name - (Required)[string] The name of the Backup Unit. This argument is immutable.
password - (Required)[string] The desired password for the Backup Unit
email
Import
A Backup Unit resource can be imported using its resource id, e.g.
This can be helpful when you want to import backup units which you have already created manually or using other means, outside of terraform. Please note that you need to manually specify the password when first declaring the resource in terraform, as there is no way to retrieve the password from the Cloud API.
Important Notes
Please note that at the moment, Backup Units cannot be renamed
Please note that the password attribute is write-only, and it cannot be retrieved from the API when importing a ionoscloud_backup_unit. The only way to keep track of it in Terraform is to specify it on the resource to be imported, thus, making it a required attribute.
⚠️ Only tokens are accepted for authorization in the ionoscloud_dns_reverse_record resource. Please ensure you are using tokens as other methods will not be valid.
Example Usage
Argument reference
name - (Required)[string] The reverse DNS record name.
ip - (Required)[string] Specifies for which IP address the reverse record should be created. The IP addresses needs to be owned by the contract.
description
Import
In order to import a DNS Reverse Record, you can define an empty DNS Reverse Record resource in the plan:
The resource can be imported using the record_id, for example:
ionoscloud_container_registry
Creates and manages IonosCloud Container Registry.
name - The name of the container registry. Immutable, update forces re-creation of the resource.
garbage_collection_schedule - (Optional)[Map]
⚠ WARNINGContainer Registry Vulnerability Scanning is a paid feature which is enabled by default, and cannot be turned off after activation. To disable this feature for a Container Registry, ensure vulnerability_scanning is set to false on resource creation.
Import
Resource Container Registry can be imported using the resource id, e.g.
ionoscloud_dns_zone
Creates and manages DNS Zone objects.
Manages a DNS Zone.
⚠️ Only tokens are accepted for authorization in the ionoscloud_dns_zone resource. Please ensure you are using tokens as other methods will not be valid.
name - (Required)[string] The name of the DNS Zone. This property is immutable.
description - (Optional)[string] The description for the DNS Zone.
enabled - (Optional)[bool] Indicates if the DNS Zone is active or not. Default is
Import
In order to import a DNS Zone, you can define an empty DNS Zone resource in the plan:
The resource can be imported using the zone_id, for example:
ionoscloud_datacenter_nsg_selection
Links a Network Security Group to a IonosCloud datacenter.
Links a Network Security Group to a IonosCloud datacenter. The datacenter can only have one linked NSG. To set a new NSG for the datacenter, the current one will be unlinked.
Example Usage
A Network Security Group can be linked to a ionoscloud_datacenter with this resource. Deleting the resource will unlink the NSG from the datacenter.
Select an external volume
Argument reference
datacenter_id - (Required)[string] The ID of a Virtual Data Center.
nsg_id - (Required)[string] The ID of a Network Security Group.
ionoscloud_pg_database
Creates and manages DbaaS Postgres Database objects.
Manages a DbaaS PgSql Database.
Example Usage
Create a PgSQL cluster as presented in the documentation for the cluster, then define a database resource and link it with the previously created cluster:
resource "ionoscloud_ipblock" "example" {
location = "de/fra"
size = 1
name = "example_ipblock"
}
resource "ionoscloud_dns_reverse_record" "recordexample" {
name = "reverse.record.example.com"
description = "example description"
ip = ionoscloud_ipblock.example.ips[0]
}
resource "ionoscloud_container_registry" "example" {
garbage_collection_schedule {
days = ["Monday", "Tuesday"]
time = "05:19:00+00:00"
}
location = "de/fra"
name = "container-registry-example"
api_subnet_allow_list = ["1.2.3.4/32"]
}
- (Required)[string] The email address assigned to the backup unit
login - (Computed) The login associated with the backup unit. Derived from the contract number
- (Optional)[string] Description stored along with the reverse DNS record to describe its usage.
time - (Required)[string]
days - (Required)[list] Elements of list must have one of the values: Saturday, Sunday, Monday, Tuesday, Wednesday, Thursday, Friday
location - (Required)[string] Immutable, update forces re-creation of the resource.
api_subnet_allow_list - (Optional)[list] The subnet CIDRs that are allowed to connect to the registry. Specify "a.b.c.d/32" for an individual IP address. Note: If this list is empty or not set, there are no restrictions.
features - (Optional)[Map]
vulnerability_scanning - (Optional)[bool] Enables or disables the Vulnerability Scanning feature for the Container Registry. To disable this feature, set the attribute to false when creating the CR resource.
A single Network Security Group can be attached at any time to a Datacenter. To do this, use the ionoscloud_datacenter_nsg_selection and provide the IDs of the NSG and Datacenter to link them. Deleting the resource or setting the empty string for the nsg_id field will de-attach any previously linked NSG from the Datacenter.
Argument Reference
The following arguments are supported:
name - (Required)[string] The name of the Virtual Data Center.
location - (Required)[string] The regional location where the Virtual Data Center will be created. This argument is immutable. Available locations: de/fra, us/las, us/ewr, de/txl
Import
Resource Datacenter can be imported using the resource id, e.g.
Auto-generate the datacenter resource in the dc.tf file using the following command:
The older syntax can be for importing the resource is still supported:
⚠️ Only tokens are accepted for authorization in the ionoscloud_dns_record resource. Please ensure you are using tokens as other methods will not be valid.
Example Usage
Argument reference
name - (Required)[string] The name of the DNS Record. This property is immutable.
type - (Required)[string] The type of the DNS Record, can have one of these values: A, AAAA, CNAME, ALIAS, MX, NS, SRV, TXT, CAA, SSHFP, TLSA, SMIMEA, DS, HTTPS, SVCB, OPENPGPKEY, CERT, URI, RP, LOC. More details about types can be found .
Import
In order to import a DNS Record, you can define an empty DNS Record resource in the plan:
The resource can be imported using the zone_id and the record_id, for example:
ionoscloud_application_loadbalancer
Creates and manages IonosCloud Application Load Balancer.
Manages Buckets server side encryption configuration on IonosCloud.
Manages Server Side Encryption Configuration for Buckets on IonosCloud.
⚠️ Note: The Terraform provider only supports contract-owned buckets. User-owned buckets are not supported, and there are no plans to introduce support for them. As a result, user-owned buckets cannot be created, updated, deleted, read, or imported using this provider.
Example Usage
Argument Reference
The following arguments are supported:
bucket - (Required)[string] The name of the bucket where the object will be stored.
rule - (Required)[block] A block of rule as defined below.
apply_server_side_encryption_by_default
Import
IONOS Object Storage Bucket server side encryption configuration can be imported using the bucket name.
ionoscloud_mariadb_cluster
Creates and manages DBaaS MariaDB Cluster objects.
Manages a .
Example Usage
ionoscloud_ipblock
Creates and manages IP Block objects.
Manages IP Blocks on IonosCloud. IP Blocks contain reserved public IP addresses that can be assigned servers or other resources.
Example Usage
ionoscloud_object_storage_accesskey
Creates and manages IonosCloud Object Storage Accesskeys.
Manages an on IonosCloud.
Example Usage
ionoscloud_pg_user
Creates and manages DbaaS Postgres User objects.
Manages a DbaaS PgSql User.
Example Usage
Create a PgSQL cluster as presented in the documentation for the cluster, then define a user resource and link it with the previously created cluster:
ionoscloud_s3_public_access_block
Creates and manages IonosCloud IONOS Object Storage Public Access Block for buckets.
Manages public acccess for Buckets on IonosCloud.
⚠️ Note: The Terraform provider only supports contract-owned buckets. User-owned buckets are not supported, and there are no plans to introduce support for them. As a result, user-owned buckets cannot be created, updated, deleted, read, or imported using this provider.
Example Usage
ionoscloud_s3_bucket_cors_configuration
Manages Buckets cors_configuration on IonosCloud.
Manages Object Lock Configuration for Buckets on IonosCloud.
⚠️ Note: The Terraform provider only supports contract-owned buckets. User-owned buckets are not supported, and there are no plans to introduce support for them. As a result, user-owned buckets cannot be created, updated, deleted, read, or imported using this provider.
Example Usage
ionoscloud_s3_versioning
Manages Buckets versioning on IonosCloud.
Manages Buckets versioning on IonosCloud.
⚠️ Note: The Terraform provider only supports contract-owned buckets. User-owned buckets are not supported, and there are no plans to introduce support for them. As a result, user-owned buckets cannot be created, updated, deleted, read, or imported using this provider.
- (Required)[int] ID of the listening (inbound) LAN.
ips - (Optional)[set] Collection of the Application Load Balancer IP addresses. (Inbound and outbound) IPs of the listenerLan are customer-reserved public IPs for the public Load Balancers, and private IPs for the private Load Balancers.
target_lan - (Required)[int] ID of the balanced private target LAN (outbound).
lb_private_ips - (Optional)[set] Collection of private IP addresses with the subnet mask of the Application Load Balancer. IPs must contain valid a subnet mask. If no IP is provided, the system will generate an IP with /24 subnet.
central_logging - (Optional)[bool] Turn logging on and off for this product. Default value is 'false'.
logging_lormat - (Optional)[string] Specifies the format of the logs.
flowlog - (Optional)[list] Only 1 flow log can be configured. Only the name field can change as part of an update. Flow logs holistically capture network information such as source and destination IP addresses, source and destination ports, number of packets, amount of bytes, the start and end time of the recording, and the type of protocol – and log the extent to which your instances are being accessed.
action - (Required)[string] Specifies the action to be taken when the rule is matched. Possible values: ACCEPTED, REJECTED, ALL. Immutable, forces re-creation.
bucket - (Required)[string] Specifies the IONOS Object Storage bucket where the flow log data will be stored. The bucket must exist. Immutable, forces re-creation.
direction - (Required)[string] Specifies the traffic direction pattern. Valid values: INGRESS, EGRESS, BIDIRECTIONAL. Immutable, forces re-creation.
name - (Required)[string] Specifies the name of the flow log.
de/fra
,
de/fra/2
.
server - (Required)[string] The URL of the certificate provider.
key_id - (Required)[string] The key ID of the external account binding.
key_secret - (Required)[string] The key secret of the external account binding
common_name - (Required)[string] The common name (DNS) of the certificate to issue. The common name needs to be part of a zone in IONOS Cloud DNS.
key_algorithm - (Required)[string] The key algorithm used to generate the certificate.
name - (Required)[string] A certificate name used for management purposes.
subject_alternative_names - (Optional)[list][string] Optional additional names to be added to the issued certificate. The additional names needs to be part of a zone in IONOS Cloud DNS.
last_issued_certificate_id - (Computed)[string] The ID of the last certificate that was issued.
- (Required)[block] Defines the default encryption settings.
sse_algorithm - (Required)[string] Server-side encryption algorithm to use. Valid values are 'AES256'
Argument reference
cluster_id - (Required)[string] The unique ID of the cluster. Updates to the value of the field force the cluster to be re-created.
username - (Required)[string] Used for authentication. Updates to the value of the field force the cluster to be re-created.
password - (Required)[string] User password.
is_system_user - (Computed)[bool] Describes whether this user is a system user or not. A system user cannot be updated or deleted.
Import
In order to import a PgSql user, you can define an empty user resource in the plan:
The resource can be imported using the clusterId and the username, for example:
Argument Reference
The following arguments are supported:
bucket - (Required)[string] The name of the bucket where the object will be stored.
ignore_public_acls - (Optional)[bool] Instructs the system to ignore any ACLs that grant public access. Even if ACLs are set to allow public access, they will be disregarded.
restrict_public_buckets - (Optional)[bool] Restricts access to buckets that have public policies. Buckets with policies that grant public access will have their access restricted.
block_public_policy - (Optional)[bool] Blocks public access to the bucket via bucket policies. Bucket policies that grant public access will not be allowed.
block_public_acls - (Optional)[bool] Indicates that access to the bucket via Access Control Lists (ACLs) that grant public access is blocked. In other words, ACLs that allow public access are not permitted.
Import
Resource Bucket access block can be imported using the bucket name
Argument Reference
The following arguments are supported:
bucket - (Required)[string] The name of the bucket where the object will be stored.
cors_rule - (Required)[block] A block of cors_rule as defined below.
allowed_headers - (Optional)[list] Specifies which headers are allowed in a preflight OPTIONS request through the Access-Control-Request-Headers header
allowed_methods - (Required)[list] An HTTP method that you allow the origin to execute. Valid values are GET, PUT, HEAD, POST, DELETE.
allowed_origins - (Required)[list] Specifies which origins are allowed to make requests to the resource.
expose_headers - (Optional)[list] Specifies which headers are exposed to the browser.
max_age_seconds - (Optional)[int] Specifies how long the results of a pre-flight request can be cached in seconds.
id - (Optional)[int] Container for the Contract Number of the owner
Days and years are mutually exclusive. You can only specify one of them.
Import
IONOS Object Storage Bucket cors configuration can be imported using the bucket name.
Argument Reference
The following arguments are supported:
bucket - (Required)[string] The name of the bucket where the object will be stored.
versioning_configuration - (Required)[block] A block of versioning_configuration as defined below.
status - (Required)[string] The versioning state of the bucket. Can be Enabled or Suspended.
mfa_delete - (Optional)[string] Specifies whether MFA delete is enabled or not. Can be Enabled or Disabled.
Import
IONOS Object Storage Bucket Versioning can be imported using the bucket name.
terraform import ionoscloud_s3_bucket_versioning.example example
Argument reference
mariadb_version - (Required)[string] The MariaDB version of your cluster. Cannot be downgraded.
instances - (Required)[int] The total number of instances in the cluster (one primary and n-1 secondary).
location- (Optional)[string] The location in which the cluster will be created. Different service endpoints are used based on location, possible options are: "de/fra", "de/txl", "es/vit", "fr/par", "gb/lhr", "us/ewr", "us/las", "us/mci". If not set, the endpoint will be the one corresponding to "de/txl".
cores - (Required)[int] The number of CPU cores per instance.
ram - (Required)[int] The amount of memory per instance in gigabytes (GB).
storage_size - (Required)[int] The amount of storage per instance in gigabytes (GB).
connections - (Required) The network connection for your cluster. Only one connection is allowed.
datacenter_id - (Required)[true] The datacenter to connect your cluster to.
lan_id
display_name - (Required)[string] The friendly name of your cluster.
maintenance_window - (Optional)(Computed) A weekly 4 hour-long window, during which maintenance might occur
time - (Required)[string] Start of the maintenance window in UTC time.
day_of_the_week
backup - (Optional) Properties configuring the backup of the cluster. Immutable, change forces re-creation of the cluster.
location - (Required)[string] The IONOS Object Storage location where the backups will be stored.
credentials - (Required) Credentials for the database user to be created.
username - (Required)[string] The username for the initial MariaDB user. Some system usernames are restricted (e.g 'mariadb', 'admin', 'standby').
password
dns_name - (Computed)[string] The DNS name pointing to your cluster.
⚠ WARNING:IONOS_API_URL_MARIADB can be used to set a custom API URL for the MariaDB Cluster. location field needs to be empty, otherwise it will override the custom API URL. Setting endpoint or IONOS_API_URL does not have any effect.
Import
Resource DBaaS MariaDB Cluster can be imported using the cluster_id and the location, separated by :, e.g.
location - (Required)[string] The regional location for this IP Block: us/las, us/ewr, de/fra, de/fkb.
size - (Required)[integer] The number of IP addresses to reserve for this block.
ips - (Computed)[integer] The list of IP addresses associated with this block.
ip_consumers (Computed) Read-Only attribute. Lists consumption detail of an individual ip
ip
mac
Import
Resource Ipblock can be imported using the resource id, e.g.
Argument Reference
The following arguments are supported:
description - (Optional)[string] Description of the Access key.
id - (Computed) The ID (UUID) of the AccessKey.
accesskey - (Computed) Access key metadata is a string of 92 characters.
secretkey - (Computed) The secret key of the Access key.
canonical_user_id - (Computed) The canonical user ID which is valid for user-owned buckets.
contract_user_id - (Computed) The contract user ID which is valid for contract-owned buckets
timeouts - (Optional) Timeouts for this resource.
create - (Optional)[string] Time to wait for the bucket to be created. Default is 10m.
delete
⚠ WARNING:IONOS_API_URL_OBJECT_STORAGE_MANAGEMENT can be used to set a custom API URL for the Object Storage Management SDK. Setting endpoint or IONOS_API_URL does not have any effect.
Import
An object storage accesskey resource can be imported using its resource id, e.g.
This can be helpful when you want to import Object Storage Accesskeys which you have already created manually or using other means, outside of terraform.
Creates and manages IonosCloud VPN Wireguard Gateway Peer objects.
This page provides an overview of the ionoscloud_vpn_wireguard_peer resource, which allows you to manage a WireGuard Peer in your cloud infrastructure. This resource enables the creation, management, and deletion of a WireGuard VPN Peer, facilitating secure connections between your network resources.
