maintainers, and some are published by users and volunteers. The provider listings use the following badges to indicate who develops and maintains a given provider.
Tier | Description | Namespace |
---|---|---|
Official | Official providers are owned and maintained by HashiCorp | hashicorp |
Partner | Partner providers are written, maintained, validated and published by third-party companies against their own APIs. To earn a partner provider badge the partner must participate in the HashiCorp Technology Partner Program. | Third-party organization, e.g. mongodb/mongodbatlas |
Community | Community providers are published to the Terraform Registry by individual maintainers, groups of maintainers, or other members of the Terraform community. | Maintainer’s individual or organization account, e.g. DeviaVir/gsuite |
Archived | Archived Providers are Official or Partner Providers that are no longer maintained by HashiCorp or the community. This may occur if an API is deprecated or interest was low. | hashicorp or third-party |
How to Develop Providers
Providers are written in Go, using the Terraform Plugin SDK. For more information on developing providers, see:
- The Plugin Development documentation
- The Call APIs with Terraform Providers tutorials