f5xc_cloud_credentials Resource - terraform-provider-f5xc

f5xc_cloud_credentials (Resource)

Manages a Cloud Credentials resource in F5 Distributed Cloud for api to create cloud_credentials object. configuration.

~> Note For more information about this resource, please refer to the F5 XC API Documentation.

Example Usage

# Cloud Credentials Resource Example
# Manages a Cloud Credentials resource in F5 Distributed Cloud for api to create cloud_credentials object. configuration.

terraform {
  required_version = ">= 1.0"

  required_providers {
    f5xc = {
      source  = "f5xc-salesdemos/f5xc"
      version = ">= 0.1.0"
    }
  }
}

# Basic Cloud Credentials configuration
resource "f5xc_cloud_credentials" "example" {
  name      = "example-cloud-credentials"
  namespace = "staging"

  labels = {
    environment = "production"
    managed_by  = "terraform"
  }

  annotations = {
    "owner" = "platform-team"
  }

  # Cloud Credentials configuration
  # AWS credentials example
  aws_secret_key {
    access_key = "AKIAIOSFODNN7EXAMPLE"
    secret_key {
      clear_secret_info {
        url = "string:///d0phbmVzc2VjcmV0a2V5"
      }
    }
  }
}

Argument Reference

🔶 High Risk Operations — Some operations on this resource have high danger level. Destructive operations may require confirmation.

Metadata Argument Reference

• name - Required String
Name of the Cloud Credentials. Must be unique within the namespace

• namespace - Required String
Namespace where the Cloud Credentials will be created

• annotations - Optional Map
Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata

• description - Optional String
Human readable description for the object

• disable - Optional Bool
A value of true will administratively disable the object

• labels - Optional Map
Labels is a user defined key value map that can be attached to resources for organization and filtering

Spec Argument Reference

-> One of the following: • aws_assume_role - Optional Block
AWS Assume Role to Handle Delegated Access
See AWS Assume Role below for details.

• aws_secret_key - Optional Block
AWS Programmatic Access Credentials type
See AWS Secret Key below for details.

• azure_client_secret - Optional Block
Azure Client Secret. Azure Credentials Client Secret type
See Azure Client Secret below for details.

• azure_pfx_certificate - Optional Block
Azure Credentials Client Certificate type
See Azure Pfx Certificate below for details.

• gcp_cred_file - Optional Block
Configuration parameter for GCP cred file
See GCP Cred File below for details.

• timeouts - Optional Block
See Timeouts below for details.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

• id - Optional String
Unique identifier for the resource

---

AWS Assume Role

An aws_assume_role block supports the following:

• custom_external_id - Optional String
External ID is Custom ID

• duration_seconds - Optional Number
The duration, in seconds of the role session

• external_id_is_optional - Optional Block
Configuration parameter for external ID is optional

• external_id_is_tenant_id - Optional Block
Enable this option

• role_arn - Optional String
IAM Role ARN to assume the role

• session_name - Optional String
Use the role session name to uniquely identify a session, which will be used for deploy, monitor from F5XC console

• session_tags - Optional Block
Session tags are key-value pair attributes that you pass when you assume an IAM role

AWS Secret Key

An aws_secret_key block supports the following:

• access_key - Optional String
Access key ID for your AWS account

• secret_key - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Secret Key below.

AWS Secret Key Secret Key

A secret_key block (within aws_secret_key) supports the following:

• blindfold_secret_info - Optional Block
BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management
See Blindfold Secret Info below.

• clear_secret_info - Optional Block
ClearSecretInfoType specifies information about the Secret that is not encrypted
See Clear Secret Info below.

AWS Secret Key Secret Key Blindfold Secret Info

Deeply nested Info block collapsed for readability.

AWS Secret Key Secret Key Clear Secret Info

Deeply nested Info block collapsed for readability.

Azure Client Secret

An azure_client_secret block supports the following:

• client_id - Optional String
Client ID for your Azure service principal

• client_secret - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Client Secret below.

• subscription_id - Optional String
Subscription ID for your Azure service principal

• tenant_id - Optional String
Tenant ID for your Azure service principal

Azure Client Secret Client Secret

A client_secret block (within azure_client_secret) supports the following:

• blindfold_secret_info - Optional Block
BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management
See Blindfold Secret Info below.

• clear_secret_info - Optional Block
ClearSecretInfoType specifies information about the Secret that is not encrypted
See Clear Secret Info below.

Azure Client Secret Client Secret Blindfold Secret Info

Deeply nested Info block collapsed for readability.

Azure Client Secret Client Secret Clear Secret Info

Deeply nested Info block collapsed for readability.

Azure Pfx Certificate

An azure_pfx_certificate block supports the following:

• certificate_url - Optional String
URL for Client Certificate in ‘.pfx’ or ‘.p12’ whose certificate is linked to service principal object Certificate URL can contain client certificate in string:///<base64 of certificate> format. Here <base64 of certificate> is base64 of ‘.pfx’ or ‘.p12’ binary file

• client_id - Optional String
Client ID for your Azure service principal

• password - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Password below.

