The host catalog resource allows you to configure a Boundary plugin-type host catalog. Host catalogs are always part of a project, so a project resource should be used inline or you should have the project ID in hand to successfully configure a host catalog.
resource "boundary_scope" "org" {
name = "organization_one"
description = "My first scope!"
scope_id = boundary_scope.global.id
auto_create_admin_role = true
auto_create_default_role = true
}
resource "boundary_scope" "project" {
name = "project_one"
description = "My first scope!"
scope_id = boundary_scope.org.id
auto_create_admin_role = true
}
# For more information about the aws plugin, please visit here:
# https://github.com/hashicorp/boundary-plugin-host-aws
#
# For more information about aws users, please visit here:
# https://learn.hashicorp.com/tutorials/boundary/aws-host-catalogs?in=boundary/oss-access-management#configure-terraform-and-iam-user-privileges
resource "boundary_host_catalog_plugin" "aws_example" {
name = "My aws catalog"
description = "My first host catalog!"
scope_id = boundary_scope.project.id
plugin_name = "aws"
attributes_json = jsonencode({ "region" = "us-east-1" })
# recommended to pass in aws secrets using a file() or using environment variables
# the secrets below must be generated in aws by creating a aws iam user with programmatic access
secrets_json = jsonencode({
"access_key_id" = "aws_access_key_id_value",
"secret_access_key" = "aws_secret_access_key_value"
})
}
# For more information about the azure plugin, please visit here:
# https://github.com/hashicorp/boundary-plugin-host-azure
#
# For more information about azure ad applications, please visit here:
# https://learn.hashicorp.com/tutorials/boundary/azure-host-catalogs#register-a-new-azure-ad-application-1
resource "boundary_host_catalog_plugin" "azure_example" {
name = "My azure catalog"
description = "My second host catalog!"
scope_id = boundary_scope.project.id
plugin_name = "azure"
# the attributes below must be generated in azure by creating an ad application
attributes_json = jsonencode({
"disable_credential_rotation" = "true",
"tenant_id" = "ARM_TENANT_ID",
"subscription_id" = "ARM_SUBSCRIPTION_ID",
"client_id" = "ARM_CLIENT_ID"
})
# recommended to pass in azure secrets using a file() or using environment variables
# the secrets below must be generated in azure by creating an ad application
secrets_json = jsonencode({
"secret_value" = "ARM_CLIENT_SECRET"
})
}
scope_id
(String) The scope ID in which the resource is created.attributes_json
(String) The attributes for the host catalog. Either values encoded with the "jsonencode" function, pre-escaped JSON string, or a file:// or env:// path. Set to a string "null" or remove the block to clear all attributes in the host catalog.description
(String) The host catalog description.internal_force_update
(String) Internal only. Used to force update so that we can always check the value of secrets.internal_hmac_used_for_secrets_config_hmac
(String) Internal only. The Boundary-provided HMAC used to calculate the current value of the HMAC'd config. Used for drift detection.internal_secrets_config_hmac
(String) Internal only. HMAC of (serverSecretsHmac + config secrets). Used for proper secrets handling.name
(String) The host catalog name. Defaults to the resource name.plugin_id
(String) The ID of the plugin that should back the resource. This or plugin_name must be defined.plugin_name
(String) The name of the plugin that should back the resource. This or plugin_id must be defined.secrets_hmac
(String) The HMAC'd secrets value returned from the server.secrets_json
(String, Sensitive) The secrets for the host catalog. Either values encoded with the "jsonencode" function, pre-escaped JSON string, or a file:// or env:// path. Set to a string "null" to clear any existing values. NOTE: Unlike "attributes_json", removing this block will NOT clear secrets from the host catalog; this allows injecting secrets for one call, then removing them for storage.id
(String) The ID of the host catalog.Import is supported using the following syntax:
terraform import boundary_host_catalog_plugin.foo <my-id>