Consul is a service networking platform which provides service discovery, service mesh, and application configuration capabilities. The Consul provider exposes resources used to interact with a Consul cluster. Configuration of the provider is optional, as it provides reasonable defaults for all arguments.
Use the navigation to the left to read about the available resources.
# Configure the Consul provider
provider "consul" {
address = "demo.consul.io:80"
datacenter = "nyc1"
}
# Access a key in Consul
data "consul_keys" "app" {
key {
name = "ami"
path = "service/app/launch_ami"
default = "ami-1234"
}
}
# Use our variable from Consul
resource "aws_instance" "app" {
ami = data.consul_keys.app.var.ami
}
The Consul Terraform provider uses features of the latest version of Consul. Some resources may not be supported by older versions of Consul.
The known compatibility between this provider and Consul is:
Terraform provider version | Consul version |
---|---|
2.17.0 | >= 1.14.0 |
2.16.0 | >= 1.13.0 |
2.15.0 | >= 1.11.0 |
2.14.0 | >= 1.10.0 |
2.13.0 | >= 1.10.0 |
address
(String) The HTTP(S) API address of the agent to use. Defaults to "127.0.0.1:8500".auth_jwt
(Block List, Max: 1) Authenticates to Consul using a JWT authentication method. (see below for nested schema)ca_file
(String) A path to a PEM-encoded certificate authority used to verify the remote agent's certificate.ca_path
(String) A path to a directory of PEM-encoded certificate authority files to use to check the authenticity of client and server connections. Can also be specified with the CONSUL_CAPATH
environment variable.ca_pem
(String) PEM-encoded certificate authority used to verify the remote agent's certificate.cert_file
(String) A path to a PEM-encoded certificate provided to the remote agent; requires use of key_file
or key_pem
.cert_pem
(String) PEM-encoded certificate provided to the remote agent; requires use of key_file
or key_pem
.datacenter
(String) The datacenter to use. Defaults to that of the agent.header
(Block List) A configuration block, described below, that provides additional headers to be sent along with all requests to the Consul server. This block can be specified multiple times. (see below for nested schema)http_auth
(String) HTTP Basic Authentication credentials to be used when communicating with Consul, in the format of either user
or user:pass
. This may also be specified using the CONSUL_HTTP_AUTH
environment variable.insecure_https
(Boolean) Boolean value to disable SSL certificate verification; setting this value to true is not recommended for production use. Only use this with scheme set to "https".key_file
(String) A path to a PEM-encoded private key, required if cert_file
or cert_pem
is specified.key_pem
(String) PEM-encoded private key, required if cert_file
or cert_pem
is specified.namespace
(String)scheme
(String) The URL scheme of the agent to use ("http" or "https"). Defaults to "http".token
(String, Sensitive) The ACL token to use by default when making requests to the agent. Can also be specified with CONSUL_HTTP_TOKEN
or CONSUL_TOKEN
as an environment variable.auth_jwt
Required:
auth_method
(String) The name of the auth method to use for login.Optional:
bearer_token
(String) The bearer token to present to the auth method during login for authentication purposes. For the Kubernetes auth method this is a Service Account Token (JWT).meta
(Map of String) Specifies arbitrary KV metadata linked to the token. Can be useful to track origins.use_terraform_cloud_workload_identity
(Boolean) Whether to use a Terraform Workload Identity token. The token will be read from the TFC_WORKLOAD_IDENTITY_TOKEN
environment variable.header
Required:
name
(String) The name of the header.value
(String) The value of the header.All environment variables listed in the Consul environment variables documentation are supported by the Terraform provider.