env0

Connect Your Cloud Account

env0 applies your Terraform code to create resources in your own cloud account. Here you will learn how to give env0 the required permissions for that.

The exact steps depend on which cloud provider you are using.

Amazon Web Services

Create IAM Role & Permissions

  1. In order to connect your AWS account, you will need to create an IAM user with programmatic access. See this guide on how to do that. Make sure you save your Access Key ID and Secret Access Key.
  2. You will need to grant this user the appropriate permissions in order to deploy the resources defined in your Terraform code.

Add Your Credentials to env0

  1. Go to the Organization Variables page

Organization Variables Menu

  1. Under the Environment Variables section, click + Add Variable
  2. Add a variable with the key AWS_ACCESS_KEY_ID, and the value of your Access Key ID.
  3. Add another variable, this one with the key AWS_SECRET_ACCESS_KEY. Enter the value of your Secret Access Key, and mark this one as Sensitive.
  4. Click Save

Add AWS Credentials

Google Cloud

Create a Service Account

  1. In order to connect your GCS account, you will need to create a Service Account Key. See this guide on how to create one. Make sure to save the JSON key contents.

Add Your Credentials to env0

  1. Go to the Organization Variables page

Organization Variables Menu

  1. Under the Environment Variables section, click + Add Variable
  2. Add a variable with the key GOOGLE_PROJECT. The value should be the name of your GCS Project.
  3. Add another variable, this one with the key GOOGLE_CREDENTIALS. Copy-paste the JSON key contents directly into the value of this variable. Mark it as Sensitive.
  4. Click Save

Add GCP Credentials

Azure

Create a Service Principal

  1. In order to connect your Azure account, you will need to create a Service Principal. Follow these steps on how to create one.

Add Your Credentials to env0

  1. Go to the Organization Variables page

Organization Variables Menu

  1. Under the Environment Variables section, click + Add Variable
  2. Add the following variables -
    1. Key ARM_SUBSCRIPTION_ID - Value is your subscription ID.
    2. Key ARM_CLIENT_ID - Value is your service principal app ID.
    3. Key ARM_CLIENT_SECRET - Value is your service principal password. Mark this one as sensitive.
    4. Key ARM_TENANT_ID - Value is your service principal tenant ID.
  3. Click Save

Add Azure Credentials

Other Cloud Providers

If you are using Terraform to manage infrastructure in a different provider than the ones mentioned above, you will need to check the provider documentation to understand what authentication options the provider supports.

Defining Scopes

Cloud access is defined in env0 using variables, which can be defined in several scopes. This guide defined those variables in an Organizational scope, meaning they can be used by any environment in the organization. Learn more about variables in env0.

Updated 4 months ago


Connect Your Cloud Account


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.