# Terraform

### Overview

The Veza integration for HashiCorp Terraform Cloud facilitates the discovery of users, groups, roles, and permissions within a Terraform organization.

To configure this integration, you need to create a Terraform user and generate a read-only API token for Veza to connect to your Terraform environment.

Refer to [notes and supported entities](#notes-and-supported-entities) for additional details.

### Configuring Terraform Cloud

1. Create a [new user account](https://developer.hashicorp.com/terraform/cloud-docs/users-teams-organizations/users) at `https://app.terraform.io/public/signup/account`.
2. Generate either a User token or an Organization token to access Terraform APIs.
3. Steps to Create a User Token:
   1. Log in to your account and go to the user settings.
      * ![User Settings](/files/AP0VBF5w0wCJCkPJs2F0)
   2. Select **Tokens**.
      * ![Tokens](/files/rNkrCXxth09Xxb9mi7hE)
   3. Create an API token. Copy and securely store it.
      * ![API Token](/files/Vu60j6FgCiimWjLEwsXn)
4. Steps to Create an Organization Token:
   1. On the Terraform home page, pick your organization.
      * ![Select Organization](/files/yZCwPEwzJ5Pa35jtjvNF)
   2. In the left navigation, expand **Settings** and go to **API Tokens**.
   3. Create an organization token and store it securely.
      * ![Organization Token](/files/mXm0XSjF4zDzQ9NQLz67)
5. To Obtain the Organization External ID:
   1. On the Terraform home page, pick your organization.
   2. Click on **Settings** in the left navigation.
   3. Find the **Organization External ID** in the **General** section of the settings.

### Adding Terraform Cloud to Veza

1. As a Veza administrator, go to **Integrations**.
2. Click *Create Integration* and pick *Terraform Cloud* for the integration to add.
3. Enter the required information and click *Save* to save the configuration.

| Field                                    | Description                                                          |
| ---------------------------------------- | -------------------------------------------------------------------- |
| **Terraform URL**                        | The URL for the Terraform API endpoint, including the protocol.      |
| **Terraform User or Organization Token** | The token used to access the Terraform API.                          |
| **Terraform Organization External ID**   | The external ID of the organization for accessing the Terraform API. |

### Notes and Supported Entities

The Terraform Cloud integration supports the following entities and attributes:

* **Terraform Organization**: A platform for teams to manage Terraform runs in a consistent and reliable environment. Features include shared state and secret data, access controls, module sharing, and policy controls for configurations. Terraform Cloud is available as a hosted service at <https://app.terraform.io>.
* **Terraform User**: Individual user accounts that can be part of one or more teams, with permissions on workspaces within an organization. Users can belong to multiple organizations.
* **Terraform Group**: Represents a team of local Terraform users.
* **Terraform Role**: Indicates the visibility level provided to a team.
* **Terraform Permission**: Denotes the capabilities or organizational access granted to a team or user.

#### Terraform User

| Property              | Description                                  |
| --------------------- | -------------------------------------------- |
| `id`                  | The user’s ID.                               |
| `name`                | The user’s name.                             |
| `email`               | The user's email address.                    |
| `is_service_account`  | Indicates if the user has a service account. |
| `organization_owners` | Shows if the user is an organization owner.  |
| `is_active`           | True if the user is active, otherwise false. |
| `created_at`          | The date and time when the user was created. |

#### Terraform Group

| Property | Description                              |
| -------- | ---------------------------------------- |
| `id`     | The group’s ID as provided by Terraform. |
| `name`   | The group's name.                        |

#### Terraform Role

| Property | Description                                        |
| -------- | -------------------------------------------------- |
| `id`     | The team’s visibility ID as provided by Terraform. |
| `name`   | The team’s visibility name.                        |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.veza.com/4yItIzMvkpAvMVFAamTf/integrations/integrations/terraform.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.