Example Usage
Argument Reference
The following arguments are supported:
gateway_id - (Required)[string] The ID of the WireGuard Gateway that the Peer will connect to.
location - (Optional)[string] The location of the WireGuard Gateway. Supported locations: de/fra, de/fra/2, de/txl, es/vit, gb/bhx, gb/lhr, us/ewr, us/las, us/mci, fr/par.
name
Attributes Reference
In addition to all arguments above, the following attributes are exported:
status - The current status of the WireGuard Gateway Peer.
Import
WireGuard Peers can be imported using the gateway_id and id, e.g.,
name - (Required)[string] Name of the NAT gateway.
public_ips - (Required)[list]Collection of public IP addresses of the NAT gateway. Should be customer reserved IP addresses in that location.
lans
Import
A Nat Gateway resource can be imported using its resource id and the datacenter id, e.g.
ionoscloud_nsg_firewallrule
Creates and manages IonosCloud Network Security Group Firewall Rule.
Manages a Network Security Group Rule on IonosCloud.
Example Usage
Argument Reference
The following arguments are supported:
nsg_id - (Required)[string] The ID of a Network Security Group.
datacenter_id - (Required)[string] The ID of a Virtual Data Center.
name - (Optional)[string] The name of the Network Security Group.
Import
Resource Server can be imported using the resource id, nsg id and datacenter id, e.g.
Or by using an import block.
ionoscloud_s3_key
Creates and manages IONOS Object Storage keys.
Manages an IONOS Object Storage Key on IonosCloud.
Example Usage
Argument Reference
The following arguments are supported:
user_id - (Required)[string] The UUID of the user owning the IONOS Object Storage Key.
active - (Optional)[boolean] Whether the IONOS Object Storage is active / enabled or not - Please keep in mind this is only required on create. Default value in true
Import
An IONOS Object Storage Unit resource can be imported using its user id as well as its resource id, e.g.
This can be helpful when you want to import IONOS Object Storage Keys which you have already created manually or using other means, outside of terraform.
⚠️ Note: Due to eventual consistency in the IONOS Cloud API, creating an S3 key immediately after assigning S3 privileges to a user may result in the error: "The user needs to be part of a group that has ACCESS_S3_OBJECT_STORAGE privilege". To mitigate this, set the environment variable IONOS_S3_KEY_CREATION_RETRY=true to enable automatic retries during S3 key creation. The provider will retry the creation until it succeeds or the configured timeout is reached. This is a temporary workaround until the API consistency issue is resolved.
⚠️ Only tokens are accepted for authorization in the monitoring_pipeline resource. Please ensure you are using tokens as other methods will not be valid.
Usage example
NOTE: The default timeout for all operations is 60 minutes. If you want to change the default value, you can use timeouts attribute inside the resource:
Argument reference
name - (Required)[string] The name of the Monitoring pipeline.
location - (Optional)[string] The location of the Monitoring pipeline. Default is de/fra. It can be one of de/fra, de/fra/2, de/txl, es/vit
⚠ NOTE:IONOS_API_URL_MONITORING can be used to set a custom API URL for the resource. location field needs to be empty, otherwise it will override the custom API URL.
Import
In order to import a Monitoring pipeline, you can define an empty Monitoring pipeline resource in the plan:
The resource can be imported using the location and pipeline_id, for example:
ionoscloud_gpu_server
Creates and manages IonosCloud GPU Server objects.
A GPU Server is a Virtual Machine (VM) provisioned from a GPU-enabled template.
Check out the
Example Usage
This resource will create an operational server. After this section completes, the provisioner can be called.
ionoscloud_nfs_cluster
Creates and manages Network File Storage (NFS) Share objects on IonosCloud.
Creates and manages Network File Storage (NFS) Share objects on IonosCloud.
Example Usage
ionoscloud_natgateway_rule
Creates and manages Nat Gateway Rule objects.
Manages a Nat Gateway Rule on IonosCloud.
Example Usage
ionoscloud_s3_bucket_website_configuration
Manages Buckets website configuration on IonosCloud.
Manages Website Configuration for Buckets on IonosCloud.
⚠️ Note: The Terraform provider only supports contract-owned buckets. User-owned buckets are not supported, and there are no plans to introduce support for them. As a result, user-owned buckets cannot be created, updated, deleted, read, or imported using this provider.
Example Usage
ionoscloud_cdn_distribution
Creates and manages IonosCloud CDN Distributions.
Manages a on IonosCloud.
Example Usage
ionoscloud_private_crossconnect
Creates and manages Cross Connections between virtual datacenters.
Manages a on IonosCloud. Cross Connect allows you to connect virtual data centers (VDC) with each other using a private LAN. The VDCs to be connected need to belong to the same IONOS Cloud contract and location. You can only use private LANs for a Cross Connect connection. A LAN can only be a part of one Cross Connect.
The IP addresses of the NICs used for the Cross Connect connection may not be used in more than one NIC and they need to belong to the same IP range.
Example Usage
ionoscloud_s3_bucket
Creates and manages IONOS Object Storage Buckets.
Manages on IonosCloud.
⚠️ Note: The Terraform provider only supports contract-owned buckets. User-owned buckets are not supported, and there are no plans to introduce support for them. As a result, user-owned buckets cannot be created, updated, deleted, read, or imported using this provider.
Example Usage
ionoscloud_share
Creates and manages share objects.
Manages Shares and list shares permissions granted to the group members for each shared resource.
Example Usage
ionoscloud_nsg
Creates and manages IonosCloud Network Security Group.
- (Required)[true] The numeric LAN ID to connect your cluster to.
cidr - (Required)[true] The IP and subnet for the database. Note the following unavailable IP ranges: 10.233.64.0/18, 10.233.0.0/18, 10.233.114.0/24. Please enter in the correct format like IP/Subnet, exp: 192.168.10.0/24. See Private IPs and Configuring the network.
- (Required)[string] The name of the week day.
- (Required)[string] The password for a MariaDB user.
nic_uuid
server_id
server_name
datacenter_id
datacenter_name
k8s_nodepool_uuid
k8s_cluster_uuid
- (Optional)[string] Time to wait for the bucket to be deleted. Default is
10m
.
- (Required)[string] The human-readable name of the WireGuard Gateway.
public_key - (Required)[string] The public key for the WireGuard Gateway.
description - (Optional)[string] A description of the WireGuard Gateway.
allowed_ips - (Required)[list, string] A list of subnet CIDRs that are allowed to connect to the WireGuard Gateway.
endpoint - (Optional)[block] An endpoint configuration block for the WireGuard Gateway. The structure of this block is as follows:
host - (Required)[string] The hostname or IPV4 address that the WireGuard Server will connect to.
port - (Optional)[int] The port that the WireGuard Server will connect to. Defaults to 51820.
- (Required)[list] A list of Local Area Networks the node pool should be part of.
id - (Required)[int] Id for the LAN connected to the NAT gateway.
gateway_ips - (Optional)[list] Collection of gateway IP addresses of the NAT gateway. Will be auto-generated if not provided. Should ideally be an IP belonging to the same subnet as the LAN.
datacenter_id - (Required)[string] A Datacenter's UUID.
protocol - (Required)[string] The protocol for the rule: TCP, UDP, ICMP, ANY. Property cannot be modified after creation (disallowed in update requests).
name - (Optional)[string] The name of the firewall rule.
source_mac - (Optional)[string] Only traffic originating from the respective MAC address is allowed. Valid format: aa:bb:cc:dd:ee:ff. Value null allows all source MAC address. Valid format: aa:bb:cc:dd:ee:ff.
source_ip - (Optional)(computed)[string] Only traffic originating from the respective IPv4 address is allowed. Value null allows all source IPs.
target_ip - (Optional)(Computed)[string] In case the target NIC has multiple IP addresses, only traffic directed to the respective IP address of the NIC is allowed. Value null allows all target IPs.
port_range_start - (Optional)[int] Defines the start range of the allowed port (from 1 to 65534) if protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.
port_range_end - (Optional)[int] Defines the end range of the allowed port (from 1 to 65534) if the protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.
icmp_type - (Optional)[string] Defines the allowed code (from 0 to 254) if protocol ICMP is chosen. Value null allows all codes.
icmp_code - (Optional)[int] Defines the allowed code (from 0 to 254) if protocol ICMP is chosen.
type - (Optional)(Computed)[string] The type of firewall rule. If is not specified, it will take the default value INGRESS.
secret_key
- (Computed) The IONOS Object Storage Secret key.
,
gb/bhx
,
gb/lhr
,
fr/par
,
us/mci
. If this is not set and if no value is provided for the
IONOS_API_URL_MONITORING
env var, the default
location
will be:
de/fra
.
grafana_endpoint - (Computed)[string] The endpoint of the Grafana instance.
http_endpoint - (Computed)[string] The HTTP endpoint of the monitoring instance.
key - (Computed)(Sensitive)[string] The key used to connect to the monitoring pipeline.
Argument reference
edit_privilege - (Optional)[Boolean] The group has permission to edit privileges on this resource.
group_id - (Required)[string] The ID of the specific group containing the resource to update.
resource_id - (Required)[string] The ID of the specific resource to update.
share_privilege - (Optional)[Boolean] The group has permission to share this resource.
⚠️ Note: There is a limitation due to which the creation of several shares at the same time leads to an error. To avoid this, parallelism=1 can be used when running terraform apply command in order to create the resources in a sequential manner. Another solution involves the usage of depends_on attributes inside the ionoscloud_share resource to enforce the sequential creation of the shares.
Import
Resource Share can be imported using the resource id, e.g.
Argument Reference
The following arguments are supported:
datacenter_id - (Required)[string] The ID of a Virtual Data Center.
name - (Optional)[string] The name of the Network Security Group.
description - (Optional)[string] Description for the Network Security Group.
rule_ids - (Computed) List of Firewall Rules that are part of the Network Security Group
Import
Resource Server can be imported using the resource id and the datacenter id, e.g.
Or by using an import block. Here is an example that allows you to import the default created nsg into terraform.
resource "ionoscloud_datacenter" "example" {
name = "Datacenter NSG Example"
location = "de/txl"
}
import {
to = ionoscloud_nsg.imported
id = "datacenter uuid/default nsg uuid"
}
resource "ionoscloud_nsg" "imported_default" { # Imported here
datacenter_id = ionoscloud_datacenter.example.id
}
GPU Server
Argument reference
template_uuid - (Required)[string] The UUID of the template used for creating a GPU server.
name - (Required)[string] The name of the server.
datacenter_id - (Required)[string] The ID of a Virtual Data Center.
hostname - (Optional)(Computed) The hostname of the resource. Allowed characters are a-z, 0-9 and - (minus). Hostname should not start with minus and should not be longer than 63 characters. If no value provided explicitly, it will be populated with the name of the server.
image_name - (Optional)[string] The name, ID or alias of the image. May also be a snapshot ID. It is required if licence_type is not provided. Attribute is immutable.
availability_zone - (Optional)[string] The availability zone in which the server should exist. This property is immutable.
licence_type - (Optional)[string] Sets the OS type of the server.
vm_state - (Optional)[string] Sets the power state of the GPU server. E.g: RUNNING or SUSPENDED.
volume - (Required) See the section.
nic - (Optional) See the section.
boot_volume - (Computed) The associated boot volume.
boot_cdrom - DEPRECATED Please refer to (Optional)[string] The associated boot drive, if any. Must be the UUID of a bootable CDROM image that can be retrieved using the data source.
boot_image - (Optional)[string] The image or snapshot UUID / name. May also be an image alias. It is required if licence_type is not provided.
primary_nic - (Computed) The associated NIC.
primary_ip - (Computed) The associated IP address.
firewallrule_id - (Computed) The associated firewall rule.
ssh_key_path - (Optional)[list] List of paths to files containing a public SSH key that will be injected into IonosCloud provided Linux images. Required for IonosCloud Linux images. Required if image_password is not provided.
image_password - (Optional)[string] Required if ssh_key_path is not provided.
security_groups_ids - (Optional) The list of Security Group IDs for the resource.
allow_replace - (Optional)[bool] When set to true, allows the update of immutable fields by first destroying and then re-creating the server.
⚠️ Warning: allow_replace - lets you update immutable fields, but it first destroys and then re-creates the server in order to do it. This field should be used with care, understanding the risks.
⚠ WARNING
Image_name under volume level is deprecated, please use image_name under server level
Import
Resource GPU Server can be imported using the resource id and the datacenter id, e.g.
location - (Optional) The location of the Network File Storage Cluster. If this is not set and if no value is provided for the IONOS_API_URL env var, the default location will be: de/fra. Other available locations are: de/fra/2, de/txl, fr/par, gb/lhr, es/vit, us/las, us/ewr, us/mci.
cluster_id - (Required) The ID of the Network File Storage Cluster.
name - (Required) The directory being exported.
quota - (Optional) The quota in MiB for the export. The quota can restrict the amount of data that can be stored within the export. The quota can be disabled using 0. Default is 0.
gid - (Optional) The group ID that will own the exported directory. If not set, anonymous (512) will be used.
uid - (Optional) The user ID that will own the exported directory. If not set, anonymous (512) will be used.
client_groups - (Required) The groups of clients are the systems connecting to the Network File Storage cluster. Each group includes:
description - (Optional) Optional description for the clients groups.
ip_networks
Import
A Network File Storage Share resource can be imported using its location, cluster_id and resource id:
Argument reference
name - (Required)[string] Name of the NAT gateway rule.
type - (Optional)[string] Type of the NAT gateway rule.
protocol - (Optional)[string] Protocol of the NAT gateway rule. Defaults to ALL. If protocol is 'ICMP' then targetPortRange start and end cannot be set.
source_subnet - (Required)[string] Source subnet of the NAT gateway rule. For SNAT rules it specifies which packets this translation rule applies to based on the packets source IP address.
public_ip - (Required)[string] Public IP address of the NAT gateway rule. Specifies the address used for masking outgoing packets source address field. Should be one of the customer reserved IP address already configured on the NAT gateway resource.
target_subnet - (Optional)[string] Target or destination subnet of the NAT gateway rule. For SNAT rules it specifies which packets this translation rule applies to based on the packets destination IP address. If none is provided, rule will match any address.
target_port_range - (Optional) Target port range of the NAT gateway rule. For SNAT rules it specifies which packets this translation rule applies to based on destination port. If none is provided, rule will match any port.
start - (Optional)[int] Target port range start associated with the NAT gateway rule.
datacenter_id - (Required)[string] A Datacenter's UUID.
A Nat Gateway Rule resource can be imported using its resource id, the datacenter id and the `natgateway id , e.g.
Argument Reference
The following arguments are supported:
bucket - (Required)[string] The name of the bucket where the object will be stored.
index_document - (Optional) Container for the Suffix element.
suffix - (Required) A suffix that is appended to a request that is for a directory on the website endpoint (for example, if the suffix is index.html and you make a request to samplebucket/images/ the data that is returned will be for the object with the key name images/index.html) The suffix must not be empty and must not include a slash character. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests.
error_document - (Optional) The object key name to use when a 4XX class error occurs. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests
key - (Required) The object key
redirect_all_requests_to - (Optional) Container for redirect information. You can redirect requests to another host, to another page, or with another protocol. In the event of an error, you can can specify a different error code to return.
host_name - (Optional) Name of the host where requests will be redirected.
protocol
routing_rule - (Optional) A container for describing a condition that must be met for the specified redirect to apply.
condition - (Required) A container for describing a condition that must be met for the specified redirect to apply.
Import
IONOS Object Storage Bucket website configuration can be imported using the bucket name.
Argument Reference
The following arguments are supported:
domain - (Required)[string] The domain of the distribution.
certificate_id - (Required)[string] The ID of the certificate to use for the distribution. You can create certificates with the certificate resource.
routing_rules - (Required)[list] The routing rules for the distribution.
scheme - (Required)[string] The scheme of the routing rule.
prefix - (Required)[string] The prefix of the routing rule.
upstream - (Required)[map] - A map of properties for the rule
Attributes Reference
public_endpoint_v4 - IP of the distribution, it has to be included on the domain DNS Zone as A record.
public_endpoint_v6 - IP of the distribution, it has to be included on the domain DNS Zone as AAAA record.
resource_urn - Unique resource indentifier.
Import
Resource Distribution can be imported using the resource id, e.g.
To connect two datacenters we need 2 lans defined, one in each datacenter. After, we reference the cross-connect through which we want the connection to be established.
Argument Reference
The following arguments are supported:
name - (Required)[string] The name of the cross-connection.
description - (Optional)[string] A short description for the cross-connection.
connectable datacenters - (Computed) A list containing all the connectable datacenters
id - The UUID of the connectable datacenter
name - The name of the connectable datacenter
location
peers - (Computed) Lists LAN's joined to this cross connect
lan_id - The id of the cross-connected LAN
lan_name
Import
A Cross Connect resource can be imported using its resource id, e.g.
