Use Terraform with Apigee

Terraform is an infrastructure-as-code (IaC) tool that you can use to provision and configure Apigee using code.

When you use Terraform with Apigee, you create Terraform files that describes your desired configuration for provisioning or a feature. When you apply the configuration, Terraform creates an execution plan and performs the operations needed to configure Apigee.

This page summarizes the Terraform functionality available for Apigee. For general information about using Terraform with Google Cloud, see Terraform on Google Cloud documentation.

Before you begin

In order to set up Terraform for your Apigee project:

  1. Prepare your development environment, either Cloud Shell or a local shell:

    Cloud Shell

    To use an online terminal with the gcloud CLI and Terraform already set up, activate Cloud Shell.

    At the bottom of this page, a Cloud Shell session starts and displays a command-line prompt. It can take a few seconds for the session to initialize.

    Note that Cloud Shell has Terraform already integrated.

    Local shell

    To use a local development environment, follow these steps:

    1. Install the Google Cloud CLI.

    2. If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.

    3. To initialize the gcloud CLI, run the following command: 

      gcloud init
    4. Install Terraform.

  2. Verify that billing is enabled for your Google Cloud project.

  3. Enable the Cloud Resource Manager and Identity, Access Management (IAM) APIs:

    Roles required to enable APIs

    To enable APIs, you need the Service Usage Admin IAM role (roles/serviceusage.serviceUsageAdmin), which contains the serviceusage.services.enable permission. Learn how to grant roles. 

    gcloud services enable cloudresourcemanager.googleapis.com  iam.googleapis.com
  4. Ensure that your Google Cloud project doesn't have the Google Cloud Platform - Resource Location Restriction organization policy constraint added.
  5. Verify if you have an existing Apigee organization in your project. If yes, then ensure that data residency (DRZ) is not enabled for the organization.

Terraform resources for Apigee

The following table summarizes the features and functionality you can manage using Terraform resources for Apigee. This list might not be exhaustive. Find all of the Terraform resources for Apigee in the Apigee Terraform GitHub repository. Always check the GitHub repository for the latest functionality.

Apigee feature or functionality Terraform support summary More information
Provision Apigee Provision Apigee instances using Terraform. Provisioning options
Provision Apigee API hub Configure and manage API hub using Terraform. Provision API hub with Terraform
Configure Advanced API Security Configure security actions and some aspects of Risk Assessment v2. Configure Advanced API Security with Terraform