Sample Terraform templates for IBM Cloud

Explore the sample IBM Cloud® Terraform templates, and try to execute the templates by using Schematics workspace.

Deploy Solution templates by using IBM Cloud service.
Browse Code snippets by IBM Cloud service.

Sample templates

Following solution templates allows you to provision resource by using Schematics workspace.

Kubernetes and Red Hat OpenShift on IBM Cloud
VPC infrastructure
Observability
Storage
Classic infrastructure service
Account management and IAM

Onboard to IBM Cloud private catalog

You can click the Onboard to IBM Cloud catalog button to automatically load the following sample Terraform templates into your catalog. To run the automation, click the Create button in Create an action page in the console.

For more information, about how the Ansible based automation is configured to load the template to private catalogs? refer to Onboard to IBM Catalog readme file.

Code snippets

The code snippets provides the templates that you can use to understand how to configure IBM Cloud service. You can also use the snippets as a starting point for your custom templates.

API Gateway
Certificate Manager
Cloud Databases templates
Cloud Foundry
Direct Link
DNS templates
Event Streams
Functions
Identity & Access (IAM)
Internet templates
Key Management Service
Kubernetes templates
Object Storage templates
Power Systems templates
Resource Management templates
Schematics templates
Transit Gateway templates
VPC infrastructure templates (Gen 2 compute)

Solution templates

Kubernetes and Red Hat OpenShift on IBM Cloud

In the Workspace details page, click Next button to view the Create button active to create Schematics workspace.

Kubernetes and Red Hat OpenShift on IBM Cloud Terraform templates to provision resource using Schematics workspace
Template	Description	Provision
Kubernetes cluster on VPC	Provision of a Kubernetes cluster on an existing VPC network, with private application load balancers.
Red Hat OpenShift on IBM Cloud cluster on classic infrastructure	Provision of a simple Red Hat OpenShift cluster on Classic infrastructure.
Red Hat OpenShift on IBM Cloud cluster on Classic infrastructure for development environment	Provision of a Red Hat OpenShift cluster on Classic infrastructure for a development team with IBM Cloud operation, Red Hat CodeReady.
Microservices with ingress on Kubernetes cluster	Deploy a sample app with ingress on your existing Kubernetes cluster on VPC.
Microservices with load balancer on Kubernetes cluster	Deploy a sample app with load balance on your existing Kubernetes cluster on VPC.
Secured Red Hat OpenShift on IBM Cloud cluster on VPC	Provisioning secured Red Hat OpenShift on IBM Cloud cluster with automation of forwarding observability capability by using VPC.
Red Hat OpenShift cluster on VPC infrastructure	Provision a Red Hat OpenShift cluster on the VPC infrastructure with an IAM access group, and invites users to those access groups.

VPC infrastructure

VPC Terraform templates to provision resource using Schematics workspace
Template	Description	Provision
Multiple VSIs on VPC with block storage volume and a load balancer	Provision multiple virtual servers each with a block storage volume on VPC, across a number of subnets, and connected with a single load balancer.
Multiple VPC running on production workload with a bastion worker for Rolling deployment	Provisioning VSIs on a VPC infrastructure to separate subnet for running production workload and a bastion worker for Rolling deployment.
Multiple VPC to maintain the fault tolerance during Blue-Green deployment	Provisioning VSIs on a VPC infrastructure for fault tolerance during deployments by maintaining two similar environments. Also isolation between the production and pre-production environment on the network level by using 2 subnets.
Multitiered VPC with bastion and VSIs	Provision multitiered infrastructure with VPC, SSH, Bastion host, front-end, and backend servers.
Multi-zone VPC network	Provision of a multi-zone infrastructure with VPC, in a single region up to 3 zones or more, ACL and public gateways.
Multi-zone VPCs connecting using Transit Gateway	Provision of two multi-zone VPCs and connects them through the IBM Cloud Transit Gateway. Also, provision a `ROKS` cluster on the spoke VPC and bastion VSI on the OpenShift hub VPC.
Multitiered landing zone with IAM and resource group access for a catalog offering	Provision a resource group, a VPC in the resource group, IAM access groups, and invites users to those access groups. This module configures the environment using a JSON object stored in Cloud Object Storage to allow users to configure and update complex environments as part of a catalog offering. This template do not use complex datatype.
Multi-zone VPC with bastion using subnet	Provision multi-zone VPC with a bastion subnet in one zone by reusing a multitiered VPC template.
Multitiered landing zone with IAM and resource group access using complex datatype	Provision a resource group, a VPC in the resource group, IAM Access Groups, and invites users to those access groups using complex data types.
Setting up VPC infrastructure from an Enterprise account	Provision a VPC infrastructure in an Enterprise child account from an Enterprise parent account using modules.