This can be helpful when you want to import cross-connects which you have already created manually or using other means, outside of terraform.
name - (Required)[string] The bucket name. [ 3 .. 63 ] characters
region - (Optional)[string] Specifies the Region where the bucket will be created. Available regions are: eu-central-3, eu-central-4, us-central-1. Can be used only if the region is the same as the global region (set using IONOS_S3_REGION env var or s3_region provider attribute) or if the global region is unset. For using multiple different regions, please check the Working with multiple regions/locations section presented .
object_lock_enabled - (Optional)[bool] The object lock configuration status of the bucket. Must be true or false.
tags - (Optional) A mapping of tags to assign to the bucket.
timeouts - (Optional) Timeouts for this resource.
create - (Optional)[string] Time to wait for the bucket to be created. Default is 10m.
delete
force_destroy - (Optional)[bool] Default is false.By setting force_destroy to true, you instruct Terraform to delete the bucket and all its contents during the terraform destroy process. This is particularly useful when dealing with buckets that contain objects, as it allows for automatic cleanup without requiring the manual deletion of objects beforehand. If force_destroy is not set or is set to false, Terraform will refuse to delete a bucket that still contains objects. You must manually empty the bucket before Terraform can remove it.There is a significant risk of accidental data loss when using this attribute, as it irreversibly deletes all contents of the bucket. It's crucial to ensure that the bucket does not contain critical data before using force_destroy.
Attributes Reference
id - (Computed) Name of the bucket
⚠️ Note: The name must be unique across all IONOS accounts in all IONOS Object Storage regions. The name should adhere to the following restrictions.
Import
A bucket can be imported using the bucket name and the region:
The region can be omitted, in which case the bucket will be imported from the default location: eu-central-3.
Creates and manages IonosCloud Cube Server objects.
A Cube is a Virtual Machine (VM) with an attached NVMe Volume. You can use each newly created Cube as a new VM, either standalone or in combination with other IONOS Cloud products.
This resource will create an operational server. After this section completes, the provisioner can be called.
CUBE Server
With IPv6 Enabled
Argument reference
template_uuid - (Required)[string] The UUID of the template for creating a CUBE server; the available templates for CUBE servers can be found on the templates resource
name - (Required)[string] The name of the server.
datacenter_id
⚠️ Warning: allow_replace - lets you update immutable fields, but it first destroys and then re-creates the server in order to do it. This field should be used with care, understanding the risks.
⚠ WARNING
Image_name under volume level is deprecated, please use image_name under server level
⚠ WARNING
For creating a CUBE server, you can not set volume.size argument.
Import
Resource Server can be imported using the resource id and the datacenter id, e.g.
Notes
Please note that for any secondary volume, you need to set the licence_type property to UNKNOWN
ionoscloud_inmemorydb_replicaset
Creates and manages DBaaS InMemoryDB Replica Set objects.
display_name - (Required)[string] The human-readable name of your replica set.
location - (Optional)[string] The location of your replica set. Updates to the value of the field force the replica set to be re-created. If this is not set and if no value is provided for the IONOS_API_URL env var, the default location will be: de/fra, other available locations are: de/fra/2
⚠ NOTE:IONOS_API_URL_INMEMORYDB can be used to set a custom API URL for the resource. location field needs to be empty, otherwise it will override the custom API URL. Setting endpoint or IONOS_API_URL does not have any effect.
Import
Resource DBaaS InMemoryDB Replica Set can be imported using the replicaset_id and the location, separated by :, e.g:
ionoscloud_kafka_cluster
Creates and manages IonosCloud Kafka Cluster objects.
This resource will create an operational Kafka Cluster. After this section completes, the provisioner can be called.
Argument reference
id - (Computed)[string] The UUID of the Kafka Cluster.
name - (Required)[string] Name of the Kafka Cluster.
location - (Optional)[string] The location of the Kafka Cluster. Possible values:
⚠ NOTE:IONOS_API_URL_KAFKA can be used to set a custom API URL for the kafka resource. location field needs to be empty, otherwise it will override the custom API URL. Setting endpoint or IONOS_API_URL does not have any effect.
Import
Kafka Cluster can be imported using the location and kafka cluster id:
ionoscloud_k8s_cluster
Creates and manages IonosCloud Kubernetes Clusters.
name - (Required)[string] The name of the Kubernetes Cluster.
k8s_version - (Optional)[string] The desired Kubernetes Version. For supported values, please check the API documentation. Downgrades are not supported. The provider will ignore downgrades of patch level.
⚠️ Warning: allow_replace - lets you update immutable fields, but it first destroys and then re-creates the cluster in order to do it. Set the field to true only if you know what you are doing.
Import
A Kubernetes Cluster resource can be imported using its resource id, e.g.
This can be helpful when you want to import kubernetes clusters which you have already created manually or using other means, outside of terraform.
⚠️ Warning: **During a maintenance window, k8s can update your k8s_version if the old one reaches end of life. This upgrade will not be shown in the plan, as we prevent terraform from doing a downgrade, as downgrading k8s_version is not supported.
ionoscloud_networkloadbalancer
Creates and manages Network Load Balancer objects.
This will configure flowlog for ALL(rejected and accepted) ingress traffic and will log it into an existing ionos bucket named flowlog-bucket. Any s3 compatible client can be used to create it. Adding a flowlog does not force re-creation or the nic, but changing any other field than name will. Deleting a flowlog will also force nic re-creation.
Argument reference
name - (Required)[string] A name of that Network Load Balancer.
listener_lan - (Required)[int] Id of the listening LAN. (inbound)
ips
⚠️ Note: Removing the flowlog forces re-creation of the network load balancer resource.
Import
A Network Load Balancer resource can be imported using its resource id and the datacenter id e.g.
ionoscloud_firewall
Creates and manages Firewall Rules.
Manages a set of Firewall Rules on IonosCloud.
Example Usage
Argument reference
datacenter_id - (Required)[string] The Virtual Data Center ID.
server_id - (Required)[string] The Server ID.
nic_id
Import
Resource Firewall can be imported using the resource id, e.g.
ionoscloud_ipfailover
Creates and manages ipfailover objects.
Manages IP Failover groups on IonosCloud.
Example Usage
Argument reference
datacenter_id - (Required)[string] The ID of a Virtual Data Center.
ip - (Required)[string] The reserved IP address to be used in the IP failover group.
lan_id
⚠ WARNING: Do not modify the IP for an IP failover group (that was provisioned via Terraform) using the DCD, the API or other means because it may lead to unexpected behavior. If you provisioned an IP failover group using Terraform, please use only Terraform in order to manage the created IP failover group.
⚠ WARNING: For creating multiple IP failover groups at the same time, you can use one of the following options:
Create multiple IP failover groups resources and use depends_on meta-argument to specify the order of creation, for example:
Define the resources as presented above, but without using the depends_on meta-argument and run the apply command using -parallelism=1 as presented below:
Import
Resource IpFailover can be imported using the resource id, e.g.
A note on multiple NICs on an IP Failover
If you want to add a secondary NIC to an IP Failover, follow these steps:
Creating NIC A with failover IP on LAN 1
Create NIC B unde the same LAN but with a different IP
Create the IP Failover on LAN 1 with NIC A and failover IP of NIC A (A becomes now "master", no slaves)
After this you can create a new NIC C, NIC D and so on, in LAN 1, directly with the failover IP.
Please check for a full example with the above steps.
ionoscloud_s3_object_copy
Creates a copy of an object that is already stored in IONOS Object Storage.
Creates a copy of an object that is already stored in IONOS Object Storage.
⚠️ Note: The Terraform provider only supports contract-owned buckets. User-owned buckets are not supported, and there are no plans to introduce support for them. As a result, user-owned buckets cannot be created, updated, deleted, read, or imported using this provider.
Example Usage
Argument Reference
The following arguments are supported:
bucket - (Required)[string] The name of the bucket where the object will be stored. Must be between 3 and 63 characters.
key - (Required)[string] The key of the object. Must be at least 1 character long.
source
Import
Resource Object Copy can be imported using the bucket name and object copy key
ionoscloud_s3_bucket_lifecycle_configuration
Manages Buckets lifecycle configuration on IonosCloud.
Manages Lifecycle Configuration for Buckets on IonosCloud.
⚠️ Note: The Terraform provider only supports contract-owned buckets. User-owned buckets are not supported, and there are no plans to introduce support for them. As a result, user-owned buckets cannot be created, updated, deleted, read, or imported using this provider.
Example Usage
Argument Reference
The following arguments are supported:
bucket - (Required)[string] The name of the bucket where the object will be stored.
lifecycle_rule - (Required)[block] A block of lifecycle_rule as defined below.
id
Import
IONOS Object Storage Bucket lifecycle configuration can be imported using the bucket name.
datacenter_id - (Required)[string] The ID of the Virtual Data Center.
name - (Required)[string] The name of the snapshot.
volume_id - (Required)[string] The ID of the specific volume to take the snapshot from.
Attribute reference
Beside the configurable arguments, the resource returns the following additional attributes:
location - Location of that image/snapshot
size - The size of the image in GB
sec_auth_protection - Boolean value representing if the snapshot requires extra protection e.g. two factor protection
Import
Resource Snapshot can be imported using the snapshot id, e.g.
ionoscloud_lan
Creates and manages LAN objects.
Manages a LAN on IonosCloud.
Example Usage
Example Usage With IPv6 Enabled
Argument reference
datacenter_id - (Required)[string] The ID of a Virtual Data Center.
name - (Optional)[string] The name of the LAN.
public
Import
Resource Lan can be imported using the resource id, e.g.
Important Notes
Please note that only LANs datacenters found in the same physical location can be connected through a Cross-connect
A LAN cannot be a part of two Cross-connects
ionoscloud_mongo_cluster
Creates and manages DbaaS MongoDB Cluster objects.
Manages a .
Example Usage for playground or business editions. They require template_id defined.
ionoscloud_loadbalancer
Creates and manages Load Balancers
Manages a Load Balancer on IonosCloud.
Example Usage
ionoscloud_user
Creates and manages user objects.
Manages Users and list users and groups associated with that user.
Example Usage with write only password that is not saved in state:
Note: Requires Terraform 1.11 or higher. In this way, the password is not saved in state. password_wo must be used along with password_wo_version. Updating
- (Required) The allowed host or network to which the export is being shared. The IP address can be either IPv4 or IPv6 and has to be given with CIDR notation.
hosts - (Required) A singular host allowed to connect to the share. The host can be specified as IP address and can be either IPv4 or IPv6.
nfs - (Required) NFS specific configurations. Each configuration includes:
squash - (Required) The squash mode for the export. The squash mode can be:
none - No squash mode. no mapping,
root-anonymous - Map root user to anonymous uid,
all-anonymous - Map all users to anonymous uid.
end - (Optional)[int] Target port range end associated with the NAT gateway rule.
- (Optional) Protocol to use (http, https).
http_error_code_returned_equals
- (Optional) The HTTP error code when the redirect is applied. In the event of an error, if the error code equals this value, then the specified redirect is applied.
key_prefix_equals - (Optional) The object key name prefix when the redirect is applied. For example, to redirect requests for ExamplePage.html, the key prefix will be ExamplePage.html. To redirect request for all pages with the prefix example, the key prefix will be /example.
redirect - (Required) Container for the redirect information.
host_name - (Optional) The host name to use in the redirect request.
http_redirect_code - (Optional) The HTTP redirect code to use on the response. Not required if one of the siblings is present.
protocol - (Optional) Protocol to use (http, https).
replace_key_prefix_with - (Optional) The object key to be used in the redirect request. For example, redirect request to error.html, the replace key prefix will be /error.html. Not required if one of the siblings is present.
replace_key_with - (Optional) The specific object key to use in the redirect request. For example, redirect request for error.html, the replace key will be /error.html. Not required if one of the siblings is present.
http_redirect_code - (Optional) The HTTP redirect code to use on the response. Not required if one of the siblings is present.
host - (Required)[string] The upstream host that handles the requests if not already cached. This host will be protected by the WAF if the option is enabled.
caching - (Required)[bool] Enable or disable caching. If enabled, the CDN will cache the responses from the upstream host. Subsequent requests for the same resource will be served from the cache.
waf - (Required)[bool] Enable or disable WAF to protect the upstream host.
sni_mode - (Required)[string] The SNI (Server Name Indication) mode of the upstream. It supports two modes: 1) distribution: for outgoing connections to the upstream host, the CDN requires the upstream host to present a valid certificate that matches the configured domain of the CDN distribution; 2) origin: for outgoing connections to the upstream host, the CDN requires the upstream host to present a valid certificate that matches the configured upstream/origin hostname.
rate_limit_class - (Required)[string] Rate limit class that will be applied to limit the number of incoming requests per IP.
geo_restrictions - (Optional)[map] - A map of geo_restrictions
allow_list - (Optional)[string] List of allowed countries
block_list - (Optional)[string] List of blocked countries
- The physical location of the connectable datacenter
- The name of the cross-connected LAN
datacenter_id - The id of the cross-connected datacenter
datacenter_name - The name of the cross-connected datacenter
location - The location of the cross-connected datacenter
- (Required)[string] The ID of a Virtual Data Center.
hostname - (Optional)(Computed) The hostname of the resource. Allowed characters are a-z, 0-9 and - (minus). Hostname should not start with minus and should not be longer than 63 characters. If no value provided explicitly, it will be populated with the name of the server
image_name - (Optional)[string] The name, ID or alias of the image. May also be a snapshot ID. It is required if licence_type is not provided. Attribute is immutable.
availability_zone - (Optional)[string] The availability zone in which the server should exist. This property is immutable.
licence_type - (Optional)[string] Sets the OS type of the server.
vm_state - (Optional)[string] Sets the power state of the cube server. E.g: RUNNING or SUSPENDED.
boot_volume - (Computed) The associated boot volume.
boot_cdrom - DEPRECATED Please refer to ionoscloud_server_boot_device_selection (Optional)[string] The associated boot drive, if any. Must be the UUID of a bootable CDROM image that can be retrieved using the ionoscloud_image data source.
boot_image - (Optional)[string] The image or snapshot UUID / name. May also be an image alias. It is required if licence_type is not provided.
primary_nic - (Computed) The associated NIC.
primary_ip - (Computed) The associated IP address.
firewallrule_id - (Computed) The associated firewall rule.
ssh_key_path - (Optional)[list] List of paths to files containing a public SSH key that will be injected into IonosCloud provided Linux images. Required for IonosCloud Linux images. Required if image_password is not provided.
image_password - (Optional)[string] Required if ssh_key_path is not provided.
security_groups_ids - (Optional) The list of Security Group IDs for the resource.
allow_replace - (Optional)[bool] When set to true, allows the update of immutable fields by first destroying and then re-creating the server.
,
de/txl
,
es/vit
,
gb/bhx
,
gb/lhr
,
us/ewr
,
us/las
,
us/mci
,
fr/par
version - (Required)[string] The InMemoryDB version of your replica set.
replicas - (Required)[int] The total number of replicas in the replica set (one active and n-1 passive). In case of a standalone instance, the value is 1. In all other cases, the value is > 1. The replicas will not be available as read replicas, they are only standby for a failure of the active instance.
resources - (Required)[object] The resources of the individual replicas.
cores - (Required)[int] The number of CPU cores per instance.
ram - (Required)[int] The amount of memory per instance in gigabytes (GB).
storage - (Computed)[int] The size of the storage in GB. The size is derived from the amount of RAM and the persistence mode and is not configurable.
persistence_mode - (Required)[string] Specifies How and If data is persisted, possible values are:
None - Data is inMemory only and will not be persisted. Useful for cache only applications.
AOF - (Append Only File) AOF persistence logs every write operation received by the server. These operations can then be replayed again at server startup, reconstructing the original dataset. Commands are logged using the same format as the InMemoryDB protocol itself.
RDB - RDB persistence performs snapshots of the current in memory state.
