Connect AWS Account to Clumio Service using Terraform
Purpose
This document describes the process of connecting the Clumio service to your AWS account using a Terraform stack.
Prerequisites
The user deploying the Clumio Terraform stack must go through the following pre-requisites:
-
Clumio only supports Terraform v0.14, v0.15, v1.0, and above. Please ensure that a minimum Terraform version of 0.14 is installed before initiating the deployment process. This can be verified by running the following command from your terminal:
-
terraform version
-
Setup
Create Connection to Clumio
- From Clumio, select AWS > Environments. The AWS Environments window appears.
- Click Connect AWS Environment.
- Complete the following fields in the Provide the AWS environment information section:
- AWS account number: Enter your 12-digit AWS account ID.
- Description: Optionally enter a brief description to help you recognize this account in Clumio. For example, “Engineering”.
- AWS Region: Select the AWS Region associated with the assets.
- Select or deselect the datasources you do not want IAM permissions generated for in your Terraform Template.
- Click Next
- Click Create Terraform stack.
- Copy the token generated on the Clumio UI.
- Download or copy the terraform template.
Install Clumio Terraform Stack
- Create a directory in which you want to run your terraform commands
- e.g.
mkdir clumioTerraformStack && cd $_
- e.g.
- Move the downloaded terraform template into the created directory.
- Run
terraform init
.- Clumio Terraform Provider ( available in the Terraform Registry ): The Terraform Clumio provider is a plugin for Terraform that allows for the full lifecycle management of Clumio resources.
- Create or update the
terraform.tfvars
file with the following content:-
clumio_token="{Token copied from the Clumio portal UI}"
role_external_id="{A random string}"
-
-
Setup the AWS environment credentials for the account/region that you wish to connect with the following command.
- Using IAM user credentials to deploy the terraform stack:
-
export AWS_ACCESS_KEY_ID= <value>; export AWS_SECRET_ACCESS_KEY=<value>; export AWS_REGION=<value>
or
aws sso login
-
- Using cross-account IAM role to deploy the terraform stack:
- To use cross-account IAM role the 'provider block' in the main.tf.json file should be updated with the following.
-
-
{
"clumio": {
"clumio_region": "us-west-2",
"region": "${data.aws_region.current.name}",
"assume_role": [
{
"role_arn": "<Role ARN>",
"external_id": "<External ID>"
}
]
}
},
{
"aws": [
{
"assume_role": [
{
"role_arn": "<Role ARN>",
"external_id": "<External ID>"
}
]
}
]
}
-
6. Run terraform plan to verify the changes.
7. Run terraform apply to execute the resource deployment in your AWS account.
8. Once terraform has successfully deployed the resources, you can navigate back to Clumio UI and go to the Clumio AWS Environments (AWS > Environments) window to check the connection status.
Contact:
Please contact support@clumio.com in case of any clarifications or questions.
Comments
0 comments
Please sign in to leave a comment.