| page_title | subcategory | description |
|---|---|---|
confluent_provider_integration Resource - terraform-provider-confluent |
confluent_provider_integration allows Confluent Cloud integration with a public Cloud Service Provider (CSP) that grants users to manage access to public CSP resources through Confluent resources.
-> Note: It is recommended to set lifecycle { prevent_destroy = true } on production instances to prevent accidental Provider Integration deletion. This setting rejects plans that would destroy or recreate the Provider Integration, such as attempting to change un-editable attributes. Read more about it in the Terraform docs.
resource "confluent_environment" "staging" {
display_name = "Staging"
stream_governance {
package = "ESSENTIALS"
}
}
resource "confluent_provider_integration" "main" {
environment {
id = confluent_environment.staging.id
}
aws {
customer_role_arn = var.customer_role_arn #User specific AWS customer IAM role ARN
}
display_name = "provider_integration_main"
}The following arguments are supported:
display_name- (Required String) The name of the Provider Integration.environment- (Required Configuration Block) supports the following:id- (Required String) The ID of the Environment that the Provider Integration belongs to, for example,env-abc123.
aws- (Required Configuration Block) The AWS-specific Provider Integration config details. It supports the following:customer_role_arn- (Required String) Amazon Resource Name (ARN) that identifies the AWS Identity and Access Management (IAM) role that Confluent Cloud assumes when it accesses resources in your AWS account.
-> Note: Currently only aws config is supported, more cloud service provider config will be supported in the short future.
-> Note: customer_role_arn must be unique in a given environment for creating a new Provider Integration.
In addition to the preceding arguments, the following attributes are exported:
id- (Required String) The ID of the Provider Integration, for example,cspi-4xg0q.aws- (Required Configuration Block) The AWS-specific Provider Integration config details. It supports the following:iam_role_arn- (Required String) The IAM role ARN used in Confluent Cloud internally, bundled withcustomer_role_arn.external_id- (Required String) Unique external ID that Confluent Cloud uses when it assumes the IAM role in your Amazon Web Services (AWS) account.
usages- (Required List of Strings) List of resource CRNs where this provider integration is being used.
-> Note: CONFLUENT_CLOUD_API_KEY and CONFLUENT_CLOUD_API_SECRET environment variables must be set before importing a Provider Integration.
You can import a Provider Integration by using Environment ID and Provider Integration ID, in the format <Environment ID>/<Provider Integration ID>. The following example shows how to import a Provider Integration:
$ export CONFLUENT_CLOUD_API_KEY="<cloud_api_key>"
$ export CONFLUENT_CLOUD_API_SECRET="<cloud_api_secret>"
$ terraform import confluent_provider_integration.main env-abc123/cspi-4xg0q!> Warning: Do not forget to delete terminal command history afterwards for security purposes.