Kubernetes with OpenShift World Tour: Get hands-on experience and build applications fast! Find a workshop!

How to get Terraform and IBM Cloud to play nice

Terraform has become a de facto standard for declaring a desired state for various clouds. By using infrastructure as code, you allow for reduced costs, increased speed, and improved security. When you combine this open source configuration with the power of IBM Cloud, you have the potential for improved DevOps, the added benefit of orchestration, and full-stack deployment. This tutorial will help you set up your IBM Cloud account with Terraform, so that you can start writing your .tfs to drive the IBM Cloud to your objectives.

Learning objectives

Upon completion of this tutorial, you’ll know how to set up terraform and the terraform-provider-ibm driver. You’ll also know how to use terraform to create an IBM resource on the IBM Cloud.


Before you begin this tutorial, you should already have:

Estimated time

This tutorial will take about 20 minutes to complete.


1. Install Terraform and terraform-ibm provider

First wget the terraform zip file, unzip, and cp to /bin from https://www.terraform.io/downloads.html.

Then wget zip, unzip, cp to /bin from https://github.com/IBM-Cloud/terraform-provider-ibm/releases.

Create a symbolic link between the Terraform and terraform-ibm provider files by using: ln -s terraform-provider-ibm_vTHE_RELEASE_YOU_DOWNLOADED terraform-provider-ibm

2. Set up .terraformrc

Set up your CLI configuration file ~/.terraformrc by adding the following code to it – create the file if it doesn’t exists:

providers {
  ibm = "<LOCATION_OF_INSTALLATION>/bin/terraform-provider-ibm"

3. Set up the variables file for Terraform to use

Note: The following file here contains no secrets so it can be commited to git.

Set up your Terraform variables file in variables.tf with the following content:

# export TF_VAR_ibm_bx_api_key="$VALUE"
# export TF_VAR_ibm_sl_username="$VALUE"
# export TF_VAR_ibm_sl_api_key="$VALUE"

provider "ibm" {
  bluemix_api_key    = "${var.ibm_bx_api_key}"
  softlayer_username = "${var.ibm_sl_username}"
  softlayer_api_key  = "${var.ibm_sl_api_key}"
variable ibm_bx_api_key {}
variable ibm_sl_username {}
variable ibm_sl_api_key {}
data "ibm_space" "spacedata" {
  space = "dev"   # this will be different if you aren't is this space
  org   = "Developer Advocacy" # this will be different if you aren't is this org

4. Get the API keys

To generate the API keys for IBM Cloud, use the following:

ibmcloud iam api-key-create <YOURNAME>-terraform -d '<YOURNAME> terraform' --file ibmcloud_api_key.json

The output will be:

Creating API key <YOURNAME>-terraform as <IBMid>...
API key <YOURNAME>-terraform was created
Successfully save API key information to ibmcloud_api_key.json

Note: This API key is bound to your user.

It is possible to create an API key that isn’t bound to your user so that you can have a more restricted API access. For details, read “Resource Groups and Access Management” and “Getting an IBM Cloud IAM token by using an API key.”

To get the API keys for Softlayer, please visit Your Softlayer Profile under “API Access Information.”

5. Set up the secrets env.sh file

Note: This file is secret and should not be committed to git.

echo 'env.sh' >> .gitignore
cat env.sh
export TF_VAR_ibm_sl_username="YOUR_USER_ID"
export TF_VAR_ibm_bx_api_key="FROM_THE_JSON_FILE"
export TF_VAR_ibm_sl_api_key="FROM_THE_WEBSITE"

6. Source the secrets file in your shell

source env.sh

7. Write out a tf file

Use cat speech_to_text.tf to create an example tf file, by using the following code:

resource "ibm_service_instance" "service_instance" {
  name       = "test"
  space_guid = "${data.ibm_space.spacedata.id}"
  service    = "speech_to_text"
  plan       = "lite"
  tags       = ["cluster-service", "cluster-bind"]

8. Initialize Terraform

Use terraform init to initialize Terraform.

9. Plan your Terraform run

Use terraform plan to plan your run.

10. Apply your Terraform run

Use terraform apply, or if you prefer not to have to type ‘yes’ to confirm, use terraform apply -auto-approve

See the example output here:

  terraform apply
  data.ibm_space.spacedata: Refreshing state...
  An execution plan has been generated and is shown below.
  Resource actions are indicated with the following symbols:
    + create
  Terraform will perform the following actions:
    + ibm_service_instance.service_instance
        id:                <computed>
        credentials.%:     <computed>
        name:              "terraform-test-nibalizer"
        plan:              "lite"
        service:           "speech_to_text"
        service_keys.#:    <computed>
        service_plan_guid: <computed>
        space_guid:        "948e900f-bc09-466a-9afd-292dc73cc16d"
        tags.#:            "2"
        tags.1312709308:   "cluster-bind"
        tags.1867880919:   "cluster-service"
        wait_time_minutes: "10"
  Plan: 1 to add, 0 to change, 0 to destroy.
  Do you want to perform these actions?
    Terraform will perform the actions described above.
    Only 'yes' will be accepted to approve.
    Enter a value: yes
  ibm_service_instance.service_instance: Creating...
    credentials.%:     "" => "<computed>"
    name:              "" => "terraform-test-nibalizer"
    plan:              "" => "lite"
    service:           "" => "speech_to_text"
    service_keys.#:    "" => "<computed>"
    service_plan_guid: "" => "<computed>"
    space_guid:        "" => "948e900f-bc09-466a-9afd-292dc73cc16d"
    tags.#:            "" => "2"
    tags.1312709308:   "" => "cluster-bind"
    tags.1867880919:   "" => "cluster-service"
    wait_time_minutes: "" => "10"
  ibm_service_instance.service_instance: Still creating... (10s elapsed)
  ibm_service_instance.service_instance: Still creating... (20s elapsed)
  ibm_service_instance.service_instance: Creation complete after 23s (ID: cb1543c2-97f5-4637-9a46-a11472c56aa4)
  Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

If you would like to delete the resource that terraform created, you’ll need to delete it from the IBM Cloud dashboard.

Search for the name of the resource that you’d like to delete. Unfortunately at this time if you want to use terraform destroy, it may throw an error when looking for Please delete the service_bindings, service_keys, and routes associations for your service_instances.


In this tutorial, you:

  • Were able to get the IBM Terraform provider to interface with the IBM Cloud.
  • Leveraged a simple Terraform plan to create an IBM Resource.
  • Located the IBM Terraform provider documentation.

Now that you’ve accomplished the above, what’s next?

Now that you have a working terraform .tf file, you can leverage all the different resources located here. I’d go ahead and try to set up a VM (compute) or a Kubernetes cluster (container_cluster) to see the power of the IBM Cloud!

JJ Asghar