github.com/turtlemonvh/terraform@v0.6.9-0.20151204001754-8e40b6b855e8/website/source/docs/provisioners/connection.html.markdown (about) 1 --- 2 layout: "docs" 3 page_title: "Provisioner Connections" 4 sidebar_current: "docs-provisioners-connection" 5 description: |- 6 Many provisioners require access to the remote resource. For example, a provisioner may need to use SSH or WinRM to connect to the resource. 7 --- 8 9 # Provisioner Connections 10 11 Many provisioners require access to the remote resource. For example, 12 a provisioner may need to use SSH or WinRM to connect to the resource. 13 14 Terraform uses a number of defaults when connecting to a resource, but these 15 can be overridden using `connection` block in either a `resource` or `provisioner`. 16 Any `connection` information provided in a `resource` will apply to all the 17 provisioners, but it can be scoped to a single provisioner as well. One use case 18 is to have an initial provisioner connect as root to setup user accounts, and have 19 subsequent provisioners connect as a user with more limited permissions. 20 21 ## Example usage 22 23 ``` 24 # Copies the file as the root user using SSH 25 provisioner "file" { 26 source = "conf/myapp.conf" 27 destination = "/etc/myapp.conf" 28 connection { 29 user = "root" 30 password = "${var.root_password}" 31 } 32 } 33 34 # Copies the file as the Administrator user using WinRM 35 provisioner "file" { 36 source = "conf/myapp.conf" 37 destination = "C:/App/myapp.conf" 38 connection { 39 type = "winrm" 40 user = "Administrator" 41 password = "${var.admin_password}" 42 } 43 } 44 ``` 45 46 ## Argument Reference 47 48 **The following arguments are supported by all connection types:** 49 50 * `type` - The connection type that should be used. Valid types are "ssh" and "winrm" 51 This defaults to "ssh". 52 53 * `user` - The user that we should use for the connection. Defaults to "root" when 54 using type "ssh" and defaults to "Administrator" when using type "winrm". 55 56 * `password` - The password we should use for the connection. In some cases this is 57 provided by the provider. 58 59 * `host` - The address of the resource to connect to. This is provided by the provider. 60 61 * `port` - The port to connect to. Defaults to 22 when using type "ssh" and defaults 62 to 5985 when using type "winrm". 63 64 * `timeout` - The timeout to wait for the connection to become available. This defaults 65 to 5 minutes. Should be provided as a string like "30s" or "5m". 66 67 * `script_path` - The path used to copy scripts to meant for remote execution. 68 69 **Additional arguments only supported by the "ssh" connection type:** 70 71 * `private_key` - The contents of an SSH key to use for the connection. These can 72 be loaded from a file on disk using the [`file()` interpolation 73 function](/docs/configuration/interpolation.html#file_path_). This takes 74 preference over the password if provided. 75 76 * `agent` - Set to false to disable using ssh-agent to authenticate. 77 78 **Additional arguments only supported by the "winrm" connection type:** 79 80 * `https` - Set to true to connect using HTTPS instead of HTTP. 81 82 * `insecure` - Set to true to not validate the HTTPS certificate chain. 83 84 * `cacert` - The CA certificate to validate against. 85 86 <a id="bastion"></a> 87 ## Connecting through a Bastion Host with SSH 88 89 The `ssh` connection additionally supports the following fields to facilitate a 90 [bastion host](https://en.wikipedia.org/wiki/Bastion_host) connection. 91 92 * `bastion_host` - Setting this enables the bastion Host connection. This host 93 will be connected to first, and the `host` connection will be made from there. 94 95 * `bastion_port` - The port to use connect to the bastion host. Defaults to the 96 value of `port`. 97 98 * `bastion_user` - The user to use to connect to the bastion host. Defaults to 99 the value of `user`. 100 101 * `bastion_password` - The password we should use for the bastion host. 102 Defaults to the value of `password`. 103 104 * `bastion_private_key` - The contents of an SSH key file to use for the bastion 105 host. These can be loaded from a file on disk using the [`file()` 106 interpolation function](/docs/configuration/interpolation.html#file_path_). 107 Defaults to the value of `private_key`. 108 109 ## Deprecations 110 111 These are supported for backwards compatibility and may be removed in a 112 future version: 113 114 * `key_file` - A path to or the contents of an SSH key to use for the 115 connection. These can be loaded from a file on disk using the [`file()` 116 interpolation function](/docs/configuration/interpolation.html#file_path_). 117 This takes preference over the password if provided. 118 119 * `bastion_key_file` - The contents of an SSH key file to use for the bastion 120 host. These can be loaded from a file on disk using the [`file()` 121 interpolation function](/docs/configuration/interpolation.html#file_path_). 122 Defaults to the value of `key_file`.