IBM Cloud Docs
Sample Terraform templates for IBM Cloud

Sample Terraform templates for IBM Cloud

Explore the sample IBM Cloud® Terraform templates, and try to execute the templates by using Schematics workspace.

Deploy Solution templates by using IBM Cloud service.
Browse Code snippets by IBM Cloud service.

Sample templates

Following solution templates allows you to provision resource by using Schematics workspace.

Onboard to IBM Cloud private catalog

You can click the Onboard to IBM Cloud catalog button to automatically load the following sample Terraform templates into your catalog. To run the automation, click the Create button in Create an action page in the console.

For more information, about how the Ansible based automation is configured to load the template to private catalogs? refer to Onboard to IBM Catalog readme file.

bulk onboard Terraform templates into private catalog

Code snippets

The code snippets provides the templates that you can use to understand how to configure IBM Cloud service. You can also use the snippets as a starting point for your custom templates.

Solution templates

Kubernetes and Red Hat OpenShift on IBM Cloud

In the Workspace details page, click Next button to view the Create button active to create Schematics workspace.

Kubernetes and Red Hat OpenShift on IBM Cloud Terraform templates to provision resource using Schematics workspace
Template Description Provision
Kubernetes cluster on VPC Provision of a Kubernetes cluster on an existing VPC network, with private application load balancers. Auto deployment buttonDeploy to IBM Cloud
Red Hat OpenShift on IBM Cloud cluster on classic infrastructure Provision of a simple Red Hat OpenShift cluster on Classic infrastructure. Auto deployment buttonDeploy to IBM Cloud
Red Hat OpenShift on IBM Cloud cluster on Classic infrastructure for development environment Provision of a Red Hat OpenShift cluster on Classic infrastructure for a development team with IBM Cloud operation, Red Hat CodeReady. Auto deployment buttonDeploy to IBM Cloud
Microservices with ingress on Kubernetes cluster Deploy a sample app with ingress on your existing Kubernetes cluster on VPC. Auto deployment buttonDeploy to IBM Cloud
Microservices with load balancer on Kubernetes cluster Deploy a sample app with load balance on your existing Kubernetes cluster on VPC. Auto deployment buttonDeploy to IBM Cloud
Secured Red Hat OpenShift on IBM Cloud cluster on VPC Provisioning secured Red Hat OpenShift on IBM Cloud cluster with automation of forwarding observability capability by using VPC. Auto deployment buttonDeploy to IBM Cloud
Red Hat OpenShift cluster on VPC infrastructure Provision a Red Hat OpenShift cluster on the VPC infrastructure with an IAM access group, and invites users to those access groups. Auto deployment buttonDeploy to IBM Cloud

VPC infrastructure

VPC Terraform templates to provision resource using Schematics workspace
Template Description Provision
Multiple VSIs on VPC with block storage volume and a load balancer Provision multiple virtual servers each with a block storage volume on VPC, across a number of subnets, and connected with a single load balancer. Auto deployment buttonDeploy to IBM Cloud
Multiple VPC running on production workload with a bastion worker for Rolling deployment Provisioning VSIs on a VPC infrastructure to separate subnet for running production workload and a bastion worker for Rolling deployment. Auto deployment buttonDeploy to IBM Cloud
Multiple VPC to maintain the fault tolerance during Blue-Green deployment Provisioning VSIs on a VPC infrastructure for fault tolerance during deployments by maintaining two similar environments. Also isolation between the production and pre-production environment on the network level by using 2 subnets. Auto deployment buttonDeploy to IBM Cloud
Multitiered VPC with bastion and VSIs Provision multitiered infrastructure with VPC, SSH, Bastion host, front-end, and backend servers. Auto deployment buttonDeploy to IBM Cloud
Multi-zone VPC network Provision of a multi-zone infrastructure with VPC, in a single region up to 3 zones or more, ACL and public gateways. Auto deployment buttonDeploy to IBM Cloud
Multi-zone VPCs connecting using Transit Gateway Provision of two multi-zone VPCs and connects them through the IBM Cloud Transit Gateway. Also, provision a ROKS cluster on the spoke VPC and bastion VSI on the OpenShift hub VPC. Auto deployment buttonDeploy to IBM Cloud
Multitiered landing zone with IAM and resource group access for a catalog offering Provision a resource group, a VPC in the resource group, IAM access groups, and invites users to those access groups. This module configures the environment using a JSON object stored in Cloud Object Storage to allow users to configure and update complex environments as part of a catalog offering. This template do not use complex datatype. Auto deployment buttonDeploy to IBM Cloud
Multi-zone VPC with bastion using subnet Provision multi-zone VPC with a bastion subnet in one zone by reusing a multitiered VPC template. Auto deployment buttonDeploy to IBM Cloud
Multitiered landing zone with IAM and resource group access using complex datatype Provision a resource group, a VPC in the resource group, IAM Access Groups, and invites users to those access groups using complex data types. Auto deployment buttonDeploy to IBM Cloud
Setting up VPC infrastructure from an Enterprise account Provision a VPC infrastructure in an Enterprise child account from an Enterprise parent account using modules. Auto deployment buttonDeploy to IBM Cloud

