Terraform Provider

Manage TigerAccess as infrastructure as code with the official Terraform provider. Automate access control configuration and integrate with GitOps workflows.

View Documentation Terraform Registry

Features

Infrastructure as Code for Access Control

Manage privileged access with the same workflows you use for infrastructure.

Infrastructure as Code

Define users, roles, resources, and access policies as Terraform code for version control and automation.

GitOps Workflows

Integrate with your existing GitOps pipelines to manage access control through pull requests and code reviews.

Configuration Management

Manage integrations, connectors, and TigerAccess configuration alongside your infrastructure code.

Resource Import

Import existing TigerAccess resources into Terraform state for seamless migration to IaC.

Capabilities

Comprehensive Resource Coverage

User management

Role definitions

Access policies

OIDC connectors

SAML connectors

GitHub connectors

Trusted clusters

Database resources

Kubernetes clusters

Application resources

Session recording

Audit configuration

Setup

Get Started in Minutes

Follow these simple steps to start managing TigerAccess with Terraform.

Install Terraform Provider

Configure the TigerAccess Terraform provider in your Terraform configuration.

terraform {
  required_providers {
    tigeraccess = {
      source  = "tigeraccess/tigeraccess"
      version = "~> 1.0"
    }
  }
}

provider "tigeraccess" {
  addr     = "https://tigeraccess.example.com:3025"
  cert_path = "/path/to/client.pem"
  key_path  = "/path/to/client-key.pem"
  root_ca   = "/path/to/ca.pem"
}

Define Resources

Create Terraform resources to manage users, roles, and access policies.

resource "tigeraccess_role" "developers" {
  metadata {
    name = "developers"
  }

  spec {
    allow {
      logins = ["ubuntu", "ec2-user"]

      node_labels = {
        env = ["dev", "staging"]
      }

      rules {
        resources = ["db", "kube"]
        verbs     = ["list", "read"]
      }
    }
  }
}

resource "tigeraccess_user" "alice" {
  metadata {
    name = "alice@example.com"
  }

  spec {
    roles = [tigeraccess_role.developers.metadata[0].name]
  }
}

Apply Configuration

Use standard Terraform commands to plan and apply your access control configuration.

# Initialize Terraform
terraform init

# Preview changes
terraform plan

# Apply configuration
terraform apply

# Import existing resources
terraform import tigeraccess_user.bob bob@example.com

Resources

Available Terraform Resources

The TigerAccess provider includes the following resources for managing your access control.

Resource	Description
`tigeraccess_user`	Manage TigerAccess users
`tigeraccess_role`	Define roles and permissions
`tigeraccess_policy`	Create access policies
`tigeraccess_oidc_connector`	Configure OIDC SSO
`tigeraccess_saml_connector`	Configure SAML SSO
`tigeraccess_github_connector`	GitHub organization sync
`tigeraccess_provision_token`	Generate provision tokens
`tigeraccess_database`	Register database resources

Use Cases

Real-World Scenarios

Automated User Provisioning

Automatically provision users and roles as part of your infrastructure deployment, ensuring access is configured before resources go live.

GitOps Access Control

Manage access policies through Git, enabling peer review, audit trails, and automated testing of access control changes.

Multi-Environment Management

Use Terraform workspaces and modules to manage different access configurations across dev, staging, and production environments.

Disaster Recovery

Quickly restore TigerAccess configuration from Terraform state in disaster recovery scenarios or when setting up new clusters.

FAQ

Frequently Asked Questions

Can I import existing TigerAccess resources into Terraform?

Yes. The TigerAccess provider supports importing existing resources into Terraform state. Use the standard "terraform import" command with the resource type and identifier.

How do I manage secrets like connector credentials in Terraform?

We recommend using Terraform sensitive variables, environment variables, or secret management tools like HashiCorp Vault. The provider marks sensitive fields appropriately to prevent them from appearing in logs.

Can I use Terraform modules for common access patterns?

Absolutely. You can create reusable Terraform modules for common patterns like database access roles, developer roles, or production access workflows, and share them across your organization.

Does the provider support all TigerAccess features?

The Terraform provider supports the most common TigerAccess resources and configurations. Check the provider documentation for the complete list of supported resources and data sources.

Ready to Secure Your Infrastructure?

Join thousands of security-conscious teams using TigerAccess to protect their critical infrastructure and AI agents.

Start Free Trial Contact Sales

No credit card required • 14-day free trial • Enterprise support available