Introduction to CelerData Cloud BYOC provider
HashiCorp Terraform is a popular open-source Infrastructure as Code (IaC) tool that helps create secure, predictable cloud infrastructure across multiple cloud providers. You can use the CelerData Cloud BYOC provider on Terraform to manage your CelerData cluster and associated cloud infrastructure. This provider aims to support automated deployment and management of CelerData clusters, including managing clusters and jobs and configuring data access permissions.
With infrastructure management fully automated by code and integrated into continuous delivery workflows, you can securely accelerate data flow initiatives in the cloud.
The most important element in the Terraform language is "resource." resource
blocks describe infrastructure objects, such as networks, credentials, and CelerData clusters. You can manage the following CelerData resources in Terraform:
- celerdatabyoc_aws_data_credential
- celerdatabyoc_aws_data_credential_policy
- celerdatabyoc_aws_deployment_credential_assume_policy
- celerdatabyoc_aws_deployment_credential_policy
- celerdatabyoc_aws_deployment_role_credential
- celerdatabyoc_aws_network
- celerdatabyoc_classic_cluster
- celerdatabyoc_elastic_cluster
- celerdatabyoc_cluster_domain_ssl_cert
- celerdatabyoc_cluster_endpoints
- celerdatabyoc_cluster_user
Another important element in the Terraform language is "data source." data
blocks enable dynamically fetching data from APIs or other Terraform state backends, helping you scope your configuration while still referencing any dependent resource attributes. You can define the following CelerData data sources in Terraform:
In addition to the information here, you can also find more information in CelerData Cloud BYOC provider documentation on the Terraform Registry website.
Authentication
Before you start a cluster deployment through Terraform, you must authenticate Terraform into the CelerData Cloud BYOC platform.
Currently, Terraform supports authentication with application keys and service accounts.
Authenticate with an application key
Create an application key by following these steps:
-
Sign in to the CelerData Cloud BYOC console.
-
In the left-side navigation pane, choose Application keys.
-
On the Application keys page, click New secret.
-
In the dialog box that appears, optionally enter a description, and then click Generate now to generate an application key. Then, copy the Secret and Client ID before you close the dialog box.
NOTE
The Secret can be viewed only when the application key is created. Make sure that you copy and save the Secret before closing the dialog box.
The CelerData Cloud BYOC provider will use the Secret and Client ID of your application key to provision and manage CelerData resources.
For more information about managing application keys, see Application keys.
Authenticate with a service account
Unlike application keys, service accounts are independent identities that do not depend on any CelerData members.
Create a service account by following these steps:
-
Sign in to the CelerData Cloud BYOC console.
-
In the left-side navigation pane, choose Access Control > Member.
-
On the Members page, click the Service accounts tab.
-
On the Service accounts tab, click Create a service account.
-
In the Generate secret for service account dialog box, enter a name for the service account, and click Generate now.
-
Copy the Client Secret and Client ID, and click Yes, I have finished it to close the dialog box.
NOTE
The Client Secret can be viewed only when the service account is created. Make sure that you copy and save the Client Secret before closing the dialog box.
The CelerData Cloud BYOC provider will use the Secret and Client ID of your service account to provision and manage CelerData resources.
For more information about managing service accounts, see Service accounts.
Privileges
Cluster deployments require the cloud settings management privilege.
- If you use application keys for authentication, make sure that the CelerData cloud account you used to create the application key for the cluster deployments through Terraform has the privilege.
- If you use service accounts for authentication, make sure that you have assigned the privilege to the service account used for the cluster deployments through Terraform.
See Privileges for more information.