Skip to main content

Equinix Provider

The Equinix provider is used to interact with the resources provided by Equinix Platform. The provider needs to be configured with the proper credentials before it can be used.

For information about obtaining API key and secret required for Equinix Fabric and Network Edge refer to Generating Client ID and Client Secret key from Equinix Developer Platform portal.

Equinix Fabric also supports authentication using a Workload Identity Token, which can be used in place of the client_id and client_secret arguments. Requires an authorization scope and OIDC token from an IdP trusted by Equinix STS. Please note that this is an alpha feature not available for all users. Using workload identity tokens will override client ID/secret, you must use provider aliases to manage both workload identity tokens and client ID/secret in a single Terraform configuration.

Interacting with Equinix Metal requires an API auth token that can be generated at Project-level or User-level tokens can be used.

If you are only using Equinix Metal resources, you may omit the Client ID and Client Secret provider configuration parameters needed to access other Equinix resource types (Network Edge, Fabric, etc).

Use the navigation to the left to read about the available resources.

Example Usage

Example HCL with provider configuration and a required providers definition:

terraform {
  required_providers {
    equinix = {
      source = "equinix/equinix"
    }
  }
}

# Credentials for all Equinix resources
provider "equinix" {
  client_id     = "someEquinixAPIClientID"
  client_secret = "someEquinixAPIClientSecret"
  auth_token    = "someEquinixMetalToken"
}

Client ID and Client Secret can be omitted when the only Equinix resources consumed are Equinix Metal resources.

# Credentials for only Equinix Metal resources
provider "equinix" {
  auth_token    = "someEquinixMetalToken"
}

Workload Identity Tokens can be used in service authorization scenarios, like HCP Terraform. Other credential variables are optional for equinix_fabric_* resources and datasources when using this method.

# Configuration for using Workload Identity Federation
provider "equinix" {
  # Desired scope of the requested security token. Must be an Access Policy ERN or a string of the form `roleassignments:<organization_id>`
  token_exchange_scope = "roleassignments:<organization_id>"

  # The name of the environment variable containing the token exchange subject token
  # For example, HCP Terraform automatically sets TFC_WORKLOAD_IDENTITY_TOKEN
  token_exchange_subject_token_env_var = "TFC_WORKLOAD_IDENTITY_TOKEN"
}

Example provider configuration using environment variables:

export EQUINIX_API_CLIENTID=someEquinixAPIClientID
export EQUINIX_API_CLIENTSECRET=someEquinixAPIClientSecret
export METAL_AUTH_TOKEN=someEquinixMetalToken

Token Authentication

Token's can be generated for the API Client using the OAuth2 Token features described in the OAuth2 API documentation.

API tokens can be provided using the token provider argument, or the EQUINIX_API_TOKEN evironment variable. The client_id and client_secret arguments will be ignored in the presence of a token argument.

See the Equinix API Testing guide for details on recommended testing practices.

provider "equinix" {
  token = "someToken"
}

Argument Reference

The Equinix provider requires a few basic parameters. While the authentication arguments are individually optionally, either token or client_id and client_secret must be defined through arguments or environment settings to interact with Equinix Fabric and Network Edge services, and auth_token to interact with Equinix Metal.

These parameters can be provided in Terraform variable files or as environment variables. Nevertheless, please note that it is not recommended to keep sensitive data in plain text files.

Schema

Optional

  • auth_token (String, Deprecated) The Equinix Metal API auth key for API operations
  • client_id (String) API Consumer Key available under "My Apps" in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTID shell environment variable.
  • client_secret (String) API Consumer secret available under "My Apps" in developer portal. This argument can also be specified with the EQUINIX_API_CLIENTSECRET shell environment variable.
  • endpoint (String) The Equinix API base URL to point out desired environment. This argument can also be specified with the EQUINIX_API_ENDPOINT shell environment variable. (Defaults to https://api.equinix.com)
  • max_retries (Number) Maximum number of retries in case of network failure.
  • max_retry_wait_seconds (Number) Maximum number of seconds to wait before retrying a request.
  • request_timeout (Number) The duration of time, in seconds, that the Equinix Platform API Client should wait before canceling an API request. Canceled requests may still result in provisioned resources. (Defaults to 30)
  • response_max_page_size (Number) The maximum number of records in a single response for REST queries that produce paginated responses. (Default is client specific)
  • sts_endpoint (String) The STS API base URL to point to the desired environment. This argument can also be specified with the EQUINIX_STS_ENDPOINT shell environment variable. (Defaults to https://sts.eqix.equinix.com). Please note that STS is an alpha feature and not available for all users.
  • token (String) API tokens are generated from API Consumer clients using the OAuth2 API. This argument can also be specified with the EQUINIX_API_TOKEN shell environment variable.
  • token_exchange_scope (String) The scope of the authentication token. Must be an access policy ERN or a string of the form roleassignments:<org_id>. This argument can also be specified with the EQUINIX_TOKEN_EXCHANGE_SCOPE shell environment variable. Please note that token exchange is an alpha feature and not available for all users.
  • token_exchange_subject_token (String) The subject token to use for token exchange authentication. Must be an OIDC ID token issued by an OIDC provider trusted by Equinix STS. If not set, the provider will use the environment variable specified in token_exchange_subject_token_env_var. Please note that token exchange is an alpha feature and not available for all users.
  • token_exchange_subject_token_env_var (String) The name of the environment variable containing the subject token for token exchange. This argument can also be specified with the EQUINIX_TOKEN_EXCHANGE_SUBJECT_TOKEN_ENV_VAR shell environment variable. (Defaults to EQUINIX_TOKEN_EXCHANGE_SUBJECT_TOKEN). Please note that token exchange is an alpha feature and not available for all users.
Was this page helpful?