Setting up Terraform for CIS

Terraform on IBM Cloud® enables predictable and consistent creation of IBM Cloud services so that you can rapidly build complex, multi-tier cloud environments following Infrastructure as Code (IaC) principles. Similar to using the IBM Cloud CLI or API and SDKs, you can automate the creation, update, and deletion of your IBM Cloud Internet Services instances by using HashiCorp Configuration Language (HCL).

Looking for a managed Terraform on IBM Cloud® solution? Try out IBM Cloud® Schematics. With Schematics, you can use the Terraform scripting language that you are familiar with, but you don't have to worry about setting up and maintaining the Terraform command line and the IBM Cloud® Provider plug-in. Schematics also provides pre-defined Terraform templates that you can easily install from the IBM Cloud® catalog.

Installing Terraform and configuring resources for IBM Cloud Internet Services

Before creating an authorization by using Terraform, complete the following prerequisites:

Make sure that you have the required access to create and work with IBM Cloud Internet Services.
Install the Terraform CLI and configure the IBM Cloud Provider plug-in for Terraform. For more information, see Getting started with Terraform on IBM Cloud. The plug-in abstracts the IBM Cloud APIs that are used to complete this task.
Create a Terraform configuration file named main.tf. Use this file to define the authorization between services by writing Terraform code in HashiCorp Configuration Language (HCL). For more information, see the Terraform documentation.

In your Terraform configuration file, find the Terraform code that you used to create the CIS instance.
Create a CIS instance by using the ibm_resource_instance resource argument in your main.tf file. The CIS instance in the following example is named test and is created with the Standard pricing plan. The resource_group_id is data.ibm_resource_group.group.id, and the location property is set to global.
```
data "ibm_resource_group" "group" {
  name = "test"
}

resource "ibm_cis" "cis_instance" {
  name              = "test"
  plan              = "standard-next"
  resource_group_id = data.ibm_resource_group.group.id
  tags              = ["tag1", "tag2"]
  location          = "global"

  //User can increase timeouts
  timeouts {
    create = "15m"
    update = "15m"
    delete = "15m"
  }
}
```
If you don't specify the resource_group_id, the CIS instance is created in the default resource group. The API_KEY must have permissions for this group.

If you migrate from one plan to another, the change is considered a modification of an existing resource. It isn't considered as a resource creation or deletion.
After you finish building your configuration file, initialize the Terraform CLI. For more information, see Initialize the Working Directory.
```
terraform init
```
Provision the resources from the main.tf file. For more information, see Terraform workflow for provisioning infrastructure.
1. Run terraform plan to generate a Terraform execution plan to preview the proposed actions.
```
terraform plan
```
2. Run terraform apply to create the resources that are defined in the plan.
```
terraform apply
```
From the IBM Cloud resource list, select the CIS instance that you created and note the instance ID.
Verify that the access policy is successfully assigned. For more information, see Reviewing assigned access in the console.

What's next?

Now that you successfully created your first CIS service instance with Terraform on IBM Cloud, you can visit the CIS Cloud Internet Services (CIS) Terraform registry to perform additional tasks using Terraform.