Seqera Platform Terraform Provider

Caution

Early Preview - This provider is in early preview and subject to breaking changes. APIs and resource schemas may change without notice. Please use with caution in production environments and report any issues you encounter.

Terraform Provider for the Seqera Platform API.

Summary

Seqera API: The Seqera Platform Terraform Provider enables infrastructure-as-code management of Seqera Platform resources. This provider allows you to programmatically create, configure, and manage organizations, workspaces, compute environments, pipelines, credentials, and other Seqera Platform components using Terraform.

Table of Contents

• Seqera Platform Terraform Provider
  • Installation
  • Available Resources and Data Sources
  • Best Practices
  • Examples
  • Testing the provider locally
• Development
  • Contributions

Installation

To install this provider, copy and paste this code into your Terraform configuration. Then, run terraform init.

terraform {
  required_providers {
    seqera = {
      source  = "seqeralabs/seqera"
      version = "0.25.4"
    }
  }
}

provider "seqera" {
  # Configuration options
}

Available Resources and Data Sources

Resources

• seqera_action
• seqera_aws_compute_env
• seqera_aws_credential
• seqera_azure_credential
• seqera_compute_env
• seqera_credential
• seqera_data_link
• seqera_datasets
• seqera_google_credential
• seqera_labels
• seqera_orgs
• seqera_pipeline
• seqera_pipeline_secret
• seqera_primary_compute_env
• seqera_studios
• seqera_teams
• seqera_tokens
• seqera_workflows
• seqera_workspace

Data Sources

• seqera_action
• seqera_aws_compute_env
• seqera_aws_credential
• seqera_azure_credential
• seqera_compute_env
• seqera_credential
• seqera_data_link
• seqera_dataset
• seqera_google_credential
• seqera_labels
• seqera_orgs
• seqera_pipeline
• seqera_pipeline_secret
• seqera_studios
• seqera_teams
• seqera_tokens
• seqera_user
• seqera_user_workspaces
• seqera_workflows
• seqera_workspace
• seqera_workspaces

Best Practices

Prerequisites

• Terraform Knowledge: Familiar with Terraform concepts, state management, and limitations
• Permissions: Sufficient permissions in cloud provider and Seqera Platform
• Cost Management: Infrastructure spend awareness and cost controls
• API Access: Proper API access to Seqera Platform with authentication

Security

✅ DO

• Secure Credentials: Use environment variables, Terraform Cloud variables, or secret management systems
• Least Privilege: Grant minimum necessary permissions to Terraform service accounts
• Secure State: Store Terraform state in remote backends (Terraform Cloud, S3, Azure Storage)
• Encryption: Ensure sensitive data is encrypted at rest and in transit

❌ DON'T

• Plain Text Secrets: Never pass secrets, API keys, or credentials in plain text
• Hardcoded Values: Avoid hardcoding sensitive information in .tf files
• Public State: Never commit Terraform state files to version control

Resource Management

✅ DO

• Persistent Resources: Use for persistent infrastructure resources on Seqera Platform
• State Management: Always use Terraform state to track infrastructure
• Naming & Tagging: Use consistent naming conventions and comprehensive tagging
• Modular Design: Organize code into reusable modules

❌ DON'T

• Pipeline Orchestration: Don't use for launching pipelines except as smoke tests for compute environments (use Seqera Platform APIs for routine pipeline launches)
• Cross Dependencies: Avoid dependencies between Batch Forge and Terraform resources
• State Assumptions: Do not assume the state reflects user-managed resources that may have been modified elsewhere.

Operations

✅ DO

• Version Control: Store configurations in version control
• Code Review: Implement review processes for infrastructure changes
• Environment Separation: Use separate workspaces/configurations for environments
• Monitoring: Set up monitoring and alerting
• Backup Strategy: Maintain backups of state and configurations

❌ DON'T

• Manual Changes: Avoid direct modifications to Terraform-managed resources
• Single Recovery: Don't rely solely on Terraform for disaster recovery
• Resource Drift: Don't allow resources to drift from Terraform state

Examples

The examples/terraform-examples directory contains comprehensive Terraform configurations demonstrating how to use the Seqera Platform provider across different cloud platforms. Each example includes a complete setup from organization to running nf-core/rnaseq.

Cloud Platform Examples

• AWS Example (examples/terraform-examples/aws/) - Complete AWS Batch setup with nf-core/rnaseq pipeline
• Azure Example (examples/terraform-examples/azure/) - Complete Azure Batch setup with nf-core/rnaseq pipeline
• GCP Example (examples/terraform-examples/gcp/) - Complete Google Batch setup with genomics-optimized instances

Getting Started with Examples

1. Choose your cloud platform from examples/terraform-examples/aws/, examples/terraform-examples/azure/, or examples/terraform-examples/gcp/
2. Copy the example tfvars: cp terraform.tfvars.example terraform.tfvars
3. Configure your credentials and settings in terraform.tfvars
4. Amend any variable/resource names or values ,ensure you update your organization name as that has to be unique.
5. Initialize Terraform: terraform init
6. Review the plan: terraform plan
7. Apply when ready: terraform apply

Each example includes detailed variable descriptions and validation rules to help you configure the resources correctly for your environment.

Testing the provider locally

Local Provider

Should you want to validate a change locally, the --debug flag allows you to execute the provider against a terraform instance locally.

This also allows for debuggers (e.g. delve) to be attached to the provider.

go run main.go --debug
# Copy the TF_REATTACH_PROVIDERS env var
# In a new terminal
cd examples/your-example
TF_REATTACH_PROVIDERS=... terraform init
TF_REATTACH_PROVIDERS=... terraform apply

Compiled Provider

Terraform allows you to use local provider builds by setting a dev_overrides block in a configuration file called .terraformrc. This block overrides all other configured installation methods.

1. Execute go build to construct a binary called terraform-provider-seqera
2. Ensure that the .terraformrc file is configured with a dev_overrides section such that your local copy of terraform can see the provider binary

Terraform searches for the .terraformrc file in your home directory and applies any configuration settings you set.

provider_installation {

  dev_overrides {
      "registry.terraform.io/seqeralabs/seqera" = "<PATH>"
  }

  # For all other providers, install them directly from their origin provider
  # registries as normal. If you omit this, Terraform will _only_ use
  # the dev_overrides block, and so no other providers will be available.
  direct {}
}

Development

Contributions

While we value open-source contributions to this terraform provider, this library is generated programmatically. Any manual changes added to internal files will be overwritten on the next generation. We look forward to hearing your feedback. Feel free to open a PR or an issue with a proof of concept and we'll do our best to include it in a future release.

SDK Created by Speakeasy