RDB_AOF - Both RDB and AOF persistence are enabled.
eviction_policy - (Required)[string] The eviction policy for the replica set, possible values are:
noeviction - No eviction policy is used. InMemoryDB will never remove any data. If the memory limit is reached, an error will be returned on write operations.
allkeys-lru - The least recently used keys will be removed first.
allkeys-lfu - The least frequently used keys will be removed first.
allkeys-random - Random keys will be removed.
volatile-lru - The least recently used keys will be removed first, but only among keys with the expire field set to true.
volatile-lfu - The least frequently used keys will be removed first, but only among keys with the expire field set to true.
volatile-random - Random keys will be removed, but only among keys with the expire field set to true.
volatile-ttl - The key with the nearest time to live will be removed first, but only among keys with the expire field set to true.
connections - (Required)[object] The network connection for your replica set. Only one connection is allowed. Updates to the value of the fields force the replica set to be re-created.
datacenter_id - (Required)[string] The datacenter to connect your instance to.
lan_id - (Required)[string] The numeric LAN ID to connect your instance to.
cidr - (Required)[string] The IP and subnet for your instance. Note the following unavailable IP ranges: 10.233.64.0/18, 10.233.0.0/18, 10.233.114.0/24.
credentials - (Required)[object] Credentials for the InMemoryDB replicaset, only one type of password can be used since they are mutually exclusive. These values are used to create the initial InMemoryDB user, updating any of these will force recreation of the replica set resource.
username - (Required)[string] The username for the initial InMemoryDB user. Some system usernames are restricted (e.g. 'admin', 'standby').
plain_text_password - (Optional)[string] The password for a InMemoryDB user, this is a field that is marked as Sensitive.
hashed_password - (Optional)[object] The hashed password for a InMemoryDB user.
algorithm - (Required)[string] The value can be only: "SHA-256".
hash - (Required)[string] The hashed password.
maintenance_window - (Optional)(Computed) A weekly 4 hour-long window, during which maintenance might occur.
time - (Required)[string] Start of the maintenance window in UTC time.
day_of_the_week - (Required)[string] The name of the week day.
initial_snapshot_id - (Optional)[string] The ID of a snapshot to restore the replica set from. If set, the replica set will be created from the snapshot.
dns_name - (Computed)[string] The DNS name pointing to your replica set. Will be used to connect to the active/standalone instance.
de/fra
,
de/fra/2
,
de/txl
,
fr/par
,
es/vit
,
gb/lhr
,
gb/bhx
,
us/las
,
us/mci
,
us/ewr
. If this is not set and if no value is provided for the
IONOS_API_URL
env var, the default
location
will be:
de/fra
.
version - (Required)[string] Version of the Kafka Cluster. Possible values: 3.9.0
size - (Required)[string] Size of the Kafka Cluster. Possible values: XS, S
connections - (Required) Connection information of the Kafka Cluster. Minimum items: 1, maximum items: 1.
datacenter_id - (Required)[string] The datacenter to connect your instance to.
lan_id - (Required)[string] The numeric LAN ID to connect your instance to.
broker_addresses - (Required)[list] IP addresses and subnet of cluster brokers. Note the following unavailable IP range: 10.224.0.0/11
broker_addresses - (Computed)[list] IP address and port of cluster brokers.
maintenance_window - (Optional) A maintenance window comprise of a day of the week and a time for maintenance to be allowed
time - (Required)[string] A clock time in the day when maintenance is allowed
day_of_the_week - (Required)[string] Day of the week when maintenance is allowed
viable_node_pool_versions - (Computed)[list] List of versions that may be used for node pools under this cluster
api_subnet_allow_list - (Optional)[list] Access to the K8s API server is restricted to these CIDRs. Cluster-internal traffic is not affected by this restriction. If no allowlist is specified, access is not restricted. If an IP without subnet mask is provided, the default value will be used: 32 for IPv4 and 128 for IPv6.
s3_buckets - (Optional)[list] List of IONOS Object Storage buckets configured for K8s usage. For now it contains only an IONOS Object Storage bucket used to store K8s API audit logs.
public - (Optional)[boolean] Indicates if the cluster is public or private. This attribute is immutable.
nat_gateway_ip - (Optional)[string] The NAT gateway IP of the cluster if the cluster is private. This attribute is immutable. Must be a reserved IP in the same location as the cluster's location. This attribute is mandatory if the cluster is private.
node_subnet - (Optional)[string] The node subnet of the cluster, if the cluster is private. This attribute is optional and immutable. Must be a valid CIDR notation for an IPv4 network prefix of 16 bits length.
location - (Optional)[string] This attribute is mandatory if the cluster is private. The location must be enabled for your contract, or you must have a data center at that location. This property is not adjustable.
allow_replace - (Optional)[bool] When set to true, allows the update of immutable fields by first destroying and then re-creating the cluster.
- (Optional)[list] Collection of IP addresses of the Network Load Balancer. (inbound and outbound) IP of the listenerLan must be a customer reserved IP for the public load balancer and private IP for the private load balancer.
target_lan - (Required)[int] Id of the balanced private target LAN. (outbound)
lb_private_ips - (Optional)[list] Collection of private IP addresses with subnet mask of the Network Load Balancer. IPs must contain valid subnet mask. If user will not provide any IP then the system will generate one IP with /24 subnet.
central_logging - (Optional)[bool] Turn logging on and off for this product. Default value is 'false'.
logging_lormat - (Optional)[string] Specifies the format of the logs.
datacenter_id - (Required)[string] A Datacenter's UUID.
flowlog - (Optional)[list] Only 1 flow log can be configured. Only the name field can change as part of an update. Flow logs holistically capture network information such as source and destination IP addresses, source and destination ports, number of packets, amount of bytes, the start and end time of the recording, and the type of protocol – and log the extent to which your instances are being accessed.
action - (Required)[string] Specifies the action to be taken when the rule is matched. Possible values: ACCEPTED, REJECTED, ALL. Immutable, forces re-creation.
bucket - (Required)[string] Specifies the IONOS Object Storage bucket where the flow log data will be stored. The bucket must exist. Immutable, forces re-creation.
direction - (Required)[string] Specifies the traffic direction pattern. Valid values: INGRESS, EGRESS, BIDIRECTIONAL. Immutable, forces re-creation.
name - (Required)[string] Specifies the name of the flow log.
- (Required)[string] The NIC ID.
protocol - (Required)[string] The protocol for the rule: TCP, UDP, ICMP, ANY. Property cannot be modified after creation (disallowed in update requests).
name - (Optional)[string] The name of the firewall rule.
source_mac - (Optional)[string] Only traffic originating from the respective MAC address is allowed. Valid format: aa:bb:cc:dd:ee:ff. Value null allows all source MAC address. Valid format: aa:bb:cc:dd:ee:ff.
source_ip - (Optional)[string] Only traffic originating from the respective IPv4 address is allowed. Value null allows all source IPs.
target_ip - (Optional)[string] In case the target NIC has multiple IP addresses, only traffic directed to the respective IP address of the NIC is allowed. Value null allows all target IPs.
port_range_start - (Optional)[int] Defines the start range of the allowed port (from 1 to 65534) if protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.
port_range_end - (Optional)[int] Defines the end range of the allowed port (from 1 to 65534) if the protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.
icmp_type - (Optional)[string] Defines the allowed code (from 0 to 254) if protocol ICMP is chosen. Value null allows all codes.
icmp_code - (Optional)[int] Defines the allowed code (from 0 to 254) if protocol ICMP is chosen.
type - (Optional)[string] The type of firewall rule. If is not specified, it will take the default value INGRESS.
- (Required)[string] The ID of a LAN.
nicuuid - (Required)[string] The ID of a NIC.
Update NIC B IP to be the failover IP ( B becomes now a slave, A remains master)
- (Optional)[string] The source of the object to be copied
copy_source_if_match - (Optional)[string] Copies the object if its entity tag (ETag) matches the specified tag.
copy_source_if_none_match - (Optional)[string] Copies the object if its entity tag (ETag) is different than the specified ETag.
copy_source_if_modified_since - (Optional)[string] Copies the object if it has been modified since the specified time.
copy_source_if_unmodified_since - (Optional)[string] Copies the object if it hasn't been modified since the specified time.
cache_control - (Optional)[string] Specifies caching behavior along the request/reply chain.
content_disposition - (Optional)[string] Specifies presentational information for the object.
content_encoding - (Optional)[string] Specifies what content encodings have been applied to the object.
content_language - (Optional)[string] The natural language or languages of the intended audience for the object.
content_type - (Optional)[string] A standard MIME type describing the format of the contents.
expires - (Optional)[string] The date and time at which the object is no longer cacheable.
server_side_encryption - (Optional)[string] The server-side encryption algorithm used when storing this object in IONOS Object Storage. Valid value is AES256.
storage_class - (Optional)[string] The storage class of the object. Valid value is STANDARD. Default is STANDARD.
website_redirect - (Optional)[string] Redirects requests for this object to another object in the same bucket or to an external URL.
server_side_encryption_customer_algorithm - (Optional)[string] Specifies the algorithm to use for encrypting the object. Valid value is AES256.
server_side_encryption_customer_key - (Optional)[string] Specifies the 256-bit, base64-encoded encryption key to use to encrypt and decrypt your data.
server_side_encryption_customer_key_md5 - (Optional)[string] Specifies the 128-bit MD5 digest of the encryption key.
server_side_encryption_context - (Optional)[string] Specifies the IONOS Object Storage Encryption Context for object encryption.
source_customer_algorithm - (Optional)[string] Specifies the algorithm used for source object encryption. Valid value is AES256.
source_customer_key - (Optional)[string] Specifies the 256-bit, base64-encoded encryption key for source object encryption.
source_customer_key_md5 - (Optional)[string] Specifies the 128-bit MD5 digest of the encryption key for source object encryption.
object_lock_mode - (Optional)[string] The object lock mode that you want to apply to the object. Valid values are GOVERNANCE and COMPLIANCE.
object_lock_retain_until_date - (Optional)[string] The date and time when the object lock retention expires.Must be in RFC3999 format
object_lock_legal_hold - (Optional)[string] Indicates whether a legal hold is in effect for the object. Valid values are ON and OFF.
etag - (Computed)[string] An entity tag (ETag) is an opaque identifier assigned by a web server to a specific version of a resource found at a URL.
last_modified - (Computed)[string] The date and time at which the object was last modified.
metadata_directive - (Optional)[string] Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request. Valid values are COPY and REPLACE.
metadata - (Optional)[map] A map of metadata to store with the object in IONOS Object Storage. Metadata keys must be lowercase alphanumeric characters.
tagging_directive - (Optional)[string] Specifies whether the object tag-set is copied from the source object or replaced with tag-set provided in the request. Valid values are COPY and REPLACE.
tags - (Optional)[map] The tag-set for the object.
version_id - (Computed)[string] The version of the object.
force_destroy - (Optional)[bool] If true, the object will be destroyed if versioning is enabled then all versions will be destroyed. Default is false.
- (Optional)[int] Container for the Contract Number of the owner
prefix - (Required)[string] DEPRECATED! This field does not do anything! Will be removed in a future version, use filter instead. Prefix identifying one or more objects to which the rule applies.
filter - (Optional)[block] A filter identifying one or more objects to which the rule applies.
prefix - (Optional)[string] Prefix identifying one or more objects to which the rule applies. Cannot be used at the same time as prefix in the lifecycle rule.
status - (Required)[string] The lifecycle rule status. Valid values are Enabled or Disabled.
expiration - (Optional)[block] A lifecycle rule for when an object expires.
days - (Optional)[int] Specifies the number of days after object creation when the object expires. Required if 'date' is not specified.
date - (Optional)[string] Specifies the date after which you want the specific rule action to take effect.
expired_object_delete_marker - (Optional)[bool] Indicates whether IONOS Object Storage will remove a delete marker with no noncurrent versions. If set to true, the delete marker will be expired; if set to false the policy takes no operation. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
noncurrent_version_expiration - (Optional)[block] A lifecycle rule for when non-current object versions expire.
noncurrent_days - (Optional)[int] Specifies the number of days an object is noncurrent before the associated action can be performed.
abort_incomplete_multipart_upload - (Optional)[block] Specifies the days since the initiation of an incomplete multipart upload that IONOS Object Storage will wait before permanently removing all parts of the upload.
days_after_initiation - (Optional)[int] Specifies the number of days after which IONOS Object Storage aborts an incomplete multipart upload.
description - (Optional)(Computed)[string] Human readable description
licence_type - (Optional)(Computed)[string] OS type of this Snapshot
cpu_hot_plug - (Optional)(Computed)[string] Is capable of CPU hot plug (no reboot required). Can only be updated.
ram_hot_plug - (Optional)(Computed)[string] Is capable of memory hot plug (no reboot required). Can only be updated.
disc_virtio_hot_plug - (Optional)(Computed)[string] Is capable of Virt-IO drive hot plug (no reboot required). Can only be updated.
disc_virtio_hot_unplug - (Optional)(Computed)[string] Is capable of Virt-IO drive hot unplug (no reboot required). This works only for non-Windows virtual Machines. Can only be updated.
nic_hot_plug - (Optional)(Computed)[string] Is capable of nic hot plug (no reboot required). Can only be updated.
nic_hot_unplug - (Optional)(Computed)[string] Is capable of nic hot unplug (no reboot required). Can only be updated.
require_legacy_bios - (Optional)(Computed)[boolean] Indicates if the image requires the legacy BIOS for compatibility or specific needs. During creation, if an image is used, the value will be inherited from the image, regardless of the value set in the plan. Later on, the value can be updated.
cpu_hot_unplug - Is capable of CPU hot unplug (no reboot required)
ram_hot_unplug - Is capable of memory hot unplug (no reboot required)
disc_scsi_hot_plug - Is capable of SCSI drive hot plug (no reboot required)
disc_scsi_hot_unplug - Is capable of SCSI drive hot unplug (no reboot required). This works only for non-Windows virtual Machines.
- (Optional)[Boolean] Indicates if the LAN faces the public Internet (true) or not (false).
pcc - (Optional)[String] The unique id of a ionoscloud_private_crossconnect resource, in order. It needs to be ensured that IP addresses of the NICs of all LANs connected to a given Cross Connect is not duplicated and belongs to the same subnet range
ipv4_cidr_block - (Computed)[String] For public LANs this property is null, for private LANs it contains the private IPv4 CIDR range. This property is a read only property.
ipv6_cidr_block - (Computed, Optional) Contains the LAN's /64 IPv6 CIDR block if this LAN is IPv6 enabled. 'AUTO' will result in enabling this LAN for IPv6 and automatically assign a /64 IPv6 CIDR block to this LAN. If you specify your own IPv6 CIDR block then you must provide a unique /64 block, which is inside the IPv6 CIDR block of the virtual datacenter and unique inside all LANs from this virtual datacenter.
ip_failover - (Computed) IP failover configurations for lan
ip
nic_uuid
Argument reference
name - (Required)[string] The name of the load balancer.
datacenter_id - (Required)[string] The ID of a Virtual Data Center.
nic_ids - (Required)[list] A list of NIC IDs that are part of the load balancer.
dhcp - (Optional)[Boolean] Indicates if the load balancer will reserve an IP using DHCP.
ip - (Optional)[string] IPv4 address of the load balancer.
Import
Resource Load Balancer can be imported using the resource id, e.g.
A note on nics
When declaring NIC resources to be used with the load balancer, please make sure you use the "lifecycle meta-argument" to make sure changes to the lan attribute of the nic are ignored.
Please see the Nic resource's documentation for an example on how to do that.
data "ionoscloud_template" "example" {
name = "Basic Cube XS"
}
resource "ionoscloud_datacenter" "example" {
name = "Datacenter Example"
location = "de/txl"
}
resource "ionoscloud_lan" "example" {
datacenter_id = ionoscloud_datacenter.example.id
public = true
name = "Lan Example"
}
resource "ionoscloud_cube_server" "example" {
name = "Server Example"
image_name = "ubuntu:latest"
template_uuid = data.ionoscloud_template.example.id
image_password = random_password.server_image_password.result
datacenter_id = ionoscloud_datacenter.example.id
volume {
name = "Volume Example"
licence_type = "LINUX"
disk_type = "DAS"
}
nic {
lan = ionoscloud_lan.example.id
name = "Nic Example"
dhcp = true
firewall_active = true
}
}
resource "random_password" "server_image_password" {
length = 16
special = false
}
Enterprise Support: With MongoDB Enterprise, you gain access to professional support from the MongoDB team ensuring that you receive timely assistance and expert guidance when needed. IONOS offers enterprise-grade Service Level Agreements (SLAs), guaranteeing rapid response times and 24/7 support to address any critical issues that may arise.
Argument reference
edition - (Optional)(Computed)[string] Cluster edition. Playground, business or enterprise.
mongodb_version - (Required)[string] The MongoDB version of your cluster. Downgrade is not possible and will throw an error.
template_id - (Optional)[string] The unique ID of the template, which specifies the number of cores, storage size, and memory. Updates to the value of the field force the cluster to be re-created. Required for playground and business editions. Must not be provided for enterprise edition.
instances - (Required)[int] The total number of instances in the cluster (one master and n-1 standbys). Example: 1, 3, 5, 7. Updates to the value of the field force the cluster to be re-created.
display_name - (Required)[string] The name of your cluster. Updates to the value of the field force the cluster to be re-created.
location - (Required)[string] The physical location where the cluster will be created. Property cannot be modified after datacenter creation (disallowed in update requests). Available locations: de/fra, us/las, us/ewr, de/txl, gb/lhr, gb/bhx, es/vit, fr/par, us/mci
connections - (Required)[List] Details about the network connection for your cluster. Updates to the value of the field force the cluster to be re-created.
datacenter_id - (Required)[string] The datacenter to connect your cluster to.
maintenance_window - (Optional)(Computed) A weekly 4 hour-long window, during which maintenance might occur. Updates to the value of the field force the cluster to be re-created.
time - (Required)[string]
connection_string - (Computed)[string] The physical location where the cluster will be created. This will be where all of your instances live. Updates to the value of the field force the cluster to be re-created. Available locations: de/txl, gb/lhr, es/vit
ram - (Optional)(Computed)[int]The amount of memory per instance in megabytes. Required for enterprise edition.
storage_size - (Optional)(Computed)[int] The amount of storage per instance in MB. Required for enterprise edition.
storage_type - (Optional)(Computed)[String] The storage type used in your cluster. Required for enterprise edition.
cores - (Optional)(Computed)[int] The number of CPU cores per replica. Required for enterprise edition.
shards - (Optional)[int]The total number of shards in the cluster.
type - (Optional)(Computed)[string]The cluster type, either replicaset or sharded-cluster.
bi_connector - (Optional)(Computed)The MongoDB Connector for Business Intelligence allows you to query a MongoDB database using SQL commands to aid in data analysis.
enabled: (Optional)[bool] - The status of the BI Connector. If not set, the BI Connector is disabled.
host
backup - (Optional)[list]
location: (Optional)[string] - The location where the cluster backups will be stored. If not set, the backup is stored in the nearest location of the cluster. Possible values are de, eu-south-2, or eu-central-2.