• subscription_id - Optional String
Subscription ID for your Azure service principal

• tenant_id - Optional String
Tenant ID for your Azure service principal

Azure Pfx Certificate Password

A password block (within azure_pfx_certificate) supports the following:

• blindfold_secret_info - Optional Block
BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management
See Blindfold Secret Info below.

• clear_secret_info - Optional Block
ClearSecretInfoType specifies information about the Secret that is not encrypted
See Clear Secret Info below.

Azure Pfx Certificate Password Blindfold Secret Info

A blindfold_secret_info block (within azure_pfx_certificate.password) supports the following:

• decryption_provider - Optional String
Name of the Secret Management Access object that contains information about the backend Secret Management service

• location - Optional String
Location is the uri_ref. It could be in URL format for string:/// Or it could be a path if the store provider is an HTTP/HTTPS location

• store_provider - Optional String
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///

Azure Pfx Certificate Password Clear Secret Info

A clear_secret_info block (within azure_pfx_certificate.password) supports the following:

• provider_ref - Optional String
Name of the Secret Management Access object that contains information about the store to GET encrypted bytes This field needs to be provided only if the URL scheme is not string:///

• url - Optional String
URL of the secret. Currently supported URL schemes is string:///. For string:/// scheme, Secret needs to be encoded base64 format. When asked for this secret, caller will GET Secret bytes after base64 decoding

GCP Cred File

A gcp_cred_file block supports the following:

• credential_file - Optional Block
SecretType is used in an object to indicate a sensitive/confidential field
See Credential File below.

GCP Cred File Credential File

A credential_file block (within gcp_cred_file) supports the following:

• blindfold_secret_info - Optional Block
BlindfoldSecretInfoType specifies information about the Secret managed by F5XC Secret Management
See Blindfold Secret Info below.

• clear_secret_info - Optional Block
ClearSecretInfoType specifies information about the Secret that is not encrypted
See Clear Secret Info below.

GCP Cred File Credential File Blindfold Secret Info

Deeply nested Info block collapsed for readability.

GCP Cred File Credential File Clear Secret Info

Deeply nested Info block collapsed for readability.

Timeouts

A timeouts block supports the following:

• create - Optional String (Defaults to 10 minutes)
Used when creating the resource

• delete - Optional String (Defaults to 10 minutes)
Used when deleting the resource

• read - Optional String (Defaults to 5 minutes)
Used when retrieving the resource

• update - Optional String (Defaults to 10 minutes)
Used when updating the resource

---

Common Types

The following type definitions are used throughout this resource. See the full definition here rather than repeated inline.

Object Reference {#common-object-reference}

Object references establish a direct reference from one configuration object to another in F5 Distributed Cloud. References use the format tenant/namespace/name.

Field	Type	Description
name	String	Name of the referenced object
namespace	String	Namespace containing the referenced object
tenant	String	Tenant of the referenced object (system-managed)

Transformers {#common-transformers}

Transformers apply transformations to input values before matching. Multiple transformers can be applied in order.

Value	Description
LOWER_CASE	Convert to lowercase
UPPER_CASE	Convert to uppercase
BASE64_DECODE	Decodebase64 content
NORMALIZE_PATH	Normalize URL path
REMOVE_WHITESPACE	Remove whitespace characters
URL_DECODE	Decode URL-encoded characters
TRIM_LEFT	Trim leading whitespace
TRIM_RIGHT	Trim trailing whitespace
TRIM	Trim both leading and trailing whitespace

HTTP Methods {#common-http-methods}

HTTP methods used for request matching.

Value	Description
ANY	Match any HTTP method
GET	HTTP GET request
HEAD	HTTP HEAD request
POST	HTTP POST request
PUT	HTTP PUT request
DELETE	HTTP DELETE request
CONNECT	HTTP CONNECT request
OPTIONS	HTTP OPTIONS request
TRACE	HTTP TRACE request
PATCH	HTTP PATCH request
COPY	HTTP COPY request (WebDAV)

TLS Fingerprints {#common-tls-fingerprints}

TLS fingerprint categories for malicious client detection.

Value	Description
TLS_FINGERPRINT_NONE	No fingerprint matching
ANY_MALICIOUS_FINGERPRINT	Match any known malicious fingerprint
ADWARE	Adware-associated fingerprints
DRIDEX	Dridex malware fingerprints
GOOTKIT	Gootkit malware fingerprints
RANSOMWARE	Ransomware-associated fingerprints
TRICKBOT	Trickbot malware fingerprints

IP Threat Categories {#common-ip-threat-categories}

IP address threat categories for security filtering.

Value	Description
SPAM_SOURCES	Known spam sources
WINDOWS_EXPLOITS	Windows exploit sources
WEB_ATTACKS	Web attack sources
BOTNETS	Known botnet IPs
SCANNERS	Network scanner IPs
REPUTATION	Poor reputation IPs
PHISHING	Phishing-related IPs
PROXY	Anonymous proxy IPs
MOBILE_THREATS	Mobile threat sources
TOR_PROXY	Tor exit nodes
DENIAL_OF_SERVICE	DoS attack sources
NETWORK	Known bad network ranges

Import

Import is supported using the following syntax:

# Import using namespace/name format
terraform import f5xc_cloud_credentials.example system/example