/
Set up Atlassian Operations Terraform Provider for Compass

Set up Atlassian Operations Terraform Provider for Compass

Owned by Aditya Mani
Last updated: May 29, 2025

This document lists out the steps to integrate Terraform with Compass. If you want to integrate with Jira Service Management instead, please refer to this page Set up Atlassian Operations Terraform Provider | Jira Service Management Cloud | Atlassian Support

 

 

The Atlassian Operations Terraform Provider allows you to interact with Compass resources such as users, teams, escalations, and more. By defining your resources in declarative configuration files, you can easily code, edit, review, and version-control your IT operations configurations.

View the Atlassian Operations Terraform Provider repository in GitHub.

Supported resources and data sources

This provider supports the creation and management of the following resources and data sources via Terraform:

Data Sources (Read Only)

  • Users

  • Teams

  • Schedules

Resources (Read / Write - CRUD)

  • Teams (with or without members)

  • API and email-based integrations

  • Escalations

  • Schedules

  • Schedule rotations

  • Notification rules

  • Routing rules

  • Alert Policies

  • Custom Roles

Terraform cannot update team admins

Since the user who creates a team automatically becomes its admin, and the provider can only support actions currently available via the Compass Operations REST API, you cannot update team admins with Terraform.

Configure the Terraform Provider

To set up the Atlassian Operations Terraform Provider, include atlassian-operations in the required_provider block of your Terraform configuration. Ensure that you configure the provider with valid credentials before using it.

Required configuration parameters

The provider requires the following parameters:

  1. cloud_id: The simplest way to find your site's Cloud ID is throughhttps://<your-site-name>.atlassian.net/_edge/tenant_info

  2. domain_name: Your site's URL, e.g., my-site-name.atlassian.net

  3. email_address: The email address of the user that token belongs to

  4. token: You can list your existing Atlassian API tokens or create new ones by managing API token for your Atlassian account.

  5. org_admin_token: Needed for user data source only. You can list your existing Organization API tokens or create new ones from manage an organization with the admin APIs.

  6. product_type: Set to compass

Terraform cannot use a scoped token for org_admin_token

Since the scopes required to use the User Search endpoints are not available as options, you need to create an API key without scopes. This constraint does not apply for the token field, as longs as you enable the required OPS related scopes.

Sample configuration

Below is an example Terraform configuration:

terraform { required_providers { atlassian-operations = { source = "registry.terraform.io/atlassian/atlassian-operations" } } } provider "atlassian-operations" { cloud_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" domain_name = "xxxx.atlassian.net" email_address = "email@example.com" token = "<YOUR_TOKEN_HERE>" org_admin_token = "<YOUR_ORG_TOKEN_HERE>" product_type = "compass" }

For more details, visit Atlassian Operations provider page and view the documentation to explore available resources. You can find them listed on the left menu of the documentation page. Currently, the provider supports six resources and three data sources.

To get started with Terraform using this provider, refer to the Terraform tutorials.

Using Data Sources

User Data Source

To fetch a user, both the email address and the organization id are required.

# Get Atlassian User by email address and organization ID data "atlassian-operations_user" "example" { email_address = "email@example.com" organization_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" }

Team Data Source

To fetch a team, both the team id and the organization id are required.

To find Organization ID view what is Organization ID an where to find it.

# Get Atlassian Operations Teams by organization ID and team ID data "atlassian-operations_team" "example" { organization_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" }

Schedule Data Source

To fetch a schedule, you need to specify its name.

# Get Atlassian Operations Schedule by name data "atlassian-operations_schedule" "example" { name = "Test schedule" }

Using Resources

Team Resource

Required resources:

  • description (String) The description of the team

  • display_name (String) The display name of the team

  • member (Attributes Set) The members of the team

    • account_id (String) The account ID of the user

  • organization_id (String) The organization ID of the team

  • team_type (String) The type of the team

Optional resources:

  • site_id (String) The site ID of the team

Read-only resources:

  • id (String) The ID of the team

  • user_permissions (Attributes) The user permissions of the team

    • add_members (Boolean) The permission to add members to the team

    • delete_team (Boolean) The permission to delete the team

    • remove_members (Boolean) The permission to remove members from the team

    • update_team (Boolean) The permission to update the team

To find the Organization ID view Retrieve my Atlassian Cloud Organization's ID | Atlassian Cloud | Atlassian Documentation

