The Terraform Provider for Starburst Galaxy enables Infrastructure-as-Code management of Starburst Galaxy resources including clusters, catalogs, users, roles, and more.
- Terraform 1.0+
- Go 1.20+ (for local development)
- Starburst Galaxy account with API access
- OAuth2 client credentials (client ID and secret)
The provider is available in the Terraform Registry. Add the following to your Terraform configuration:
terraform {
required_providers {
galaxy = {
source = "starburstdata/galaxy"
}
}
}Configure the provider using environment variables:
export GALAXY_CLIENT_ID="your-client-id"
export GALAXY_CLIENT_SECRET="your-client-secret"
export GALAXY_DOMAIN="https://your-galaxy-domain.starburstdata.com"In your Terraform configuration:
provider "galaxy" {
# Configuration is read from environment variables
}- Cluster Management: Create and manage Starburst Galaxy clusters with auto-scaling and WarpSpeed capabilities
- Catalog Configuration: Connect to various data sources including S3, BigQuery, Snowflake, PostgreSQL, MySQL, and more
- Access Control: Manage users, service accounts, roles, and fine-grained permissions
- Data Governance: Implement row filters, column masks, and data products for compliance and security
- Policy Management: Define and enforce data retention and access policies
Create a cluster:
resource "galaxy_cluster" "example" {
name = "my-cluster"
cloud_region_id = "your-region-id"
min_workers = 1
max_workers = 10
private_link_cluster = false
catalog_refs = []
processing_mode = "WarpSpeed"
warp_resiliency_enabled = true
result_cache_enabled = true
idle_stop_minutes = 30
}Create an S3 catalog:
resource "galaxy_s3_catalog" "data_lake" {
name = "data-lake"
cloud_region_id = "your-region-id"
s3_catalog_properties = {
bucket_name = "my-data-bucket"
default_location = "s3://my-data-bucket/data"
region = "us-east-1"
aws_access_key_id = var.aws_access_key
aws_secret_access_key = var.aws_secret_key
}
cluster_id = galaxy_cluster.example.id
}- Clone the repository:
git clone https://github.com/starburstdata/terraform-provider-galaxy.git
cd terraform-provider-galaxy- Build and install the provider:
go install .This installs the binary to $GOPATH/bin (typically ~/go/bin).
To use your locally-built provider instead of downloading from the registry, configure Terraform with development overrides:
- Create or edit
~/.terraformrc(macOS/Linux) or%APPDATA%/terraform.rc(Windows):
provider_installation {
dev_overrides {
"registry.terraform.io/starburstdata/galaxy" = "/Users/yourusername/go/bin" # Replace with your GOBIN path
}
# For all other providers, install normally from the registry
direct {}
}- Verify your GOBIN path:
go env GOBIN
# If empty, it defaults to:
echo $(go env GOPATH)/bin- With dev_overrides configured, Terraform will use your local build automatically. You do not need to run
terraform initwhen using dev_overrides.
- Make your code changes
- Rebuild the provider and install to /go/bin:
go install .- Test with Terraform:
cd examples/test-cluster
terraform plan
terraform applyNote: When using dev_overrides, Terraform will show a warning that development overrides are in effect. This is expected.
