Environment Variables

Customizing the execution of cloud-concierge with environment variables


  • We provide .env templates for needed environment variables by cloud provider type

  • The dragondrop management platform offers a client-side environment variable validator to quickly check whether your environment variables are formatted correctly. This can be found here.

Variable Descriptions

cloud-concierge Env Vars


  • Description: Optional variable if wishing to run CI/CD in GitHub Actions with Terraform pre-1.5. We strongly recommend running cloud-concierge with at least version 1.5.0 of Terraform to take advantage of import blocks.

    • At this point in time, only AWS and GCP history storages are supported.

  • Example GCP: {"storageType":"Google Storage Bucket","bucket":"imports-history-exmaple","region":"us-east4"}

  • Example AWS: {"storageType":"S3","bucket":"imports-history-exmaple","region":"us-east-1"}

Terraform Env Vars


  • Description: Terraform semantic version number. We strongly recommend running cloud-concierge with at least version 1.5.0 of Terraform to take advantage of import blocks.

  • Example: 1.5.1


  • Description: A Terraform provider with a semantic version to use within the cloud-concierge execution.

  • Example: google:~>4.27.0


  • Description: A region of a major cloud provider to scan. Currently only one region can be scanned at a time.

  • Example: ["eastus"]

Terraform State Backend Env Vars


  • Description: Type of backend used to store state files.

    • Must be one of s3, azurerm, gcs, or TerraformCloud

  • Example: s3


  • Description: A list of relative directories within the VCS repo to be cloned by cloud-concierge. Each relative directory in the list should correspond to a single "state file" of Terraform infrastructure.

    • Name comes from the idea of a "Workspace" in Terraform Cloud.

  • Example: /my/relative/path/1/,/my/relative/path/2/

Scanning Your Cloud Env Vars


  • Description: Name of a division of a public cloud provider and the corresponding credential for access to your cloud environment.

    • A division for AWS is an account name, for Azure it is a resource group, and for GCP it is a project.

  • Structure: "my-aws-account-name"


  • Description: List of terraform resources to exclusively scan for within your cloud environment.

    • Should not be specified if CLOUDCONCIERGE_RESOURCESBLACKLIST is specified

  • Structure: ["tf_resource_1", "tf_resource_2"]

  • Example: ["aws_lb", "google_storage_bucket"]


  • Description: List of terraform resources to avoid scanning for within your cloud environment. Scans for all other supported resources not specified

    • Should not be specified if CLOUDCONCIERGE_RESOURCESWHITELIST is specified.

  • Structure: ["tf_resource_1", "tf_resource_2"]

  • Example: ["aws_lb", "google_storage_bucket"]


  • Description: Optional boolean variable for whether cloud-concierge should only identify drift for resources already managed by Terraform.

    • Defaults to False

  • Example: False

Version Control System (VCS) Env Vars



  • Description: Personal access token for the VCS provider specified. Allows the containerized executable to interact with the VCS provider to open a pull request containing new resources and needed migrations. The cloud-concierge GitHub app should be installed on the repo specified.

    • For GitHub, should only be provided "Repo" permissions.

  • Example: ghp_my-github-access-token


  • Description: VCS user name to be assigned as Pull Request reviewer once cloud-concierge creates a pull request. To have no assigned reviewer, specify "NoReviewer".

  • Example: MyPRReviewerID

Cost Estimation Env Vars


  • Description: Token for accessing the Infracost Cloud Pricing API.

    • You can sign up for your free token at Infracost.io

  • Example:


Terraform Cloud Env Vars (Required if selected as your state backend)


  • Description: Terraform cloud team token for accessing remote workspaces.

    • Should be a Terraform Cloud Team Token.

  • Example: my-tf-cloud-team token


  • Description: Name of the Terraform cloud organization that corresponds to the specified token.

  • Example: my-tf-cloud-org

Last updated