Skip to main content

Terraform AWS Cloud Control API provider now generally available

The Terraform AWS Cloud Control provider helps you use new AWS services faster with Terraform.

May 30 2024Aurora Chun

The AWS Cloud Control (AWSCC) provider, built around the AWS Cloud Control API and designed to bring new services to HashiCorp Terraform faster, is now generally available. The 1.0 release of the AWSCC provider represents another step forward in our effort to offer launch day support of AWS services. Initially launched in 2021 as a tech preview, the Terraform AWS Cloud Control provider is automatically generated based on the Cloud Control API published by AWS, which means the latest features and services on AWS can be supported right away. The AWSCC provider gives developers access with several new AWS services such as: AWS Billing Conductor, AWS Chatbot, Amazon Personalize, Amazon Q Business, and more.

Terraform users managing infrastructure on Amazon Web Services can typically use this provider alongside the existing AWS provider. Given its ability to automatically support new features and services, this AWSCC provider will increase the resource coverage and significantly reduce the time it takes to support new capabilities. AWS and HashiCorp will continue to deliver high-quality, consistent releases to both the AWS and AWSCC providers.

Important new features in the AWS Cloud Control provider include:

  • Sample configurations
  • Enhanced schema-level documentation

Let’s run through what's new.

»Introducing AWS Cloud Control API

AWS Cloud Control API is a set of common APIs that make it easy for developers and partners to manage the lifecycle of AWS and third-party services. Cloud Control API provides five operations for developers to create, read, update, delete, and list (CRUDL) their cloud infrastructure resources. This unified set of API actions, as well as common input parameters and error types across AWS services, makes it possible for developers to immediately integrate their workflows with brand new AWS services. Any resource type published to the CloudFormation Public Registry exposes a standard JSON schema that can be acted upon by this interface.

AWS Cloud Control API makes it easier to build solutions to integrate with new and existing AWS services, while HashiCorp’s foundational technologies solve the core challenges around infrastructure so that teams can focus on business-critical tasks. Integrating Terraform with AWS Cloud Control API means developers can use new AWS features and services as soon as they are available in Cloud Control API, typically on the day of launch.

»AWS Cloud Control provider enhancements

During its technical preview, we’ve added several significant user experience enhancements to the AWSCC provider, including sample configurations and enhanced schema-level documentation. These documentation enhancements help practitioners use the provider more easily and efficiently, as they include full context about each of the attributes within the resource. The improved documentation will also reduce errors and the time required for practitioners to provision a resource, as all of the information about how to use the attribute is contained within the resource’s reference page in the Terraform Registry. These enhancements bring the AWSCC provider closer to the user experience of the standard AWS provider.

»Sample configurations

While the AWSCC provider was in technical preview, the biggest feature request we received from customers was for sample configurations to use as a starting point when working with a new resource. Without a sample configuration, practitioners had to start with a completely blank slate to determine the required attributes for their use case and the values for each attribute.

As a result of this feedback, over 270 resources (with more being added weekly) now have sample configurations. The sample configuration for a given resource shows the structure and expected values for each attribute. Customers can now start with the sample configuration, copy code, and begin building their resources. Here’s an example of a sample configuration to connect the AWS Support App to a Slack channel:

resource "aws_iam_role" "example" {
  name = "AWSSupportSlackAppTFRole"
 
  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Effect = "Allow"
        Principal = {
          Service = "supportapp.amazonaws.com"
        }
        Action = "sts:AssumeRole"
      }
    ]
  })
 
  managed_policy_arns = [
    "arn:aws:iam::aws:policy/AWSSupportAppFullAccess"
  ]
}
 
resource "awscc_supportapp_slack_channel_configuration" "example" {
  team_id                              = "TXXXXXXXXX"
  channel_id                           = "C0XXXXXXXX"
  channel_name                         = "tftemplatechannel1"
  notify_on_create_or_reopen_case      = true
  notify_on_add_correspondence_to_case = false
  notify_on_resolve_case               = true
  notify_on_case_severity              = "high"
  channel_role_arn                     = aws_iam_role.example.arn
}

»Attribute-level documentation

More than 75 resources have now been enhanced with attribute-level documentation, and we expect to similarly enhance hundreds more resources in the coming months. For more information, see this example of a resource with enhanced documentation.

