/terraform-provider-awscc

Terraform AWS Cloud Control provider

Primary LanguageHCLMozilla Public License 2.0MPL-2.0

Terraform logo

Terraform AWS Cloud Control Provider

This provider is currently in technical preview. This means some aspects of its design and implementation are not yet considered stable. We are actively looking for community feedback in order to solidify its form.

The Terraform AWS Cloud Control Provider is a plugin for Terraform that allows for the full lifecycle management of AWS resources using the AWS CloudFormation Cloud Control API. This provider is maintained internally by the HashiCorp AWS Provider team.

AWS Cloud Control API

The AWS Cloud Control API is a lightweight proxy API to discover, provision and manage cloud resources through a simple, uniform and predictable control plane. The AWS Cloud Control API supports Create, Read, Update, Delete and List (CRUDL) operations on any AWS resource that is registered in the AWS CloudFormation registry.

Coverage

At launch a subset of AWS resources which can be managed by CloudFormation are supported, some services use an older CloudFormation schema and cannot be used with Cloud Control. AWS are updating all of the older CloudFormation schemas to conform to the new standard, and are actively pursuing full coverage for CloudFormation. For the latest coverage information please refer to the AWS CloudFormation public roadmap.

To see the list of supported resources within this provider please refer to the registry.

Release Schedule

This provider is generated from the latest CloudFormation schemas, and will release weekly containing all new services and enhancements added to Cloud Control.

Credentials

When performing CRUDL operations the Cloud Control API make calls to downstream AWS services on your behalf. By default, the Cloud Control API will create a temporary session using the AWS credentials of the user making the Cloud Control API call. This session lasts up to a maximum of 24 hours.

All CRUDL operations also accept a RoleArn parameter which represents the AWS CloudFormation service role. In addition to federating access, using a role allows you to extend the allowed time of an operation to 36 hours, as the Cloud Control API can refresh the role credentials by re-assuming the role. The Terraform AWS Cloud Control API Provider has a role_arn argument which enables support for this functionality.

Please note: We take Terraform's security and our users' trust very seriously. If you believe you have found a security issue in the Terraform AWS Cloud Control Provider, please responsibly disclose by contacting us at security@hashicorp.com.

Quick Starts

Documentation

Full, comprehensive documentation is available on the Terraform Registry

Frequently Asked Questions

Responses to our most frequently asked questions can be found in our FAQ

Contributing

The Terraform Provider for AWS CloudFormation Cloud Control API is the work of a handful of contributors. We appreciate your help!

To contribute, please read the contribution guidelines: Contributing to Terraform - AWS Cloud Control Provider