IBM Cloud Docs
Learning about Schematics

Learning about Schematics

Schematics is an IBM Cloud service, that delivers Infrastructure as Code (IaC) tools as a service. You can use the capabilities of Schematics to consistently deploy and manage your cloud infrastructure environments. From a single pane of glass, you can run end-to-end automation to build one or more stacks of cloud resources, manage their lifecycle, manage changes in their configurations, deploy your app workloads, and perform day-2 operations.

IaC automation as-a-service

Building on open-source Ansible, Terraform, and related technologies like Git and Helm, IBM Cloud® Schematics provides a powerful set of IaC tools as a service to program your cloud infrastructure.

An IaC approach to infrastructure provisioning and automation improves consistency, speeds deployments, reduces manual errors, and avoids undocumented or ad hoc configuration changes.

With IaC, configuration files define your infrastructure, which also makes it easier to edit, share, and reuse configurations. By codifying your infrastructure, you provision the same environment every time avoiding undocumented, ad hoc configuration changes. Review the section on IaC best practices to learn more about the core IaC principles and best practices that you can adopt when using Schematics.

Schematics IaC offerings

Schematics builds on open-source Ansible, Terraform to provide a powerful set of IaC tools as a service to program your cloud infrastructure. With Schematics you can use this rich set of IaC automation capabilities to build stacks of cloud resources, manage their lifecycle, manage changes in their configurations, deploy your app workloads, and perform day-2 operations.

The three core Schematics offerings are:

Schematics workspaces

With Schematics workspaces, use Terraform to automate the provisioning and configuration management of your IBM Cloud resources, and rapidly build, duplicate, and scale complex, multitiered cloud environments. For more information, see Schematics workspaces.

Schematics actions

With Schematics actions, use Ansible playbooks to perform complex day-2 operations on your cloud resources, cloud environment, and app workloads. Whether you want to deploy multitiered apps, start or stop virtual servers or clusters, rotate keys, backup and restore app data, perform security scans, manage database schemas, or manage users, simply specify the tasks that you want to run in your playbook, and let Schematics securely connect and complete the tasks.For more information about managing Schematics actions and its features, see Schematics actions.

Schematics agents

Agents extends the existing Schematics shared multi-tenant service, with private dedicated workers (agents) running workspace and action jobs on your private network. Agents can provision configure, and operate your private or on-premises resources without any time, network, or software restrictions. For more information about the architecture and features of agents, see Schematics agents.

Benefits of using Schematics

You do not need to install the open source projects on your machine or learn their API and command-line. You need to simply point Schematics to your IaC code repository and let Schematics run the specified tasks.

Schematics benefits
Benefits Description
The open source projects used by Schematics Terraform, Ansible, Helm provisioning engine, and execution platform are tested, maintained, and monitored by IBM. IBM automatically applies the latest security standards and patches to Schematics to ensure reliability and availability of the service. You do not need to manually apply updates to the Schematics platform.
All versions are tested by IBM. As new versions of workspace and action become available, IBM begins with hardening and testing these versions, so that they can be supported in the Schematics platform. For more information, see when are new Terraform, and Ansible versions added to Schematics?
Schematics is fully integrated with IAM You can use service access roles to control who can access and collaborate on your workspaces and actions, or roll out changes. You can invite IBM Cloud users to your account and leverage IAM access groups to streamline the access assignment process in your organization. As a multi-tenant solution, Schematics creates all resources in your personal account. Resources are not shared or reused by other IBM Cloud tenants. Because Schematics is built on Kubernetes, IAM service access roles are mapped to role-based access controls (RBAC) in Kubernetes to enforce resource isolation within your account.
Full IBM support for the open-source tools and plug-ins related to IBM Cloud Schematics is fully integrated into the IBM Cloud support system. If you run into an issue by using the IBM Cloud Provider Plug-in for Terraform, or the Ansible modules for IBM Cloud, you can open an IBM Cloud support case.