IBM Cloud Docs
Setting up Terraform for Transit Gateway

Setting up Terraform for Transit Gateway

Terraform on IBM Cloud® enables predictable and consistent provisioning of IBM Cloud services so that you can rapidly build complex, multitier cloud environments following Infrastructure as Code (IaC) principles. Similar to using the IBM Cloud CLI or API and SDKs, you can automate the provisioning, update, and deletion of your Transit Gateway instances by using HashiCorp Configuration Language (HCL).

Looking for a managed Terraform on IBM Cloud® solution? Try out IBM Cloud® Schematics. With Schematics, you can use the Terraform scripting language that you are familiar with, but you don't have to worry about setting up and maintaining the Terraform command line and the IBM Cloud® Provider plug-in. Schematics also provides pre-defined Terraform templates that you can easily install from the IBM Cloud® catalog.

Installing Terraform and configuring resources for Transit Gateway

Before you begin, make sure that you have the required access to create and work with Transit Gateway resources.

  1. Follow the Terraform on IBM Cloud® getting started tutorial to install the Terraform CLI and configure the IBM Cloud® Provider plug-in for Terraform. The plug-in abstracts the IBM Cloud® APIs that are used to provision, update, or delete Transit Gateway service instances and resources.

  2. Create a Terraform configuration file that is named main.tf. In this file, you add the configuration to create a Transit Gateway service instance and to assign a user an access policy in Identity and Access Management (IAM) for that instance by using HashiCorp Configuration Language (HCL). For more information, see the Terraform documentation.

    The Transit Gateway resource in the following example is named transit-gateway-1, located in us-south, uses global routing, and is assigned to 30951d2dff914dafb26455a88c0c0092, the resource group where the transit gateway is being created.

    For more information about arguments and attributes, see the ibm_tg_gateway usage example.

    resource "ibm_tg_gateway" "new_tg_gw" {
        name="transit-gateway-1"
        location="us-south"
        global=true
        resource_group="30951d2dff914dafb26455a88c0c0092"
    }
    
    resource "ibm_iam_user_policy" "policy" {
        ibm_id = "user@ibm.com"
        roles  = ["Administrator"]
        resources {
          service              = "transit"
          resource_instance_id = "ibm_tg_gateway.new_tg_gw.id"
        }
    }
    
  3. Initialize the Terraform CLI.

    terraform init
    
  4. Create a Terraform execution plan. The Terraform execution plan summarizes all the actions that need to be run to create the Transit Gateway instance in your account.

    terraform plan
    
  5. Create the Transit Gateway instance and IAM access policy in IBM Cloud.

    terraform apply
    
  6. From the IBM Cloud resource list, select the Transit Gateway instance that you created and note the instance ID.

  7. Verify that the access policy is successfully assigned. For more information, see Reviewing assigned access in the console.