Monday, November 27, 2023

Managing resources with the Terraform AWS Cloud Control provider

The HashiCorp Terraform AWS Cloud Control (AWSCC) provider aims to bring Amazon Web Services (AWS) resources to Terraform users faster. The provider is automatically generated, which means new features and services on AWS can be supported right away, addressing any coverage gaps in the main Terraform AWS provider. The AWS Cloud Control provider supports over 750 AWS resources and data sources, with more support being added as AWS service teams continue to adopt the Cloud Control API standard.

For Terraform users managing infrastructure on AWS, this provider can be used alongside the existing Terraform AWS provider, which will continue to be the primary interface for AWS resources. AWS and HashiCorp will continue to deliver high-quality, consistent releases to the standard provider. There is no single provider with 100% resource coverage and no tool available to migrate from one provider to another so customers can use both providers simultaneously.

The Cloud Control provider is a long-running joint project between HashiCorp and AWS to address the needs of our combined customers. HashiCorp is announcing that the Terraform AWS Cloud Control provider, currently in tech preview, will be generally available in 2024.

Unified set of actions with AWS Cloud Control API

AWS Cloud Control API is a set of common APIs that make it easy for developers and partners to manage the lifecycle of AWS and third-party services. Cloud Control API provides five operations for developers to create, read, update, delete, and list (CRUDL) their cloud infrastructure. This unified set of API actions, as well as common input parameters and error types across AWS services, makes it easy for developers to manage their cloud infrastructure in a consistent manner and to leverage the latest AWS capabilities faster. As a result, any resource type published to the CloudFormation Public Registry exposes a standard JSON schema and can be acted upon by this interface.

AWS Cloud Control API makes it easier to build solutions to integrate with new and existing AWS services, while HashiCorp’s foundational technologies solve the core challenges around infrastructure so that teams can focus on business-critical tasks. Integrating Terraform with AWS Cloud Control API means developers are able to use new AWS features and services as soon as they are available in Cloud Control API, typically on the day of launch.

Manage new AWS resources with the Terraform AWS Cloud Control provider

To understand how the AWS Cloud Control provider works, let’s take a look at a real example. AWS has a service called AWS Chatbot that can monitor, operate, and troubleshoot AWS resources with interactive ChatOps.

The traditional AWS provider does not currently support AWS Chatbot, but the Cloud Control provider does. The work to add support for Chatbot or another new service on the Terraform AWS provider is labor-intensive and the interest level for new services at launch is not always clear.

With the AWS Cloud Control provider automatically generating resources and data source schema, AWS Chatbot can be supported right away. A search for ‘aws chatbot’ in the AWS Cloud Control provider will show you the resources and data sources available for the service.


Other examples of AWS services that are supported by Cloud Control provider but unsupported by the standard AWS provider include Amazon DevOps Guru, AWS Billing Conductor, and AWS Panorama. For more detailed tutorials, check out how to manage new AWS resources with the Cloud Control provider or the AWS Cloud Controller documentation.

Provider enhancements

While in technical preview, a number of significant user experience enhancements have been added to the AWS Cloud Control provider, including sample configurations and enhanced schema-level documentation. These provider enhancements will help practitioners use resources more easily and efficiently, as they include full context about each of the attributes within the resource. They will also reduce errors and the time required for practitioners to provision a resource, as all of the documentation on how to use the attribute is contained within the resources registry page.

Sample configurations

While the AWS Cloud Control provider has been in technical preview, the biggest feature request we received from customers is that they need “sample configurations” to use as a starting point when beginning to configure a new resource. Without the availability of a sample configuration, practitioners have to start with a completely blank slate to figure out which attributes are required (specifically for their use case) and the values for each attribute.

As a direct result of this feedback, over 100 resources (with more on the way) now have sample configurations; the starting point for customers to use resources. The sample configuration for a given resource will show the structure of the attribute and the expected values for each attribute. Customers can now start with the sample configuration, copy code, and begin building their resources. Here’s an example of a sample config for starting a VPC in AWS:


Enhanced schema-level documentation

All 25 of the API Gateway resources have now been enhanced with attribute-level documentation, and hundreds of resources will be enhanced with the same attribute-level documentation in the coming month. For each of these resources, the documentation provides detailed descriptions of how to use the attribute within the resource-accepted values. This will provide practitioners with context about each attribute and how it’s used, along with the expected values for each attribute. For more information, see this example of a resource with enhanced documentation.

The state of Terraform providers and AWS

Since the initial release of Terraform version 0.1 in 2014, HashiCorp has continuously provided out-of-the-box support for AWS resources. In 2023, the Terraform AWS provider surpassed a major milestone — 2 billion downloads — and as of the publication of this blog post, the count stands at 2.3 billion downloads.


As stated earlier, the Terraform AWS provider will continue to be the primary interface for provisioning most AWS resources. The AWSCC provider will function as a key backup tool for any coverage gaps in the main AWS provider, such as newly launched AWS services.

Learn more about AWS and HashiCorp

Developers can use the Terraform AWS provider to interact with the many resources supported by AWS. To learn the basics of Terraform using this provider, follow the hands-on tutorials for getting started with Terraform on AWS on our developer education platform. Interact with AWS services, including Lambda, RDS, and IAM by following the AWS services tutorials.

For a more detailed tutorial on the AWS Cloud Control provider, check out how to manage new AWS resources with the Cloud Control provider or the AWS Cloud Controller documentation.

If you’re going to AWS re:Invent in Las Vegas this week, consider attending “AWS Infrastructure as Code: A Year in Review” (Session ID: DOP206 at 2:30 p.m. on Tuesday, Nov. 28) to learn more. The session will be live at Ceasar’s Forum and simulcast at Mandalay Bay and The Venetian.

from HashiCorp Blog

No comments:

Post a Comment