Akamai CLI for Akamai Terraform Provider

This library provides a command-line interface to export Akamai configuration assets that you can import later into your Terraform state.

Requires Go 1.23 or later.

Install

To install this package, you can use the Akamai CLI.

akamai install terraform

If you already have the package installed on your system, run akamai update terraform to update it.

You can also use the package as a stand-alone command by downloading the latest release binary or cloning this repository and compiling the binary yourself.

# Linux/macOS/*nix
go build -o akamai-terraform

# Windows
go build -o akamai-terraform.exe

Authenticate

Authentication credentials for our Terraform provider use a hash-based message authentication code or HMAC-SHA-256 created through an API client. Each member of your team should use their own client set up locally to prevent accidental exposure of credentials.

There are different types of API clients that grant access based on your need, role, or how many accounts you manage.

API client type	Description
Basic	Access to the first 99 API associated with your account without any specific configuration. Individual service read/write permissions are based on your role.
Advanced	Configurable permissions to limit or narrow down the scope of the API for your account.
Managed	Configurable permissions that work for multiple accounts.

To set up and use multiple clients, clients that use an account switch key, or clients as environment variables, see Alternative authentication.

Create a basic API client

1. Navigate to the Identity and Access Management section of Akamai Control Center and click Create API Client.

2. Click Quick and then Download in the Credentials section.

3. Open the downloaded file with a text editor and add [default] as a header above all text.

   [default]
   client_secret = C113nt53KR3TN6N90yVuAgICxIRwsObLi0E67/N8eRN=
   host = akab-h05tnam3wl42son7nktnlnnx-kbob3i3v.luna.akamaiapis.net
   access_token = akab-acc35t0k3nodujqunph3w7hzp7-gtm6ij
   client_token = akab-c113ntt0k3n4qtari252bfxxbsl-yvsdj

4. Save your credentials as an EdgeGrid resource file named .edgerc in your local home directory.

Use

1. To use the library, provide the path to your .edgerc file, your credentials section header, and the export command for the asset you need.

   If you manage multiple accounts, pass your account switch key using the global --accountkey flag. Use other additional flags or arguments to further define the output.

   Notes:

   • If you pass the command without the --edgerc and --section global flags, the command, by default, will point to the local home directory of your .edgerc file and the default credentials section header of that file.
   • By default, when you run the command, generated files are saved in your active directory. Use the --tfworkpath command flag in any export command to change the storage path.

   Syntax:

   akamai [global flags] terraform <command> [command flags] [arguments...]

   Example:

   akamai --edgerc "~/.edgerc" --section "default" --accountkey "A-CCT1234:A-CCT5432" terraform export-property --version 3 "my-property"

   The export adds a subdirectory containing declarative asset and variable configurations, supplemental files in JSON, and an import script in your active directory.

   If you're using the binary, you invoke the package command from your active directory as ./akamai-terraform along with the credential details, the export command name, and other additional arguments.

   ./akamai-terraform --edgerc "~/.edgerc" --section "default" --accountkey "A-CCT1234:A-CCT5432" export-property --version 3 "my-property"

2. When the export is complete, run the import script to add your assets to your state.

Note: Exported variable configuration files are entity-specific. When exporting multiple assets, merge the variable file content, removing any duplicates.

Export command help

To get an overview of the library, run one of these:

• akamai terraform help. Lists commands and global flags available in the library.
• akamai terraform list. Lists available commands with a short description of each command's usage.

To get help information for a given Terraform CLI command, pass the export command and the --help flag.

Help command:

akamai terraform export-iam --help

Help output:

Name:
  akamai terraform export-iam

Usage:
  akamai [global flags] terraform export-iam [command flags] <subcommand>

Description:
  Generates Terraform configuration for Identity and Access Management resources.

Subcommands:
  all
  allowlist
  group
  role
  user

Command Flags:
  --tfworkpath value  Directory used to store files created when running commands. (default: current directory)
  --help              show help (default: false)

Global Flags:
  --edgerc value, -e value                 Location of the credentials file (default: "/home/user/.edgerc") [$AKAMAI_EDGERC]
  --section value, -s value                Section of the credentials file (default: "default") [$AKAMAI_EDGERC_SECTION]
  --accountkey value, --account-key value  Account switch key [$AKAMAI_EDGERC_ACCOUNT_KEY]

Core export commands

• export-appsec
• export-clientlist
• export-cloudaccess
• export-cloudlets-policy
• export-cloudwrapper
• export-cps
• export-domain
• export-edgekv
• export-edgeworker
• export-iam
• export-imaging
• export-property
• export-property-include
• export-zone

Common flags

This section provides you with a list of global and command flags that you can use universally across all export commands.

For details of command flags specific to individual export commands, see the information provided in each export command section.

Global flags

Flag	Description
‑‑edgerc (string)	Alias -e. The location of your credentials file. The default is $HOME/.edgerc.
‑‑section (string)	Alias -s. A credential set's section name. The default is default.
‑‑accountkey (string)	Alias --account-key. An account switch key.
‑‑version (integer)	Outputs the CLI version number.

