Cloud Object Storage module

Configures an IBM Cloud Object Storage instance and bucket

This product is deprecated
Cloud Object Storage module will not be available after 08/24/2025. You can install the product until then.

Module overview

Use this module to provision and configure an IBM Cloud Object Storage instance and bucket.
You can configure the following aspects of your instances:

Usage

module "cos" {
  # Replace "X.X.X" with a release version to lock into a specific release
  source                 = "https://cm.globalcatalog.cloud.ibm.com/api/v1-beta/offering/source?archive=tgz&kind=terraform&name=terraform-ibm-cos&version=X.X.X"
  resource_group_id      = "199f65xxxxxxXXXXXXxxxxxxed93c497"
  region                 = "us-south" # set this to null and use 'cross_region_location' to create cross-regional bucket
  cos_instance_name      = "my-cos-instance"
  bucket_name            = "my-bucket"
  retention_enabled      = false # disable retention for test environments - enable for stage/prod
  kms_encryption_enabled = false # by default, all objects are encrypted by using randomly generated keys and an all-or-nothing-transform (AONT)
}

Features and capabilities

Create an Object Storage instance

Create an IBM Cloud Object Storage instance.

Create an Object Storage bucket

Create either a cross-regional or regional Object Storage bucket.

Create an IBM resource key

Create a resource key for the Object Storage instance.

Attach access tags

Attach access tags to the Object Storage instance.

Configure bucket retention

Configure retention policies at the IBM Cloud Object Storage bucket level.

Enable object versioning

Supports enabling object versioning to keep multiple versions of an object in a bucket.

Add archive policies

Add archive policies on the bucket.

Record Activity Tracker events

Integrate Activity Tracker to track events.

Monitor data

Integrate with the IBM Cloud Monitoring service to monitor your Object Storage data.

Encrypt data with key management services

Supports key management encryption (BYOK and KYOK), including service-to-service authorization policies with KMS.

Secure access with CBR

Create context-based restriction (CBR) rules for both instances and buckets.

    Version last updated: 04/06/2024
    Example

      Details

      Details

      Type
      • Terraform
      Provider
      • Community
      Category
      • Developer tools
      Last updated
      • 05/26/2025
      Product version
      • v8.1.7
      Example
      • Advanced

      Current weekly downloads

      Count: 2

      Advanced example

      This example creates buckets that are encrypted with your own keys (BYOK). The buckets include activity tracking, monitoring, and context-based restriction (CBR) rules.

      The following resources are provisioned by this example:

      • A new resource group, if an existing one is not passed in.
      • A service ID that is used to generate resource keys.
      • An IBM Cloud Monitoring instance in the given resource group and region.
      • An IBM Cloud Activity Tracker instance, if existing ones is not passed in, in the given resource group and region.
      • A Key Protect instance (with metrics enabled), a key ring, and a root key in the given resource group and region.
      • An IBM Cloud Object Storage instance in the given resource group and region.
      • An IAM authorization policy to allow the Object Storage instance read access to the Key Protect instance.
      • A regional bucket with BYOK KMS encryption, monitoring, and activity tracking.
      • A cross-regional bucket with KMS encryption, monitoring, and activity tracking.
      • A single-site-location bucket with hard quota, monitoring, and activity tracking.
      • A basic VPC and subnet.
      • A Context-based restriction (CBR) network zone containing the VPC.
      • CBR rules that allow only the VPC to access the Object Storage instance and buckets over the private endpoint.