Connect your cloud services using Splunk Terraform

Use Splunk Terraform to connect Splunk Observability Cloud to AWS, GCP, or Azure.

If you use Terraform to turn Splunk Observability Cloud APIs into configuration files and don’t want to configure your system manually through guided setup, use splunk-terraform/signalfx, the Splunk Terraform provider, to connect Splunk Observability Cloud to AWS, Azure, or GCP.

The HashiCorp Configuration Language underlying Terraform supports automation. Although you can apply one configuration file to multiple cloud service providers, this topic explains how to connect a single service to Splunk Observability Cloud using the Terraform Registry.

As with other connection options, Terraform uses the Splunk Observability REST API endpoints. For examples, see the following topics:

Requirements

See the requirements for each cloud services provider:

Note: To use CloudWatch Metric Streams you need to deploy additional resources on your AWS account using one of the CloudFormation templates provided by Splunk. Also, review your IAM policy to ensure all the required actions are available to Splunk Observability Cloud.

Required tokens

You might need these Splunk tokens to configure Terraform.

Splunk Observability Cloud user API access token (mandatory)

To obtain your user API access token, follow these steps:

Go to Splunk Observability Cloud and select Settings.
Select your avatar or name on the top to access your Personal information. Your user API access token is available on the right corner.

See Retrieve and manage user API access tokens using Splunk Observability Cloud for more information.

Splunk Observability Cloud org token

To obtain your org token, you have the following options:

Go to Splunk Observability Cloud. In Settings, select Access tokens.
Use the Splunk Observability Cloud API to retrieve the name of the token. For more information, see /token from the Splunk Developer Portal.

See Create and manage organization access tokens using Splunk Observability Cloud for more information.

Configure Terraform to connect to your cloud services

Note: Terraform documentation identifies Splunk Observability Cloud as SignalFx, so the integrations are called signalfx_aws_integration, signalfx_azure_integration, and signalfx_gcp_integration.

To configure a connection through Terraform, perform the following steps:

Go to Terraform’s Registry at https://registry.terraform.io/ and look for signalfx in the search box. Find splunk-terraform’s signalFx provider site with docs, the available resources, and the compatible data sources.

Copy the Use provider code to add SignalFx in the required_providers block of main.tf in your configuration file. It looks similar to the following example:

terraform {
  required_providers {
    splunk = {
      source = "splunk-terraform/signalfx"
      version = "6.22.0"
    }
  }
}

provider "signalfx" {
  auth_token = "${var.signalfx_auth_token}"
}

# Add resources
resource "signalfx_dasboard" "default" {
  # ...
}

Paste your user API access token in the auth_token field in the provider configuration file. You can also set it using the SFX_AUTH_TOKEN environment variable. This step is required to authenticate Terraform requests to the Splunk Observability Cloud API.
Configure the required additional resources, which are Terraform’s infrastructure objects.
- For AWS, you need the signalfx_aws_integration resource. You can add your org token in the namedToken field to see how much traffic is coming from the integration it identifies, if you use different tokens per integration.
- If you’re authenticating using the IAM policy and ARN roles, see signalfx_aws_external_integration. Copy and modify the example syntax provided in the documentation section of Terraform Registry’s SignalFx page and use it to authenticate in AWS. See Authenticate in AWS using an External ID (recommended).
- If you’re using AWS Security Token authentication, paste your AWS token in the signalfx_aws_token_integration resource token/key fields.
- For Azure, use the signalfx_azure_integration resource.
- For GCP, use the signalfx_gcp_integration resource.
Add your cloud service as a data source, as described in Data Source: signalfx_aws_services, Data Source: signalfx_azure_services, or Data Source: signalfx_gcp_services. Data sources allow Terraform to use information defined outside of Terraform, defined by another separate Terraform configuration, or modified by functions.

Additional resources

For more Terraform syntax examples, see the blog entry Manage Your Splunk Infrastructure as Code Using Terraform .
For examples of how to configure through the Splunk Observability Cloud API, see Connect to AWS using the Splunk Observability Cloud API.
For AWS Terraform templates, see Use the Terraform template to connect to Splunk Observability Cloud.

Next steps

After you connect Splunk Observability Cloud with your cloud services provider:

See Leverage data from your integration with AWS for more information on how you can use Splunk Observability Cloud to track a series of metrics and analyze your AWS data in real time.
For Azure, see Connect your Azure account to Splunk Observability Cloud for next steps.
For GCP, see Connect to Google Cloud Platform for next steps.

Documentation