> ## Documentation Index
> Fetch the complete documentation index at: https://docs.archil.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Terraform Provider
> Manage Archil disks, users, and API tokens with Infrastructure as Code
The [Archil Terraform provider](https://registry.terraform.io/providers/archil-data/archil/latest) enables you to manage Archil resources using Infrastructure as Code. It supports creating and managing disks, API tokens, and disk user authorizations.
## Installation
Add the provider to your `required_providers` block:
```hcl theme={null}
terraform {
required_providers {
archil = {
source = "archil-data/archil"
}
}
}
```
Then run `terraform init` to install the provider.
## Provider Configuration
```hcl theme={null}
provider "archil" {
api_key = var.archil_api_key
region = "aws-us-east-1"
}
```
### Arguments
| Argument | Description | Required |
| ---------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- |
| `api_key` | API key for authentication. Can also be set via `ARCHIL_API_KEY` environment variable. Accepts the key with or without the `key-` prefix. | Yes |
| `region` | Archil region (e.g., `aws-us-east-1`). Can also be set via `ARCHIL_REGION`. Default: `aws-us-east-1`. See [Region Availability](/reference/regions) for all regions. | No |
| `endpoint` | Override the API endpoint URL. Can also be set via `ARCHIL_ENDPOINT`. | No |
Store your API key securely. Use a `terraform.tfvars` file (and add it to `.gitignore`) or an environment variable rather than hardcoding the key in your configuration.
## Resources
### archil\_disk
Creates and manages an Archil disk with a storage mount.
```hcl theme={null}
resource "archil_disk" "example" {
name = "my-disk"
mount {
type = "s3"
bucket_name = "my-s3-bucket"
}
}
```
#### Arguments
| Argument | Description | Required |
| -------- | ----------------------------------------------------------- | -------- |
| `name` | Disk name (1-100 chars, alphanumeric, dashes, underscores). | Yes |
| `mount` | Storage mount configuration block (exactly one required). | Yes |
#### Mount Block Arguments
| Argument | Description | Required |
| ---------------------- | -------------------------------------------------------------------------------------------- | -------- |
| `type` | Mount type: `s3`, `gcs`, `r2`, `s3-compatible`, or `azure-blob`. | Yes |
| `bucket_name` | Bucket or container name. | No |
| `bucket_endpoint` | Storage endpoint URL (auto-populated for S3). | No |
| `bucket_prefix` | Prefix within the bucket. | No |
| `access_key_id` | Access key ID (sensitive). | No |
| `secret_access_key` | Secret access key (sensitive). | No |
| `session_token` | Session token for temporary credentials (sensitive). | No |
| `session_id` | Session identifier for IAM role-based auth. Auto-generated when no access keys are provided. | No |
| `container_name` | Azure blob container name. | No |
| `endpoint` | Azure blob endpoint URL. | No |
| `storage_account_name` | Azure storage account name. | No |
| `tenant_id` | Azure AD tenant ID. | No |
| `client_id` | Azure AD client ID. | No |
| `client_secret` | Azure AD client secret (sensitive). | No |
All disk attributes require replacement -- changing any attribute will destroy and recreate the disk.
#### Attributes
| Attribute | Description |
| --------------- | --------------------------------------- |
| `id` | Disk ID (e.g., `dsk-0123456789abcdef`). |
| `status` | Disk status (e.g., `available`). |
| `organization` | Owning organization. |
| `provider_name` | Cloud provider (e.g., `aws`). |
| `region` | Disk region (e.g., `aws-us-east-1`). |
| `created_at` | Creation timestamp. |
| `data_size` | Total data size in bytes. |
***
### archil\_api\_token
Creates and manages an Archil API token for programmatic access.
```hcl theme={null}
resource "archil_api_token" "example" {
name = "ci-token"
description = "Token for CI/CD pipelines"
}
```
#### Arguments
| Argument | Description | Required |
| ------------- | ---------------------------------- | -------- |
| `name` | Token name (1-100 chars). | Yes |
| `description` | Token description (max 500 chars). | No |
#### Attributes
| Attribute | Description |
| -------------- | --------------------------------------------------------- |
| `id` | Token ID (hash). |
| `token` | Full token value (sensitive, only available at creation). |
| `token_suffix` | Last 4 characters of the token. |
| `created_at` | Creation timestamp. |
***
### archil\_disk\_user
Adds an authorized user to an Archil disk. Supports token-based and AWS STS authentication.
```hcl theme={null}
resource "archil_disk_user" "example" {
disk_id = archil_disk.example.id
type = "token"
principal = archil_api_token.example.token
nickname = "ci-pipeline"
}
```
#### Arguments
| Argument | Description | Required |
| ----------- | ------------------------------------------------------- | -------- |
| `disk_id` | ID of the disk to add the user to. | Yes |
| `type` | User type: `token` or `awssts`. | Yes |
| `principal` | Token value or IAM ARN (sensitive). | Yes |
| `nickname` | Nickname for the user (required when `type = "token"`). | No |
#### Attributes
| Attribute | Description |
| -------------- | ------------------------------- |
| `token_suffix` | Last 4 characters of the token. |
| `created_at` | Creation timestamp. |
## Data Sources
### archil\_disk
Look up an existing Archil disk by ID or name.
```hcl theme={null}
data "archil_disk" "production" {
name = "production-disk"
}
```
#### Arguments
Exactly one of `id` or `name` must be set.
| Argument | Description |
| -------- | --------------------- |
| `id` | Disk ID to look up. |
| `name` | Disk name to look up. |
#### Attributes
| Attribute | Description |
| --------------- | ------------------------- |
| `id` | Disk ID. |
| `name` | Disk name. |
| `status` | Disk status. |
| `organization` | Owning organization. |
| `provider_name` | Cloud provider. |
| `region` | Disk region. |
| `created_at` | Creation timestamp. |
| `data_size` | Total data size in bytes. |
## Full Example
This example creates a disk with an S3 mount, an API token, and authorizes the token to access the disk:
```hcl theme={null}
terraform {
required_providers {
archil = {
source = "archil-data/archil"
}
}
}
provider "archil" {
api_key = var.archil_api_key
region = "aws-us-east-1"
}
variable "archil_api_key" {
type = string
sensitive = true
}
resource "archil_disk" "app" {
name = "my-app-disk"
mount {
type = "s3"
bucket_name = "my-app-bucket"
}
}
resource "archil_api_token" "app" {
name = "app-token"
description = "Token for application servers"
}
resource "archil_disk_user" "app" {
disk_id = archil_disk.app.id
type = "token"
principal = archil_api_token.app.token
nickname = "app-servers"
}
data "archil_disk" "app" {
name = archil_disk.app.name
depends_on = [archil_disk.app]
}
output "disk_id" {
value = archil_disk.app.id
}
output "disk_status" {
value = archil_disk.app.status
}
```
## Import
Disks can be imported using their ID:
```bash theme={null}
terraform import archil_disk.example dsk-0123456789abcdef
```