Manage Netlify with Terraform
This post aims to help you manage your Netlify resources declarativley
This post aims to help you manage your Netlify resources declarativley, using terraform you will be alble to declare and/or import Netlify dns records, this post is devided in three parts first, we will go through setting up the Netlify provider, then we see how to create records , and finally we see how to import existing records to terraform.
Setup
I assume you have terraform v1.5 or above installed, and you know basic terraform terminology and commands.
First thing we do is specify the the provider name and version in the terraform.tf
file.
Provider initialization
It’s best practice, to fix the version of providers, so that you have control over what changes can affect your terraform code base.
# terraform.tf
terraform {
required_version = ">= 1.5" # <- change this
required_providers {
netlify = {
source = "netlify/netlify"
version = "0.1.1" # <- current version
}
}
}
Make sure you are in the right folder (where your .tf
files exist), run the command to initialize the project.
$ cd /path/to/netlify-project; terraform init
After we initialized the project, now we need to tell terraform where how to connect with Netlify APIs, we need to setup credentials.
Credentials setup
Let’s create first a variable that represent the api token make sure to flag it as sensitive so it doesn’t appear in CD outputs, or specular plans. under variables.tf
.
# variables.tf
variable "netlify_api_token" {
type = string
sensitive = true
description = "The API access key to your netlify account"
}
Go to your netlify account in the upper right corner, click on your user avatar then:
- Go to User settings
- Under Applications click on OAuth
- Click on New access token
- Give a description like (terraform api key) & set an exiration date (after 30days)
- Copy the api token
Set the token you copied, in your shell profile as an environment variable, Note that the naming of this variable should match the name of the terraform variable TF_VAR_<name_of_terraform_variable>
.
# ~/.bashrc or `~/.zshrc`
export TF_VAR_netlify_api_token="<your-secret-api-token>"
Source the profile file into the terminal you are working in, and test if the variable is populated using echo
.
$ source ~/.bashrc # or ~/.zshrc
$ echo $TF_VAR_netlify_api_token
After you successfully generated the api key, now it’s time to configure the provider to use it, under the providers.tf
add this config:
# providers.tf
provider "netlify" {
token = var.netlify_api_token
}
Verify your permissions, using the plan command if there is any permissions issue it will appear in this phase.
$ terraform plan
Manage netlify resources
Project structure
.
├── import.tf
├── main.tf
├── providers.tf
├── terraform.tf
└── variables.tf
Create DNS records
Creating dns records requires fist having the dns_zone id, simply write the
# main.tf
data "netlify_dns_zone" "example_com" {
name = "example.com"
}
resource "netlify_dns_record" "www_example_com" {
type = "A"
zone_id = data.netlify_dns_zone.mehdij4_zone.id
hostname = "www.example.com"
value = "1.1.1.1"
}
$ terraform plan
$ terraform apply
Import existing dns records
To import dns records to Netlify we need the record id, from what I saw there is no UI to show the id of each record that’s why I use this way to get them.
Getting the zone id
We already retieved the zone id using data "netlify_dns_zone"
we need to search for it in the terraform state, execute this command and identify the id.
$ terraform show -json | jq
Getting the record id
Now we can have all records with their respective ids using Netlify API using this command will retieve all records for a givin zoneid, replace <zone-id>
with what you found on terraform state.
$ curl -H "Authorization: Bearer $TF_VAR_netlify_api_token"\
https://api.netlify.com/api/v1/dns_zones/<zone_id>/dns_records | jq
After you found the record id, you can import the record using this block, create a file called import.tf
and add this block, replace the id
with the zone-id:record-id
, do this to all records you want to import.
# import.tf
import {
id = "<zone-id>:<record-id>"
to = netlify_dns_record.dev_example_com
}
Once finished, you can apply/plan your changes, you will see that terrsform is telling about importing these resources.
$ terraform apply