Terraform Provider for StrongDM

You can use the StrongDM Terraform provider to configure and manage your StrongDM account and resources. This project allows you to leverage Terraform to complete the following tasks in StrongDM:

• Create and register gateways or relays
• Enroll databases, servers, clusters, and websites
• Create, manage, and suspend users
• Grant user and resource access
• Manage roles
• Manage access workflows

For more detailed examples using the StrongDM provider and Amazon Web Services (AWS) or Microsoft Azure, check the following resources:

• Quick Start StrongDM with Terraform and AWS
• Quick Start StrongDM with Terraform and Azure

Requirements

• Terraform 0.13+

Versioning

StrongDM uses semantic versioning. We do not guarantee compatibility between major versions. Be sure to use version constraints to pin your dependency to the desired major version of the StrongDM Terraform provider.

Authentication

If you do not already have them, you must generate a set of API keys.

Environment Variables

You can provide your credentials via the SDM_API_ACCESS_KEY and SDM_API_SECRET_KEY environment variables.

$ export SDM_API_ACCESS_KEY="<ACCESS_KEY>"
$ export SDM_API_SECRET_KEY="<SECRET_KEY>"
$ terraform plan

Provider statement

provider "sdm" {}

Direct

If it is not possible to use environment variables, add the API keys directly to the provider statement as follows:

provider "sdm" {
    api_access_key = "<ACCESS_KEY>"
    api_secret_key = "<SECRET_KEY>"
}

Basic Example

Use the following basic example to create a gateway in StrongDM with the Terraform provider.

resource "sdm_node" "example_gateway" {
    gateway {
        name = "example gateway"
        listen_address = "localhost:5000"
        bind_address = "0.0.0.0:5000"
    }
}

$ terraform plan
$ terraform apply

Useful Links

• StrongDM Terraform provider documentation
• Migrating from v2 to v3
• Migrating from Role Grants to Access Rules
• Examples: GitHub - strongdm/terraform-provider-sdm-examples
  • Managing Resources
  • Managing Gateways
  • Managing Roles
  • Managing Accounts
  • Managing Access Workflows
  • Quick Start StrongDM with Terraform and AWS
  • Quick Start StrongDM with Terraform and Azure

Contributions

Currently, we are not accepting pull requests directly to this repository, but our users are some of the most resourceful and ambitious folks out there. If you have something to contribute, find a bug, or just want to give us some feedback, please email [email protected].

Running Integration Tests

Important: These are integration tests. They will create and destroy real resources in your account!

1. First, clone this repository.

2. In order to run the tests you must set these environment variables so that the provider can authenticate:

$ export SDM_API_ACCESS_KEY="<ACCESS_KEY>"
$ export SDM_API_SECRET_KEY="<SECRET_KEY>"

3. From the cloned repo, run:

$ cd terraform-provider-sdm
$ TF_ACC=yes go test ./sdm -v -count=1 -mod=vendor

You must set TF_ACC=yes in order to run tests. IF TF_ACC=yes is not set, all tests will pass without any action.

License

Mozilla Public License 2.0