Observability

Observability Terraform templates to provision resource using Schematics workspace
Template Description Provision
Observability service instance Provision an instance of all the Observability services on IBM Cloud such as IBM Cloud Log Analysis, IBM Cloud Monitoring, and IBM Cloud Activity Tracker in your account. Auto deployment buttonDeploy to IBM Cloud
Observability agents for Kubernetes cluster Deploy logging and monitoring agents onto your existing IBM Cloud Kubernetes Service cluster on VPC. Auto deployment buttonDeploy to IBM Cloud
Configure integrations for Log Analysis service Configure the Log Analysis service instance in IBM Cloud to integrate with Slack, PagerDuty and Webhooks. Auto deployment buttonDeploy to IBM Cloud
Configure alerts and dashboard for Monitoring services Configure the monitoring service instance in IBM Cloud with alerts and dashboard. Auto deployment buttonDeploy to IBM Cloud

Storage

Storage Terraform templates to provision resource using Schematics workspace
Template Description Provision
IBM Cloud Object Storage bucket with encryption Provision IBM Cloud Object Storage with IBM Key Protect integration. Auto deployment buttonDeploy to IBM Cloud

Account management and IAM

Account management and IAM Terraform templates to provision resource using Schematics workspace
Template Description Provision
Clone users to new account Clone all the IAM users from one IBM Cloud account into another IBM Cloud account. Auto deployment buttonDeploy to IBM Cloud
Create multiple access policies in access groups and invite users Create multiple access groups, and access policies that allow users to invite and users to the account and add users to any of the access groups created. Auto deployment buttonDeploy to IBM Cloud

Classic infrastructure service

Classic infrastructure templates to provision resource using Schematics workspace
Template Description Provision
Autoscale the Classic VSIs Autoscale the classic VSIs using Schematics, Cloud Functions, and Sysdig. Auto deployment buttonDeploy to IBM Cloud
LEMP to provision a Classic Virtual Server instance Provision a classic Virtual Server Instance (VSI) by using a full-stack LEMP environment on a virtual machine. Auto deployment buttonDeploy to IBM Cloud
LAMP to provision a Classic Virtual Server instance Provision a classic virtual server instance by using a full-stack LAMP environment on a virtual machine. Auto deployment buttonDeploy to IBM Cloud

Snippets

Certificate Manager templates

Name Description and resources Code
ibm-certificate-manager-order Create an IBM Cloud Internet Services instance with a domain, and use IBM Cloud Certificate Manager to generate a TLS certificate for this domain.

Resources
  • ibm_resource_instance
  • ibm_cis
  • ibm_cis_domain
  • ibm_certificate_manager_order
View code snippet

Cloud Foundry templates

Name Description and resources Code
ibm-app Create and deploy a Cloud Foundry app in IBM Cloud.

Resources
  • null_resource
  • ibm_app_route
  • ibm_service_instance
  • ibm_service_key
  • ibm_app
View code snippet

Direct Link templates

Name Description and resources Code
ibm-dl-gateway Create a speed and reliable direct link gateways, virtual connections, offering information, routers, and ports by using the resources.

Resources
  • ibm_dl_gateway
  • ibm_dl_virtual_connection
  • ibm_is_vpc
View code snippet

Event Streams templates

Name Description and resources Code
ibm-event-streams Create a communication through an Event Streams instance, topic instance, or Kafka consumer application to connect an existing event stream instances and its topic instance by using IBM Cloud Schematics workspace.

Resources
  • ibm_resource_instance
  • ibm_event_streams_topic
  • kafka_consumer_app
View code snippet

Functions templates

Name Description and resources Code
ibm-function-cloudant-trigger Create a Cloudant NoSQL service instance and a Python app deployment that creates the database demo database in your service instance. Then, you create an action with IBM Cloud functions that is triggered when you add or edit documents to your database.

Resources
  • null_resource
  • ibm_service_instance
  • ibm_service_key
  • ibm_app_route
  • ibm_app
  • ibm_function_package
  • ibm_function_action
  • ibm_function_trigger
  • ibm_function_rule
View code snippet

Identity & Access (IAM) templates

Name Description and resources Code
ibm-iam-custom-role Create a custom role in IBM Cloud Identity and Access Management (IAM) for IBM Key Protect.

