Skip to navigationSkip to main contentSkip to footerScaleway DocsAsk our AI
Ask our AI
Log inSign up

How to use IAM authentication for Cockpit Grafana with Terraform/OpenTofu

Scaleway now supports IAM authentication for Cockpit Grafana, allowing you to programmatically connect to Grafana when using infrastructure-as-code tools like Terraform/OpenTofu or other automation utilities.

This guide explains how to use this new authentication method, with a focus on configuring Terraform/OpenTofu to access and manage Grafana resources securely and automatically.

Before you start

To complete the actions presented below, you must have:

  • A Scaleway account with access to the Scaleway console
  • Owner status or IAM permissions allowing you to perform actions in the intended Organization
  • Created an API key with the required rights to allow Terraform/OpenTofu to access Grafana
  • Installed the latest versions of the Scaleway and Grafana Terraform/OpenTofu providers

Storing your credentials

  1. Open a terminal and create a scaleway.auto.tfvars file to store your credentials. Terraform/OpenTofu will load it automatically.
  2. Paste the code below inside your file. Make sure that you replace the placeholder values with your own.
access_key       = "<SCWXXXXXXXXXXXXXXXXX>"
  secret_key       = <xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx>"
  organization_id  = "<xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx>"
  project_id       = "<xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx>"

Find out more about Terraform/OpenTofu configuration files in the dedicated documentation.

Configuring the Terraform/OpenTofu providers

  1. In the same folder as the one in which you have created your scaleway.auto.tfvars file, create a main.tf file:

    nano main.tf

  2. Paste the following content into your file:

    terraform {
  required_providers {
    scaleway = {
      source  = "scaleway/scaleway"
      version = "2.64.0"
    }
    grafana = {
      source  = "grafana/grafana"
      version = "4.21.0"
    }
  }
}

variable "access_key" {
  type      = string
  sensitive = true
}

variable "secret_key" {
  type      = string
  sensitive = true
}

variable "organization_id" {
  type      = string
  sensitive = true
}

variable "project_id" {
  type      = string
  sensitive = true
}

provider "scaleway" {
  access_key      = var.access_key
  secret_key      = var.secret_key
  organization_id = var.organization_id
  project_id      = var.project_id
}

provider "grafana" {
  url          = "https://${var.project_id}.dashboard.cockpit.scaleway.com"
  auth         = "anonymous"

  http_headers = {
    "X-Auth-Token" = var.secret_key
  }
}

  3. Save your file and exit your text editor.

  4. Run terraform init to load the newly created configuration file into Terraform/OpenTofu.

  5. Plan the execution of the tasks to be done by terraform using terraform plan.

  6. Apply the new configuration by running terraform apply. Confirm the execution of the plan by typing yes when prompted.

  7. Enter yes to confirm.

Note

The Scaleway Terraform/OpenTofu provider also allows you to manage Cockpit-specific resources such as alerting rules, access tokens, and data sources.

See Also
How to access Grafana and preconfigured dashboardsHow to create a Cockpit token
Still need help?

Create a support ticket
No Results