Terraform Providers

terraform { required_version = ">= 1.6.0" required_providers { aws = { source = "hashicorp/aws" version = "~> 5.0" } google = { source = "hashicorp/google" version = ">= 5.0, < 6.0" } azurerm = { source = "hashicorp/azurerm" version = "~> 3.80" } kubernetes = { source = "hashicorp/kubernetes" version = "~> 2.24" } helm = { source = "hashicorp/helm" version = "~> 2.12" } random = { source = "hashicorp/random" version = "~> 3.5" } } }

provider "aws" { region = "us-east-1" profile = "production" # Assume role (for cross-account) assume_role { role_arn = "arn:aws:iam::123456789012:role/TerraformRole" session_name = "terraform-session" external_id = "unique-external-id" } default_tags { tags = { ManagedBy = "terraform" Environment = var.environment Project = var.project_name } } } # AWS provider alias (multi-region) provider "aws" { alias = "us_west" region = "us-west-2" } resource "aws_s3_bucket" "west" { provider = aws.us_west bucket = "my-west-bucket" }

provider "google" { project = var.gcp_project_id region = "us-central1" zone = "us-central1-a" # Credentials (use application default in CI) # credentials = file("service-account.json") } provider "google-beta" { project = var.gcp_project_id region = "us-central1" } # Use beta provider for specific resources resource "google_container_cluster" "primary" { provider = google-beta name = "my-cluster" location = "us-central1" } # Multi-project setup provider "google" { alias = "project_b" project = "my-project-b" region = "europe-west1" }

provider "azurerm" { features { key_vault { purge_soft_delete_on_destroy = true recover_soft_deleted_key_vaults = true } resource_group { prevent_deletion_if_contains_resources = true } } subscription_id = var.azure_subscription_id tenant_id = var.azure_tenant_id # Service principal authentication client_id = var.azure_client_id client_secret = var.azure_client_secret # Or managed identity # use_msi = true } # Azure Government provider "azurerm" { alias = "gov" environment = "usgovernment" features {} }