Example Configuration

resource "atlassian-operations_team" "example" { organization_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" description = "This is a team created by Terraform" display_name = "Terraform Team" team_type = "MEMBER_INVITE" member = [ { account_id = "XXXXXX:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" } ] }

Schedule Resource

Required resources:

  • name (String) The name of the schedule

  • team_id (String) The ID of the team that owns the schedule

Optional resources:

  • description (String) The description of the schedule

  • enabled (Boolean) Whether the schedule is enabled

  • timezone (String) The timezone of the schedule

Read-only resources:

  • id (String) The ID of the schedule

Example Configuration

resource "atlassian-operations_schedule" "example" { name = "scheduleName" team_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" description = "schedule description" timezone = "Europe/Istanbul" enabled = true }

Schedule Rotation Resource

Required resources:

  • schedule_id (String) The ID of the schedule

  • start_date (String) The start date of the rotation

  • type (String) The type of the rotation

Optional resources:

  • end_date (String) The end date of the rotation

  • length (Number) The length of the rotation

  • name (String) The name of the rotation

  • participants (Attributes List) The participants of the rotation

    • type (String) The type of the participant

    • id (String) (Optional, if type = “noone”) The ID of the participant

  • time_restriction (Attributes)

    • type (String) The type of the time restriction

    • restriction (Required if type = “time-of-day”) (Attributes)

      • end_hour (Number) The end hour of the restriction

      • end_min (Number) The end minute of the restriction

      • start_hour (Number) The start hour of the restriction

      • start_min (Number) The start minute of the restriction

    • restrictions (Required if type = “weekday-and-time-of-day”) (Attributes List)

      • end_day (String) The end day of the restriction

      • end_hour (Number) The end hour of the restriction

      • end_min (Number) The end minute of the restriction

      • start_day (String) The start day of the restriction

      • start_hour (Number) The start hour of the restriction

      • start_min (Number) The start minute of the restriction

Read-only resources:

  • id (String) The ID of the rotation

Example Configuration

resource "atlassian-operations_schedule_rotation" "example" { schedule_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" name = "rotationName" start_date = "2023-11-10T05:00:00Z" end_date = "2023-11-11T05:00:00Z" type = "weekly" length = 2 participants = [ { id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" type = "user" } ] time_restriction = { type = "time-of-day" restriction = { start_hour = 9 end_hour = 17 start_min = 0 end_min = 0 } } }

Escalation Resource

Required resources:

  • name (String) The name of the escalation

  • rules (Attributes Set) List of the escalation rules.

    • condition (String) The condition for notifying the recipient of escalation rule that is based on the alert state.

    • delay (Number) Time delay of the escalation rule in minutes.

    • notify_type (String) Recipient calculation logic for escalations.

    • recipient (Attributes) Object of schedule, team, or users which will be notified in escalation.

      • type (String) The type of the recipient

      • id (String) The ID of the recipient

  • team_id (String) The ID of the team that owns the escalation

Optional resources:

  • description (String) The description of the escalation

  • enabled (Boolean) Whether the escalation is enabled

  • repeat (Attributes) Repeat preferences of the escalation including repeat interval, count, reverting acknowledge and seen states back and closing an alert automatically as soon as repeats are completed.

    • close_alert_after_all (Boolean) It is to close the alert automatically if escalation repeats are completed.

    • count (Number) Repeat time indicating how many times the repeat action will be performed.

    • reset_recipient_states (Boolean) It is for reverting acknowledge and seen states back on each repeat turn if an alert is not closed.

    • wait_interval (Number) The duration in minutes to repeat the escalation rules after processing the last escalation rule. It is mandatory if you would like to add or remove repeat option. 0 should be given as a value to disable repeat option.

Read-only resources:

  • id (String) The ID of the escalation

Example Configuration

resource "atlassian-operations_escalation" "example" { name = "escalationName" team_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" description = "escalation description" rules = [{ condition = "if-not-acked" notify_type = "default" delay = 5 recipient = { id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" type = "user" } }, { condition = "if-not-closed" notify_type = "all" delay = 1 recipient = { id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" type = "team" } }] enabled = true repeat = { wait_interval = 5 count = 10 reset_recipient_states = true close_alert_after_all = true } }

API Integration Resource

Required resources:

  • name (String)

  • type (String)

Optional resources:

  • enabled (Boolean)

  • team_id (String)

  • type_specific_properties (JSON String) Integration specific properties may be provided to this object. Use jsonencode to convert the object into a string.

