Skip to content

Latest commit

 

History

History
169 lines (115 loc) · 7.5 KB

catalog-terraform-template-tutorial.md

File metadata and controls

169 lines (115 loc) · 7.5 KB
Raw
copyright lastupdated keywords subcollection content-type services account-plan completion-time
years
2021, 2022
2022-07-27
private catalog, software, onboard, Terraform, terraform template
account
tutorial
Terraform
paid
20m

{{site.data.keyword.attribute-definition-list}}

Onboarding a Terraform template

{: #catalog-terraform-template-tutorial} {: toc-content-type="tutorial"} {: toc-services="Terraform"} {: toc-completion-time="20m"}

This tutorial walks you through how to onboard a Terraform template to your account. By completing this tutorial, you learn how to create a private catalog and import the template. After that, you can validate that the template can create resources, or run a script, and you can make it available to users who have access to your account. {: shortdesc}

Before you begin

{: #terraform-prereqs}

  1. Verify that you're using a Pay-As-You-Go or Subscription account. See Viewing your account type for more details.

  2. Verify that you're assigned the following roles. For more information, see Assigning access to account management services and Managing access to resources.

    • Administrator on all account management services and all IAM-enabled services
    • Editor on the catalog management service
    • Manager service access role for IBM Cloud Schematics
    • Operator platform role for VPC Infrastructure
    • Editor on the software instance service
    • Required permission to complete a specific task

  3. Create your Terraform template.

  4. To test your Terraform template, run the following commands from the Terraform CLI:

    • terraform init
    • terraform validate

  5. Upload your Terraform template to a GitHub release and create a .tgz file. For more information, see Upload your Terraform template and readme file to your GitHub repository{: external}.

    Use this release of the sample Terraform code{: external} as an example of how to set up your repository. {: tip}

Create a private catalog

{: #catalog-terraform-private} {: step}

Private catalogs provide a way for you to make your own products available to users in your account.

  1. Go to Manage > Catalogs in the {{site.data.keyword.cloud_notm}} console, and click Create a catalog.
  2. Select Product default as the catalog type.
  3. Enter the name of your catalog, for example, Sample Terraform.
  4. Select No products to exclude all products in the {{site.data.keyword.cloud}} catalog from your catalog.
  5. Click Create.

Import your Terraform template

{: #catalog-terraform-import} {: step}

  1. On the Private products page, click Add.
  2. Select Terraform as your deployment method.
  3. Select the type of repository.
  4. Enter the example Terraform URL as your source URL.
  5. Enter the software version in the format of major version, minor version, and revision, for example, 1.0.0.
  6. Click Add product.

Review the version details

{: #catalog-terraform-review-version} {: step}

From the Configure version tab, you can review your version details. After you review your version details, click Next.

Configure the deployment values

{: #catalog-terraform-cfgdeploy} {: step}

After you review the version details, you're ready to configure the deployment values.

  1. If you need to specify the Terraform runtime version that you want Schematics to use, click the Override the default Terraform runtime version checkbox and enter a version.
  2. From the Configure the deployment details section, click Add deployment values.
  3. Select the Parameter checkbox to select all options, and click Add.
  4. To customize which parameters are required for users to specify during the installation and which ones are hidden from users, select a parameter and click Edit. Click the checkboxes to configure the values and click Save.

{{site.data.content.output-values}}

{{site.data.content.define-IAM-access}}

Set the license requirements

{: #catalog-terraform-license} {: step}

If users are required to accept any license agreements beyond the {{site.data.keyword.cloud_notm}} Services Agreement, provide the URL to each agreement. Or, if users can bring their own licenses, you can provide that URL as well.

  1. Click Add license agreements > Add.
  2. Enter the name and URL, and click Update.
  3. After you enter the additional license agreements, click Next.

Validate the Terraform template

{: #catalog-terraform-validate} {: step}

  1. From the Validate product tab, enter the name of your workspace, select a resource group, select a Schematics region, and click Next.

    In the Tags field, you can enter a name of a specific tag to attach to your template. This tag is put on the {{site.data.keyword.bplong_notm}} workspace. Tags provide a way to organize, track usage costs, and manage access to the resources in your account. {: tip}

  2. From the Deployment values section, review your parameter values, and click Next.

  3. In the Validation product section, select I have read and agree to the following license agreements.

  4. Click Validate.

    To monitor the progress of the validation process, click View logs. {: tip}

Manage compliance

{: #catalog-terraform-controls} {: step}

Controls are safeguards that are used to meet security and compliance requirements. Only controls that are supported by Security and Compliance Center, formatted correctly, and validated by Code Risk Analysis and Security and Compliance Center scans appear in the catalog. For more information, see Adding compliance details.

Manage compliance controls

{: #catalog-terraform-add-controls}

You can review the controls that were added from your readme file and add additional controls.

  1. Click Add controls.
  2. Choose a profile.
  3. Select the controls that you want to add to your version.
  4. Click Add.

Run Code Risk Analyzer scan

{: #catalog-terraform-cra-scan}

Scan your source code with Code Risk Analyzer to identify any security vulnerabilities that you need to assess.

  1. Click Run scan.
  2. Wait for the scan to finish.

Add Security and Compliance Center scan

{: #catalog-terraform-scc-scan}

Add the scans that you previously ran in the Security and Compliance Center. Security and Compliance Center scans determine adherence to regulatory controls. For more information, see Scheduling a scan.

  1. Select the profile that you scanned.
  2. Select the Security and Compliance Center scan.
  3. Click Add scan.
  4. Click Next.

Review requirements

{: #catalog-terraform-review-reqs}

You must complete validation and any other requirements to publish to your account.

Next steps

{: #catalog-terraform-next}

After you onboard and validate your Terraform template, you're ready to publish it to your account. From the Actions menu, select Publish to account. As a result, the Terraform template is available to only users that have access to the Sample Terraform private catalog in your account.