Command flags

Flag	Description
‑‑tfworkpath (string)	Sets the path to a directory in which you want to store the files created when running the export commands. The default is your active directory.
‑‑help (boolean)	Outputs a specific command's available options and descriptions.

export‑appsec

Export a Terraform declarative security configuration and its targets and policies in JSON.

Syntax

akamai [global flags] terraform export-appsec [command flags] <security configuration name>

Basic usage

akamai terraform export‑appsec "my-security-config"

export‑clientlist

Export a Terraform configuration for your client list.

Syntax

akamai [global flags] terraform export-clientlist [command flags] <list_id>

Basic usage

akamai terraform export-clientlist "123456_MYLISTID"

export-cloudaccess

Export a Terraform configuration for your could access key. Add additional flags to narrow down your result.

Syntax

akamai [global flags] terraform export-cloudaccess [command flags] <access_key_uid>

Basic usage

akamai terraform export-cloudaccess 98765

Command flags

Flag	Description	Example
--group_id (string)	Required along with the --contract_id flag. Exports a cloud access key for a specific group and contract. Note: Provide your group ID without the grp_ prefix.	akamai terraform export-cloudaccess --group_id 12345 --contract_id "C-0N7RAC7" 98765
--contract_id (string)	Required along with the --group_id flag. Exports a cloud access key for a specific group and contract. Note: Provide your contract ID without the ctr_ prefix.

export‑cloudlets-policy

Export a Terraform configuration for your cloudlet policy.

Syntax

akamai [global flags] terraform export-cloudlets-policy [command flags] <policy_name>

Basic usage

akamai terraform export-cloudlets-policy "my-policy"

export‑cloudwrapper

Export a Terraform configuration for your cloud wrapper.

Syntax

akamai [global flags] terraform export-cloudwrapper [command flags] <config_id>

Basic usage

akamai terraform export-cloudwrapper 12345

export‑cps

Export a Terraform configuration for your certificate.

Syntax

akamai [global flags] terraform export-cps [command flags] <enrollment_id> <contract_id>

Basic usage

akamai terraform export-cps "12345" "C-0N7RAC7"

export‑domain

Export a Terraform configuration for your domain.

Note: Mapping GTM entity names to Terraform resource names may require normalization. Invalid Terraform resource name characters are replaced by underscores during config generation.

Syntax

akamai [global flags] terraform export-domain [command flags] <domain>

Basic usage

akamai terraform export-domain "my-domain"

export‑edgekv

Export a Terraform configuration for your namespace and network's EdgeKV.

Syntax

akamai [global flags] terraform export-edgekv [command flags] <namespace_name> <network>

Basic usage

akamai terraform export-edgekv "my-edgekv" "staging"

export‑edgeworker

Export a Terraform configuration for your edgeworker's code bundle in .tgz format.

Syntax

akamai [global flags] terraform export-edgeworker [command flags] <edgeworker_id>

Basic usage

akamai terraform export-edgeworker 12345

Command flag

Flag	Description	Example
--bundlepath (string)	Sets the path to a directory in which you want to store the EdgeWorkers .tgz code bundle. The default is your active directory.	akamai terraform export-edgeworker --bundlepath "path/to/your/directory" 12345

export‑iam

Export a Terraform configuration for users, groups, roles, IP allowlist, and CIDR block resources. Use additional options to narrow down your results to specific resources.

Syntax

akamai [global flags] terraform export-iam [command flags] <subcommand> [subcommand flags]

Basic usage

akamai terraform export-iam all

Subcommands

Subcommand	Description	Example
all (boolean)	Exports all available Terraform users, groups, roles, IP allowlist, and CIDR block resources.	akamai terraform export-iam all
allowlist (boolean)	Exports the Terraform IP allowlist and CIDR block resources.	akamai terraform export-iam allowlist
group (string)	Exports a group by ID with relevant users and their roles.	akamai terraform export-iam group 12345
role (string)	Exports a role by ID with relevant users and their groups.	akamai terraform export-iam role 12345
user (string)	Exports a user by their email with a relevant user's groups and roles.	akamai terraform export-iam user "jsmith@email.com"

Subcommand flag

Flag	Description	Example
--only (boolean)	An advanced option for the group, role, and user subcommands. Exports only specific information.	akamai terraform export-iam user --only "jsmith@email.com"

export‑imaging

Export a Terraform configuration for your imaging policy in JSON.

Syntax

akamai [global flags] terraform export-imaging [command flags] <contract_id> <policy_set_id>

Basic usage

akamai terraform export-imaging "C-0N7RAC7" "my-policy-set_1234"

Command flags

Flag	Description	Example
--policy-as-hcl (boolean)	Exports your imaging policy with rules in HCL format.	akamai terraform export-imaging --policy-as-hcl "C-0N7RAC7" "my-policy-set_12345"
--policy-json-dir (string)	Sets the path to a directory in which you want to store your policy in JSON format. The default is your active directory.	akamai terraform export-imaging --policy-json-dir "path/to/your/directory" "C-0N7RAC7" "my-policy-set_12345"

export‑property

Export a Terraform configuration for your property along with its JSON-formatted rules, but without the includes. Use the export-property-include command to export your includes.