Read-only resources:

  • advanced (Boolean)

  • directions (List of String)

  • domains (List of String)

  • id (String) The ID of the escalation

  • maintenance_sources (Attributes List)

    • enabled (Boolean) Whether the maintenance is enabled

    • interval (Attributes)

      • end_time_millis (Number) The end time of the maintenance

      • start_time_millis (Number) The start time of the maintenance

    • maintenance_id (String) The ID of the maintenance

Example Configuration

resource "atlassian-operations_api_integration" "example" { name = "apiIntegrationName" team_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" type = "API" enabled = true type_specific_properties = jsonencode({ suppressNotifications: false }) }

Email Integration Resource

Required resources:

  • name (String)

  • type_specific_properties (Attributes) Integration specific properties may be provided to this object.

    • email_username (String)

    • suppress_notifications (Optional, defaults to false) (Boolean)

Optional resources:

  • enabled (Boolean)

  • team_id (String)

Read-only resources:

  • advanced (Boolean)

  • directions (List of String) Direction of the action. It can be incoming or outgoing

  • domains (List of String) Domain of the action. It can be alert

  • id (String) The ID of the escalation

  • maintenance_sources (Attributes List)

    • enabled (Boolean)

    • interval (Attributes)

      • end_time_millis (Number)

      • start_time_millis (Number)

    • maintenance_id (String)

Example Configuration

resource "atlassian-operations_email_integration" "example" { name = "emailIntegrationUpdateName" team_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" enabled = true type_specific_properties = { email_username = "randomEmailUsername" suppress_notifications = false } }


Notification rules

Required resources:

  • name (String) –The name of the notification rule. Must be unique within the team.

  • action_type (String) – The type of action that triggers the rule. Valid values:

    • create-alert

    • acknowledged-alert

    • closed-alert

    • assigned-alert

    • add-note

    • schedule-start

    • schedule-end

    • incoming-call-routing

Optional resources:

  • criteria (Object) – Defines when the notification rule should be triggered. Includes:

    • type (String) – Required. Defines the match logic for conditions. Valid values:

      • match-all: Matches all incidents. No conditions needed.

      • match-all-conditions: All conditions must match.

      • match-any-condition: Any condition can match.

    • conditions (List of Objects) – Required if type is match-all-conditions or match-any-condition. Each object may include:

      • field (String) – Required. The incident field to evaluate (e.g., message, priority, tags).

      • operation (String) – Required. The comparison operator (e.g., equals, contains).

      • expected_value (String) – Optional. The value to compare against.

      • key (String) – Optional. Used with extra-properties fields.

      • not (Boolean) – Optional. Negates the condition.

      • order (Integer) – Optional. Determines the order of evaluation.

  • notification_time (List of String) – Specifies when to send notifications relative to the event. Valid values: just-before, 15-minutes-ago, 1-hour-ago, 1-day-ago.

  • time_restriction (Attributes)

    • type (String) The type of the time restriction

    • restriction (Required if type = “time-of-day”) (Attributes)

      • end_hour (Number) - The end hour of the restriction

      • end_min (Number) - The end minute of the restriction

      • start_hour (Number) - The start hour of the restriction

      • start_min (Number) - The start minute of the restriction

    • restrictions (Required if type = “weekday-and-time-of-day”) (Attributes List)

      • end_day (String) - The end day of the restriction

      • end_hour (Number) - The end hour of the restriction

      • end_min (Number) - The end minute of the restriction

      • start_day (String) - The start day of the restriction

      • start_hour (Number) - The start hour of the restriction

      • start_min (Number) - The start minute of the restriction

  • schedules (List of String) – Schedule IDs the rule applies to.

  • order (Integer) – The rule's processing order (lower numbers run first)

steps (List of Objects) – Defines notification steps. Each step may include:

  • send_after (Integer) – Optional. Delay (in minutes) after rule trigger

  • contact (Object) – Required. Defines who to notify:

    • method (String) – Required. Notification method (email, sms, voice, mobile)

    • to (String) – Required. Recipient (email address or phone number)

  • repeat (Object) – Configuration for repeating notifications:

    • loop_after (Integer) – Required. Delay (in minutes) before repeating

    • enabled (Boolean) – Optional. Whether repetition is active (defaults to true)

  • enabled (Boolean) – Whether the rule is active. Defaults to true.