Customers can now provision resources with this new provider as easily as with their existing implementation of the standard AWS provider. Here is an example of provisioning AWS Chatbot using the AWSCC provider:

resource "awscc_chatbot_slack_channel_configuration" "example" {
  configuration_name = "example-slack-channel-config"
  iam_role_arn       = awscc_iam_role.example.arn
  slack_channel_id   = var.channel_id
  slack_workspace_id = var.workspace_id
}
 
resource "awscc_iam_role" "example" {
  role_name = "ChatBot-Channel-Role"
  assume_role_policy_document = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action = "sts:AssumeRole"
        Effect = "Allow"
        Sid    = ""
        Principal = {
          Service = "chatbot.amazonaws.com"
        }
      },
    ]
  })
  managed_policy_arns = ["arn:aws:iam::aws:policy/AWSResourceExplorerReadOnlyAccess"]
}

»Better together: Using both the AWS and AWSCC provider

The AWSCC provider is a great complementary provider to add to your existing Terraform configurations using the standard AWS provider. The AWS provider, which just celebrated its 10-year anniversary and has recorded more than 2.8 billion downloads, offers the best user experience and performance for over 1,300 resource types across nearly 200 services. The AWSCC provider builds on this by offering access to the latest AWS services generated from the Cloud Control API published by AWS. Using the AWSCC and AWS providers together equips developers with a large catalog of resources across established and new AWS services.

Practitioners can easily add the AWSCC provider to their existing Terraform configurations alongside the standard AWS provider. Simply add the second provider block to the configuration to access the extensive catalog of resources available in the AWSCC provider. Below is an example of using both the AWSCC and AWS providers in tandem:

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
 
    awscc = {
      source  = "hashicorp/awscc"
      version = "~> 1.0"
  }
}
 
provider "aws" {
  region = var.region
}
 
provider "awscc" {
  region = var.region
}
 
# Use the AWS provider to provision an S3 bucket
resource "aws_s3_bucket" "example" {
  bucket_prefix = "example"
}
 
# Use the AWSCC provider to provision an Amazon Personalize dataset
resource "awscc_personalize_dataset" "interactions" {
  ...
 
  dataset_import_job = {
    data_source = {
      data_location = aws_s3_bucket.interactions_import.bucket
    }
  }
}

»AWS and HashiCorp

The Terraform AWS Cloud Control provider gives developers near-launch day support for new AWS services and features. It provides practitioners with an extensive catalog of resources as well as access to resources not available in the standard AWS provider.

For more details about the general availability of the AWSCC provider, please review the documentation and tutorials:

We are thankful to our partners and community members for their valuable contributions to the HashiCorp Terraform ecosystem.

AWSPartners

Sign up for the latest HashiCorp news

By submitting this form, you acknowledge and agree that HashiCorp will process your personal information in accordance with the Privacy Policy.

More blog posts like this one

Terraform extension for VS Code speeds up loading of large workspaces
July 24 2024 | Products & Technology
Terraform extension for VS Code speeds up loading of large workspaces

New releases of the HashiCorp Terraform extension for Visual Studio Code and Terraform language server significantly reduce memory usage and start up time for large workspaces.

Why use Vault-backed dynamic credentials to secure HCP Terraform infrastructure?
July 23 2024 | Products & Technology
Why use Vault-backed dynamic credentials to secure HCP Terraform infrastructure?

Learn how HCP Terraform and Terraform Enterprise users can use Vault-backed dynamic credentials to secure their infrastructure during provisioning better than the base-level dynamic provider credentials.

HCP Terraform adds granular API access for audit trails
July 22 2024 | Products & Technology
HCP Terraform adds granular API access for audit trails

HCP Terraform eliminates the need to rely on organization permissions to the audit trails endpoint, streamlining permissions workflows and reducing risk.