Import
Resource DbaaS MongoDb Cluster can be imported using the cluster_id, e.g.
administrator - (Required)[Boolean] Indicates if the user has administrative rights. Administrators do not need to be managed in groups, as they automatically have access to all resources associated with the contract.
email - (Required)[string] An e-mail address for the user.
first_name - (Required)[string] A first name for the user.
force_sec_auth - (Required)[Boolean] Indicates if secure (two-factor) authentication should be forced for the user (true) or not (false).
last_name - (Required)[string] A last name for the user.
password - (Optional)[string] A password for the user. If you are using terraform 1.11 or higher, you can use password_wo instead of password to avoid storing the password in the state file.
password_wo - (Optional, Write-Only, exactly one of password or password_wo is required) user password. This value is always marked as sensitive in the plan output, regardless of type. Additionally, write-only values are never stored to state. password_wo_version can be used to trigger an update and is required with this argument. In Terraform CLI version 0.15 and later, this may require additional configuration handling for certain scenarios. For more information, see the .
password_wo_version - (Optional) Used together with password_wo to trigger an update. Increment this value when an update to the password_wo is required.
sec_auth_active - (Optional)[Boolean] Indicates if secure authentication is active for the user or not. it can not be used in create requests - can be used in update
s3_canonical_user_id - (Computed) Canonical (IONOS Object Storage) id of the user for a given identity
active - (Optional)[Boolean] Indicates if the user is active
group_ids - (Optional)[Set] The groups that this user will be a member of NOTE: Group_ids field cannot be used at the same time with user_ids field in group resource. Trying to add the same user to the same group in both ways in the same plan will result in a cyclic dependency error. NOTE:password_wo requires Teraform 1.11 or higher.
Import
Resource User can be imported using the resource id, e.g.
Argument Reference
The following arguments are supported:
name - (Required)[string] The name of the target group.
protocol_version - (Optional)[string] The forwarding protocol version. Value is ignored when protocol is not 'HTTP'.
targets - (Required)[list] Array of items in the collection
ip - (Required)[string] The IP of the balanced target VM.
port
health_check - (Optional) Health check attributes for Target Group.
check_timeout - (Optional)[int] The maximum time in milliseconds to wait for a target to respond to a check. For target VMs with 'Check Interval' set, the lesser of the two values is used once the TCP connection is established.
http_health_check - (Optional) Http health check attributes for Target Group
path - (Optional)[string] The path (destination URL) for the HTTP health check request; the default is /.
Import
Resource Target Group can be imported using the resource id, e.g.
max_replica_count - (Required)[int] The maximum value for the number of replicas on a VM Auto Scaling Group. Must be >= 0 and <= 200. Will be enforced for both automatic and manual changes.
min_replica_count - (Required)[int] The minimum value for the number of replicas on a VM Auto Scaling Group. Must be >= 0 and <= 200. Will be enforced for both automatic and manual changes.
target_replica_count
ionoscloud_networkloadbalancer_forwardingrule
Creates and manages Network Load Balancer Forwarding Rule objects.
Manages a Network Load Balancer Forwarding Rule on IonosCloud.
Example Usage:
ionoscloud_vpn_ipsec_gateway
IPSec Gateway
An resource manages the creation, management, and deletion of VPN IPSec Gateways within the IONOS Cloud infrastructure. This resource facilitates the creation of VPN IPSec Gateways, enabling secure connections between your network resources.
Usage example
ionoscloud_vcpu_server
Creates and manages IonosCloud VCPU Server objects.
A that you create is a new Virtual Machine (VM) provisioned and hosted in one of IONOS' physical data centers. A vCPU Server behaves exactly like physical servers and you can use them either standalone or in combination with other IONOS Cloud products.
These servers are configured with virtual CPUs and distributed among multiple users sharing the same physical server. The performance of your vCPU Server relies on various factors, including the underlying CPU of the physical server, VM configurations, and the current load on the physical server.
This section lists the limitations of
ionoscloud_s3_object_lock_configuration
Manages Buckets object_lock_configuration on IonosCloud.
Manages Object Lock Configuration for Buckets on IonosCloud.
⚠️ Note: The Terraform provider only supports contract-owned buckets. User-owned buckets are not supported, and there are no plans to introduce support for them. As a result, user-owned buckets cannot be created, updated, deleted, read, or imported using this provider.
lan_id - (Required)[string] The LAN to connect your cluster to.
cidr_list - (Required)[List] The list of IPs and subnet for your cluster. Note the following unavailable IP ranges:10.233.64.0/18, 10.233.0.0/18, 10.233.114.0/24. example: [192.168.1.100/24, 192.168.1.101/24]. See Private IPs and Cluster Setup - Preparing the network.
day_of_the_week
- (Required)[string]
: (Computed)[string] - The host where this new BI Connector is installed.
port: (Computed)[string] - Port number used when connecting to this new BI Connector.
- (Required)[int] The port of the balanced target service; valid range is 1 to 65535.
weight - (Required)[int] Traffic is distributed in proportion to target weight, relative to the combined weight of all targets. A target with higher weight receives a greater share of traffic. Valid range is 0 to 256 and default is 1; targets with weight of 0 do not participate in load balancing but still accept persistent connections. It is best use values in the middle of the range to leave room for later adjustments.
proxy_protocol - (Optional)[string] The proxy protocol version. Accepted values are none, v1, v2, v2ssl. If unspecified, the default value of none is used.
health_check_enabled - (Optional)[bool] Makes the target available only if it accepts periodic health check TCP connection attempts; when turned off, the target is considered always available. The health check only consists of a connection attempt to the address and port of the target. Default is True.
maintenance_enabled - (Optional)[bool] Maintenance mode prevents the target from receiving balanced traffic.
check_interval - (Optional)[int] The interval in milliseconds between consecutive health checks; default is 2000.
retries - (Optional)[int] The maximum number of attempts to reconnect to a target after a connection failure. Valid range is 0 to 65535, and default is three reconnection.
method
- (Optional)[string] The method for the HTTP health check.
match_type - (Required)[string]
response - (Required)[string] The response returned by the request, depending on the match type.
- (Optional)[int] The target number of VMs in this Group. Depending on the scaling policy, this number will be adjusted automatically. VMs will be created or destroyed automatically in order to adjust the actual number of VMs to this number. If targetReplicaCount is given in the request body then it must be >= minReplicaCount and <= maxReplicaCount.
name - (Required)[string] User-defined name for the Autoscaling Group.
policy - (Required)[List] Specifies the behavior of this Autoscaling Group. A policy consists of Triggers and Actions, whereby an Action is some kind of automated behavior, and a Trigger is defined by the circumstances under which the Action is triggered. Currently, two separate Actions, namely Scaling In and Out are supported, triggered through Thresholds defined on a given Metric.
metric - (Required)[string] The Metric that should trigger the scaling actions. Metric values are checked at fixed intervals. Possible values: INSTANCE_CPU_UTILIZATION_AVERAGE, INSTANCE_NETWORK_IN_BYTES, INSTANCE_NETWORK_IN_PACKETS, INSTANCE_NETWORK_OUT_BYTES, INSTANCE_NETWORK_OUT_PACKETS
range - (Optional)[string] Defines the time range, for which the samples will be aggregated. Default is 120s. Note that when you set it to values like 5m the API will automatically transform it in PT5M, so the plan will show you a diff in state that should be ignored.
scale_in_action - (Required)[list] Specifies the action to take when the scaleInThreshold is exceeded. Hereby, scaling in is always about removing VMs that are currently associated with this autoscaling group. Default termination policy is OLDEST_SERVER_FIRST.
amount - (Required)[int] When amountType == ABSOLUTE, this is the number of VMs removed in one step. When amountType == PERCENTAGE, this is a percentage value, which will be applied to the autoscaling group's current
scale_in_threshold - (Required)[int] A lower threshold on the value of metric. Will be used with less than (<) operator. Exceeding this will start a Scale-In Action as specified by the scaleInAction property. The value must have a higher minimum delta to the scaleOutThreshold depending on the metric to avoid competitive actions at the same time.
scale_out_action - (Required)[list] Specifies the action to take when the scaleOutThreshold is exceeded. Hereby, scaling out is always about adding new VMs to this autoscaling group.
amount - (Required)[int] When amountType=ABSOLUTE specifies the absolute number of VMs that are added. The value must be between 1 to 10. amountType=PERCENTAGE specifies the percentage value that is applied to the current number of replicas of the VM Auto Scaling Group. The value must be between 1 to 200. At least one VM is always added.
scale_out_threshold - (Required)[int] The upper threshold for the value of the metric. Used with the greater than (>) operator. A scale-out action is triggered when this value is exceeded, specified by the scaleOutAction property. The value must have a lower minimum delta to the scaleInThreshold, depending on the metric, to avoid competing for actions simultaneously. If properties.policy.unit=TOTAL, a value >= 40 must be chosen.
unit - (Required)[string] Units of the applied Metric. Possible values are: PER_HOUR, PER_MINUTE, PER_SECOND, TOTAL.
replica_configuration - (Required)[List]
availability_zone - (Required)[string] The zone where the VMs are created using this configuration. Possible values are: AUTO, ZONE_1, ZONE_2.
cores - (Required)[int] The total number of cores for the VMs.
cpu_family - (Optional)[string] CPU family for the VMs created using this configuration. If null, the VM will be created with the default CPU family for the assigned location. Possible values are: INTEL_SKYLAKE, INTEL_XEON.
nics - (Optional)[set] List of NICs associated with this Replica.
lan - (Required)[int] Lan ID for this replica Nic.
name - (Required)[string] Name for this replica NIC.
ram - (Required)[int] The amount of memory for the VMs in MB, e.g. 2048. Size must be specified in multiples of 256 MB with a minimum of 256 MB; however, if you set ramHotPlug to TRUE then you must use a minimum of 1024 MB. If you set the RAM size more than 240GB, then ramHotPlug will be set to FALSE and can not be set to TRUE unless RAM size not set to less than 240GB.
volume - (Optional)[list] List of volumes associated with this Replica.
image - (Optional)[string] The image installed on the volume. Only the UUID of the image is presently supported.
image_alias
datacenter_id - (Required)[string] Unique identifier for the resource
location - (Computed) Location of the data center.
Usage with dynamic block for targets:
Argument reference
name - (Required)[string] A name of that Network Load Balancer forwarding rule.
algorithm - (Required)[string] Algorithm for the balancing.
protocol - (Required)[string] Protocol of the balancing.
listener_port - (Required)[int] Listening port number. (inbound) (range: 1 to 65535)
health_check - (Optional) Health check attributes for Network Load Balancer forwarding rule.
client_timeout - (Optional)[int] ClientTimeout is expressed in milliseconds. This inactivity timeout applies when the client is expected to acknowledge or send data. If unset the default of 50 seconds will be used.
targets - (Required)[Set] Array of items in that collection.
ip - (Required)[string] IP of a balanced target VM.
port
datacenter_id - (Required)[string] A Datacenter's UUID.
A Network Load Balancer Forwarding Rule resource can be imported using its resource id, the datacenter id and the networkloadbalancer id e.g.
Argument reference
name - (Required)[string] The name of the IPSec Gateway.
location - (Optional)[string] The location of the IPSec Gateway. Supported locations: de/fra, de/fra/2, de/txl, es/vit, gb/bhx, gb/lhr, us/ewr, us/las, us/mci, fr/par.
gateway_ip - (Required)[string] Public IP address to be assigned to the gateway. Note: This must be an IP address in the same datacenter as the connections.
description - (Optional)[string] The human-readable description of the IPSec Gateway.
connections - (Required)[list] The network connection for your gateway. Note: all connections must belong to the same datacenter. Minimum items: 1. Maximum items: 10.
datacenter_id - (Required)[string] The datacenter to connect your VPN Gateway to.
lan_id
version - (Required)[string] The IKE version that is permitted for the VPN tunnels. Default: IKEv2. Possible values: IKEv2.
maintenance_window - (Optional)(Computed) A weekly 4 hour-long window, during which maintenance might occur.
time - (Required)[string] Start of the maintenance window in UTC time.
day_of_the_week
tier - (Optional)(Computed)[string] Gateway performance options. See product documentation for full details. Options: STANDARD, STANDARD_HA, ENHANCED, ENHANCED_HA, PREMIUM, PREMIUM_HA.
Import
The resource can be imported using the location and gateway_id, for example:
datacenter_id - (Required)[string] The ID of a Virtual Data Center.
hostname - (Optional)(Computed)[string] The hostname of the resource. Allowed characters are a-z, 0-9 and - (minus). Hostname should not start with minus and should not be longer than 63 characters. If no value provided explicitly, it will be populated with the name of the server
cores - (Optional)[integer] Number of server CPU cores.
ram - (Optional)[integer] The amount of memory for the server in MB.
image_name - (Optional)[string] The name, ID or alias of the image. May also be a snapshot ID. It is required if licence_type is not provided. Attribute is immutable.
availability_zone - (Optional)[string] The availability zone in which the server should exist. E.g: AUTO, ZONE_1, ZONE_2. This property is immutable.
licence_type - (Optional)[string] Sets the OS type of the server.
volume - (Required) See the section.
nic - (Optional) See the section.
firewall - (Optional) Allows to define firewall rules inline in the server. See the section.
boot_volume - (Computed) The associated boot volume.
boot_cdrom - DEPRECATED Please refer to (Optional)[string] The associated boot drive, if any. Must be the UUID of a bootable CDROM image that can be retrieved using the data source.
boot_image - (Optional)[string] The image or snapshot UUID / name. May also be an image alias. It is required if licence_type is not provided.
primary_nic - (Computed) The associated NIC.
primary_ip - (Computed) The associated IP address.
firewallrule_id - (Computed) The associated firewall rule.
firewallrule_ids - (Computed) The associated firewall rules.
ssh_keys - (Optional)[list] Immutable List of absolute or relative paths to files containing public SSH key that will be injected into IonosCloud provided Linux images. Also accepts ssh keys directly. Public SSH keys are set on the image as authorized keys for appropriate SSH login to the instance using the corresponding private key. This field may only be set in creation requests. When reading, it always returns null. SSH keys are only supported if a public Linux image is used for the volume creation. Does not support ~ expansion to homedir in the given path.
image_password - (Optional)[string] The password for the image.
label - (Optional) A label can be seen as an object with only two required fields: key and value, both of the string type. Please check the example presented above to see how a label can be used in the plan. A server can have multiple labels.
inline_volume_ids - (Computed) A list with the IDs for the volumes that are defined inside the server resource.
security_groups_ids - (Optional) The list of Security Group IDs for the resource.
nic_multi_queue - (Optional)[bool] Activate or deactivate the Multi Queue feature on all NICs of the server. This feature is beneficial to enable when the NICs are experiencing performance issues (e.g. low throughput). Toggling this feature will also initiate a restart of the server. If the specified value is true, the feature will be activated; if it is not specified or set to false, the feature will be deactivated.
⚠ WARNING
ssh_keys field is immutable.
Import
Resource VCPU Server can be imported using the resource id and the datacenter id, for example, passing only resource id and datacenter id means that the first nic found linked to the server will be attached to it.
Optionally, you can pass primary_nic and firewallrule_id so terraform will know to import also the first nic and firewall rule (if it exists on the server):
Notes
Please note that for any secondary volume, you need to set the licence_type property to UNKNOWN
⚠️ Note: Important for deleting an firewall rule from within a list of inline resources defined on the same nic. There is one limitation to removing one firewall rule from the middle of the list of firewall rules. Terraform will actually modify the existing rules and delete the last one. More details here. There is a workaround described in the issue that involves moving the resources in the list prior to deletion. terraform state mv <resource-name>.<resource-id>[<i>] <resource-name>.<resource-id>[<j>]
bucket - (Required)[string] The name of the bucket where the object will be stored.
object_lock_enabled - (Required)[Optional] The object lock configuration status of the bucket. Must be Enabled.
rule - (Optional)[block] A block of rule as defined below.
default_retention - (Required)[block] A block of default_retention as defined below.
mode - (Optional)[string] The default retention mode of the bucket. Can be GOVERNANCE or COMPLIANCE.
Days and years are mutually exclusive. You can only specify one of them.
Import
IONOS Object Storage Bucket object lock configuration can be imported using the bucket name.
ionoscloud_vpn_ipsec_tunnel
IPSec Gateway Tunnel
An IPSec Gateway Tunnel resource manages the creation, management, and deletion of VPN IPSec Gateway Tunnels within the IONOS Cloud infrastructure. This resource facilitates the creation of VPN IPSec Gateway Tunnels, enabling secure connections between your network resources.