Notes:

• Certain export conditions require the use of a particular property rule format. Verify whether your rule format matches the use case requirement and update your rule format as needed.
• If the property you're exporting hasn't been activated on any networks, staging or production, the akamai_property_activation resource will still be included in your configuration but commented out. This is to avoid accidental activation. To activate the property, uncomment the akamai_property_activation resource and run terraform apply.

Syntax

akamai [global flags] terraform export-property [command flags] <property name>

Basic usage

akamai terraform export-property "my-property"

Command flags

Flag	Description	Example
--version (string)	Exports your declarative property configuration and the property's JSON-formatted rules without includes for a specific property version. Note: If you don't provide the --version flag, by default, it exports the latest property version whether it is active or not.	akamai terraform export-property --version "1" "my-property-name"
--rules-as-hcl (boolean)	Exports your declarative property configuration and the property's rules as the akamai_property_rules_builder data source in HCL format. Note: Must be a dated rule format ≥ v2023-01-05. Cannot use latest.	akamai terraform export-property --rules-as-hcl "my-property-name"
--split-depth (integer)	Exports rules into a dedicated module. Each rule will be placed in a separate file up to a specified nesting level. For example, --split-depth=1 means that the default/root rule and all its direct children will be placed in dedicated files. Rules with higher nesting levels will be placed in a file of their closest ancestor. Note: You can use this flag only along with the --rules-as-hcl flag.	akamai terraform export-property --split-depth=1 --rules-as-hcl "my-property-name"

export‑property-include

Export a Terraform configuration for your property's include and its JSON-formatted rules.

Notes:

• Certain export conditions require the use of a particular property rule format. Verify whether your rule format matches the use case requirement and update your rule format as needed.
• If the include you're exporting hasn't been activated on any networks, staging or production, the akamai_property_include_activation resource will still be included in your configuration but commented out. This is to avoid accidental activation. To activate the include, uncomment the akamai_property_include_activation resource and run terraform apply.

Syntax

akamai [global flags] terraform export-property-include [command flags] <contract_id> <include_name>

Basic usage

akamai terraform export-property-include "C-0N7RAC7" "my-property-include"

Command flags

Flag	Description	Example
--rules-as-hcl (boolean)	Exports your property's include as the akamai_property_rules_builder data source in HCL format. Note: Must be a dated rule format ≥ v2023-01-05. Cannot use latest.	akamai terraform export-property-include --rules-as-hcl "my-property-include"
--split-depth (integer)	Exports rules into a dedicated module. Each rule will be placed in a separate file up to a specified nesting level. For example, --split-depth=1 means that the default/root rule and all its direct children will be placed in dedicated files. Rules with higher nesting levels will be placed in a file of their closest ancestor. Note: You can use this flag only along with the --rules-as-hcl flag.	akamai terraform export-property-include --split-depth=1 --rules-as-hcl "my-property-include"

export‑zone

Export a Terraform configuration for your zone and its related resources.

Syntax

akamai [global flags] terraform export-zone [command flags] <zone>

Basic usage

akamai terraform export-zone --resources "my-dns-zone.com"

Command flags

Flag	Description	Example
--resources (boolean)	Generates a JSON-formatted resource file. ‑‑createconfig uses this file as input.	akamai terraform export-zone --resources "my-dns-zone.com"
--createconfig (boolean)	Generates configurations based on the values in the output files from ‑‑resources.	akamai terraform export-zone --createconfig "my-dns-zone.com"
--importscript (boolean)	Generates an import script for the generated zone configuration.	akamai terraform export-zone --importscript "my-dns-zone.com"

Command flags to use with --resources and --createconfig only

Flag	Description	Example
--recordname (string)	Filters the generated resource list by a given record name or record names. You can provide it multiple times to specify different record names.	akamai terraform export-zone --resources --recordname "my-record-name.com" "my-dns-zone.com"
--namesonly (boolean)	Generates a resource file with recordset names only for all associated record types.	akamai terraform export-zone --resources --namesonly "my-dns-zone.com"

Command flags to use with --createconfig only

Flag	Description	Example
--segmentconfig (boolean)	Generates a modularized configuration.	akamai terraform export-zone --createconfig --segmentconfig "my-dns-zone.com"
--configonly (boolean)	Generates a zone configuration without JSON itemization. The configuration generated varies based on which set of flags you use.	akamai terraform export-zone --createconfig --configonly "my-dns-zone.com"

General notes

Terraform variable configuration is generated in a separately named Terraform file for each Akamai entity type. These files will need to be merged by the Admin in the case where multiple entities are managed concurrently with the Terraform client.

License

Copyright 2025 Akamai Technologies, Inc. All rights reserved.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use these files except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0.

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.