» Scaleway Provider

The Scaleway provider is used to manage Scaleway resources. The provider needs to be configured with the proper credentials before it can be used.

This is the documentation for the version >= 1.11.0 of the provider. If you come from < v1.11.0, checkout to migration guide.

Use the navigation to the left to read about the available resources.

» Example

Here is an example that will setup a web server with an additional volume, a public IP and a security group.

You can test this config by creating a test.tf and run terraform commands from this directory:

  • Get your Scaleway credentials
  • Initialize a Terraform working directory: terraform init
  • Generate and show the execution plan: terraform plan
  • Build the infrastructure: terraform apply
provider "scaleway" {
  access_key      = "<SCALEWAY-ACCESS-KEY>"
  secret_key      = "<SCALEWAY-SECRET-KEY>"
  organization_id = "<SCALEWAY-ORGANIZATION-ID>"
  zone            = "fr-par-1"
  region          = "fr-par"

resource "scaleway_instance_ip" "public_ip" {}

resource "scaleway_instance_volume" "data" {
  size_in_gb = 30
  type = "l_ssd"

resource "scaleway_instance_security_group" "www" {
  inbound_default_policy  = "drop"
  outbound_default_policy = "accept"

  inbound_rule {
    action = "accept"
    port   = "22"
    ip     = ""

  inbound_rule {
    action = "accept"
    port   = "80"

  inbound_rule {
    action = "accept"
    port   = "443"

resource "scaleway_instance_server" "web" {
  type  = "DEV1-L"
  image = "ubuntu_focal"

  tags = [ "front", "web" ]

  ip_id = scaleway_instance_ip.public_ip.id

  additional_volume_ids = [ scaleway_instance_volume.data.id ]

  security_group_id = scaleway_instance_security_group.www.id

» Authentication

The Scaleway authentication is based on an access key and a secret key. Since secret keys are only revealed one time (when it is first created) you might need to create a new one in the section "API Tokens" of the Scaleway console. Click on the "Generate new token" button to create them. Giving it a friendly-name is recommended.

The Scaleway provider offers three ways of providing these credentials. The following methods are supported, in this priority order:

  1. Static credentials
  2. Environment variables
  3. Shared configuration file

» Static credentials

Static credentials can be provided by adding access_key and secret_key attributes in-line in the Scaleway provider block:


provider "scaleway" {
  access_key = "my-access-key"
  secret_key = "my-secret-key"

» Environment variables

You can provide your credentials via the SCW_ACCESS_KEY, SCW_SECRET_KEY environment variables.


provider "scaleway" {}


$ export SCW_ACCESS_KEY="my-access-key"
$ export SCW_SECRET_KEY="my-secret-key"
$ terraform plan

» Shared configuration file

It is a YAML configuration file shared between the majority of the Scaleway developer tools. Its default location is $HOME/.config/scw/config.yaml (%USERPROFILE%/.config/scw/config.yaml on Windows). If it fails to detect credentials inline, or in the environment, Terraform will check this file.

You can optionally specify a different location with SCW_CONFIG_PATH environment variable. You can find more information about this configuration in the documentation.

» Arguments Reference

In addition to generic provider arguments (e.g. alias and version), the following arguments are supported in the Scaleway provider block:

» Scaleway S3-compatible

Scaleway object storage can be used to store your Terraform state. Configure your backend as:

terraform {
  backend "s3" {
    bucket                      = "terraform_state"
    key                         = "my_state.tfstate"
    region                      = "fr-par"
    endpoint                    = "https://s3.fr-par.scw.cloud"
    access_key                  = "my-access-key"
    secret_key                  = "my-secret-key"
    skip_credentials_validation = true
    skip_region_validation      = true

Beware as no locking mechanism are yet supported. Using scaleway object storage as terraform backend is not suitable if you work in a team with a risk of simultaneous access to the same plan.