Usage example
Argument reference
name - (Required)[string] The name of the IPSec Gateway Tunnel.
location - (Optional)[string] The location of the IPSec Gateway Tunnel. Supported locations: de/fra, de/fra/2, de/txl, es/vit, gb/lhr, us/ewr, us/las, us/mci, fr/par.
gateway_id
Import
The resource can be imported using the location, gateway_id and tunnel_id, for example:
ionoscloud_server_boot_device_selection
Manages the selection of boot devices for IonosCloud Server objects.
Manages the selection of a boot device for IonosCloud Servers.
Example Usage
The boot device of a ionoscloud_server, ionoscloud_vcpu_server or ionoscloud_cube_server can be selected with this resource. Deleting this resource will revert the boot device back to the default volume, which is the first inline volume created together with the server. In case in which there is no default to revert to, when the server had no boot device, the current device will remain set as a boot device when this resource is deleted. This resource also allows switching between a volume and a ionoscloud_image CDROM. Note that CDROM images are detached after they are no longer set as boot devices.
Select an external volume
Select an inline volume again
Select a CDROM image
Perform a network boot
Argument reference
datacenter_id - (Required)[string] The ID of a Virtual Data Center.
server_id - (Required)[string] The ID of a server.
boot_device_id - (Optional)[string] The ID of a bootable device such as a volume or an image data source. If this field is omitted from the configuration, the VM will be restarted with no primary boot device, and it will enter the PXE shell for network booting.
ionoscloud_pg_cluster
Creates and manages DbaaS Postgres Cluster objects.
Manages a .
Example Usage
ionoscloud_volume
Creates and manages IonosCloud Volume objects.
Manages a on IonosCloud.
Example Usage
A primary volume will be created with the server. If there is a need for additional volumes, this resource handles it.
in order to derive the number of VMs that will be removed in one step. There will always be at least one VM removed. For SCALE_IN operation new volumes are NOT deleted after the server deletion.
amount_type - (Required)[string] The type for the given amount. Possible values are: ABSOLUTE, PERCENTAGE.
termination_policy_type - (Optional)[string] The type of the termination policy for the autoscaling group so that a specific pattern is followed for Scaling-In replicas. Default termination policy is OLDEST_SERVER_FIRST. Possible values are: OLDEST_SERVER_FIRST, NEWEST_SERVER_FIRST, RANDOM
cooldown_period - (Optional)[string] Minimum time to pass after this Scaling action has started, until the next Scaling action will be started. Additionally, if a Scaling action is currently in progress, no second Scaling action will be started for the same autoscaling group. Instead, the Metric will be re-evaluated after the current Scaling action is completed (either successfully or with failures). This is validated with a minimum value of 2 minutes and a maximum of 24 hours currently. Default value is 5 minutes if not given. Note that when you set it to values like 5m the API will automatically transform it in PT5M, so the plan will show you a diff in state that should be ignored.
delete_volumes - (Required)[bool] If set to true, when deleting a replica during scale in, any attached volume will also be deleted. When set to false, all volumes remain in the datacenter and must be deleted manually. Note that every scale-out creates new volumes. When they are not deleted, they will eventually use all of your contracts resource limits. At this point, scaling out would not be possible anymore.
amount_type - (Required)[string] The type for the given amount. Possible values are: ABSOLUTE, PERCENTAGE.
cooldown_period - (Optional)[string] Minimum time to pass after this Scaling action has started, until the next Scaling action will be started. Additionally, if a Scaling action is currently in progress, no second Scaling action will be started for the same autoscaling group. Instead, the Metric will be re-evaluated after the current Scaling action is completed (either successfully or with failures). This is validated with a minimum value of 2 minutes and a maximum of 24 hours currently. Default value is 5 minutes if not given. Note that when you set it to values like 5m the API will automatically transform it in PT5M, so the plan will show you a diff in state that should be ignored.
dhcp - (Optional)[bool] Dhcp flag for this replica Nic. This is an optional attribute with default value of true if not given in the request payload or given as null.
firewall_active - (Optional)[bool] Firewall active flag.
firewall_type - (Optional)[string] The type of firewall rules that will be allowed on the NIC. Valid values: INGRESS EGRESS BIDIRECTIONAL. If not specified, the default INGRESS value is used.
firewall_rules - (Optional)[list] List of firewall rules associated with this NIC.
protocol - (Required)[string] The protocol for the rule: TCP, UDP, ICMP, ANY. Property cannot be modified after creation (disallowed in update requests).
name - (Optional)[string] The name of the firewall rule.
source_mac - (Optional)[string] Only traffic originating from the respective MAC address is allowed. Valid format: aa:bb:cc:dd:ee:ff. Value null allows all source MAC address. Valid format: aa:bb:cc:dd:ee:ff.
source_ip - (Optional)[string] Only traffic originating from the respective IPv4 address is allowed. Value null allows all source IPs.
target_ip - (Optional)[string] In case the target NIC has multiple IP addresses, only traffic directed to the respective IP address of the NIC is allowed. Value null allows all target IPs.
port_range_start - (Optional)[int] Defines the start range of the allowed port (from 1 to 65534) if protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.
port_range_end - (Optional)[int] Defines the end range of the allowed port (from 1 to 65534) if the protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.
icmp_type - (Optional)[string] Defines the allowed code (from 0 to 254) if protocol ICMP is chosen. Value null allows all codes.
icmp_code - (Optional)[int] Defines the allowed code (from 0 to 254) if protocol ICMP is chosen.
type - (Optional)[string] The type of firewall rule. If is not specified, it will take the default value INGRESS.
flow_log - (Optional)[list] Only 1 flow log can be configured. Only the name field can change as part of an update. Flow logs holistically capture network information such as source and destination IP addresses, source and destination ports, number of packets, amount of bytes, the start and end time of the recording, and the type of protocol – and log the extent to which your instances are being accessed.
action - (Required)[string] Specifies the action to be taken when the rule is matched. Possible values: ACCEPTED, REJECTED, ALL. Immutable, forces re-creation.
bucket - (Required)[string] Specifies the IONOS Object Storage bucket where the flow log data will be stored. The bucket must exist. Immutable, forces re-creation.
direction - (Required)[string] Specifies the traffic direction pattern. Valid values: INGRESS, EGRESS, BIDIRECTIONAL. Immutable, forces re-creation.
name - (Required)[string] Specifies the name of the flow log.
target_group - (Optional)[list] In order to link VM to ALB, target group must be provided
target_group_id (Required)[string] The ID of the target group.
weight (Optional)[int] The weight of the target group.
port (Optional)[int] The port of the target group.
- (Optional)[string] The image installed on the volume. Must be an
imageAlias
as specified via the images API. Note that one of
image
or
imageAlias
must be set, but not both.
name - (Required)[string] Name for this replica volume.
size - (Required)[int] Name for this replica volume.
ssh_keys - (Optional) List of ssh keys, supports values or paths to files. Cannot be changed at update.
type - (Required)[string] Storage Type for this replica volume. Possible values: SSD, HDD, SSD_STANDARD or SSD_PREMIUM.
user_data - (Optional)[string] User-data (Cloud Init) for this replica volume. Make sure you provide a Cloud Init compatible image in conjunction with this parameter.
image_password - (Optional)[string] Image password for this replica volume.
bus - (Optional)[string] The bus type of the volume. Default setting is VIRTIO. The bus type IDE is also supported.
backup_unit_id - (Optional)[string] The uuid of the Backup Unit that user has access to. The property is immutable and is only allowed to be set on a new volume creation. It is mandatory to provide either public image or imageAlias in conjunction with this property.
boot_order - (Optional)[string] Determines whether the volume will be used as a boot volume. Set to NONE, the volume will not be used as boot volume. Set to PRIMARY, the volume will be used as boot volume and set to AUTO will delegate the decision to the provisioning engine to decide whether to use the volume as boot volume. Notice that exactly one volume can be set to PRIMARY or all of them set to AUTO.
connect_timeout - (Optional)[int] It specifies the maximum time (in milliseconds) to wait for a connection attempt to a target VM to succeed. If unset, the default of 5 seconds will be used.
target_timeout - (Optional)[int] TargetTimeout specifies the maximum inactivity time (in milliseconds) on the target VM side. If unset, the default of 50 seconds will be used.
retries - (Optional)[int] Retries specifies the number of retries to perform on a target VM after a connection failure. If unset, the default value of 3 will be used.
- (Required)[int] Port of the balanced target service. (range: 1 to 65535).
weight - (Required)[int] Weight parameter is used to adjust the target VM's weight relative to other target VMs.
proxy_protocol - (Optional)[string] The proxy protocol version. Accepted values are none, v1, v2, v2ssl. If unspecified, the default value of none is used.
health_check - (Optional) Health check attributes for Network Load Balancer forwarding rule target.
check - (Optional)[boolean] Check specifies whether the target VM's health is checked.
check_interval - (Optional)[int] CheckInterval determines the duration (in milliseconds) between consecutive health checks. If unspecified a default of 2000 ms is used.
maintenance - (Optional)[boolean] Maintenance specifies if a target VM should be marked as down, even if it is not.
- (Required)[string] The numeric LAN ID to connect your VPN Gateway to.
ipv4_cidr - (Required)[string] A LAN IPv4 address in CIDR notation that will be assigned to the VPN Gateway. This will be the private gateway address for LAN clients to route traffic over the VPN Gateway, this should be within the subnet already assigned to the LAN.
ipv6_cidr - (Optional)[string] A LAN IPv6 address in CIDR notation that will be assigned to the VPN Gateway. This will be the private gateway address for LAN clients to route traffic over the VPN Gateway, this should be within the subnet already assigned to the LAN.
- (Required)[string] The name of the week day.
days - (Optional)[int] The default retention period of the bucket in days.
years - (Optional)[int] The default retention period of the bucket in years.
: If the network booting process started by the PXE shell fails, the VM will still boot into the image of the attached storage as a fallback. This behavior imitates the "Boot from Network" option from
datacenter_id - (Required)[string] The ID of a Virtual Data Center.
server_id - (Required)[string] The ID of a server.
disk_type - (Required)[string] The volume type: HDD or SSD. This property is immutable.
bus - (Optional)[Boolean] The bus type of the volume: VIRTIO or IDE.
size - (Required)[integer] The size of the volume in GB.
ssh_key_path - (Optional)[list] List of absolute paths to files containing a public SSH key that will be injected into IonosCloud provided Linux images. Also accepts ssh keys directly. Required for IonosCloud Linux images. Required if image_password is not provided. This property is immutable.
ssh_keys - (Optional)[list] List of absolute paths to files containing a public SSH key that will be injected into IonosCloud provided Linux images. Also accepts ssh keys directly. Required for IonosCloud Linux images. Required if image_password is not provided. This property is immutable.
sshkey - (Computed) The associated public SSH key.
image_password - (Optional)[string] Required if sshkey_path is not provided.
image_name - (Optional)[string] The name, ID or alias of the image. May also be a snapshot ID. It is required if licence_type is not provided. Attribute is immutable.
image - (Computed) The image or snapshot UUID.
licence_type - (Optional)[string] Required if image_name is not provided.
name - (Optional)[string] The name of the volume.
availability_zone - (Optional)[string] The storage availability zone assigned to the volume: AUTO, ZONE_1, ZONE_2, or ZONE_3. This property is immutable
user_data - (Optional)[string] The cloud-init configuration for the volume as base64 encoded string. The property is immutable and is only allowed to be set on a new volume creation. This option will work only with cloud-init compatible images.
backup_unit_id- (Optional)[string] The uuid of the Backup Unit that user has access to. The property is immutable and is only allowed to be set on a new volume creation. It is mandatory to provide either 'public image' or 'imageAlias' in conjunction with this property.
device_number- (Computed) The Logical Unit Number of the storage volume. Null for volumes not mounted to any VM.
pci_slot- (Computed) The PCI slot number of the storage volume. Null for volumes not mounted to any VM.
cpu_hot_plug - (Computed)[string] Is capable of CPU hot plug (no reboot required)
ram_hot_plug - (Computed)[string] Is capable of memory hot plug (no reboot required)
nic_hot_plug - (Computed)[string] Is capable of nic hot plug (no reboot required)
nic_hot_unplug - (Computed)[string] Is capable of nic hot unplug (no reboot required)
disc_virtio_hot_plug - (Computed)[string] Is capable of Virt-IO drive hot plug (no reboot required)
disc_virtio_hot_unplug - (Computed)[string] Is capable of Virt-IO drive hot unplug (no reboot required). This works only for non-Windows virtual Machines.
boot_server - (Computed)[string] The UUID of the attached server.
expose_serial - (Optional)(Computed) [boolean] Defaults to false if not previously set by the image used to create the volume. If set to true will expose the serial id of the disk attached to the server. If set to false will not expose the serial id. Some operating systems or software solutions require the serial id to be exposed to work properly. Exposing the serial can influence licensed software (e.g. Windows) behavior
require_legacy_bios - (Optional)(Computed)[boolean] Indicates if the image requires the legacy BIOS for compatibility or specific needs. During creation, if an image is used, the value will be inherited from the image, regardless of the value set in the plan. Later on, the value can be updated.
⚠ WARNING
ssh_key_path and ssh_keys fields are immutable. If you want to create a CUBE server, the type of the inline volume must be set to DAS. In this case, you can not set the size argument since it is taken from the template_uuid you set in the server.
Import
Resource Volume can be imported using the resource id, e.g.
- (Required)[string] The ID of the IPSec Gateway that the tunnel belongs to.
description - (Optional)[string] The human-readable description of your IPSec Gateway Tunnel.
remote_host - (Required)[string] The remote peer host fully qualified domain name or public IPV4 IP to connect to.
ike - (Required)[list] Settings for the initial security exchange phase. Minimum items: 1. Maximum items: 1.
diffie_hellman_group - (Optional)[string] The Diffie-Hellman Group to use for IPSec Encryption. Possible values: 15-MODP3072, 16-MODP4096, 19-ECP256, 20-ECP384, 21-ECP521, 28-ECP256BP, 29-ECP384BP, 30-ECP512BP. Default value: 16-MODP4096.
encryption_algorithm - (Optional)[string] The encryption algorithm to use for IPSec Encryption. Possible values: AES128, AES256, AES128-CTR, AES256-CTR, AES128-GCM-16, AES256-GCM-16, AES128-GCM-12, AES256-GCM-12, AES128-CCM-12
integrity_algorithm - (Optional)[string] The integrity algorithm to use for IPSec Encryption. Possible values: SHA256, SHA384, SHA512, AES-XCBC. Default value: SHA256.
lifetime - (Optional)[string] The phase lifetime in seconds. Minimum value: 3600. Maximum value: 86400. Default value: 86400.
esp - (Required)[list] Settings for the IPSec SA (ESP) phase. Minimum items: 1. Maximum items: 1.
diffie_hellman_group - (Optional)[string] The Diffie-Hellman Group to use for IPSec Encryption. Possible values: 15-MODP3072, 16-MODP4096, 19-ECP256, 20-ECP384, 21-ECP521, 28-ECP256BP, 29-ECP384BP, 30-ECP512BP. Default value: 16-MODP4096.
encryption_algorithm - (Optional)[string] The encryption algorithm to use for IPSec Encryption. Possible values: AES128, AES256, AES128-CTR, AES256-CTR, AES128-GCM-16, AES256-GCM-16, AES128-GCM-12, AES256-GCM-12, AES128-CCM-12
integrity_algorithm - (Optional)[string] The integrity algorithm to use for IPSec Encryption. Possible values: SHA256, SHA384, SHA512, AES-XCBC. Default value: SHA256.
lifetime - (Optional)[string] The phase lifetime in seconds. Minimum value: 3600. Maximum value: 86400. Default value: 86400.
auth - (Required)[string] Properties with all data needed to define IPSec Authentication. Minimum items: 1. Maximum items: 1.
method - (Optional)[string] The authentication method to use for IPSec Authentication. Possible values: PSK. Default value: PSK.
psk_key - (Optional)[string] The pre-shared key to use for IPSec Authentication. Note: Required if method is PSK.
cloud_network_cidrs - (Required)[list] The network CIDRs on the "Left" side that are allowed to connect to the IPSec tunnel, i.e. the CIDRs within your IONOS Cloud LAN. Specify "0.0.0.0/0" or "::/0" for all addresses. Minimum items: 1. Maximum items: 20.
peer_network_cidrs - (Required)[list] The network CIDRs on the "Right" side that are allowed to connect to the IPSec tunnel. Specify "0.0.0.0/0" or "::/0" for all addresses. Minimum items: 1. Maximum items: 20.
