Skip to content
CrowdStrike Developer Center

Configuration as Code

CrowdStrike provides a Terraform provider for managing Falcon platform resources and a set of modules for cloud account registration and sensor deployment. Use declarative configuration to enforce security posture, register cloud accounts, and deploy sensors at scale.

Provider

Section titled “Provider”

The CrowdStrike Terraform provider manages Falcon platform resources directly — policies, host groups, exclusions, cloud accounts, and more. Over 50 resources and 14 data sources.

Importing Import existing CrowdStrike resources into Terraform state.

Modules

Section titled “Modules”

CrowdStrike publishes official Terraform modules on the Terraform Registry for two categories of work: registering cloud accounts with Falcon Cloud Security, and deploying the Falcon sensor to compute workloads.

Cloud Registration

Section titled “Cloud Registration”

These modules register your cloud accounts with CrowdStrike Falcon Cloud Security. They provision the IAM roles, service principals, or workload identity resources that allow CrowdStrike to perform asset inventory, real-time visibility, identity protection, and agentless scanning in your environment.

AWS Cloud Registration Register AWS accounts with Falcon Cloud Security — asset inventory, RTVD, DSPM, sensor management.
Azure Cloud Registration Register Azure tenants and subscriptions — service principals, log ingestion, agentless scanning.
GCP Cloud Registration Register GCP organizations, folders, and projects with Workload Identity Federation.
OCI Cloud Registration Register Oracle Cloud Infrastructure for Falcon Cloud Security integration.

Sensor Deployment

Section titled “Sensor Deployment”

These modules deploy the CrowdStrike Falcon sensor to compute workloads. They handle credential storage, package distribution, and operator lifecycle management.

AWS SSM Distributor Deploy Falcon sensors to EC2 instances via AWS Systems Manager with multi-region support.
Kubernetes Deploy Falcon Sensor, Admission Controller, and Image Analyzer to K8s and OpenShift clusters.

Decision Guide

Section titled “Decision Guide”
I want to…Module
Register an AWS account for cloud security monitoringAWS Cloud Registration
Register an Azure subscription or management groupAzure Cloud Registration
Register a GCP organization, folder, or projectGCP Cloud Registration
Register an OCI tenancy for cloud securityOCI Cloud Registration
Deploy the Falcon sensor to EC2 instances across regionsAWS SSM Distributor
Deploy the Falcon sensor to a Kubernetes clusterKubernetes
Deploy the Falcon sensor to an OpenShift clusterKubernetes

Common Prerequisites

Section titled “Common Prerequisites”

All modules require CrowdStrike Falcon API credentials. Create a dedicated API client in the Falcon console under Support and resources > API Clients & Keys. Each module page lists the specific API scopes required.

Credentials are always passed as input variables (falcon_client_id and falcon_client_secret) and should be stored securely — never committed to source control. Use Terraform variables with sensitive = true, environment variables, or a secrets manager.

© 2026 CrowdStrike, Inc. All rights reserved. Privacy Notice Cookie Notice Terms of Use