Terraform AWS Provider Overview

The officially supported Nitric Terraform AWS Provider.

provider: nitric/awstf@latest

The Nitric Terraform AWS Provider is currently in preview, it's not recommended for production deployments. We recommend using the Pulumi AWS Providers for production deployments until the Terraform provider is stable.

Prerequisites

The Terraform CLI is required to deploy the resulting Terraform Stack that Nitric generates. You can find the installation instructions for Terraform in the Terraform documentation.

The provider is built with the Cloud Development Kit for Terraform (CDKTF). Since CDKTF relies on Node.js, you'll need to have Node.js installed, you can read about the full CDKTF prerequisites in the CDKTF documentation.

Enabling Nitric Terraform Providers

The Nitric Terraform providers are currently in preview, to enable them you'll need to enable beta-providers in your Nitric project. You can do this by adding the following to your project's nitric.yaml file:

preview:
- beta-providers

AWS Credentials

The Terraform CLI typically uses standard AWS credential settings to authenticate with AWS. If you've set credentials for the AWS CLI or an AWS SDK previously, these settings should work without modification.

If you're setting your credentials for the first time, there are several available methods. We recommend the standard AWS credentials file to get started.

AWS Credential File Setup

Create a new credentials files at one of these locations:

  • ~/.aws/credentials on Linux, macOS, or Unix
  • C:\Users\USERNAME\.aws\credentials on Windows

The file should contain the following:

[default]
aws_access_key_id = your_access_key_id
aws_secret_access_key = your_secret_access_key

To use a different AWS profile for your deployments, you can use the AWS_PROFILE environment variable. If no profile is supplied, we will use the [default] profile.

Replace your_access_key_id and your_secret_access_key with your own values.

You can create an Access Key by logging into the AWS console and navigating to: Username Menu > Security credentials > Access keys > Create New Access Key

See AWS documentation for full details on credentials and configuration.

Locating deployed resources

Nitric creates a resource tag manager group and tags all possible resources to be referenced by this group. You can locate resources in the console by going to the AWS Console

Next, navigate to the Resource Groups service:

resource group search image

Find your stack's resource group in the list and click it:

Resource groups are conventionally named <project-name>-<stack-name>

In this example the project name is api-testing and the stack name is aws.

resource group list image

Stack Configuration

# The provider to use and it's published version
# See releases:
# https://github.com/nitrictech/nitric/tags
provider: nitric/awstf@latest
# The target aws region to deploy to
# See available regions:
# https://docs.aws.amazon.com/general/latest/gr/lambda-service.html
region: my-aws-stack-region
# Optional outdir
# outdir: ./tf-output
# config:
# Config (same as base AWS provider except for VPC/Secret imports)
# The timezone that deployed schedules will run with
# Format is in tz identifiers:
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
schedule-timezone: Australia/Sydney # Available since v0.27.0
# Apply configuration to nitric APIs
apis:
# The nitric name of the API to configure
my-api:
# Array of domains to apply to the API
# The domain or parent domain must have a hosted zone already in Route53
domains:
- api.example.com
# Configure your deployed services
config:
# How services without a type will be deployed
default:
# configure a sample rate for telemetry (between 0 and 1) e.g. 0.5 is 50%
telemetry: 0
# configure services to deploy to AWS lambda
lambda: # Available since v0.26.0
# set the memory in MB
# See lambda configuration docs here:
# https://docs.aws.amazon.com/lambda/latest/dg/configuration-function-common.html#configuration-memory-console
memory: 128
# set a timeout in seconds
# See lambda timeout values here:
# https://docs.aws.amazon.com/lambda/latest/dg/configuration-function-common.html#configuration-timeout-console
timeout: 15
# set the amount of ephemeral-storage in MB
# For info on ephemeral-storage for AWS Lambda see:
# https://docs.aws.amazon.com/lambda/latest/dg/configuration-ephemeral-storage.html
ephemeral-storage: 512
# Additional deployment types
# You can target these types by setting a `type` in your project configuration
big-service:
telemetry: 0
lambda:
memory: 1024
timeout: 60
provisioned-concurrency: 1

Missing something? Let us know by raising an issue in GitHub or by dropping us a line on Discord

Last updated on Dec 19, 2024