Argument reference
postgres_version - (Required)[string] The PostgreSQL version of your cluster.
instances - (Required)[int] The total number of instances in the cluster (one master and n-1 standbys)
cores - (Required)[int] The number of CPU cores per replica.
ram - (Required)[int] The amount of memory per instance in megabytes. Has to be a multiple of 1024.
storage_size - (Required)[int] The amount of storage per instance in MB. Has to be a multiple of 2048.
storage_type - (Required)[string] SSD, SSD Standard, SSD Premium, or HDD. Value "SSD" is deprecated, use the equivalent "SSD Premium" instead. This attribute is immutable(disallowed in update requests).
connection_pooler - (Optional)[object]
enabled - (Required)[bool]
pool_mode - (Required)[string] Represents different modes of connection pooling for the connection pooler.
connections - (Required)[string] Details about the network connection for your cluster.
datacenter_id - (Required)[true] The datacenter to connect your cluster to.
lan_id
location - (Required)[string] The physical location where the cluster will be created. This will be where all of your instances live. Property cannot be modified after datacenter creation. Available locations: de/fra, us/las, us/ewr, de/txl, gb/lhr, gb/bhx, es/vit, fr/par, us/mci
backup_location - (Optional)(Computed)[string] The IONOS Object Storage location where the backups will be stored. Possible values are: de, eu-south-2, eu-central-2. This attribute is immutable (disallowed in update requests).
display_name - (Required)[string] The friendly name of your cluster.
maintenance_window - (Optional)(Computed) A weekly 4 hour-long window, during which maintenance might occur
time - (Required)[string]
day_of_the_week
credentials - (Required)[string] Credentials for the database user to be created. This attribute is immutable(disallowed in update requests).
username - (Required)[string] The username for the initial postgres user. Some system usernames are restricted (e.g. "postgres", "admin", "standby")
synchronization_mode - (Required) [string] Represents different modes of replication. Can have one of the following values: ASYNCHRONOUS, SYNCHRONOUS, STRICTLY_SYNCHRONOUS. This attribute is immutable(disallowed in update requests).
from_backup - (Optional)[string] The unique ID of the backup you want to restore. This attribute is immutable(disallowed in update requests).
backup_id - (Required)[string] The unique ID of the backup you want to restore.
dns_name - (Computed)[string] The DNS name pointing to your cluster.
allow_replace - (Optional)[bool] When set to true, allows the update of immutable fields by destroying and re-creating the cluster."
Warning: allow_replace - lets you update immutable fields, but it first destroys and then re-creates the cluster in order to do it. Set the field to true only if you know what you are doing.
Import
Resource DbaaS Postgres Cluster can be imported using the cluster_id, e.g.
Creates and manages IonosCloud Kubernetes Node Pools.
Manages a Managed Kubernetes Node Pool, part of a managed Kubernetes cluster on IonosCloud.
Example Usage
Note: Set create_before_destroy on the lan resource if you want to remove it from the nodepool during an update. This is to ensure that the nodepool is updated before the lan is destroyed.
Argument Reference
The following arguments are supported:
name - (Required)[string] The name of the Kubernetes Cluster. This attribute is immutable.
k8s_version - (Optional)[string] The desired Kubernetes Version. For supported values, please check the API documentation. Downgrades are not supported. The provider will ignore downgrades of patch level.
⚠️ Warning: allow_replace - lets you update immutable fields, but it first destroys and then re-creates the node pool in order to do it. Set the field to true only if you know what you are doing. This will cause a downtime for all pods on that nodepool. Consider adding multiple nodepools and update one after the other for downtime free nodepool upgrade.
Be careful when using auto_scaling since the number of nodes can change. Because of that, when running terraform plan, Terraform will think that an update is required (since node_count from the tf plan will be different from the number of nodes set by the scheduler). To avoid that, you can use:
This will also ignore the manual changes for node_count made in the tf plan. You can read more details about the ignore_changes attribute .
Import
A Kubernetes Node Pool resource can be imported using its Kubernetes cluster's uuid as well as its own UUID, both of which you can retrieve from the cloud API: resource id, e.g.:
This can be helpful when you want to import kubernetes node pools which you have already created manually or using other means, outside of terraform, towards the goal of managing them via Terraform
⚠️ Warning: **During a maintenance window, k8s can update your k8s_version if the old one reaches end of life. This upgrade will not be shown in the plan, as we prevent terraform from doing a downgrade, as downgrading k8s_version is not supported.
⚠️ Warning: If you are upgrading from v5.x.x to v6.x.x: You have to modify you plan for lans to match the new structure, by putting the ids from the old slice in lans.id fields. This is not backwards compatible.
Creates and manages IonosCloud Application Load Balancer Forwarding Rule.
Manages an Application Load Balancer Forwarding Rule on IonosCloud.
Example Usage
Argument Reference
The following arguments are supported:
datacenter_id - (Required)[string] The ID of a Virtual Data Center.
application_loadbalancer_id - (Required)[string] The ID of Application Load Balancer.
name
Import
Resource Application Load Balancer Forwarding Rule can be imported using the resource id, alb id and datacenter id, e.g.
ionoscloud_vpn_wireguard_gateway
Creates and manages IonosCloud VPN Wireguard Gateway objects.
Overview
The ionoscloud_vpn_wireguard_gateway resource manages a WireGuard Gateway within the IONOS Cloud infrastructure. This resource facilitates the creation, management, and deletion of WireGuard VPN Gateways, enabling secure connections between your network resources.
Example Usage
Argument Reference
The following arguments are supported by the vpn_wireguard_gateway resource:
location - (Optional)[String] The location of the WireGuard Gateway. Supported locations: de/fra, de/fra/2, de/txl, es/vit, gb/bhx, gb/lhr, us/ewr, us/las, us/mci, fr/par.
name - (Required)[String] The name of the WireGuard Gateway.
description
Attributes Reference
In addition to all arguments above, the following attributes are exported:
status - (Computed)[String] The current status of the WireGuard Gateway.
public_key - (Computed)[String] The public key for the WireGuard Gateway.
⚠ NOTE:IONOS_API_URL_VPN can be used to set a custom API URL for the resource. location field needs to be empty, otherwise it will override the custom API URL. Setting endpoint or IONOS_API_URL does not have any effect.
Import
WireGuard Gateways can be imported using their ID:
ionoscloud_container_registry_token
Creates and manages IonosCloud Container Registry Token.
registry_id - (Required)[string] The ID of the container registry
name - (Required)[string] The name of the container registry token. Immutable, update forces re-creation of the resource.
expiry-date
⚠ WARNINGsave_password_to_file must be used with caution. It will save the password(token) returned on create to a file. This is the only way to get the token.
Import
Resource Container Registry Token can be imported using the container registry id and resource id, e.g.
ionoscloud_s3_bucket_policy
Creates and manages IonosCloud IONOS Object Storage Buckets policies.
Manages Buckets policies on IonosCloud.
⚠️ Note: The Terraform provider only supports contract-owned buckets. User-owned buckets are not supported, and there are no plans to introduce support for them. As a result, user-owned buckets cannot be created, updated, deleted, read, or imported using this provider.
Example Usage
⚠️ Note: For more information about the bucket policy or the policy format, please see the .
Argument Reference
The following arguments are supported:
bucket - (Required)[string] The name of the bucket where the object will be stored.
policy - (Required)[string] The policy document. This is a JSON formatted string.
Import
Resource Policy can be imported using the bucket name
ionoscloud_nic
Creates and manages Network Interface objects.
Manages a on IonosCloud.
Example Usage
ionoscloud_group
Creates and manages group objects.
Manages Groups and Group Privileges on IonosCloud.
Example Usage
ionoscloud_s3_object
Creates and manages IONOS Object Storage Objects.
Manages IONOS Object Storage Objects on IonosCloud.
⚠️ Note: The Terraform provider only supports contract-owned buckets. User-owned buckets are not supported, and there are no plans to introduce support for them. As a result, user-owned buckets cannot be created, updated, deleted, read, or imported using this provider.
- (Required)[true] The LAN to connect your cluster to.
cidr - (Required)[true] The IP and subnet for the database. Note the following unavailable IP ranges: 10.233.64.0/18, 10.233.0.0/18, 10.233.114.0/24. Please enter in the correct format like IP/Subnet, exp: 192.168.10.0/24. See Private IPs and Configuring the network.
,
de/fra/2
. This attribute is immutable (disallowed in update requests).
- (Required)[string]
password - (Required)[string]
recovery_target_time
- (Optional)[string] If this value is supplied as ISO 8601 timestamp, the backup will be replayed up until the given timestamp. If empty, the backup will be applied completely.
- (Optional)[String] A description of the WireGuard Gateway.
endpoint - (Optional, Block) The endpoint configuration for the WireGuard Gateway. This block supports fields documented below.
private_key - (Required)[String] The private key for the WireGuard Gateway. To be created with the wg utility.
gateway_ip - (Required)[String] The IP address of the WireGuard Gateway.
interface_ipv4_cidr - (Optional)[String] The IPv4 CIDR for the WireGuard Gateway interface.
interface_ipv6_cidr - (Optional)[String] The IPv6 CIDR for the WireGuard Gateway interface.
connections - (Required)[Block] The connection configuration for the WireGuard Gateway. This block supports fields documented below.
datacenter_id - (Required)[String] The ID of the datacenter where the WireGuard Gateway is located.
lan_id - (Required)[String] The ID of the LAN where the WireGuard Gateway is connected.
ipv4_cidr - (Required)[String] A LAN IPv4 address in CIDR notation that will be assigned to the VPN Gateway. This will be the private gateway address for LAN clients to route traffic over the VPN Gateway, this should be within the subnet already assigned to the LAN.
ipv6_cidr - (Optional)[String] A LAN IPv6 address in CIDR notation that will be assigned to the VPN Gateway. This will be the private gateway address for LAN clients to route traffic over the VPN Gateway, this should be within the subnet already assigned to the LAN.
maintenance_window - (Optional)(Computed) A weekly 4 hour-long window, during which maintenance might occur.
time - (Required)[string] Start of the maintenance window in UTC time.
day_of_the_week - (Required)[string] The name of the week day.
tier - (Optional)(Computed)[string] Gateway performance options. See product documentation for full details. Options: STANDARD, STANDARD_HA, ENHANCED, ENHANCED_HA, PREMIUM, PREMIUM_HA.
- (Optional)[string] The value must be supplied as ISO 8601 timestamp
credentials - (Computed)[map]
username - (Computed)[string] The username of the container registry token
password - (Computed)[string] The password/token of the container registry token which will also be saved to a file if save_password_to_file is set
bucket - (Required)[string] The name of the bucket where the object will be stored. Must be between 3 and 63 characters.
key - (Required)[string] The key of the object. Must be at least 1 character long.
source - (Optional)[string] The path to the file to upload.
content - (Optional)[string] Inline content of the object.
cache_control - (Optional)[string] Specifies caching behavior along the request/reply chain.
content_disposition - (Optional)[string] Specifies presentational information for the object.
content_encoding - (Optional)[string] Specifies what content encodings have been applied to the object.
content_language - (Optional)[string] The natural language or languages of the intended audience for the object.
content_type - (Optional)[string] A standard MIME type describing the format of the contents.
expires - (Optional)[string] The date and time at which the object is no longer cacheable.
server_side_encryption - (Optional)[string] The server-side encryption algorithm used when storing this object in IONOS Object Storage. Valid value is AES256.
storage_class - (Optional)[string] The storage class of the object. Valid value is STANDARD. Default is STANDARD.
website_redirect - (Optional)[string] Redirects requests for this object to another object in the same bucket or to an external URL.
server_side_encryption_customer_algorithm - (Optional)[string] Specifies the algorithm to use for encrypting the object. Valid value is AES256.
server_side_encryption_customer_key - (Optional)[string] Specifies the 256-bit, base64-encoded encryption key to use to encrypt and decrypt your data.
server_side_encryption_customer_key_md5 - (Optional)[string] Specifies the 128-bit MD5 digest of the encryption key.
server_side_encryption_context - (Optional)[string] Specifies the IONOS Object Storage Encryption Context for object encryption.
request_payer - (Optional)[string] Confirms that the requester knows that they will be charged for the request.
object_lock_mode - (Optional)[string] The object lock mode that you want to apply to the object. Valid values are GOVERNANCE and COMPLIANCE.
object_lock_retain_until_date - (Optional)[string] The date and time when the object lock retention expires.Must be in RFC3999 format
object_lock_legal_hold - (Optional)[string] Indicates whether a legal hold is in effect for the object. Valid values are ON and OFF.
etag - (Computed)[string] An entity tag (ETag) is an opaque identifier assigned by a web server to a specific version of a resource found at a URL.
metadata - (Optional)[map] A map of metadata to store with the object in IONOS Object Storage. Metadata keys must be lowercase alphanumeric characters.
tags - (Optional)[map] The tag-set for the object.
version_id - (Computed)[string] The version of the object.
mfa - (Optional) [string]The concatenation of the authentication device's serial number, a space, and the value displayed on your authentication device.
force_destroy - (Optional)[bool] If true, the object will be destroyed if versioning is enabled then all versions will be destroyed. Default is false.
Import
Resource Object can be imported using the bucket name and object key
auto_scaling - (Optional)[string] Whether the Node Pool should autoscale. For more details, please check the API documentation
min_node_count - (Optional)[int] The minimum number of worker nodes the node pool can scale down to. Should be less than max_node_count
max_node_count - (Optional)[int] The maximum number of worker nodes that the node pool can scale to. Should be greater than min_node_count
lans - (Optional)[list] A list of numeric LAN id's you want this node pool to be part of. For more details, please check the API documentation, as well as the example above
id - (Required)[int] The LAN ID of an existing LAN at the related datacenter
dhcp - (Optional)[boolean] Indicates if the Kubernetes Node Pool LAN will reserve an IP using DHCP. Default value is true
routes - (Optional) An array of additional LANs attached to worker nodes
network - (Required)[string] IPv4 or IPv6 CIDR to be routed via the interface
gateway_ip
maintenance_window - (Optional) See the maintenance_window section in the example above
time - (Required)[string] A clock time in the day when maintenance is allowed
day_of_the_week - (Required)[string] Day of the week when maintenance is allowed
datacenter_id - (Required)[string] A Datacenter's UUID
k8s_cluster_id- (Required)[string] A k8s cluster's UUID
cpu_family - (Optional)[string] The desired CPU Family - See the API documentation for more information. This attribute is immutable.
server_type - (Optional)[string] The server type for the compute engine - See the API documentation for more information. Possible values: DedicatedCore, VCPU
availability_zone - (Required)[string] - The desired Compute availability zone - See the API documentation for more information. This attribute is immutable.
storage_type -(Required)[string] - The desired storage type - SSD/HDD. This attribute is immutable.
node_count -(Required)[int] - The desired number of nodes in the node pool
cores_count -(Required)[int] - The CPU cores count for each node of the node pool. This attribute is immutable.
ram_size -(Required)[int] - The desired amount of RAM, in MB. This attribute is immutable.
storage_size -(Required)[int] - The size of the volume in GB. The size should be greater than 10GB. This attribute is immutable.
public_ips - (Optional)[list] A list of public IPs associated with the node pool; must have at least node_count + 1 elements
labels - (Optional)[map] A key/value map of labels
annotations - (Optional)[map] A key/value map of annotations
allow_replace - (Optional)[bool] When set to true, allows the update of immutable fields by first destroying and then re-creating the node pool.
listener_port - (Required)[int] Listening (inbound) port number; valid range is 1 to 65535.
client_timeout - (Optional)[int] The maximum time in milliseconds to wait for the client to acknowledge or send data; default is 50,000 (50 seconds).
server_certificates - (Optional)[list] Array of certificate ids. You can create certificates with the certificate resource.
http_rules - (Optional)[list] Array of items in that collection
name - (Required)[string] The unique name of the Application Load Balancer HTTP rule.
type - (Required)[string] Type of the Http Rule.
target_group - (Optional)[string] The UUID of the target group; mandatory for FORWARD action.
drop_query - (Optional)[bool] Default is false; valid only for REDIRECT actions.
location - (Optional)[string] The location for redirecting; mandatory and valid only for REDIRECT actions.
status_code - (Optional)[int] Valid only for REDIRECT and STATIC actions. For REDIRECT actions, default is 301 and possible values are 301, 302, 303, 307, and 308. For STATIC actions, default is 503 and valid range is 200 to 599.
response_message - (Optional)[string] The response message of the request; mandatory for STATIC action.
content_type - (Optional)[string] Valid only for STATIC actions.
conditions - (Optional)[list] - An array of items in the collection.The action is only performed if each and every condition is met; if no conditions are set, the rule will always be performed.
type - (Required)[string] Type of the Http Rule condition.
Example Usage with IPv6
Example configuring Flowlog
This will configure flowlog for accepted ingress traffic and will log it into an existing IONOS Object Storage bucket named flowlog-bucket. Any s3 compatible client can be used to create it. Adding a flowlog does not force re-creation of the NIC, but changing any other field than name will. Deleting a flowlog will also force NIC re-creation.
