# Managing HTTP Log Sources with Terraform

## Overview

You can define your HTTP log source in Terraform using the Panther [Terraform provider](https://registry.terraform.io/providers/panther-labs/panther/latest).

Other methods to create an HTTP log source include [using the Panther API](/panther-developer-workflows/api/rest/log-sources.md) directly and [manual creation in the Panther Console](/data-onboarding/data-transports/http.md).

## How to define your Panther HTTP log source in Terraform

The following sections outline how to define your HTTP log source in HashiCorp Configuration Language (HCL).

### Prerequisite

* Before starting, ensure you have an API URL and token with the `Manage Log Sources` permission. This is required to complete [Step 3](#step-3-provide-values-for-the-defined-variables).
  * If needed, follow [these instructions for creating an API token in the Panther Console](/panther-developer-workflows/api.md#how-to-create-a-panther-api-token).

### Step 1: Choose an authentication method

* Select an authentication method for your HTTP endpoint from the [options listed on HTTP Source](/data-onboarding/data-transports/http.md#authentication).

The authentication method you select will determine the variables you define in Step 2, below.

### Step 2: Define variables

* Define a `variables.tf` file with the Panther variables shown in the code block below.

```hcl
variable "panther_api_token" {
  description = "Panther API token"
  type        = string
}

variable "panther_api_url" {
  description = "Panther API URL"
  type        = string
}

variable "integration_label" {
  description = "The name of the integration."
  type        = string
}

variable "auth_method" {
  description = "Authentication method used."
  type        = string
}

// Auth variables are specific to auth_method. See table below
variable "auth_header_key" {
  description = "Key for the authentication header."
  type        = string
}

variable "auth_secret_value" {
  description = "Authentication secret value."
  type        = string
  sensitive   = true
}

// (Optional) Relevant only when log_stream_type = "JsonArray"
variable "json_array_envelope_field" {
  description = "Envelope field for json array stream"
  type        = string
}
```

#### Authentication method-specific variables

In your `variables.tf` file, include the values in the **Additional variables** column below for the authentication method you chose in Step 1.

<table><thead><tr><th width="243">Authentication method</th><th width="204">auth_method value</th><th>Additional variables</th></tr></thead><tbody><tr><td><a href="/pages/u26NwHrk7HK2BBUQY0GD#shared-secret">Shared secret</a></td><td><code>SharedSecret</code></td><td><code>auth_header_key</code>, <code>auth_secret_value</code></td></tr><tr><td><a href="/pages/u26NwHrk7HK2BBUQY0GD#hmac">HMAC</a></td><td><code>HMAC</code></td><td><code>auth_header_key</code>, <code>auth_secret_value</code></td></tr><tr><td><a href="/pages/u26NwHrk7HK2BBUQY0GD#bearer">Bearer</a></td><td><code>Bearer</code></td><td><code>auth_bearer_token</code></td></tr><tr><td><a href="/pages/u26NwHrk7HK2BBUQY0GD#basic">Basic</a></td><td><code>Basic</code></td><td><code>auth_username</code>, <code>auth_password</code></td></tr><tr><td><a href="/pages/u26NwHrk7HK2BBUQY0GD#none">None</a> (not recommended)</td><td><code>None</code></td><td></td></tr></tbody></table>

### Step 3: Provide values for the defined variables

* Add a `*.tfvars` file that assigns values to the variables you defined in Step 2. Note that to complete this section, you will need the API URL and token outlined in the [Prerequisite section](#prerequisite).
  * Your `panther_api_url` value should be your root API URL. This is either:
    * A [GraphQL API URL](/panther-developer-workflows/api/graphql.md#step-1-identify-your-panther-graphql-api-url) without the `/public/graphql` suffix
    * A [REST API URL](/panther-developer-workflows/api/rest.md#step-1-identify-your-panther-rest-api-url) as-is (REST URLs do not have a suffix after the root URL)

```hcl
panther_api_token         = "XXXXXXXXXX"
panther_api_url           = "https://your-panther-url/v1"
integration_label         = "test-integration"
auth_method               = "SharedSecret" // SharedSecret, HMAC, Bearer, Basic, or None
// Auth variables are specific to auth_method. See table in Step 2
auth_header_key           = "x-api-key"
auth_secret_value         = "XXXXXXXXXX"
json_array_envelope_field = "records"
```

### Step 4: Define the Terraform provider

* Add the [Panther](https://registry.terraform.io/providers/panther-labs/panther/latest) Terraform provider.

```hcl
terraform {
  required_providers {
    panther = {
      source = "panther-labs/panther"
      version = "~> 0.2.10"
    }
  }
}
```

### Step 5: Define Panther HTTP log source

The following HCL configuration defines the HTTP log source in Panther.

```hcl
provider "panther" {
  token = var.panther_api_token
  url   = var.panther_api_url
}

resource "panther_httpsource" "demo_http_source" {
  integration_label = var.integration_label
  log_stream_type   = "JSON" // Options: JSON, JsonArray, Auto, Lines, and CloudWatchLogs
  log_types         = ["AWS.CloudTrail"]
  auth_method       = var.auth_method
  // Auth variables are specific to auth_method. See table in Step 2
  auth_header_key   = var.auth_header_key
  auth_secret_value = var.auth_secret_value
  // (Optional) Relevant only when log_stream_type = "JsonArray"
  log_stream_type_options = {
    json_array_envelope_field = var.json_array_envelope_field
  }
}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.panther.com/panther-developer-workflows/terraform/http.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.