kb/providers

Terraform providers: AWS, LocalStack, multi-region

Terraform providers are the plugins that turn HCL into API calls. The provider block and its options, the AWS provider with its credentials chain and default_tags, and LocalStack endpoints that let you practice in a sandbox with no real cloud and no AWS bill.

tf-archive-external-httparchive, external, http: outside data in HCL
Three providers for pulling data into Terraform from the outside. `archive` packs files into a zip (lambda code, layers). `external` runs any script with JSON I/O. `http` does a GET request to a URL and parses the response. All three are data sources: they read, they do not write. They are useful where declarative HCL falls short.
aws-providerAWS provider: configuration and where Terraform finds your keys
The AWS provider looks for credentials in several places in order: env variables, ~/.aws/credentials, the instance IAM role. Usually `aws configure` locally or a role on EC2 is enough, and you configure nothing else.
tf-cloudinit-providercloudinit provider: user_data for EC2 and more
The `cloudinit` provider builds a multi-part MIME blob for EC2 `user_data`. `data "cloudinit_config"` takes several `part` blocks (cloud-config YAML, shell-script, jinja, and so on) and packs them into one blob. It replaces hand base64-encoding of a single string and lets you assemble the config from pieces.
localstack-providerLocalStack: a learning AWS that lives in Docker
LocalStack emulates the AWS API locally, inside a Docker container. Terraform thinks it is talking to real AWS, but no real resources are created and no money is spent. Ideal for learning and tests.
tf-provider-blockThe provider block: who Terraform will call
The provider block configures the plugin: which AWS region to talk to, which endpoints to use, which credentials to take. One block per provider is usually enough.
tf-tls-providertls provider: keys, self-signed certificates, CSRs
The `tls` provider generates private keys and certificates right inside HCL. `tls_private_key` makes a key pair (RSA/ECDSA/Ed25519). `tls_self_signed_cert` produces a self-signed certificate. `tls_cert_request` builds a CSR you can hand to an external CA for signing. It is handy for test fixtures and SSH keys. For production, reach for a secrets manager, not state.
tf-utility-providersUtility providers: random, time, null, terraform_data
Providers that do not manage a cloud, they help HCL itself. `random` generates IDs and passwords. `time` handles delays and timestamp marks. `null` is the deprecated "non-resource" for triggers. `terraform_data` is the modern replacement for `null_resource`, built into Terraform. Each one removes a specific limitation of the declarative approach.

kb/providers

Terraform providers: AWS, LocalStack, multi-region

tf-archive-external-httparchive, external, http: outside data in HCL
Three providers for pulling data into Terraform from the outside. `archive` packs files into a zip (lambda code, layers). `external` runs any script with JSON I/O. `http` does a GET request to a URL and parses the response. All three are data sources: they read, they do not write. They are useful where declarative HCL falls short.
aws-providerAWS provider: configuration and where Terraform finds your keys
The AWS provider looks for credentials in several places in order: env variables, ~/.aws/credentials, the instance IAM role. Usually `aws configure` locally or a role on EC2 is enough, and you configure nothing else.
tf-cloudinit-providercloudinit provider: user_data for EC2 and more
The `cloudinit` provider builds a multi-part MIME blob for EC2 `user_data`. `data "cloudinit_config"` takes several `part` blocks (cloud-config YAML, shell-script, jinja, and so on) and packs them into one blob. It replaces hand base64-encoding of a single string and lets you assemble the config from pieces.
localstack-providerLocalStack: a learning AWS that lives in Docker
LocalStack emulates the AWS API locally, inside a Docker container. Terraform thinks it is talking to real AWS, but no real resources are created and no money is spent. Ideal for learning and tests.
tf-provider-blockThe provider block: who Terraform will call
The provider block configures the plugin: which AWS region to talk to, which endpoints to use, which credentials to take. One block per provider is usually enough.
tf-tls-providertls provider: keys, self-signed certificates, CSRs
The `tls` provider generates private keys and certificates right inside HCL. `tls_private_key` makes a key pair (RSA/ECDSA/Ed25519). `tls_self_signed_cert` produces a self-signed certificate. `tls_cert_request` builds a CSR you can hand to an external CA for signing. It is handy for test fixtures and SSH keys. For production, reach for a secrets manager, not state.
tf-utility-providersUtility providers: random, time, null, terraform_data
Providers that do not manage a cloud, they help HCL itself. `random` generates IDs and passwords. `time` handles delays and timestamp marks. `null` is the deprecated "non-resource" for triggers. `terraform_data` is the modern replacement for `null_resource`, built into Terraform. Each one removes a specific limitation of the declarative approach.