Observability

Observability Terraform templates to provision resource using Schematics workspace
Template	Description	Provision
Observability service instance	Provision an instance of all the Observability services on IBM Cloud such as IBM Cloud Log Analysis, IBM Cloud Monitoring, and IBM Cloud Activity Tracker in your account.
Observability agents for Kubernetes cluster	Deploy logging and monitoring agents onto your existing IBM Cloud Kubernetes Service cluster on VPC.
Configure integrations for Log Analysis service	Configure the Log Analysis service instance in IBM Cloud to integrate with `Slack`, `PagerDuty` and `Webhooks`.
Configure alerts and dashboard for Monitoring services	Configure the monitoring service instance in IBM Cloud with alerts and dashboard.

Storage

Storage Terraform templates to provision resource using Schematics workspace
Template	Description	Provision
IBM Cloud Object Storage bucket with encryption	Provision IBM Cloud Object Storage with IBM Key Protect integration.

Account management and IAM

Account management and IAM Terraform templates to provision resource using Schematics workspace
Template	Description	Provision
Clone users to new account	Clone all the IAM users from one IBM Cloud account into another IBM Cloud account.
Create multiple access policies in access groups and invite users	Create multiple access groups, and access policies that allow users to invite and users to the account and add users to any of the access groups created.

Classic infrastructure service

Classic infrastructure templates to provision resource using Schematics workspace
Template	Description	Provision
Autoscale the Classic VSIs	Autoscale the classic VSIs using Schematics, Cloud Functions, and Sysdig.
LEMP to provision a Classic Virtual Server instance	Provision a classic Virtual Server Instance (VSI) by using a full-stack LEMP environment on a virtual machine.
LAMP to provision a Classic Virtual Server instance	Provision a classic virtual server instance by using a full-stack LAMP environment on a virtual machine.

Snippets

Certificate Manager templates

Name	Description and resources	Code
`ibm-certificate-manager-order`	Create an IBM Cloud Internet Services instance with a domain, and use IBM Cloud Certificate Manager to generate a TLS certificate for this domain. Resources ibm_resource_instance ibm_cis ibm_cis_domain ibm_certificate_manager_order	View code snippet

Cloud Foundry templates

Name	Description and resources	Code
`ibm-app`	Create and deploy a Cloud Foundry app in IBM Cloud. Resources null_resource ibm_app_route ibm_service_instance ibm_service_key ibm_app	View code snippet

Direct Link templates

Name	Description and resources	Code
`ibm-dl-gateway`	Create a speed and reliable direct link gateways, virtual connections, offering information, routers, and ports by using the resources. Resources ibm_dl_gateway ibm_dl_virtual_connection ibm_is_vpc	View code snippet

Event Streams templates

Name	Description and resources	Code
`ibm-event-streams`	Create a communication through an Event Streams instance, topic instance, or Kafka consumer application to connect an existing event stream instances and its topic instance by using IBM Cloud Schematics workspace. Resources ibm_resource_instance ibm_event_streams_topic kafka_consumer_app	View code snippet

Functions templates

Name	Description and resources	Code
`ibm-function-cloudant-trigger`	Create a Cloudant NoSQL service instance and a Python app deployment that creates the database demo database in your service instance. Then, you create an action with IBM Cloud functions that is triggered when you add or edit documents to your database. Resources null_resource ibm_service_instance ibm_service_key ibm_app_route ibm_app ibm_function_package ibm_function_action ibm_function_trigger ibm_function_rule	View code snippet

