# Managing HTTP Log Sources with Terraform

## Overview

You can define your HTTP log source in Terraform using the Panther [Terraform provider](https://registry.terraform.io/providers/panther-labs/panther/latest).

Other methods to create an HTTP log source include [using the Panther API](https://docs.panther.com/panther-developer-workflows/api/rest/log-sources) directly and [manual creation in the Panther Console](https://docs.panther.com/data-onboarding/data-transports/http).

## How to define your Panther HTTP log source in Terraform

The following sections outline how to define your HTTP log source in HashiCorp Configuration Language (HCL).

### Prerequisite

* Before starting, ensure you have an API URL and token with the `Manage Log Sources` permission. This is required to complete [Step 3](#step-3-provide-values-for-the-defined-variables).
  * If needed, follow [these instructions for creating an API token in the Panther Console](https://docs.panther.com/api#how-to-create-a-panther-api-token).

### Step 1: Choose an authentication method

* Select an authentication method for your HTTP endpoint from the [options listed on HTTP Source](https://docs.panther.com/data-onboarding/data-transports/http#authentication).

The authentication method you select will determine the variables you define in Step 2, below.

### Step 2: Define variables

* Define a `variables.tf` file with the Panther variables shown in the code block below.

```hcl
variable "panther_api_token" {
  description = "Panther API token"
  type        = string
}

variable "panther_api_url" {
  description = "Panther API URL"
  type        = string
}

variable "integration_label" {
  description = "The name of the integration."
  type        = string
}

variable "auth_method" {
  description = "Authentication method used."
  type        = string
}

// Auth variables are specific to auth_method. See table below
variable "auth_header_key" {
  description = "Key for the authentication header."
  type        = string
}

variable "auth_secret_value" {
  description = "Authentication secret value."
  type        = string
  sensitive   = true
}

// (Optional) Relevant only when log_stream_type = "JsonArray"
variable "json_array_envelope_field" {
  description = "Envelope field for json array stream"
  type        = string
}
```

#### Authentication method-specific variables

In your `variables.tf` file, include the values in the **Additional variables** column below for the authentication method you chose in Step 1.

<table><thead><tr><th width="243">Authentication method</th><th width="204">auth_method value</th><th>Additional variables</th></tr></thead><tbody><tr><td><a href="../../../data-onboarding/data-transports/http#shared-secret">Shared secret</a></td><td><code>SharedSecret</code></td><td><code>auth_header_key</code>, <code>auth_secret_value</code></td></tr><tr><td><a href="../../../data-onboarding/data-transports/http#hmac">HMAC</a></td><td><code>HMAC</code></td><td><code>auth_header_key</code>, <code>auth_secret_value</code></td></tr><tr><td><a href="../../../data-onboarding/data-transports/http#bearer">Bearer</a></td><td><code>Bearer</code></td><td><code>auth_bearer_token</code></td></tr><tr><td><a href="../../../data-onboarding/data-transports/http#basic">Basic</a></td><td><code>Basic</code></td><td><code>auth_username</code>, <code>auth_password</code></td></tr><tr><td><a href="../../../data-onboarding/data-transports/http#none">None</a> (not recommended)</td><td><code>None</code></td><td></td></tr></tbody></table>

### Step 3: Provide values for the defined variables

* Add a `*.tfvars` file that assigns values to the variables you defined in Step 2. Note that to complete this section, you will need the API URL and token outlined in the [Prerequisite section](#prerequisite).
  * Your `panther_api_url` value should be your root API URL. This is either:
    * A [GraphQL API URL](https://docs.panther.com/api/graphql#step-1-identify-your-panther-graphql-api-url) without the `/public/graphql` suffix
    * A [REST API URL](https://docs.panther.com/api/rest#step-1-identify-your-panther-rest-api-url) as-is (REST URLs do not have a suffix after the root URL)

```hcl
panther_api_token         = "XXXXXXXXXX"
panther_api_url           = "https://your-panther-url/v1"
integration_label         = "test-integration"
auth_method               = "SharedSecret" // SharedSecret, HMAC, Bearer, Basic, or None
// Auth variables are specific to auth_method. See table in Step 2
auth_header_key           = "x-api-key"
auth_secret_value         = "XXXXXXXXXX"
json_array_envelope_field = "records"
```

### Step 4: Define the Terraform provider

* Add the [Panther](https://registry.terraform.io/providers/panther-labs/panther/latest) Terraform provider.

```hcl
terraform {
  required_providers {
    panther = {
      source = "panther-labs/panther"
      version = "~> 0.2.10"
    }
  }
}
```

### Step 5: Define Panther HTTP log source

The following HCL configuration defines the HTTP log source in Panther.

```hcl
provider "panther" {
  token = var.panther_api_token
  url   = var.panther_api_url
}

resource "panther_httpsource" "demo_http_source" {
  integration_label = var.integration_label
  log_stream_type   = "JSON" // Options: JSON, JsonArray, Auto, Lines, and CloudWatchLogs
  log_types         = ["AWS.CloudTrail"]
  auth_method       = var.auth_method
  // Auth variables are specific to auth_method. See table in Step 2
  auth_header_key   = var.auth_header_key
  auth_secret_value = var.auth_secret_value
  // (Optional) Relevant only when log_stream_type = "JsonArray"
  log_stream_type_options = {
    json_array_envelope_field = var.json_array_envelope_field
  }
}
```