Read-only resources:

id (String) – The unique identifier of the notification rule.

Example configuration

This example:

  • Routes high-priority incidents tagged with customer-impact

  • Only applies between 8:30 and 17:45 (London time)

  • Notifies through an escalation policy

  • Is not the default routing rule and is set to process first (order = 0)

resource "atlassian-operations_notification_rule" "example" { name = "High Priority Alert Notification" action_type = "create-alert" enabled = true order = 1 criteria = { type = "match-all-conditions" conditions = [ { field = "priority" operation = "equals" expected_value = "P1" }, { field = "tags" operation = "contains" expected_value = "infrastructure" } ] } notification_time = [ "just-before", "15-minutes-ago" ] time_restriction = { type = "time-of-day" restriction = { start_hour = 9 start_min = 0 end_hour = 18 end_min = 0 } } schedules = [ "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" ] steps = [ { send_after = 0 contact = { method = "sms" to = "+15551234567" } }, { send_after = 5 contact = { method = "email" to = "oncall@example.com" } } ] repeat = { loop_after = 10 enabled = true } }

 

Routing rules

Required resources:

  • team_id (String) – The ID of the team that owns this routing rule. This value can’t be changed after creation.

  • notify (Object) – Defines how incidents matching this rule should be routed. Includes:

    • type (String) – Required. Notification method:

      • none – No routing

      • escalation – Use an escalation policy

      • schedule – Use a schedule

    • id (String) – Required if type is escalation or schedule. The ID of the target escalation or schedule.

Optional resources:

  • name (String) – A descriptive name for the routing rule. Defaults to an empty string.

  • order (Integer) – Index of this rule among all team routing rules. Must be between 0 and 100.

  • is_default (Boolean) – Whether this is the default routing rule. If enabled, this rule is used when no other rules match.

  • timezone (String) – The timezone for time-based decisions (e.g. Europe/London). Must be a valid IANA timezone.

  • criteria (Object) – Defines when the rule should be triggered.
    If provided, includes:

    • type (String) – Required inside criteria. Valid values:

      • match-all: No conditions required

      • match-all-conditions: All conditions must match

      • match-any-condition: At least one condition must match

    • conditions (List of Objects) – Required only if type is match-all-conditions or match-any-condition.
      Each object may include:

      • field (String) – Required. The incident field to evaluate (e.g. message, priority)

      • operation (String) – Required. The comparison operation (e.g. equals, contains)

      • expected_value (String) – Optional. Value to compare against

      • key (String) – Optional. Used for key-value matching when field is extra-properties

      • not (Boolean) – Optional. Negates the condition

      • order (Integer) – Optional. Order of the conditions in the list

  • time_restriction (Attributes)

    • type (String) The type of the time restriction

    • restriction (Required if type = “time-of-day”) (Attributes)

      • end_hour (Number) The end hour of the restriction

      • end_min (Number) The end minute of the restriction

      • start_hour (Number) The start hour of the restriction

      • start_min (Number) The start minute of the restriction

    • restrictions (Required if type = “weekday-and-time-of-day”) (Attributes List)

      • end_day (String) The end day of the restriction

      • end_hour (Number) The end hour of the restriction

      • end_min (Number) The end minute of the restriction

      • start_day (String) The start day of the restriction

      • start_hour (Number) The start hour of the restriction

      • start_min (Number) The start minute of the restriction

Read-only resources:

  • id (String) – The unique identifier of the routing rule, generated automatically.

Example configuration

resource "atlassian-operations_alert_policy" "example" { name = "High CPU Alert Policy" type = "alert" enabled = true message = "High CPU usage detected on ${host}" alert_description = "CPU usage exceeded 90% on ${host}" source = "monitoring-system" priority_value = "P1" update_priority = true continue = true team_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" order = 1 actions = ["Restart Service", "Notify Ops Team"] tags = ["infrastructure", "cpu"] alias = "cpu-alert-${host}" responders = [ { type = "team" id = "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy" } ] details = { metric = "cpu.utilization" threshold = "90" } filter = { type = "match-all-conditions" conditions = [ { field = "message" operation = "contains" expected_value = "CPU usage" }, { field = "priority" operation = "equals" expected_value = "P1" } ] } time_restriction = { enabled = true time_restrictions = [ { start_hour = 9 start_minute = 0 end_hour = 18 end_minute = 0 } ] } }

 

Alert policies

Required

  • enabled (Boolean) – Whether the alert policy is active.

