» Alicloud Provider
The Alicloud provider is used to interact with the many resources supported by Alicloud. The provider needs to be configured with the proper credentials before it can be used.
Use the navigation on the left to read about the available resources.
Note: When you use terraform on a Windows
computer, please install golang first.
Otherwise, you may encounter an issue that occurs from the version 1.8.1 to 1.10.0. For more information, please read the Crash Error.
» Example Usage
# Configure the Alicloud Provider
provider "alicloud" {
access_key = "${var.access_key}"
secret_key = "${var.secret_key}"
region = "${var.region}"
}
data "alicloud_instance_types" "2c4g" {
cpu_core_count = 2
memory_size = 4
}
data "alicloud_images" "default" {
name_regex = "^ubuntu"
most_recent = true
owners = "system"
}
# Create a web server
resource "alicloud_instance" "web" {
image_id = "${data.alicloud_images.default.images.0.id}"
internet_charge_type = "PayByBandwidth"
instance_type = "${data.alicloud_instance_types.2c4g.instance_types.0.id}"
system_disk_category = "cloud_efficiency"
security_groups = ["${alicloud_security_group.default.id}"]
instance_name = "web"
vswitch_id = "vsw-abc12345"
}
# Create security group
resource "alicloud_security_group" "default" {
name = "default"
description = "default"
vpc_id = "vpc-abc12345"
}
» Authentication
The Alicloud provider accepts several ways to enter credentials for authentication. The following methods are supported, in this order, and explained below:
- Static credentials
- Environment variables
- ECS Role
» Static credentials
Static credentials can be provided by adding access_key
, secret_key
and region
in-line in the
alicloud provider block:
Usage:
provider "alicloud" {
access_key = "${var.access_key}"
secret_key = "${var.secret_key}"
region = "${var.region}"
}
» Environment variables
You can provide your credentials via ALICLOUD_ACCESS_KEY
and ALICLOUD_SECRET_KEY
environment variables, representing your Alicloud access key and secret key respectively.
ALICLOUD_REGION
is also used, if applicable:
provider "alicloud" {}
Usage:
$ export ALICLOUD_ACCESS_KEY="anaccesskey"
$ export ALICLOUD_SECRET_KEY="asecretkey"
$ export ALICLOUD_REGION="cn-beijing"
$ terraform plan
» ECS Role
If you're running Terraform from an ECS instance with RAM Instance using RAM Role,
Terraform will just access
the metadata URL: http://100.100.100.200/latest/meta-data/ram/security-credentials/<ecs_role_name>
to obtain the STS credential.
Refer to details Access other Cloud Product APIs by the Instance RAM Role.
This is a preferred approach over any other when running in ECS as you can avoid hard coding credentials. Instead these are leased on-the-fly by Terraform which reduces the chance of leakage.
Usage:
provider "alicloud" {
ecs_role_name = "terraform-provider-alicloud"
region = "${var.region}"
}
NOTE: At present, the MNS Resources does not support ECS Role Credential.
» Argument Reference
In addition to generic provider
arguments
(e.g. alias
and version
), the following arguments are supported in the Alibaba Cloud
provider
block:
-
access_key
- This is the Alicloud access key. It must be provided, but it can also be sourced from theALICLOUD_ACCESS_KEY
environment variable, or via a dynamic access key ifecs_role_name
is specified. -
secret_key
- This is the Alicloud secret key. It must be provided, but it can also be sourced from theALICLOUD_SECRET_KEY
environment variable, or via a dynamic secret key ifecs_role_name
is specified. -
security_token
- Alicloud Security Token Service. It can be sourced from theALICLOUD_SECURITY_TOKEN
environment variable, or via a dynamic security token ifecs_role_name
is specified. -
ecs_role_name
- "The RAM Role Name attached on a ECS instance for API operations. You can retrieve this from the 'Access Control' section of the Alibaba Cloud console.", -
region
- This is the Alicloud region. It must be provided, but it can also be sourced from theALICLOUD_REGION
environment variables. -
account_id
- (Optional) Alibaba Cloud Account ID. It is used by the Function Compute service and to connect router interfaces. If not provided, the provider will attempt to retrieve it automatically with STS GetCallerIdentity. It can be sourced from theALICLOUD_ACCOUNT_ID
environment variable. -
endpoints
- (Optional) Anendpoints
block (documented below) to support custom endpoints.
Nested endpoints
block supports the following:
-
ecs
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom ECS endpoints. -
rds
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom RDS endpoints. -
slb
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom SLB endpoints. -
vpc
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom VPC and VPN endpoints. -
cen
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom CEN endpoints. -
ess
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom Autoscaling endpoints. -
oss
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom OSS endpoints. -
dns
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom DNS endpoints. -
ram
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom RAM endpoints. -
cs
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom Container Service endpoints. -
cr
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom Container Registry endpoints. -
cdn
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom CDN endpoints. -
kms
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom KMS endpoints. -
ots
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom Table Store endpoints. -
cms
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom Cloud Monitor endpoints. -
pvtz
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom Private Zone endpoints. -
sts
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom STS endpoints. -
log
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom Log Service endpoints. -
drds
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom DRDS endpoints. -
dds
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom MongoDB endpoints. -
kvstore
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom R-KVStore endpoints. -
fc
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom Function Computing endpoints. -
apigateway
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom Api Gateway endpoints. -
datahub
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom Datahub endpoints. -
mns
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom MNS endpoints. -
location
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom Location Service endpoints.", -
nas
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom nas Service endpoints.", -
actiontrail
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom actiontrail Service endpoints.", -
cas
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom CAS endpoints. -
bssopenapi
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom BSSOPENAPI endpoints. -
ddoscoo
- (Optional) Use this to override the default endpoint URL constructed from theregion
. It's typically used to connect to custom BGP-Line Anti-DDoS Pro endpoints.
» Testing
Credentials must be provided via the ALICLOUD_ACCESS_KEY
, ALICLOUD_SECRET_KEY
and ALICLOUD_REGION
environment variables in order to run acceptance tests.