Terraform provider for Akamai Enterprise Application Access (EAA).
# From the repository root
makeOutputs:
bin/terraform-provider-eaa— provider binarybin/import-config— bulk import tool
Platform support: macOS (darwin_amd64, darwin_arm64), Linux (linux_amd64, linux_arm64), Windows (windows_amd64, windows_arm64).
terraform {
required_providers {
eaa = {
source = "terraform.eaaprovider.dev/eaaprovider/eaa"
version = "2.0.0"
}
}
}
provider "eaa" {
contractid = "contract-id"
accountswitchkey = "account-switch-key" # optional
edgerc = ".edgerc" # optional, defaults to ~/.edgerc
}| Argument | Required | Description |
|---|---|---|
contractid |
Yes | Akamai contract ID for EAA |
accountswitchkey |
No | Run operations from another account |
edgerc |
No | Path to .edgerc file (default ~/.edgerc) |
Authentication can also use environment variables.
Create an API client in Akamai Control Center with READ-WRITE permission to Enterprise Application Access. For legacy API keys: EAA > System > Settings > Generate new API Key.
[default]
host = akaa-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx.luna.akamaiapis.net
client_token = akab-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxx
client_secret = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
access_token = akab-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxresource "eaa_application" "my_app" {
name = "My App"
app_profile = "http"
app_type = "enterprise"
domain = "wapp"
host = "my-app"
popregion = "us-east-1"
agents = ["my-connector"]
servers {
origin_host = "app.internal.example.com"
origin_port = 443
origin_protocol = "https"
}
auth_enabled = "true"
}terraform init && terraform plan && terraform apply| Resource | Description | Doc | Examples |
|---|---|---|---|
eaa_application |
Application lifecycle, advanced settings, auth, ACL rules | docs/eaa_application.md | enterprise_http, enterprise_rdp, tunnel, auth_* |
eaa_connector |
Connector VM provisioning | docs/eaa_connector.md | connector |
eaa_connector_pool |
Pool management, registration tokens, app/connector assignment | docs/eaa_connector_pool.md | connector_pool |
eaa_data_source_pops, eaa_data_source_appcategories, eaa_data_source_agents, eaa_data_source_idps, eaa_data_source_tls_cipher_suites, eaa_connector_pools, eaa_data_source_apps — see docs/data-sources.md.
| Topic | Doc |
|---|---|
| Importing existing resources | docs/import.md |
| Troubleshooting & log tags | docs/troubleshooting.md |
| CI/CD pipeline & Makefile targets | docs/ci-cd-pipeline.md |
See docs/troubleshooting.md for logging setup, log tag format, and a full reference of all [SOURCE][RESOURCE][OPERATION] log tags.
This repository includes Claude Code configuration to help both users and contributors.
The CLAUDE.md file at the repository root teaches Claude about the EAA provider's resources, data sources, common patterns, and gotchas. With it, Claude can help you write Terraform configurations — for example:
- "Help me write a Terraform config for an HTTP application with SAML auth"
- "Set up a connector pool with two connectors and a registration token"
- "What data source do I use to look up IDP names?"
Two Claude Code skills are available in .claude/skills/:
| Skill | Audience | Purpose |
|---|---|---|
add-resource |
Contributors | Guides adding a new resource or data source through the full brainstorming → spec → plan → execution workflow |
debug-provider |
Users | Helps troubleshoot terraform plan/terraform apply failures with structured log analysis and issue reporting |
To use a skill, type /add-resource or /debug-provider in Claude Code.
EAA Terraform provider is provided as-is and not supported by Akamai Support. Report issues at the GitHub Issues page.