Comment on page

Environment Variables

Customizing the execution of cloud-concierge with environment variables


  • We provide .env templates for needed environment variables by cloud provider type
  • The dragondrop management platform offers a client-side environment variable validator to quickly check whether your environment variables are formatted correctly. This can be found here.

Managed Solution

Using as a management platform allows for all required variables to configured via a user interface.

Variable Descriptions

cloud-concierge Env Vars

  • Description: Token for your dragondrop organization.
    • Sign-into the dragondrop management platform through GitHub social sign-on. You will be redirected to the "Organization" tab, where you will have the opportunity to copy your org token.
  • Example: cco-my-org-token
  • Description: Optional variable if wishing to run CI/CD in GitHub Actions with Terraform pre-1.5. We strongly recommend running cloud-concierge with at least version 1.5.0 of Terraform to take advantage of import blocks.
    • At this point in time, only AWS and GCP history storages are supported.
  • Example GCP: {"storageType":"Google Storage Bucket","bucket":"imports-history-exmaple","region":"us-east4"}
  • Example AWS: {"storageType":"S3","bucket":"imports-history-exmaple","region":"us-east-1"}

Terraform Env Vars

  • Description: Terraform semantic version number. We strongly recommend running cloud-concierge with at least version 1.5.0 of Terraform to take advantage of import blocks.
  • Example: 1.5.1
  • Description: A Terraform provider with a semantic version to use within the cloud-concierge execution.
  • Example: google:~>4.27.0
  • Description: A region of a major cloud provider to scan. Currently only one region can be scanned at a time.
  • Example: ["eastus"]

Terraform State Backend Env Vars

  • Description: Type of backend used to store state files.
    • Must be one of s3, azurerm, gcs, or TerraformCloud
  • Example: s3
  • Description: A list of relative directories within the VCS repo to be cloned by cloud-concierge. Each relative directory in the list should correspond to a single "state file" of Terraform infrastructure.
    • Name comes from the idea of a "Workspace" in Terraform Cloud.
  • Example: /my/relative/path/1/,/my/relative/path/2/

Scanning Your Cloud Env Vars

  • Description: Name of a division of a public cloud provider and the corresponding credential for access to your cloud environment.
    • A division for AWS is an account name, for Azure it is a resource group, and for GCP it is a project.
  • Structure: "my-aws-account-name"
  • Description: List of terraform resources to exclusively scan for within your cloud environment.
    • Should not be specified if CLOUDCONCIERGE_RESOURCESBLACKLIST is specified
  • Structure: ["tf_resource_1", "tf_resource_2"]
  • Example: ["aws_lb", "google_storage_bucket"]
  • Description: List of terraform resources to avoid scanning for within your cloud environment. Scans for all other supported resources not specified
    • Should not be specified if CLOUDCONCIERGE_RESOURCESWHITELIST is specified.
  • Structure: ["tf_resource_1", "tf_resource_2"]
  • Example: ["aws_lb", "google_storage_bucket"]
  • Description: Optional boolean variable for whether cloud-concierge should only identify drift for resources already managed by Terraform.
    • Defaults to False
  • Example: False

Version Control System (VCS) Env Vars

  • Description: Personal access token for the VCS provider specified. Allows the containerized executable to interact with the VCS provider to open a pull request containing new resources and needed migrations. The cloud-concierge GitHub app should be installed on the repo specified.
    • For GitHub, should only be provided "Repo" permissions.
  • Example: ghp_my-github-access-token
  • Description: VCS user name to be assigned as Pull Request reviewer once cloud-concierge creates a pull request. To have no assigned reviewer, specify "NoReviewer".
  • Example: MyPRReviewerID

Terraform Cloud Env Vars (Required if selected as your state backend)

  • Description: Terraform cloud team token for accessing remote workspaces.
    • Should be a Terraform Cloud Team Token.
  • Example: my-tf-cloud-team token
  • Description: Name of the Terraform cloud organization that corresponds to the specified token.
  • Example: my-tf-cloud-org