The HuaweiCloud provider is used to interact with the many resources supported by HuaweiCloud. The provider needs to be configured with the proper credentials before it can be used.
Use the navigation to the left to read about the available resources.
Terraform 0.13 and later:
terraform {
required_providers {
huaweicloud = {
source = "huaweicloud/huaweicloud"
version = ">= 1.36.0"
}
}
}
# Configure the HuaweiCloud Provider
provider "huaweicloud" {
region = "cn-north-4"
access_key = "my-access-key"
secret_key = "my-secret-key"
}
# Create a VPC
resource "huaweicloud_vpc" "example" {
name = "my_vpc"
cidr = "192.168.0.0/16"
}
Terraform 0.12 and earlier:
# Configure the HuaweiCloud Provider
provider "huaweicloud" {
version = ">= 1.36.0"
region = "cn-north-4"
access_key = "my-access-key"
secret_key = "my-secret-key"
}
# Create a VPC
resource "huaweicloud_vpc" "example" {
name = "my_vpc"
cidr = "192.168.0.0/16"
}
The Huawei Cloud provider offers a flexible means of providing credentials for authentication. The following methods are supported, in this order, and explained below:
- Static credentials
- Environment variables
- Shared configuration file
- ECS Instance Metadata Service
The Huawei Cloud Provider supports assuming role with IAM agency, either in the provider configuration block parameter assume_role or shared configuration file.
!> WARNING: Hard-coding credentials into any Terraform configuration is not recommended, and risks secret leakage should this file ever be committed to a public version control system.
Static credentials can be provided by adding an access_key
and secret_key
in-line in the provider block:
Usage:
provider "huaweicloud" {
region = "cn-north-4"
access_key = "my-access-key"
secret_key = "my-secret-key"
}
You can provide your credentials via the HW_ACCESS_KEY
and
HW_SECRET_KEY
environment variables, representing your Huawei Cloud Access Key and Secret Key, respectively.
provider "huaweicloud" {}
Usage:
$ export HW_ACCESS_KEY="anaccesskey"
$ export HW_SECRET_KEY="asecretkey"
$ export HW_REGION_NAME="cn-north-4"
$ terraform plan
You can use a
HuaweiCloud CLI configuration file
to specify your credentials. You need to specify a location in the Terraform configuration by providing the
shared_configuration_file
argument or using the HW_SHARED_CONFIGURATION_FILE
environment variable.
This method also supports a profile
configuration and matching HW_PROFILE
environment variable:
!> NOTE: The CLI configuration file can not be used directly by terraform, you need to copy it to another path and replace the AccessKey and SecretKey with yours as they are encrypted which terraform can not read.
Usage:
provider "huaweicloud" {
shared_config_file = "/home/tf_user/.hcloud/config.json"
profile = "customprofile"
}
If you're running Terraform from an ECS instance with Agency configured, Terraform will just ask the metadata API for credentials.
This is a preferred approach over any other when running in ECS as you can avoid hard coding credentials. Instead these are leased on-the-fly by Terraform which reduces the chance of leakage.
Usage:
provider "huaweicloud" {
region = "cn-north-4"
}
If provided with an IAM agency, Terraform will attempt to assume this role using the supplied credentials.
Usage:
provider "huaweicloud" {
region = "cn-north-4"
access_key = "my-access-key"
secret_key = "my-secret-key"
assume_role {
agency_name = "agency"
domain_name = "agency_domain"
}
}
The following arguments are supported:
-
region
- (Optional) This is the Huawei Cloud region. It must be provided when usingstatic credentials
authentication, but it can also be sourced from theHW_REGION_NAME
environment variables. -
access_key
- (Optional) The access key of the HuaweiCloud to use. If omitted, theHW_ACCESS_KEY
environment variable is used. -
secret_key
- (Optional) The secret key of the HuaweiCloud to use. If omitted, theHW_SECRET_KEY
environment variable is used. -
shared_config_file
- (Optional) The path to the shared config file. If omitted, theHW_SHARED_CONFIG_FILE
environment variable is used. -
profile
- (Optional) The profile name as set in the shared config file. If omitted, theHW_PROFILE
environment variable is used. Defaults to thecurrent
profile in the shared config file. -
assume_role
- (Optional) Configuration block for an assumed role. See below. Only one assume_role block may be in the configuration. -
project_name
- (Optional) The Name of the project to login with. If omitted, theHW_PROJECT_NAME
environment variable orregion
is used. -
domain_name
- (Optional) The Account name of IAM to scope to. If omitted, theHW_DOMAIN_NAME
environment variable is used. -
security_token
- (Optional) The security token to authenticate with a temporary security credential. If omitted, theHW_SECURITY_TOKEN
environment variable is used. -
cloud
- (Optional) The endpoint of the cloud provider. If omitted, theHW_CLOUD
environment variable is used. Defaults tomyhuaweicloud.com
. -
auth_url
- (Optional, Required before 1.14.0) The Identity authentication URL. If omitted, theHW_AUTH_URL
environment variable is used. Defaults tohttps://iam.{{region}}.{{cloud}}/v3
. -
insecure
- (Optional) Trust self-signed SSL certificates. If omitted, theHW_INSECURE
environment variable is used. -
max_retries
- (Optional) This is the maximum number of times an API call is retried, in the case where requests are being throttled or experiencing transient failures. The delay between the subsequent API calls increases exponentially. The default value is5
. If omitted, theHW_MAX_RETRIES
environment variable is used. -
enterprise_project_id
- (Optional) Default Enterprise Project ID for supported resources. Please see the documentation at EPS. If omitted, theHW_ENTERPRISE_PROJECT_ID
environment variable is used. -
regional
- (Optional) Whether the service endpoints are regional. The default value isfalse
. -
endpoints
- (Optional) Configuration block in key/value pairs for customizing service endpoints. The following endpoints support to be customized: autoscaling, ecs, ims, vpc, nat, evs, obs, sfs, cce, rds, dds, iam. An example provider configuration:
provider "huaweicloud" {
...
endpoints = {
ecs = "https://ecs-customizing-endpoint.com"
}
}
The assume_role
block supports:
-
agency_name
- (Required) The name of the agency for assume role. If omitted, theHW_ASSUME_ROLE_AGENCY_NAME
environment variable is used. -
domain_name
- (Required) The name of the agency domain for assume role. If omitted, theHW_ASSUME_ROLE_DOMAIN_NAME
environment variable is used.
In order to run the Acceptance Tests for development, the following environment variables must also be set:
-
HW_REGION_NAME
- The region in which to create the resources. -
HW_ACCESS_KEY
- The access key of the HuaweiCloud to use. -
HW_SECRET_KEY
- The secret key of the HuaweiCloud to use.
You should be able to use any HuaweiCloud environment to develop on as long as the above environment variables are set.