  • message (String) – Template for the alert message.

  • name (String) – The name of the alert policy.

  • type (String) – Must be set to alert.

Optional

  • actions (List of String) – List of actions to associate with the alert.

  • alert_description (String) – Template for the alert description.

  • alias (String) – Template for the alert alias.

  • continue (Boolean) – Whether to continue processing other policies after this one.

  • description (String) – Description of the alert policy.

  • details (Map of String) – Additional detail key-value pairs to include in the alert.

  • entity (String) – Template for the alert entity.

  • filter (Object) – Criteria that control when this policy is applied. Includes:

    • type (String) – Required. Type of the filter.

    • conditions (List of Objects) – Required. Each condition includes:

      • expected_value (String) – Required. Value to compare against.

      • field (String) – Required. Alert field to evaluate.

      • operation (String) – Required. Comparison operation.

      • key (String) – Optional. Key to filter when using key-value fields.

      • not (Boolean) – Optional. Whether to negate the condition.

      • order (Number) – Optional. Processing order of the condition.

  • keep_original_actions (Boolean) – Whether to retain existing alert actions.

  • keep_original_details (Boolean) – Whether to retain existing alert details.

  • keep_original_responders (Boolean) – Whether to retain existing alert responders.

  • keep_original_tags (Boolean) – Whether to retain existing alert tags.

  • order (Number) – The order in which the policy is evaluated.

  • priority_value (String) – The priority value to assign if update_priority is enabled.

  • responders (List of Objects) – Specifies who will be notified. Each responder includes:

    • type (String) – Required. Type of the responder.

    • id (String) – Optional. ID of the responder (user, team, or schedule).

  • source (String) – Template for the alert source.

  • tags (List of String) – Tags to associate with the alert.

  • team_id (String) – ID of the team that owns the alert policy.

  • time_restriction (Object) – Defines when this policy is active. Includes:

    • enabled (Boolean) – Required. Whether time-based restrictions are enabled.

    • time_restrictions (List of Objects) – Required. Each period includes:

      • start_hour (Number) – Required. Start hour.

      • start_minute (Number) – Required. Start minute.

      • end_hour (Number) – Required. End hour.

      • end_minute (Number) – Required. End minute.

  • update_priority (Boolean) – Whether to change the alert priority when this policy applies.

 

Read-only

  • id (String) – Unique identifier for the alert policy, assigned automatically.

 

Example configuration

resource "atlassian-operations_alert_policy" "example" { name = "High CPU Alert Policy" type = "alert" enabled = true message = "High CPU usage detected on ${host}" alert_description = "CPU usage exceeded 90% on ${host}" source = "monitoring-system" priority_value = "P1" update_priority = true continue = true team_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" order = 1 actions = ["Restart Service", "Notify Ops Team"] tags = ["infrastructure", "cpu"] alias = "cpu-alert-${host}" responders = [ { type = "team" id = "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy" } ] details = { metric = "cpu.utilization" threshold = "90" } filter = { type = "match-all-conditions" conditions = [ { field = "message" operation = "contains" expected_value = "CPU usage" }, { field = "priority" operation = "equals" expected_value = "P1" } ] } time_restriction = { enabled = true time_restrictions = [ { start_hour = 9 start_minute = 0 end_hour = 18 end_minute = 0 } ] } }

 

Custom roles

Required Resources

name (String) – The name of the custom role.

 

Optional

  • disallowed_rights (Set of String) – Permissions explicitly denied to the custom role. List must be alphabetically sorted.

  • granted_rights (Set of String) – Permissions explicitly granted to the custom role. List must be alphabetically sorted.

Read-only

id (String) – Unique identifier for the custom role, assigned automatically.

Example Configuration

resource "atlassian-operations_custom_role" "incident_responder" { name = "Incident Responder" granted_rights = [ "acknowledge-alert", "close-alert", "view-alert" ] disallowed_rights = [ "delete-team", "manage-schedule" ] }