| page_title |
|---|
Provider: Elastic Cloud |
The Elastic Cloud Terraform provider can be used to configure and manage Elastic Cloud deployments using the Elastic Cloud APIs. Use the navigation to the left to read about data sources and resources supported by the Elastic Cloud provider. Elastic Cloud APIs are available for:
- Elasticsearch Service (ESS).
- Elastic Cloud Enterprise (ECE).
- Elasticsearch Service Private (ESSP).
It is strongly recommended to consistently utilize the latest versions of both the Elastic Cloud terraform provider and Terraform CLI. Doing so not only mitigates the risk of encountering known issues but also enhances overall user experience.
Due to bugs present in the Terraform CLI, this provider requires Terraform >= 1.2.7. Versions lower than this may not provide access to all defined attributes, and should not be used with this provider.
Interested in the provider's latest features, or want to make sure you're up to date? Check out the provider changelog.
The Elastic Cloud Terraform provider offers two methods of authentication against the remote API: apikey or a combination of username and password. Depending on the environment, you may choose one over the other. The Public API of Elasticsearch Service (ESS) is the default endpoint that the provider will target.
Elasticsearch Service (ESS) only supports apikey. Elastic Cloud Enterprise (ECE) supports apikey or a combination of username and password.
!> Warning: Hard-coding credentials into a Terraform configuration is not recommended, and risks secret leakage should this file ever be committed to a public version control system.
API keys are the recommended authentication method. They can be used to authenticate against Elasticsearch Service or Elastic Cloud Enterprise.
To generate an API key, follow these steps:
- Open you browser and navigate to https://cloud.elastic.co/login.
- Log in with your email and password.
- Click on Elasticsearch Service.
- Navigate to Features > API Keys and click on Generate API Key.
- Choose a name for your API key.
- Save your API key somewhere.
After you've generated your API Key, you can make it available to the Terraform provider by exporting it as the environment variable EC_API_KEY (recommended), or hardcoded in the provider .tf configuration file (supported but not recommended).
$ export EC_API_KEY="<apikey value>"Or set the apikey field in the "ec" provider to the value of your generated API key.
provider "ec" {
apikey = "<apikey value>"
}If you are targeting an ECE environment, you can also use a combination of username and password as authentication method.
They can either be hardcoded in the provider .tf configuration (not recommended), or specified with the following environment variables: EC_USERNAME or EC_USER and EC_PASSWORD or EC_PASS.
provider "ec" {
# ECE installation endpoint
endpoint = "https://my.ece-environment.corp"
# If the ECE installation has a self-signed certificate
# you must set insecure to true.
insecure = true
username = "my-username"
password = "my-password"
}apikey(String, Sensitive) API Key to use for API authentication. The only valid authentication mechanism for the Elasticsearch Service.endpoint(String) Endpoint where the terraform provider will point to. Defaults to "https://api.elastic-cloud.com".insecure(Boolean) Allow the provider to skip TLS validation on its outgoing HTTP calls.password(String, Sensitive) Password to use for API authentication. Available only when targeting ECE Installations or Elasticsearch Service Private.timeout(String) Timeout used for individual HTTP calls. Defaults to "1m".username(String) Username to use for API authentication. Available only when targeting ECE Installations or Elasticsearch Service Private.verbose(Boolean) When set, a "request.log" file will be written with all outgoing HTTP requests. Defaults to "false".verbose_credentials(Boolean) When set with verbose, the contents of the Authorization header will not be redacted. Defaults to "false".verbose_file(String) Timeout used for individual HTTP calls. Defaults to "1m".