Terraform would be pretty useless without its providers. Providers are essentially plugins that allow Terraform to interact with remote systems. They are either maintained by Hashicorp, third-party technology partners or Terraform community members.
We took a look at the most popular Terraform providers by the number of installs from the Terraform registry. There are 8 utility providers (Null, Random, Archive, Local, External, TLS, DNS, HTTP), 6 public cloud providers (AWS, Azure, Google Cloud Platform, Google Beta, WMware vSphere, Oracle Cloud Infrastructure), 3 HashiCorp Platform providers (Vault, Consul, Terraform Cloud), 1 container orchestration provider (Kubernetes), 1 cloud automation provider (Helm) and 1 security & authentication provider (Azure Active Directory).
We hope that this ranking will help you learn more about some providers you may not already know.
Does the AWS provider need an introduction? AWS is the biggest cloud provider in the world in terms of market share, so it comes as no surprise that its provider is also the most popular one of the Terraform registry. Use the AWS provider to manage the lifecycle of AWS resources, such as EC2, Lambda, EKS, ECS, VPC, S3, RDS, DynamoDB, and more.
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.0"
}
}
}
# Configure the AWS Provider
provider "aws" {
region = "us-east-1"
}
# Create a VPC
resource "aws_vpc" "example" {
cidr_block = "10.0.0.0/16"
}
The second most popular provider of the Terraform registry is a utility provided by Hashicorp. According to its documentation, the null provider “provides constructs that intentionally do nothing – useful in various situations to help orchestrate tricky behavior or work around limitations.”. An example of that would be to execute a script once the provisioning is completed.
resource "aws_instance" "cluster" {
count = 3
# ...
}
resource "null_resource" "cluster" {
# Changes to any instance of the cluster requires re-provisioning
triggers = {
cluster_instance_ids = "${join(",", aws_instance.cluster.*.id)}"
}
# Bootstrap script can run on any instance of the cluster
# So we just choose the first in this case
connection {
host = "${element(aws_instance.cluster.*.public_ip, 0)}"
}
provisioner "remote-exec" {
# Bootstrap script called with private_ip of each node in the clutser
inline = [
"bootstrap-cluster.sh ${join(" ", aws_instance.cluster.*.private_ip)}",
]
}
}
The random provider adds support for randomness within Terraform configurations. It’s a useful provider to generate UUIDs or passwords securely and reliably. The random values generated are held steady until the inputs are changed to preserve Terraform’s fixed-configuration model.
resource "random_id" "server" {
keepers = {
# Generate a new id each time we switch to a new AMI id
ami_id = "${var.ami_id}"
}
byte_length = 8
}
resource "aws_instance" "server" {
tags = {
Name = "web-server ${random_id.server.hex}"
}
# Read the AMI id "through" the random_id resource to ensure that
# both will change together.
ami = "${random_id.server.keepers.ami_id}"
# ... (other aws_instance arguments) ...
}
The Azurerm provider enables the lifecycle management of Microsoft Azure using the Azure Resource Manager APIs.
# Configure the Azure Provider
provider "azurerm" {
# whilst the `version` attribute is optional, we recommend pinning to a given version of the Provider
version = "=2.40.0"
features {}
}
# Create a resource group
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
# Create a virtual network within the resource group
resource "azurerm_virtual_network" "example" {
name = "example-network"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
address_space = ["10.0.0.0/16"]
}
The Google provider is used to configure Google Cloud Platform infrastructure (Compute Engine, Cloud Storage, Cloud SDK, Cloud SQL, GKE, BigQuery, Cloud Functions, …).
provider "google" {
project = "{{YOUR GCP PROJECT}}"
region = "us-central1"
zone = "us-central1-c"
}
resource "google_compute_instance" "vm_instance" {
name = "terraform-instance"
machine_type = "f1-micro"
boot_disk {
initialize_params {
image = "debian-cloud/debian-9"
}
}
network_interface {
# A default network is created for all GCP projects
network = "default"
access_config {
}
}
}
The Archive provider generates an archive from content, a file, or directory of files.
# Archive a single file.
data "archive_file" "init" {
type = "zip"
source_file = "${path.module}/init.tpl"
output_path = "${path.module}/files/init.zip"
}
# Archive multiple files and exclude file.
data "archive_file" "dotfiles" {
type = "zip"
output_path = "${path.module}/files/dotfiles.zip"
excludes = ["${path.module}/unwanted.zip"]
source {
content = data.template_file.vimrc.rendered
filename = ".vimrc"
}
source {
content = data.template_file.ssh_config.rendered
filename = ".ssh/config"
}
}
The Local provider is used to manage local resources, such as files.
# local_file reads a file from the local filesystem.
data "local_file" "foo" {
filename = "${path.module}/foo.bar"
}
The Kubernetes providers enables the management of Kubernetes resources, including Pods, Services, Policies, Quotas and more using Terraform.
provider "kubernetes" {
config_path = "~/.kube/config"
config_context = "my-context"
}
resource "kubernetes_namespace" "example" {
metadata {
name = "my-first-namespace"
}
}
The External provider is a special provider that exists to provide an interface between Terraform and external programs – useful for integrating Terraform with a system for which a first-class provider does not exist.
data "external" "example" {
program = ["python", "${path.module}/example-data-source.py"]
query = {
# arbitrary map from strings to strings, passed
# to the external program as the data query.
id = "abc123"
}
}
The Google Beta provider is distinct from the Google provider in that it supports Google Cloud Platform products and features that are in beta, while the Google provider does not.
