10/12/22, 8:55 PM Docs overview | CiscoDevNet/aci | Terraform Registry

UPDATE |
Our Terraform Partner Integration Programs tags have changes
Learn more

Registry Search Providers and Modules

Providers /
CiscoDevNet /
aci /
Version 2.5.2 
Latest Version

aci
Overview Documentation USE PROVIDER 

ACI DOCUMENTATION
ON THIS PAGE

Application Centric Infrastructure Application

 Filter (ACI) Centric
Infrastructure
(ACI)
aci provider
The Cisco Application Centric Infrastructure Application

AAA Policy
(ACI) allows application requirements to
Infrastructure

Access Policies define the network. This architecture Controller

Application simplifies, optimizes, and accelerates the (APIC)
Management
entire application deployment life cycle. Cisco ACI

Cloud Provider


Contract Authentication


Fabric Inventory Application Policy Infrastructure Example
Usage

Fabric Policies Controller (APIC)
Argument

Firmware Reference

Import/Export
The APIC manages the scalable ACI multi-

L2Out Report an
tenant fabric. The APIC provides a unified
issue


L3Out point of automation and management, policy

L4-L7 Services programming, application deployment, and
health monitoring for the fabric. The APIC,

Monitoring
which is implemented as a replicated

Networking
synchronized clustered controller, optimizes

Node
Management
performance, supports any application
anywhere, and provides unified operation of

Scheduler
the physical and virtual infrastructure.
The

System Settings
https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs 1/8
10/12/22, 8:55 PM Docs overview | CiscoDevNet/aci | Terraform Registry


Tenant Policies APIC enables network administrators to easily


Virtual Networking define the optimal network for applications.
Data center operators can clearly see how

Resources
applications consume network resources,

Data Sources
easily isolate and troubleshoot application and
infrastructure problems, and monitor and
profile resource usage patterns.
The Cisco
Application Policy Infrastructure Controller
(APIC) API enables applications to directly
connect with a secure, shared, high-
performance resource pool that includes
network, compute, and storage capabilities.

Cisco ACI Provider

The Cisco ACI terraform provider is used to

interact with resources provided by Cisco
APIC. The provider needs to be configured
with proper credentials to authenticate with
Cisco APIC.

Authentication

The Provider supports authentication with

Cisco APIC in 3 ways:

1. Authentication with user-id and

password.
example:

provider "aci" {

# cisco-aci user name

username = "admin"

# cisco-aci password

https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs 2/8
10/12/22, 8:55 PM Docs overview | CiscoDevNet/aci | Terraform Registry

password = "password"

# cisco-aci url

url = "https://my-cisco-aci.com"

insecure = true

In this method, it will obtain an authentication

token from Cisco APIC and will use that token
to authenticate. A limitation with this
approach is APIC counts the request to
authenticate and threshold it to avoid DOS
attack. After too many attempts this
authentication method may fail as the
threshold will be exceeded.
To avoid the
above-mentioned problem Cisco APIC
supports signature-based authentication.

2. Signature Based authentication.

x509 certificate has been created and

added it to the user in Cisco APIC.

With the help of private key that has

been used to calculate the certificate,
a signature has been calculated and
passed with the request. This
signature will be used to authenticate
the user.
example.

provider "aci" {

# cisco-aci user name

username = "admin"

# private key path

private_key = "path to private key"

# Certificate Name

cert_name = "user-cert"

# cisco-aci url

url = "https://my-cisco-aci.com"

https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs 3/8
10/12/22, 8:55 PM Docs overview | CiscoDevNet/aci | Terraform Registry

insecure = true

3. Authentication with login-domain and

password.
example:

provider "aci" {

username = "apic:Demo_domain\\\\admin"

# private_key = "path to private key"

# cert_name = "user-cert"

password = "password"

url = "url"

insecure = true

How to add Certificate to the Cisco APIC

local user

Generate certificate via below command.

$ openssl req -new -newkey rsa:1024 -days

Add the X.509 certificate to your ACI AAA

local user at ADMIN » AAA.

Click AAA Authentication. Check that in

the Authentication field the Realm field
displays Local.

Expand Security Management » Local

Users
Click the name of the user you want
to add a certificate to, in the User
Certificates area
Click the + sign and in
the Create X509 Certificate enter a
certificate name in the Name field. Copy

https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs 4/8
10/12/22, 8:55 PM Docs overview | CiscoDevNet/aci | Terraform Registry

and paste your X.509 certificate in the

Data field.
Use this certificate name as the
value of the "cert_name" argument.

Example Usage

terraform {

required_providers {

aci = {

source = "ciscodevnet/aci"

#configure provider with your cisco aci c

provider "aci" {

# cisco-aci user name

username = "admin"

# cisco-aci password

password = "password"

# cisco-aci url

url = "https://my-cisco-aci.com"

insecure = true

resource "aci_tenant" "test-tenant" {

name = "test-tenant"

description = "This tenant is created b

}

resource "aci_application_profile" "test-

tenant_dn = aci_tenant.test-tenant.id
name = "test-app"

description = "This app profile is crea

}

Argument Reference

https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs 5/8
10/12/22, 8:55 PM Docs overview | CiscoDevNet/aci | Terraform Registry

Following arguments are supported with Cisco

ACI terraform provider.

username - (Required) This is the Cisco

APIC username, which is required to
authenticate with Cisco APIC. This can
also be set as the ACI_USERNAME
environment variable.

password - (Optional) Password of the

user mentioned in username argument. It
is required when you want to use token-
based authentication. This can also be set
as the ACI_PASSWORD environment
variable.

private-key - (Optional) Path to the

private key for which x509 certificate has
been calculated for the user mentioned in
username . This can also be set as the
ACI_PRIVATE_KEY environment variable.

url - (Required) URL for Cisco APIC (ex:

"https://10.0.0.1"). This can also be set as
the ACI_URL environment variable.

insecure - (Optional) This determines

whether to use insecure HTTP connection
or not. This can also be set as the
ACI_INSECURE environment variable.
Default value is true .

validate_relation_dn - (Optional) Flag to

validate if a object with added relation Dn
exists in the APIC. Type: Bool, Default:
"true".

https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs 6/8
10/12/22, 8:55 PM Docs overview | CiscoDevNet/aci | Terraform Registry

cert_name - (Optional) Certificate name

for the User in Cisco ACI. This can also be
set as the ACI_CERT_NAME environment
variable.

proxy_url - (Optional) Proxy Server URL

with port number. This can also be set as
the ACI_PROXY_URL environment
variable.

proxy_creds - (Optional) Proxy server

credentials in the form of
username:password. This can also be set
as the ACI_PROXY_CREDS environment
variable.

retries - (Optional) Number of retries

for REST API calls failure due to
connection issues or HTTP Error Code
500-504. This can also be set as the
ACI_RETRIES environment variable.
Defaults to 2 .

 Note

NOTE: password or private-key either

of one is required.

INTRO © HashiCorp 2022

LEARN

DOCS

EXTEND

COMMUNITY

https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs 7/8
10/12/22, 8:55 PM Docs overview | CiscoDevNet/aci | Terraform Registry

STATUS

PRIVACY

SECURITY

TERMS

PRESS KIT

https://registry.terraform.io/providers/CiscoDevNet/aci/latest/docs 8/8