Resources
  • ibm_iam_custom_role
View code snippet
ibm-iam-policy Create an access policy in IBM Cloud Identity and Access Management (IAM) to grant permissions for a resource group to a user.

Resources
  • ibm_iam_user_policy
View code snippet
ibm-iam-policy Create an access group in IBM Cloud Identity and Access Management and assign this access group permission to a resource group. Then, you add users to your access group and assign these users access to IBM Cloud Kubernetes Service, classic IBM Cloud infrastructure, and Cloud Foundry.

Resources
  • ibm_iam_access_group
  • ibm_iam_access_group_policy
  • ibm_iam_user_invite
View code snippet

Key Management Service templates

Name Description and resources Code
ibm-key-management-service Create an IBM Cloud Object Storage service instance with a bucket to store your data and provide a key management service resource for Hyper Protect Crypto Services and Key Protect service instance with a root key. This allow access between these services with an IBM Cloud Identity and Access Management policy.

Resources
  • ibm_kms_key
  • ibm_kp_key
View code snippet

Kubernetes templates

Name Description and resources Code
vpc-classic-cluster Create an IBM Cloud Kubernetes Service cluster in a Virtual Private Cloud (VPC) for Generation 1 compute with worker nodes in a default worker pool that you spread across two zones. You can provision an IBM Cloud Object Storage service, and bind this service to the cluster.

Resources
  • ibm_is_vpc
  • ibm_is_subnet
  • ibm_container_vpc_cluster
  • ibm_container_vpc_worker_pool
  • ibm_resource_instance
  • ibm_container_bind_service
View code snippet
vpc-Gen2-cluster Create an IBM Cloud Kubernetes Service cluster in a Virtual Private Cloud (VPC) for Generation 2 compute with worker nodes in a default worker pool that you spread across two zones. Also, you provision an IBM Cloud Object Storage service, and bind this service to the cluster.

Resources
  • ibm_is_vpc
  • ibm_is_subnet
  • ibm_container_vpc_cluster
  • ibm_container_vpc_worker_pool
  • ibm_resource_instance
  • ibm_container_bind_service
View code snippet
ibm-iks-classic-ROKS Create a Red Hat View GitHub repository on IBM Cloud cluster that runs version 3.11 of the View GitHub repository Container Platform.

Resources
  • ibm_container_cluster
View code snippet
ibm-cluster-update Cordon and drain your worker nodes to update the IBM Cloud Kubernetes Service cluster master and worker nodes to the latest version.

Resources
  • null_resource
  • ibm_container_cluster
View code snippet
cluster-worker-pool-zone Create an IBM Cloud Kubernetes Service cluster with a default worker pool that is spread across two zones. Also, you create another worker pool and bind an IBM Cloud service of your choice to the cluster.

Resources
  • ibm_container_cluster
  • ibm_container_worker_pool_zone_attachment
  • ibm_container_worker_pool
  • ibm_service_instance
  • ibm_service_key
  • ibm_container_bind_service
View code snippet
ibm-storage-cos Set up Helm in an IBM Cloud Kubernetes Service cluster to install the IBM Cloud Object Storage Helm plug-in. Then, you create an IBM Cloud Object Storage service instance where you can store data from the apps in your cluster. You also learn how to create a Kubernetes persistent volume claim (PVC) to create a bucket in your IBM Cloud Object Storage instance. Also to deploy an app in the cluster that mounts your IBM Cloud Object Storage bucket.

Resources
  • ibm_resource_instance
  • ibm_container_bind_service
  • kubernetes_secret
View code snippet
ibm-openshift-job Create and execute a secured shell script in an Red Hat OpenShift on IBM Cloud cluster by using an Terraform on IBM Cloud template. This template creates a Kubernetes configmap that includes a reference to a shell script. Then, you create a pod that mounts the configmap as a volume and executes the shell script.

Resources
  • kubernetes_secret
  • kubernetes_config_map
  • kubernetes_job
View code snippet
portworx Set up Helm in an IBM Cloud Kubernetes Service software-defined storage (SDS) cluster to install Portworx as a storage solution. Make sure that this template requires an SDS cluster on Bare Metal worker nodes. After you installed Portworx, you can create persistent volume claims (PVC) to store data on local storage of your worker nodes. For more information, about Portworx and how to create an SDS cluster, see Storing data on SDS with Portworx.