The Vault provider allows Terraform to read from, write to, and configure Hashicorp Vault.
provider "vault" {
# It is strongly recommended to configure this provider through the
# environment variables described above, so that each user can have
# separate credentials set in the environment.
#
# This will default to using $VAULT_ADDR
# But can be set explicitly
# address = "https://vault.example.net:8200"
}
resource "vault_generic_secret" "example" {
path = "secret/foo"
data_json = <<EOT
{
"foo": "bar",
"pizza": "cheese"
}
EOT
}
Manage installed Charts in your Kubernetes cluster, in the same way Helm does, through Terraform.
provider "helm" {
kubernetes {
config_path = "~/.kube/config"
}
}
resource "helm_release" "nginx_ingress" {
name = "nginx-ingress-controller"
repository = "https://charts.bitnami.com/bitnami"
chart = "nginx-ingress-controller"
set {
name = "service.type"
value = "ClusterIP"
}
}
Provides utilities for working with Transport Layer Security keys and certificates. It provides resources that allow private keys, certificates and certificate requests to be created as part of a Terraform deployment.
## This example creates a self-signed certificate for a development
## environment.
## THIS IS NOT RECOMMENDED FOR PRODUCTION SERVICES.
## See the detailed documentation of each resource for further
## security considerations and other practical tradeoffs.
resource "tls_private_key" "example" {
algorithm = "ECDSA"
}
resource "tls_self_signed_cert" "example" {
key_algorithm = tls_private_key.example.algorithm
private_key_pem = tls_private_key.example.private_key_pem
# Certificate expires after 12 hours.
validity_period_hours = 12
# Generate a new certificate if Terraform is run within three
# hours of the certificate's expiration time.
early_renewal_hours = 3
# Reasonable set of uses for a server SSL certificate.
allowed_uses = [
"key_encipherment",
"digital_signature",
"server_auth",
]
dns_names = ["example.com", "example.net"]
subject {
common_name = "example.com"
organization = "ACME Examples, Inc"
}
}
# For example, this can be used to populate an AWS IAM server certificate.
resource "aws_iam_server_certificate" "example" {
name = "example_self_signed_cert"
certificate_body = tls_self_signed_cert.example.cert_pem
private_key = tls_private_key.example.private_key_pem
}
Configure infrastructure in Azure Active Directory using the Azure Resource Manager APIs.
# Configure the Microsoft Azure Active Directory Provider
provider "azuread" {
version = "=0.7.0"
}
# Create an application
resource "azuread_application" "example" {
name = "ExampleApp"
}
# Create a service principal
resource "azuread_service_principal" "example" {
application_id = azuread_application.example.application_id
}
The HTTP provider is a utility provider for interacting with generic HTTP servers as part of a Terraform configuration.
data "http" "example" {
url = "https://checkpoint-api.hashicorp.com/v1/check/terraform"
# Optional request headers
request_headers = {
Accept = "application/json"
}
}
The DNS provider is a useful utility to manage DNS servers configured accordingly to RFC 2136 and 2845 with Terraform.
# Configure the DNS Provider
provider "dns" {
update {
server = "192.168.0.1"
key_name = "example.com."
key_algorithm = "hmac-md5"
key_secret = "3VwZXJzZWNyZXQ="
}
}
# Create a DNS A record set
resource "dns_a_record_set" "www" {
# ...
}
The Consul provider exposes resources used to interact with a Consul cluster, such as adding external services or working with the key/value store
# Configure the Consul provider
provider "consul" {
address = "demo.consul.io:80"
datacenter = "nyc1"
}
# Access a key in Consul
data "consul_keys" "app" {
key {
name = "ami"
path = "service/app/launch_ami"
default = "ami-1234"
}
}
# Use our variable from Consul
resource "aws_instance" "app" {
ami = data.consul_keys.app.var.ami
}
The vSphere provider enables the lifecycle management of VMware vSphere resources, including Virtual Machines, ESXi Hosts, Datastores, vSwitches, and more.
provider "vsphere" {
user = var.vsphere_user
password = var.vsphere_password
vsphere_server = var.vsphere_server
# If you have a self-signed cert
allow_unverified_ssl = true
}
data "vsphere_datacenter" "dc" {
name = "dc1"
}
data "vsphere_datastore" "datastore" {
name = "datastore1"
datacenter_id = data.vsphere_datacenter.dc.id
}
data "vsphere_resource_pool" "pool" {
name = "cluster1/Resources"
datacenter_id = data.vsphere_datacenter.dc.id
}
data "vsphere_network" "network" {
name = "public"
datacenter_id = data.vsphere_datacenter.dc.id
}
resource "vsphere_virtual_machine" "vm" {
name = "terraform-test"
resource_pool_id = data.vsphere_resource_pool.pool.id
datastore_id = data.vsphere_datastore.datastore.id
num_cpus = 2
memory = 1024
guest_id = "other3xLinux64Guest"
network_interface {
network_id = data.vsphere_network.network.id
}
disk {
label = "disk0"
size = 20
}
}
Provision Terraform Cloud or Terraform Enterprise - with Terraform! Management of organizations, workspaces, teams, variables, run triggers, policy sets, and more.
provider "tfe" {
hostname = var.hostname
token = var.token
version = "~> 0.15.0"
}
# Create an organization
resource "tfe_organization" "org" {
# ...
}
The OCI provider enables the interaction with the resources supported by the Oracle Cloud Infrastructure APIs.
The Scalr Terraform provider can be used to manage the components within Scalr. This will allow you to automate the creation of workspaces, variables, VCS providers and much more.
provider "scalr" {
hostname = var.hostname
token = var.api_token
}
resource "scalr_workspace" "test" {
name = "my-workspace-name"
organization = "your_org_id"
auto_apply = "true"
terraform_version = "0.12.19"
vcs_provider_id = "my_vcs_provider"
vcs_repo {
identifier = "repo_org/repo_name"
}
}