Identity & Access (IAM) templates

Name	Description and resources	Code
`ibm-iam-custom-role`	Create a custom role in IBM Cloud Identity and Access Management (IAM) for IBM Key Protect. Resources ibm_iam_custom_role	View code snippet
`ibm-iam-policy`	Create an access policy in IBM Cloud Identity and Access Management (IAM) to grant permissions for a resource group to a user. Resources ibm_iam_user_policy	View code snippet
`ibm-iam-policy`	Create an access group in IBM Cloud Identity and Access Management and assign this access group permission to a resource group. Then, you add users to your access group and assign these users access to IBM Cloud Kubernetes Service, classic IBM Cloud infrastructure, and Cloud Foundry. Resources ibm_iam_access_group ibm_iam_access_group_policy ibm_iam_user_invite	View code snippet

Key Management Service templates

Name	Description and resources	Code
`ibm-key-management-service`	Create an IBM Cloud Object Storage service instance with a bucket to store your data and provide a key management service resource for Hyper Protect Crypto Services and Key Protect service instance with a root key. This allow access between these services with an IBM Cloud Identity and Access Management policy. Resources ibm_kms_key ibm_kp_key	View code snippet

Kubernetes templates

Name	Description and resources	Code
`vpc-classic-cluster`	Create an IBM Cloud Kubernetes Service cluster in a Virtual Private Cloud (VPC) for Generation 1 compute with worker nodes in a default worker pool that you spread across two zones. You can provision an IBM Cloud Object Storage service, and bind this service to the cluster. Resources ibm_is_vpc ibm_is_subnet ibm_container_vpc_cluster ibm_container_vpc_worker_pool ibm_resource_instance ibm_container_bind_service	View code snippet
`vpc-Gen2-cluster`	Create an IBM Cloud Kubernetes Service cluster in a Virtual Private Cloud (VPC) for Generation 2 compute with worker nodes in a default worker pool that you spread across two zones. Also, you provision an IBM Cloud Object Storage service, and bind this service to the cluster. Resources ibm_is_vpc ibm_is_subnet ibm_container_vpc_cluster ibm_container_vpc_worker_pool ibm_resource_instance ibm_container_bind_service	View code snippet
`ibm-iks-classic-ROKS`	Create a Red Hat View GitHub repository on IBM Cloud cluster that runs version 3.11 of the View GitHub repository Container Platform. Resources ibm_container_cluster	View code snippet
`ibm-cluster-update`	Cordon and drain your worker nodes to update the IBM Cloud Kubernetes Service cluster master and worker nodes to the latest version. Resources null_resource ibm_container_cluster	View code snippet
`cluster-worker-pool-zone`	Create an IBM Cloud Kubernetes Service cluster with a default worker pool that is spread across two zones. Also, you create another worker pool and bind an IBM Cloud service of your choice to the cluster. Resources ibm_container_cluster ibm_container_worker_pool_zone_attachment ibm_container_worker_pool ibm_service_instance ibm_service_key ibm_container_bind_service	View code snippet
`ibm-storage-cos`	Set up Helm in an IBM Cloud Kubernetes Service cluster to install the IBM Cloud Object Storage Helm plug-in. Then, you create an IBM Cloud Object Storage service instance where you can store data from the apps in your cluster. You also learn how to create a Kubernetes persistent volume claim (PVC) to create a bucket in your IBM Cloud Object Storage instance. Also to deploy an app in the cluster that mounts your IBM Cloud Object Storage bucket. Resources ibm_resource_instance ibm_container_bind_service kubernetes_secret	View code snippet
`ibm-openshift-job`	Create and execute a secured shell script in an Red Hat OpenShift on IBM Cloud cluster by using an Terraform on IBM Cloud template. This template creates a Kubernetes configmap that includes a reference to a shell script. Then, you create a pod that mounts the configmap as a volume and executes the shell script. Resources kubernetes_secret kubernetes_config_map kubernetes_job	View code snippet
`portworx`	Set up Helm in an IBM Cloud Kubernetes Service software-defined storage (SDS) cluster to install Portworx as a storage solution. Make sure that this template requires an SDS cluster on Bare Metal worker nodes. After you installed Portworx, you can create persistent volume claims (PVC) to store data on local storage of your worker nodes. For more information, about Portworx and how to create an SDS cluster, see Storing data on SDS with Portworx. Resources random_id kubernetes_secret helm_release	View code snippet
`ibm-lbaas`	Create an IBM Cloud® Load Balancer for a classic virtual server instance. You configure the load balancer to manage incoming HTTPS and HTTP network traffic and set up health monitoring for your virtual server instance. Resources ibm_compute_ssl_certificate ibm_compute_ssh_key ibm_compute_vm_instance ibm_lbaas ibm_lbaas_server_instance_attachment ibm_lbaas_health_monitor	View code snippet
`ibm-logdna-cluster-integration`	Create an IBM Cloud cluster integration service to configure IBM Cloud provider such as Helm, Kubernetes. Then, you can use a resource role binding to fetch resource key, and agents to log through resource role binding. Resources random_id kubernetes_role_binding helm_release	View code snippet

