- Print
- DarkLight
Use Backblaze B2 with Terraform
- Print
- DarkLight
Terraform is an infrastructure as code (IaC) tool that was developed by HashiCorp. Instead of using imperative commands (step-by-step instructions), Terraform uses declarative code, “here’s what I want.”
The Backblaze B2 Cloud Storage Terraform provider lets you create and manage application keys, buckets, and upload files.
To use the Backblaze B2 Terraform provider, you must download a Terraform binary. You can find the appropriate binary for your platform here.
You can also view the following video tutorial to get started using Terraform with Backblaze B2.
Enable Backblaze B2
Before you begin: You must have a Backblaze B2 Cloud Storage account. If you already have a Backblaze account and the left navigation menu contains a B2 Cloud Storage section, your account is already enabled for Backblaze B2.
- Sign in to the Backblaze web console.
- In the user menu in the upper-right corner of the page, select My Settings.
- Under Enabled Products, select the checkbox to enable B2 Cloud Storage.
- Review the Terms and Conditions, and click OK to accept them.
Create an Application Key in the Backblaze Web Console
- Sign in to the Backblaze web console.
- In the left navigation menu under B2 Cloud Storage, click Application Keys.
- Click Add a New Application Key, and enter an app key name. Please note: You cannot search an app key by this name; therefore, app key names are not required to be globally unique. Key names are limited to 100 characters and can contain letters, numbers, and "-", but not I18N characters, such as é, à, and ü.
- Select All or a specific bucket in the Allow Access to Bucket(s) dropdown menu.
- Optionally, select your access type (Read and Write, Read Only, or Write Only).
- Optionally, select the Allow List All Bucket Names checkbox (required for the B2 Native API b2_list_buckets and the S3-Compatible API S3 List Buckets operations).
- Optionally, enter a file name prefix to restrict application key access only to files with that prefix. Depending on what you selected in step #4, this limits application key access to files with the specified prefix for all buckets or just the selected bucket.
- Optionally, enter a positive integer to limit the time, in seconds, before the application key expires. The value must be less than 1000 days (in seconds).
- Click Create New Key, and note the resulting keyID and applicationKey values.
Create an Application Key using Terraform
- Enter the following code changing the values as appropriate:
terraform { required_version = ">= 0.13" required_providers { b2 = { source = "Backblaze/b2" version = "~> 0.2" } } } provider "b2" { } resource "b2_application_key" "example" { key_name = "test-b2-tfp-0000000000000000000" capabilities = ["readFiles"] } data "b2_application_key" "example" { key_name = b2_application_key.example.key_name } output "application_key" { value = data.b2_application_key.example }
- Save this code into a file called
application_key.tf
. - Run the following command to initialize the Terraform environment:
The following output is returned:$ terraform init
$ terraform init Initializing the backend... Initializing provider plugins... - Reusing previous version of backblaze/b2 from the dependency lock file - Using previously-installed backblaze/b2 v0.2.1 Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.
- Run the following command to create and run your Terraform plan:
The following output is returned:terraform plan -out=application_key.out
Terraform indicates that it wants to add 1 key, change 0, and destroy 0.$ terraform plan -out=application_key.out An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create <= read (data resources) Terraform will perform the following actions: # data.b2_application_key.example will be read during apply # (config refers to values not yet known) <= data "b2_application_key" "example" { + application_key_id = (known after apply) + bucket_id = (known after apply) + capabilities = (known after apply) + id = (known after apply) + key_name = "test-b2-tfp-0000000000000000000" + name_prefix = (known after apply) + options = (known after apply) } # b2_application_key.example will be created + resource "b2_application_key" "example" { + application_key = (sensitive value) + application_key_id = (known after apply) + capabilities = [ + "readFiles", ] + id = (known after apply) + key_name = "test-b2-tfp-0000000000000000000" + options = (known after apply) } Plan: 1 to add, 0 to change, 0 to destroy. ------------------------------------------------------------------------ This plan was saved to: application_key.out To perform exactly these actions, run the following command to apply: terraform apply "application_key.out"
- If you are satisfied with the plan, run the following command to apply the plan:
The following output is returned:$ terraform apply application_key.out
$ terraform apply application_key.out b2_application_key.example: Creating... b2_application_key.example: Creation complete after 4s [id=0000000000000000000000000] data.b2_application_key.example: Reading... data.b2_application_key.example: Read complete after 4s [id=0000000000000000000000000] Apply complete! Resources: 1 added, 0 changed, 0 destroyed. The state of your infrastructure has been saved to the path below. This state is required to modify and destroy your infrastructure, so keep it safe. To inspect the complete state use the `terraform show` command. State path: terraform.tfstate
- Run the following command to clean up the application key that you created, and enter yes when prompted:
The following output is returned:$ terraform destroy
$ terraform destroy An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: - destroy Terraform will perform the following actions: # b2_application_key.example will be destroyed - resource "b2_application_key" "example" { - application_key = (sensitive value) - application_key_id = "0000000000000000000000000" -> null - capabilities = [ - "readFiles", ] -> null - id = "0000000000000000000000000" -> null - key_name = "test-b2-tfp-0000000000000000000" -> null - options = [ - "s3", ] -> null } Plan: 0 to add, 0 to change, 1 to destroy. Do you really want to destroy all resources? Terraform will destroy all your managed infrastructure, as shown above. There is no undo. Only 'yes' will be accepted to confirm. Enter a value: yes b2_application_key.example: Destroying... [id=0000000000000000000000000] b2_application_key.example: Destruction complete after 3s Destroy complete! Resources: 1 destroyed.
Set Environmental Variables
Run the following command to set your application key and application key ID environmental variables to read at runtime:
$ export B2_APPLICATION_KEY_ID=0000000000000000000000000
$ export B2_APPLICATION_KEY=0000000000000000000000000000000