Terraform AWS Cloud Control API provider now generally available
The Terraform AWS Cloud Control provider helps you use new AWS services faster with Terraform.
The AWS Cloud Control (AWSCC) provider, built around the AWS Cloud Control API and designed to bring new services to HashiCorp Terraform faster, is now generally available. The 1.0 release of the AWSCC provider represents another step forward in our effort to offer launch day support of AWS services. Initially launched in 2021 as a tech preview, the Terraform AWS Cloud Control provider is automatically generated based on the Cloud Control API published by AWS, which means the latest features and services on AWS can be supported right away. The AWSCC provider gives developers access with several new AWS services such as: AWS Billing Conductor, AWS Chatbot, Amazon Personalize, Amazon Q Business, and more.
Terraform users managing infrastructure on Amazon Web Services can typically use this provider alongside the existing AWS provider. Given its ability to automatically support new features and services, this AWSCC provider will increase the resource coverage and significantly reduce the time it takes to support new capabilities. AWS and HashiCorp will continue to deliver high-quality, consistent releases to both the AWS and AWSCC providers.
Important new features in the AWS Cloud Control provider include:
- Sample configurations
- Enhanced schema-level documentation
Let’s run through what's new.
» Introducing AWS Cloud Control API
AWS Cloud Control API is a set of common APIs that make it easy for developers and partners to manage the lifecycle of AWS and third-party services. Cloud Control API provides five operations for developers to create, read, update, delete, and list (CRUDL) their cloud infrastructure resources. This unified set of API actions, as well as common input parameters and error types across AWS services, makes it possible for developers to immediately integrate their workflows with brand new AWS services. Any resource type published to the CloudFormation Public Registry exposes a standard JSON schema that can be acted upon by this interface.
AWS Cloud Control API makes it easier to build solutions to integrate with new and existing AWS services, while HashiCorp’s foundational technologies solve the core challenges around infrastructure so that teams can focus on business-critical tasks. Integrating Terraform with AWS Cloud Control API means developers can use new AWS features and services as soon as they are available in Cloud Control API, typically on the day of launch.
» AWS Cloud Control provider enhancements
During its technical preview, we’ve added several significant user experience enhancements to the AWSCC provider, including sample configurations and enhanced schema-level documentation. These documentation enhancements help practitioners use the provider more easily and efficiently, as they include full context about each of the attributes within the resource. The improved documentation will also reduce errors and the time required for practitioners to provision a resource, as all of the information about how to use the attribute is contained within the resource’s reference page in the Terraform Registry. These enhancements bring the AWSCC provider closer to the user experience of the standard AWS provider.
» Sample configurations
While the AWSCC provider was in technical preview, the biggest feature request we received from customers was for sample configurations to use as a starting point when working with a new resource. Without a sample configuration, practitioners had to start with a completely blank slate to determine the required attributes for their use case and the values for each attribute.
As a result of this feedback, over 270 resources (with more being added weekly) now have sample configurations. The sample configuration for a given resource shows the structure and expected values for each attribute. Customers can now start with the sample configuration, copy code, and begin building their resources. Here’s an example of a sample configuration to connect the AWS Support App to a Slack channel:
resource "aws_iam_role" "example" {
name = "AWSSupportSlackAppTFRole"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Principal = {
Service = "supportapp.amazonaws.com"
}
Action = "sts:AssumeRole"
}
]
})
managed_policy_arns = [
"arn:aws:iam::aws:policy/AWSSupportAppFullAccess"
]
}
resource "awscc_supportapp_slack_channel_configuration" "example" {
team_id = "TXXXXXXXXX"
channel_id = "C0XXXXXXXX"
channel_name = "tftemplatechannel1"
notify_on_create_or_reopen_case = true
notify_on_add_correspondence_to_case = false
notify_on_resolve_case = true
notify_on_case_severity = "high"
channel_role_arn = aws_iam_role.example.arn
}
» Attribute-level documentation
More than 75 resources have now been enhanced with attribute-level documentation, and we expect to similarly enhance hundreds more resources in the coming months. For more information, see this example of a resource with enhanced documentation.
Customers can now provision resources with this new provider as easily as with their existing implementation of the standard AWS provider. Here is an example of provisioning AWS Chatbot using the AWSCC provider:
resource "awscc_chatbot_slack_channel_configuration" "example" {
configuration_name = "example-slack-channel-config"
iam_role_arn = awscc_iam_role.example.arn
slack_channel_id = var.channel_id
slack_workspace_id = var.workspace_id
}
resource "awscc_iam_role" "example" {
role_name = "ChatBot-Channel-Role"
assume_role_policy_document = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Sid = ""
Principal = {
Service = "chatbot.amazonaws.com"
}
},
]
})
managed_policy_arns = ["arn:aws:iam::aws:policy/AWSResourceExplorerReadOnlyAccess"]
}
» Better together: Using both the AWS and AWSCC provider
The AWSCC provider is a great complementary provider to add to your existing Terraform configurations using the standard AWS provider. The AWS provider, which just celebrated its 10-year anniversary and has recorded more than 2.8 billion downloads, offers the best user experience and performance for over 1,300 resource types across nearly 200 services. The AWSCC provider builds on this by offering access to the latest AWS services generated from the Cloud Control API published by AWS. Using the AWSCC and AWS providers together equips developers with a large catalog of resources across established and new AWS services.
Practitioners can easily add the AWSCC provider to their existing Terraform configurations alongside the standard AWS provider. Simply add the second provider block to the configuration to access the extensive catalog of resources available in the AWSCC provider. Below is an example of using both the AWSCC and AWS providers in tandem:
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
awscc = {
source = "hashicorp/awscc"
version = "~> 1.0"
}
}
provider "aws" {
region = var.region
}
provider "awscc" {
region = var.region
}
# Use the AWS provider to provision an S3 bucket
resource "aws_s3_bucket" "example" {
bucket_prefix = "example"
}
# Use the AWSCC provider to provision an Amazon Personalize dataset
resource "awscc_personalize_dataset" "interactions" {
...
dataset_import_job = {
data_source = {
data_location = aws_s3_bucket.interactions_import.bucket
}
}
}
» AWS and HashiCorp
The Terraform AWS Cloud Control provider gives developers near-launch day support for new AWS services and features. It provides practitioners with an extensive catalog of resources as well as access to resources not available in the standard AWS provider.
For more details about the general availability of the AWSCC provider, please review the documentation and tutorials:
- AWS Cloud Control Provider documentation
- Getting started with Terraform on AWS tutorial
- Manage new AWS resources with the Cloud Control provider tutorial
We are thankful to our partners and community members for their valuable contributions to the HashiCorp Terraform ecosystem.
Sign up for the latest HashiCorp news
More blog posts like this one
HCP Terraform adds run queue visibility and new ephemeral workspace features
HCP Terraform and Terraform Enterprise gain new features related to ephemeral workspaces along with run queue visibility for HCP Terraform specifically.
Automate AWS deployments with HCP Terraform and GitHub Actions
Learn how to use GitHub Actions to automate HCP Terraform operations.
Access AWS from HCP Terraform with OIDC federation
Securely access AWS from HCP Terraform using OIDC federation, eliminating the need to use access keys.