Resources
  • random_id
  • kubernetes_secret
  • helm_release
View code snippet
ibm-lbaas Create an IBM Cloud® Load Balancer for a classic virtual server instance. You configure the load balancer to manage incoming HTTPS and HTTP network traffic and set up health monitoring for your virtual server instance.

Resources
  • ibm_compute_ssl_certificate
  • ibm_compute_ssh_key
  • ibm_compute_vm_instance
  • ibm_lbaas
  • ibm_lbaas_server_instance_attachment
  • ibm_lbaas_health_monitor
View code snippet
ibm-logdna-cluster-integration Create an IBM Cloud cluster integration service to configure IBM Cloud provider such as Helm, Kubernetes. Then, you can use a resource role binding to fetch resource key, and agents to log through resource role binding.

Resources
  • random_id
  • kubernetes_role_binding
  • helm_release
View code snippet

Transit Gateway templates

Name Description and resources Code
ibm-transit-gateway Create a transit gateways, list available connections, and locations for the gateways.

Resources
  • ibm_tg_gateway
  • ibm_tg_connection
  • ibm_is_vpc
View code snippet

Cloud Databases templates

Name Description and resources Code
ibm-database Create a classic virtual server instance and an IBM Cloud database for PostgreSQL instance, and set up connectivity between the instances.

Resources
  • ibm_compute_vm_instance
  • ibm_resource_group
  • ibm_database
View code snippet

DNS templates

Name Description and resources Code
ibm-private-dns Create an IBM Cloud VPC and an IBM Cloud DNS Services instance, and add the VPC as a permitted network to the DNS service instance. Then, you create different types of DNS records.

Resources
  • ibm_is_vpc
  • ibm_resource_instance
  • ibm_dns_zone
  • ibm_dns_resource_record
View code snippet

Internet templates

Name Description and resources Code
ibm-cis Create an IBM Cloud Internet Services instance and configure the instance with health check monitoring, origin pool, global load-balancing, DNS records, firewall, and limit the rate rules.

Resources
  • ibm_cis
  • ibm_cis_domain_settings
  • ibm_cis_domain
  • ibm_cis_edge_functions_action
  • ibm_cis_edge_functions_trigger
  • ibm_cis_healthcheck
  • ibm_cis_origin_pool
  • ibm_cis_global_load_balancer
  • ibm_cis_dns_record
  • ibm_cis_firewall
  • ibm_cis_rate_limit
View code snippet

Object Storage templates

Name Description and resources Code
ibm-cos-bucket Create an IBM Cloud Object Storage service instance in IBM Cloud and your first bucket to persistently store data.

Resources
  • ibm_resource_group
  • ibm_resource_instance
  • ibm_cos_bucket
View code snippet

Power Systems templates

Name Description and resources Code
ibm-power Create an Power Virtual Server instance with a public and a private network that mounts the system volumes. You can also create an SSH key to access the instance.

Resources
  • ibm_pi_key
  • ibm_pi_network
  • ibm_pi_volume
  • ibm_pi_instance
View code snippet

Resource Management templates

Name Description and resources Code
ibm-resource-instance Create an IBM Cloud Object Storage service instance with HMAC credentials, and configure custom timeouts for creating, updating, or deleting the instance.

Resources
  • ibm-resource-instance
View code snippet

Schematics templates

Name Description and resources Code
ibm-schematics Retrieve the Terraform on IBM Cloud state file and output variables for a Schematics workspace by using a Schematics data source. For more information, about how to use the data source, see Managing cross-workspace state access with Terraform on IBM Cloud.

Resources
  • N/A
View code snippet

VPC infrastructure templates (Gen 2 compute)

Name Description and resources Code
ibm-is-ng Create a Virtual Private Cloud (VPC) for Generation 2 compute, configure a VPC load balancer with custom routing rules. Then, add a virtual server instance to your VPC that you can access from the internet by using a public IP address. Then, create another VPC Gen 2 and configure it with a VPN gateway with custom IPsec and IKE networking rules. You also learn how to create VPC Gen 2 block storage volumes.

Resources
  • ibm_is_vpc
  • ibm_is_vpc_route
  • ibm_is_subnet
  • ibm_is_lb
  • ibm_is_lb_listener
  • ibm_is_lb_listener_policy
  • ibm_is_lb_listener_policy_rule
  • ibm_is_vpn_gateway
  • ibm_is_vpn_gateway_connection
  • ibm_is_ssh_key
  • ibm_is_instance
  • ibm_is_floating_ip
  • ibm_is_security_group_rule
  • ibm_is_ipsec_policy
  • ibm_is_ike_policy
  • ibm_is_volume
  • ibm_is_public_gateway
View code snippet