Transit Gateway templates

Name	Description and resources	Code
`ibm-transit-gateway`	Create a transit gateways, list available connections, and locations for the gateways. Resources ibm_tg_gateway ibm_tg_connection ibm_is_vpc	View code snippet

Cloud Databases templates

Name	Description and resources	Code
`ibm-database`	Create a classic virtual server instance and an IBM Cloud database for PostgreSQL instance, and set up connectivity between the instances. Resources ibm_compute_vm_instance ibm_resource_group ibm_database	View code snippet

DNS templates

Name	Description and resources	Code
`ibm-private-dns`	Create an IBM Cloud VPC and an IBM Cloud DNS Services instance, and add the VPC as a permitted network to the DNS service instance. Then, you create different types of DNS records. Resources ibm_is_vpc ibm_resource_instance ibm_dns_zone ibm_dns_resource_record	View code snippet

Internet templates

Name	Description and resources	Code
`ibm-cis`	Create an IBM Cloud Internet Services instance and configure the instance with health check monitoring, origin pool, global load-balancing, DNS records, firewall, and limit the rate rules. Resources ibm_cis ibm_cis_domain_settings ibm_cis_domain ibm_cis_edge_functions_action ibm_cis_edge_functions_trigger ibm_cis_healthcheck ibm_cis_origin_pool ibm_cis_global_load_balancer ibm_cis_dns_record ibm_cis_firewall ibm_cis_rate_limit	View code snippet

Object Storage templates

Name	Description and resources	Code
`ibm-cos-bucket`	Create an IBM Cloud Object Storage service instance in IBM Cloud and your first bucket to persistently store data. Resources ibm_resource_group ibm_resource_instance ibm_cos_bucket	View code snippet

Power Systems templates

Name	Description and resources	Code
`ibm-power`	Create an Power Virtual Server instance with a public and a private network that mounts the system volumes. You can also create an SSH key to access the instance. Resources ibm_pi_key ibm_pi_network ibm_pi_volume ibm_pi_instance	View code snippet

Resource Management templates

Name	Description and resources	Code
`ibm-resource-instance`	Create an IBM Cloud Object Storage service instance with HMAC credentials, and configure custom timeouts for creating, updating, or deleting the instance. Resources ibm-resource-instance	View code snippet

Schematics templates

Name	Description and resources	Code
`ibm-schematics`	Retrieve the Terraform on IBM Cloud state file and output variables for a Schematics workspace by using a Schematics data source. For more information, about how to use the data source, see Managing cross-workspace state access with Terraform on IBM Cloud. Resources N/A	View code snippet

VPC infrastructure templates (Gen 2 compute)

Name	Description and resources	Code
`ibm-is-ng`	Create a Virtual Private Cloud (VPC) for Generation 2 compute, configure a VPC load balancer with custom routing rules. Then, add a virtual server instance to your VPC that you can access from the internet by using a public IP address. Then, create another VPC Gen 2 and configure it with a VPN gateway with custom IPsec and IKE networking rules. You also learn how to create VPC Gen 2 block storage volumes. Resources ibm_is_vpc ibm_is_vpc_route ibm_is_subnet ibm_is_lb ibm_is_lb_listener ibm_is_lb_listener_policy ibm_is_lb_listener_policy_rule ibm_is_vpn_gateway ibm_is_vpn_gateway_connection ibm_is_ssh_key ibm_is_instance ibm_is_floating_ip ibm_is_security_group_rule ibm_is_ipsec_policy ibm_is_ike_policy ibm_is_volume ibm_is_public_gateway	View code snippet