Table of Contents
In order to authenticate with HCP Terraform, run the terraform login CLI command. Enter yes to the prompt to confirm that you want to authenticate.
Generate token
A browser window will automatically open to the HCP Terraform login screen. Enter a token name in the web UI, or leave the default name, terraform login:
Click Create API token to generate the authentication token:
Save a copy of the token in a secure location. It provides access to your HCP Terraform organization. Terraform will also store your token locally at the file path specified in the command output (see the picture above).
Add the token to the CLI prompt
When the Terraform CLI prompts you, paste the user token exactly once into your terminal. Terraform will hide the token for security when you paste it into your terminal. Press Enter to complete the authentication process:
Then in the main.tf replace <TERRAFORM CLOUD ORGANIZATION NAME> in the terraform.cloud block with your Terraform Cloud Organization Name and <TERRAFORM CLOUD ORGANIZATION's WORKSPACE NAME> in the terraform.cloud.workspaces block with your Terraform Cloud Organization's Workspaces Name.
Confluent Cloud API
Confluent Cloud requires API keys to manage access and authentication to different parts of the service. An API key consists of a key and a secret. You can create and manage API keys by using the Confluent Cloud CLI. Learn more about Confluent Cloud API Key access here. Using the Confluent CLI, execute the follow command to generate the Cloud API Key:
confluent api-key create --resource "cloud"Then, copy-and-paste the API Key and API Secret values to the respective,
<CONFLUENT_CLOUD_API_KEY>and<CONFLUENT_CLOUD_API_SECRET>property values in theterraform.tfvarsfile.
The configuration leverages the IaC Confluent Cloud Resource API Key Rotation Terraform module to handle the creation and rotation of each of the Confluent Cloud Resource API Key for each of the Confluent Cloud Resources:
Along with the Schema Registry Cluster REST endpoint, and Kafka Cluster's Bootstrap URI are stored in the AWS Secrets Manager (click here for a description of the secrets).
In addition, the consumer and producer Kafka client configuration parameters are stored in the AWS Systems Manager Parameter Store (click here for a description of the parameters).