github.com/atsaki/terraform@v0.4.3-0.20150919165407-25bba5967654/website/source/docs/provisioners/connection.html.markdown (about) 1 --- 2 layout: "docs" 3 page_title: "Provisioner Connections" 4 sidebar_current: "docs-provisioners-connection" 5 description: |- 6 Many provisioners require access to the remote resource. For example, a provisioner may need to use SSH or WinRM to connect to the resource. 7 --- 8 9 # Provisioner Connections 10 11 Many provisioners require access to the remote resource. For example, 12 a provisioner may need to use SSH or WinRM to connect to the resource. 13 14 Terraform uses a number of defaults when connecting to a resource, but these 15 can be overridden using `connection` block in either a `resource` or `provisioner`. 16 Any `connection` information provided in a `resource` will apply to all the 17 provisioners, but it can be scoped to a single provisioner as well. One use case 18 is to have an initial provisioner connect as root to setup user accounts, and have 19 subsequent provisioners connect as a user with more limited permissions. 20 21 ## Example usage 22 23 ``` 24 # Copies the file as the root user using SSH 25 provisioner "file" { 26 source = "conf/myapp.conf" 27 destination = "/etc/myapp.conf" 28 connection { 29 user = "root" 30 password = "${var.root_password}" 31 } 32 } 33 34 # Copies the file as the Administrator user using WinRM 35 provisioner "file" { 36 source = "conf/myapp.conf" 37 destination = "C:/App/myapp.conf" 38 connection { 39 type = "winrm" 40 user = "Administrator" 41 password = "${var.admin_password}" 42 } 43 } 44 ``` 45 46 ## Argument Reference 47 48 **The following arguments are supported by all connection types:** 49 50 * `type` - The connection type that should be used. Valid types are "ssh" and "winrm" 51 This defaults to "ssh". 52 53 * `user` - The user that we should use for the connection. Defaults to "root" when 54 using type "ssh" and defaults to "Administrator" when using type "winrm". 55 56 * `password` - The password we should use for the connection. In some cases this is 57 provided by the provider. 58 59 * `host` - The address of the resource to connect to. This is provided by the provider. 60 61 * `port` - The port to connect to. Defaults to 22 when using type "ssh" and defaults 62 to 5985 when using type "winrm". 63 64 * `timeout` - The timeout to wait for the connection to become available. This defaults 65 to 5 minutes. Should be provided as a string like "30s" or "5m". 66 67 * `script_path` - The path used to copy scripts to meant for remote execution. 68 69 **Additional arguments only supported by the "ssh" connection type:** 70 71 * `key_file` - The SSH key to use for the connection. This takes preference over the 72 password if provided. 73 74 * `agent` - Set to false to disable using ssh-agent to authenticate. 75 76 **Additional arguments only supported by the "winrm" connection type:** 77 78 * `https` - Set to true to connect using HTTPS instead of HTTP. 79 80 * `insecure` - Set to true to not validate the HTTPS certificate chain. 81 82 * `cacert` - The CA certificate to validate against. 83 84 <a id="bastion"></a> 85 ## Connecting through a Bastion Host with SSH 86 87 The `ssh` connection additionally supports the following fields to facilitate a 88 [bastion host](https://en.wikipedia.org/wiki/Bastion_host) connection. 89 90 * `bastion_host` - Setting this enables the bastion Host connection. This host 91 will be connected to first, and the `host` connection will be made from there. 92 93 * `bastion_port` - The port to use connect to the bastion host. Defaults to the 94 value of `port`. 95 96 * `bastion_user` - The user to use to connect to the bastion host. Defaults to 97 the value of `user`. 98 99 * `bastion_password` - The password we should use for the bastion host. 100 Defaults to the value of `password`. 101 102 * `bastion_key_file` - The SSH key to use for the bastion host. Defaults to the 103 value of `key_file`.