Run unit tests:
go test ./...Run acceptance tests (requires valid Galaxy credentials):
export GALAXY_CLIENT_ID="your-client-id"
export GALAXY_CLIENT_SECRET="your-client-secret"
export GALAXY_DOMAIN="https://your-domain.galaxy.starburst.io"
TF_ACC=1 go test ./internal/provider -v -timeout 30mgalaxy_bigquery_catalog- Google BigQuery cataloggalaxy_cassandra_catalog- Apache Cassandra cataloggalaxy_cluster- Starburst Galaxy clustersgalaxy_column_mask- Column-level data maskinggalaxy_cross_account_iam_role- AWS cross-account IAM rolesgalaxy_data_product- Data product definitionsgalaxy_gcs_catalog- Google Cloud Storage cataloggalaxy_mongodb_catalog- MongoDB cataloggalaxy_mysql_catalog- MySQL database cataloggalaxy_opensearch_catalog- OpenSearch cataloggalaxy_policy- Data governance policiesgalaxy_postgresql_catalog- PostgreSQL database cataloggalaxy_redshift_catalog- Amazon Redshift cataloggalaxy_role- Role definitionsgalaxy_role_privilege_grant- Role privilege assignmentsgalaxy_row_filter- Row-level security filtersgalaxy_s3_catalog- S3 data lake cataloggalaxy_service_account- Service accounts for automationgalaxy_service_account_password- Service account credentialsgalaxy_snowflake_catalog- Snowflake data warehouse cataloggalaxy_sqlserver_catalog- Microsoft SQL Server cataloggalaxy_tag- Data classification tags
galaxy_bigquery_catalog- Read a BigQuery cataloggalaxy_cassandra_catalog- Read a Cassandra cataloggalaxy_catalog_metadata- Read catalog metadatagalaxy_cluster- Read a clustergalaxy_column- Read a columngalaxy_column_mask- Read a column maskgalaxy_data_product- Read a data productgalaxy_data_quality_summary- Read data quality summarygalaxy_gcs_catalog- Read a GCS cataloggalaxy_mongodb_catalog- Read a MongoDB cataloggalaxy_mysql_catalog- Read a MySQL cataloggalaxy_opensearch_catalog- Read an OpenSearch cataloggalaxy_policy- Read a policygalaxy_postgresql_catalog- Read a PostgreSQL cataloggalaxy_privatelink- Read a private linkgalaxy_redshift_catalog- Read a Redshift cataloggalaxy_role- Read a rolegalaxy_rolegrant- Read a role grantgalaxy_row_filter- Read a row filtergalaxy_s3_catalog- Read an S3 cataloggalaxy_schema- Read a schemagalaxy_service_account- Read a service accountgalaxy_snowflake_catalog- Read a Snowflake cataloggalaxy_sqlserver_catalog- Read a SQL Server cataloggalaxy_table- Read a tablegalaxy_tag- Read a taggalaxy_user- Read a user
galaxy_bigquery_catalogs- List all BigQuery catalogsgalaxy_cassandra_catalogs- List all Cassandra catalogsgalaxy_catalogs- List all catalogsgalaxy_clusters- List all clustersgalaxy_column_masks- List all column masksgalaxy_cross_account_iam_role_metadatas- List all cross-account IAM role metadatagalaxy_cross_account_iam_roles- List all cross-account IAM rolesgalaxy_data_products- List all data productsgalaxy_data_quality_summaries- List all data quality summariesgalaxy_gcs_catalogs- List all GCS catalogsgalaxy_mongodb_catalogs- List all MongoDB catalogsgalaxy_mysql_catalogs- List all MySQL catalogsgalaxy_opensearch_catalogs- List all OpenSearch catalogsgalaxy_policies- List all policiesgalaxy_postgresql_catalogs- List all PostgreSQL catalogsgalaxy_privatelinks- List all private linksgalaxy_redshift_catalogs- List all Redshift catalogsgalaxy_roles- List all rolesgalaxy_row_filters- List all row filtersgalaxy_s3_catalogs- List all S3 catalogsgalaxy_service_accounts- List all service accountsgalaxy_snowflake_catalogs- List all Snowflake catalogsgalaxy_sqlserver_catalogs- List all SQL Server catalogsgalaxy_tags- List all tagsgalaxy_users- List all users
galaxy_bigquery_catalog_validation- Validate BigQuery catalog configurationgalaxy_cassandra_catalog_validation- Validate Cassandra catalog configurationgalaxy_gcs_catalog_validation- Validate GCS catalog configurationgalaxy_mongodb_catalog_validation- Validate MongoDB catalog configurationgalaxy_mysql_catalog_validation- Validate MySQL catalog configurationgalaxy_opensearch_catalog_validation- Validate OpenSearch catalog configurationgalaxy_postgresql_catalog_validation- Validate PostgreSQL catalog configurationgalaxy_redshift_catalog_validation- Validate Redshift catalog configurationgalaxy_s3_catalog_validation- Validate S3 catalog configurationgalaxy_snowflake_catalog_validation- Validate Snowflake catalog configurationgalaxy_sqlserver_catalog_validation- Validate SQL Server catalog configuration
See the examples directory for complete configuration examples:
- Cluster management
- S3 catalog setup
- Data governance
- Role management
- Service accounts
- Comprehensive example
- Documentation: Starburst Galaxy Documentation
- Issues: GitHub Issues
- Community: Starburst Community
This provider is built using:
Made with ❤️ by the Starburst team