This provider is currently in technical preview. This means some aspects of its design and implementation are not yet considered stable. We are actively looking for community feedback in order to solidify its form.
- Announcement: HashiCorp Blog
- Terraform Website: terraform.io
- Provider Documentation: Terraform Registry
- Forum: discuss.hashicorp.com
- Tutorial: learn.hashicorp.com
The Terraform AWS Cloud Control Provider is a plugin for Terraform that allows for the full lifecycle management of AWS resources using the AWS CloudFormation Cloud Control API. This provider is maintained internally by the HashiCorp AWS Provider team.
The AWS Cloud Control API is a lightweight proxy API to discover, provision and manage cloud resources through a simple, uniform and predictable control plane. The AWS Cloud Control API supports Create, Read, Update, Delete and List (CRUDL) operations on any AWS resource that is registered in the AWS CloudFormation registry.
At launch a subset of AWS resources which can be managed by CloudFormation are supported, some services use an older CloudFormation schema and cannot be used with Cloud Control. AWS are updating all of the older CloudFormation schemas to conform to the new standard, and are actively pursuing full coverage for CloudFormation. For the latest coverage information please refer to the AWS CloudFormation public roadmap.
To see the list of supported resources within this provider please refer to the registry.
This provider is generated from the latest CloudFormation schemas, and will release weekly containing all new services and enhancements added to Cloud Control.
When performing CRUDL operations the Cloud Control API make calls to downstream AWS services on your behalf. By default, the Cloud Control API will create a temporary session using the AWS credentials of the user making the Cloud Control API call. This session lasts up to a maximum of 24 hours.
All CRUDL operations also accept a RoleArn
parameter which represents the AWS CloudFormation service role. In addition to federating access, using a role allows you to extend the allowed time of an operation to 36 hours, as the Cloud Control API can refresh the role credentials by re-assuming the role. The Terraform AWS Cloud Control API Provider has a role_arn
argument which enables support for this functionality.
Please note: We take Terraform's security and our users' trust very seriously. If you believe you have found a security issue in the Terraform AWS Cloud Control Provider, please responsibly disclose by contacting us at security@hashicorp.com.
Full, comprehensive documentation is available on the Terraform Registry
Responses to our most frequently asked questions can be found in our FAQ
The Terraform Provider for AWS CloudFormation Cloud Control API is the work of a handful of contributors. We appreciate your help!
To contribute, please read the contribution guidelines: Contributing to Terraform - AWS Cloud Control Provider