How to Configure the KopiCloud AD Terraform Provider

5 min readMay 29, 2023

This story will discuss configuring the KopiCloud AD Terraform Provider with KopiCloud AD API.

The KopiCloud AD Terraform Provider

This story is part of my KopiCloud AD Terraform Provider series.

I have been deploying Active Directory in AWS, Azure, GCP, and OCI cloud environments for +10 years. I have been using AD since Microsoft launched the public beta in 1999, so this is one of my favorite subjects to write about.

Automating Microsoft AD and DNS with Terraform & KopiCloud AD API
How to Configure the KopiCloud AD Terraform Provider (this story)
How to Create and Manage AD Users with Terraform
How to Deploy KopiCloud AD API from the AWS MarketPlace

1. Introducing KopiCloud AD API, the API for Microsoft Active Directory and DNS

KopiCloud AD API is a production-ready REST API designed to securely manage Microsoft Active Directory and DNS from custom applications, automation tools, DevOps pipelines, and Terraform.

With KopiCloud AD API, you can:

Integrate Microsoft AD and DNS with your applications or scripts.
Use our Terraform Provider in your CI/CD pipelines without credentials.
Manage AD Users, AD Groups, AD OUs, and AD Computers.
Manage DNS Records and DNS Zones.

Visit the KopiCloud AD API website for more details about the REST API and the Terraform Provider at https://adapi.kopicloud.com or explore the Automating Microsoft AD and DNS with Terraform & KopiCloud AD API story.

2. Why KopiCloud AD API?

Here are a few reasons to choose KopiCloud AD API to automate your Active Directory deployments:

No official Microsoft API: There is no official Microsoft API, so if you want to automate access to the Active Directory or DNS, you must write your own API or execute PowerShell commands.
It is secure: We use authentication tokens instead of using usernames and passwords to access Active Directory or DNS. These tokens can be used for a limited time or forever.
We keep a log of everything: Every task or action executed is written in a log, so you know who and when they call any API method. Coming soon, you will be able to forward events to several SIEMs.
Automate AD with our Terraform Provider: Create service accounts in AD, create DNS records, create AD Users, create AD Groups, create AD Organization Units, reset AD User passwords, and more.
Designed for all kinds of companies: We have plenty of pre-configured security access groups. The API provides many options if you are a small company or a large enterprise with a dedicated security team.
Working on both Production or Test Environments: If you are in production, every call is secured using a token, and everything is logged. Or you can disable the token authentication if running in a test environment.
Supports DNS actions: other AD providers can only automate Active Directory actions. KopiCloud AD API supports both Microsoft Active Directory and Microsoft DNS actions.

3. Creating KopiCloud AD API Authentication Tokens

KopiCloud AD API uses authentication tokens instead of usernames and passwords to authenticate to Active Directory.

The API supports two types of tokens: JWT Token and Basic Token.

This token will authenticate to the API from application integrations, the API Swagger, and the Terraform Provider.

3.1. Login to the KopiCloud AD API Management Portal

Enter your username and password to log in:

And click on the Login button.

3.2. Create JWT Token

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.

This information can be verified and trusted because it is digitally signed.

JWT tokens are recommended for applications like Terraform and can expire automatically.

To create a JWT Token, login to the KopiCloud AD API Management Portal and click on the JWT Token menu.

Enter a unique token name and expiration time (or 0 to create a not-expiring token) and click the Generate button.

Then, the token will be generated. Copy the token and store it in a safe place!

3.3. Create a Basic Token

Basic tokens are created by combining a username and password.

To create a Basic Token, login to the KopiCloud AD API Management Portal and click on the Basic Token menu.

Enter your username and password and click on the Generate button.

Note: If you change your password, you must regenerate your Basic Token.

Then, the token will be generated. Copy the token and store it in a safe place!

4. Set up the KopiCloud AD API Terraform Provider

In your “provider.tf” file, configure the KopiCloud AD Terraform Provider with the host, the URL of your KopiCloud AD API server, and the token, the token generated in the previous step.

terraform {
  required_providers {
    kopicloud = {
      source = "kopicloud-ad-api/ad"
    }
  }
}

provider "kopicloud" {
  host  = "https://api.kopicloud.local"
  token = "Basic b3NjYWI8UzFsdkyQMVsuD70"
}

And that is it!

Explore the KopiCloud AD API repo at https://github.com/KopiCloud-AD-API. There are examples for all the resources and data sources. And lots of scripts to test and evaluate the Terraform provider.

Visit the KopiCloud AD API website for more details about the REST API and the Terraform Provider at https://adapi.kopicloud.com

And that’s all, folks. If you liked this story, please show your support by 👏 this story. Thank you for reading!