Argument reference
datacenter_id - (Required)[string] The ID of a Virtual Data Center.
server_id - (Required)[string] The ID of a server.
lan - (Required)[integer] The LAN ID the NIC will sit on.
name - (Optional)[string] The name of the LAN.
dhcp - (Optional)[Boolean] Indicates if the NIC should get an IP address using DHCP (true) or not (false).
dhcpv6 - (Optional)[Boolean] Indicates if the NIC should get an IPv6 address using DHCP (true) or not (false).
ipv6_cidr_block - (Computed, Optional) Automatically assigned /80 IPv6 CIDR block if the NIC is connected to an IPv6 enabled LAN. You can also specify an /80 IPv6 CIDR block for the NIC on your own, which must be inside the /64 IPv6 CIDR block of the LAN and unique.
ips - (Optional)[list] Collection of IP addresses assigned to a NIC. Explicitly assigned public IPs need to come from reserved IP blocks, Passing value null or empty array will assign an IP address automatically.
ipv6_ips - (Optional)[list] Collection of IPv6 addresses assigned to a NIC. Explicitly assigned public IPs need to come from the NIC's Ipv6 CIDR block, Passing value null or empty array will assign an IPv6 address automatically from the NIC's CIDR block.
firewall_active - (Optional)[Boolean] If this resource is set to true and is nested under a server resource firewall, with open SSH port, resource must be nested under the NIC.
firewall_type - (Optional) [String] The type of firewall rules that will be allowed on the NIC. If it is not specified it will take the default value INGRESS
id - (Computed) The ID of the NIC.
mac - (Optional) The MAC address of the NIC. Can be set on creation only. If not set, one will be assigned automatically by the API. Immutable, update forces re-creation.
device_number- (Computed) The Logical Unit Number (LUN) of the storage volume. Null if this NIC was created from CloudAPI and no DCD changes were done on the Datacenter.
pci_slot- (Computed) The PCI slot number of the Nic.
flowlog - (Optional) Only 1 flow log can be configured. Only the name field can change as part of an update. Flow logs holistically capture network information such as source and destination IP addresses, source and destination ports, number of packets, amount of bytes, the start and end time of the recording, and the type of protocol – and log the extent to which your instances are being accessed.
action - (Required) Specifies the action to be taken when the rule is matched. Possible values: ACCEPTED, REJECTED, ALL. Immutable, update forces re-creation.
security_groups_ids - (Optional) The list of Security Group IDs for the resource.
⚠️ Note:: Removing the flowlog forces re-creation of the NIC resource.
Import
Resource Nic can be imported using the resource id, e.g.
Working with load balancers
Please be aware that when using a NIC in a load balancer, the load balancer will change the NIC's ID behind the scenes, therefore the plan will always report this change trying to revert the state to the one specified by your terraform file. In order to prevent this, use the "lifecycle meta-argument" when declaring your NIC, in order to ignore changes to the lan attribute:
create_datacenter - (Optional) [Boolean] The group will be allowed to create virtual data centers.
create_snapshot - (Optional) [Boolean] The group will be allowed to create snapshots.
reserve_ip - (Optional) [Boolean] The group will be allowed to reserve IP addresses.
access_activity_log - (Optional) [Boolean] The group will be allowed to access the activity log.
create_pcc - (Optional) [Boolean] The group will be allowed to create Cross Connects privilege.
s3_privilege - (Optional) [Boolean] The group will have S3 privilege.
create_backup_unit - (Optional) [Boolean] The group will be allowed to create backup unit privilege.
create_internet_access - (Optional) [Boolean] The group will be allowed to create internet access privilege.
create_k8s_cluster - (Optional) [Boolean] The group will be allowed to create kubernetes cluster privilege.
create_flow_log - (Optional) [Boolean] The group will be allowed to create flow log.
access_and_manage_monitoring - (Optional) [Boolean] The group will be allowed to access and manage monitoring.
access_and_manage_certificates - (Optional) [Boolean] The group will be allowed to access and manage certificates.
access_and_manage_dns - (Optional) [Boolean] The group will be allowed to access and manage dns records.
manage_registry - (Optional) [Boolean] The group will be allowed to access container registry related functionality.
manage_dataplatform - (Optional) [Boolean] The group will be allowed to access and manage the Data Platform.
access_and_manage_logging - (Optional) [Boolean] The group will be allowed to access and manage logging.
access_and_manage_cdn - (Optional) [Boolean] The group will be allowed to access and manage cdn.
access_and_manage_vpn - (Optional) [Boolean] The group will be allowed to access and manage vpn.
access_and_manage_api_gateway - (Optional) [Boolean] The group will be allowed to access and manage api gateway.
access_and_manage_kaas - (Optional) [Boolean] The group will be allowed to access and manage kaas.
access_and_manage_network_file_storage - (Optional) [Boolean] The group will be allowed to access and manage network file storage.
access_and_manage_ai_model_hub - (Optional) [Boolean] The group will be allowed to access and manage ai model hub.
access_and_manage_iam_resources - (Optional) [Boolean] The group will be allowed to access and manage iam resources.
create_network_security_groups - (Optional) [Boolean] The group will be allowed to create network security groups.
manage_dbaas - (Optional) [Boolean] Privilege for a group to manage DBaaS related functionality.
user_ids - (Optional) [list] A list of users to add to the group.
user_id - (Optional) [string] The ID of the specific user to add to the group. Please use user_ids argument since this is DEPRECATED
get_users_data - (Optional) [Boolean] When set to true, information about users will be stored in state under users attribute, default value is true.
users - (Computed) List of users - See the section
NOTE: user_id/user_ids field cannot be used at the same time with group_ids field in user resource. Trying to add the same user to the same group in both ways in the same plan will result in a cyclic dependency error.
Import
Resource Group can be imported using the resource id, e.g.
⚠️If you are upgrading to v6.2.0: You have to modify you plan for user_ids to match the new structure, by renaming the field old field, user_id, to user_ids and put the old value into an array. This is not backwards compatible.
ionoscloud_nfs_cluster
Creates and manages Network File Storage (NFS) Cluster objects
name - (Required) The name of the Network File Storage cluster.
location - (Optional) The location where the Network File Storage cluster is located. If this is not set and if no value is provided for the IONOS_API_URL env var, the default location will be: de/fra. Other available locations are: de/fra/2
⚠ NOTE:IONOS_API_URL_NFS can be used to set a custom API URL for the resource. location field needs to be empty, otherwise it will override the custom API URL. Setting endpoint or IONOS_API_URL does not have any effect.
Import
A Network File Storage Cluster resource can be imported using its location and resource id:
ionoscloud_mongo_user
Creates and manages DbaaS MongoDB users.
Manages a DbaaS Mongo User. .
Example Usage
Argument reference
cluster_id - (Required)[string] The unique ID of the cluster. Updates to the value of the field force the cluster to be re-created.
username - (Required)[string] Used for authentication. Updates to the value of the field force the cluster to be re-created.
database
NOTE: MongoDb users do not support update at the moment. Changing any attribute will result in the user being re-created.
Import
Resource DBaaS MongoDB User can be imported using the clusterID and the username. First, define an empty resource in the plan:
Then you can import the user using the following command:
ionoscloud_logging_pipeline
Creates and manages Logging pipeline objects.
Manages a .
⚠️ Only tokens are accepted for authorization in the logging_pipeline resource. Please ensure you are using tokens as other methods will not be valid.
- (Required)[string] IPv4 or IPv6 Gateway IP for the route
condition - (Required)[string] Matching rule for the HTTP rule condition attribute; mandatory for HEADER, PATH, QUERY, METHOD, HOST, and COOKIE types; must be null when type is SOURCE_IP.
negate - (Optional)[bool] Specifies whether the condition is negated or not; the default is False.
key - (Optional)[string] Must be null when type is PATH, METHOD, HOST, or SOURCE_IP. Key can only be set when type is COOKIES, HEADER, or QUERY.
value - (Optional)[string] Mandatory for conditions CONTAINS, EQUALS, MATCHES, STARTS_WITH, ENDS_WITH; must be null when condition is EXISTS; should be a valid CIDR if provided and if type is SOURCE_IP.
bucket - (Required) Specifies the IONOS Object Storage bucket where the flow log data will be stored. The bucket must exist. Immutable, update forces re-creation.
direction - (Required) Specifies the traffic direction pattern. Valid values: INGRESS, EGRESS, BIDIRECTIONAL. Immutable, update forces re-creation.
name - (Required) Specifies the name of the flow log.
size - (Required) The size of the Network File Storage cluster in TiB. Note that the cluster size cannot be reduced after provisioning. This value determines the billing fees. Default is 2. The minimum value is 2 and the maximum value is 42.
nfs - (Optional) The NFS configuration for the Network File Storage cluster. Each NFS configuration supports the following:
min_version - (Optional) The minimum supported version of the NFS cluster. Supported values: 4.2. Default is 4.2.
connections - (Required) A list of connections for the Network File Storage cluster. You can specify only one connection. Connections are immutable. Each connection supports the following:
datacenter_id - (Required) The ID of the datacenter where the Network File Storage cluster is located.
ip_address - (Required) The IP address and prefix of the Network File Storage cluster. The IP address can be either IPv4 or IPv6. The IP address has to be given with CIDR notation.
lan - (Required) The Private LAN to which the Network File Storage cluster must be connected.
- (Required)[string] The user database to use for authentication. Updates to the value of the field force the cluster to be re-created.
password - (Required)[string] User password. Updates to the value of the field force the cluster to be re-created.
roles - (Required)[string] a list of mongodb user roles. Updates to the value of the field force the cluster to be re-created.
role - (Required)[true] Mongodb user role. Examples: read, readWrite, readAnyDatabase, readWriteAnyDatabase, dbAdmin, dbAdminAnyDatabase, clusterMonitor.
database - (Required)[true] Database on which to apply the role.
file or inside the terraform plan, and used as presented below:
The content inside vars.tfvars file:
The content inside the tf plan:
The configuration can then be applied using the following commands:
Argument reference
location - (Optional)[string] The location of the Logging pipeline. Default: de/txl, other available locations: de/fra, de/fra/2, de/txl, es/vit, gb/bhx, gb/lhr, fr/par, us/mci. If this is not set and if no value is provided for the IONOS_API_URL env var, the default location will be: de/fra.
name - (Required)[string] The name of the Logging pipeline.
grafana_address - (Computed)[string] The Grafana address is where user can access their logs, create dashboards, and set up alerts
tcp_address - (Computed)[string] The TCP address of the pipeline. This is the address to which logs are sent using the TCP protocol.
http_address - (Computed)[string] The HTTP address of the pipeline. This is the address to which logs are sent using the HTTP protocol.
log - (Required)[list] Pipeline logs, a list that contains elements with the following structure:
source - (Required)[string] The source parser to be used.
tag
key - (Computed)[string] The key is shared once and is used to authenticate the logs sent to the pipeline
Import
In order to import a Logging pipeline, you can define an empty Logging pipeline resource in the plan:
The resource can be imported using the location and pipeline_id, for example:
# Complete example
resource "ionoscloud_datacenter" "example" {
name = "example-kafka-datacenter"
location = "de/fra"
}
resource "ionoscloud_lan" "example" {
datacenter_id = ionoscloud_datacenter.example.id
public = false
name = "example-kafka-lan"
}
resource "ionoscloud_server" "example" {
name = "example-kafka-server"
datacenter_id = ionoscloud_datacenter.example.id
cores = 1
ram = 2 * 1024
availability_zone = "AUTO"
image_name = "ubuntu:latest" # alias name
image_password = random_password.password.result
volume {
name = "example-kafka-volume"
size = 6
disk_type = "SSD Standard"
}
nic {
lan = ionoscloud_lan.example.id
name = "example-kafka-nic"
dhcp = true
}
}
resource "random_password" "password" {
length = 16
special = false
}
locals {
prefix = format("%s/%s", ionoscloud_server.example.nic[0].ips[0], "24")
server_net_index = split(".", ionoscloud_server.example.nic[0].ips[0])[3]
kafka_cluster_broker_ips = [
for i in range(local.server_net_index + 1, local.server_net_index + 4) :cidrhost(local.prefix, i)
]
kafka_cluster_broker_ips_cidr = [for ip in local.kafka_cluster_broker_ips : format("%s/%s", ip, "24")]
}
resource "ionoscloud_kafka_cluster" "example" {
name = "example-kafka-cluster"
location = ionoscloud_datacenter.example.location
version = "3.9.0"
size = "S"
connections {
datacenter_id = ionoscloud_datacenter.example.id
lan_id = ionoscloud_lan.example.id
broker_addresses = local.kafka_cluster_broker_ips_cidr
}
}
resource "ionoscloud_kafka_cluster_topic" "example" {
cluster_id = ionoscloud_kafka_cluster.example.id
name = "kafka-cluster-topic"
location = ionoscloud_kafka_cluster.example.location
replication_factor = 1
number_of_partitions = 1
retention_time = 86400000
segment_bytes = 1073741824
}
- (Required)[string] The tag is used to distinguish different pipelines. Must be unique amongst the pipeline's array items.
protocol - (Required)[string] "Protocol to use as intake. Possible values are: http, tcp."
destinations - (Optional)[list] The configuration of the logs datastore, a list that contains elements with the following structure:
type - (Optional)[string] The internal output stream to send logs to.
retention_in_days - (Optional)[int] Defines the number of days a log record should be kept in loki. Works with loki destination type only. Can be one of: 7, 14, 30.
de/fra
,
de/fra/2
,
de/txl
,
fr/par
,
es/vit
,
gb/lhr
,
gb/bhx
,
us/las
,
us/mci
,
us/ewr
. If this is not set and if no value is provided for the
IONOS_API_URL
env var, the default
location
will be:
de/fra
.
cluster_id - (Required)[string] ID of the Kafka Cluster that the topic belongs to.
replication_factor - (Optional)[int] The number of replicas of the topic. The replication factor determines how many copies of the topic are stored on different brokers. The replication factor must be less than or equal to the number of brokers in the Kafka Cluster. Minimum value: 1. Default value: 3.
number_of_partitions - (Optional)[int] The number of partitions of the topic. Partitions allow for parallel processing of messages. The partition count must be greater than or equal to the replication factor. Minimum value: 1. Default value: 3.
retention_time - (Optional)[int] This configuration controls the maximum time we will retain a log before we will discard old log segments to free up space. This represents an SLA on how soon consumers must read their data. If set to -1, no time limit is applied. Default value: 604800000.
segment_bytes - (Optional)[int] This configuration controls the segment file size for the log. Retention and cleaning is always done a file at a time so a larger segment size means fewer files but less granular control over retention. Default value: 1073741824.
Dedicated Core Servers or are provisioned and hosted in one of IONOS' physical data centers. Dedicated Core Servers behave exactly like physical servers. They can be configured and managed with your choice of the operating system.
Check out .
Example Usage
This resource will create an operational server. After this section completes, the provisioner can be called.
Dedicated Core Server
With IPv6 Enabled
CUBE Server
Server that boots from CDROM
Argument reference
template_uuid - (Optional)[string] The UUID of the template for creating a CUBE server; the available templates for CUBE servers can be found on the templates resource
name - (Required)[string] The name of the server.
datacenter_id - (Required)[string] The ID of a Virtual Data Center.
hostname - (Optional)(Computed)[string] The hostname of the resource. Allowed characters are a-z, 0-9 and - (minus). Hostname should not start with minus and should not be longer than 63 characters. If no value provided explicitly, it will be populated with the name of the server
cores - (Optional)(Computed)[integer] Number of server CPU cores.
ram - (Optional)(Computed)[integer] The amount of memory for the server in MB.
image_name - (Optional)[string] The name, ID or alias of the image. May also be a snapshot ID. It is required if licence_type is not provided. Attribute is immutable.
availability_zone - (Optional)[string] The availability zone in which the server should exist. E.g: AUTO, ZONE_1, ZONE_2. This property is immutable.
licence_type - (Optional)[string] Sets the OS type of the server.
cpu_family - (Optional)[string] CPU architecture on which server gets provisioned; not all CPU architectures are available in all datacenter regions; available CPU architectures can be retrieved from the datacenter resource. E.g.: "INTEL_SKYLAKE" or "INTEL_XEON".
vm_state - (Optional)[string] Sets the power state of the server. E.g: RUNNING, SHUTOFF or SUSPENDED. SUSPENDED state is only valid for cube. SHUTOFF state is only valid for enterprise(dedicated core).
volume - (Optional) See the section.
nic - (Optional) See the section.
firewall - (Optional) Allows to define firewall rules inline in the server. See the section.
boot_volume - (Computed) The associated boot volume.
boot_cdrom - DEPRECATED Please refer to (Optional)(Computed)[string] The associated boot drive, if any. Must be the UUID of a bootable CDROM image that can be retrieved using the data source.
boot_image - (Optional)[string] The image or snapshot UUID / name. May also be an image alias. It is required if licence_type is not provided.
primary_nic - (Computed) The associated NIC.
primary_ip - (Computed) The associated IP address.
firewallrule_id - (Computed) The associated firewall rule.
firewallrule_ids - (Computed) The associated firewall rules.
ssh_key_path - (Optional)[list] List of absolute paths to files containing a public SSH key that will be injected into IonosCloud provided Linux images. Also accepts ssh keys directly. Required for IonosCloud Linux images. Required if image_password is not provided. Does not support ~ expansion to homedir in the given path. This property is immutable.
ssh_keys - (Optional)[list] Immutable List of absolute or relative paths to files containing public SSH key that will be injected into IonosCloud provided Linux images. Also accepts ssh keys directly. Public SSH keys are set on the image as authorized keys for appropriate SSH login to the instance using the corresponding private key. This field may only be set in creation requests. When reading, it always returns null. SSH keys are only supported if a public Linux image is used for the volume creation. Does not support ~ expansion to homedir in the given path.
image_password - (Optional)[string] Required if ssh_key_path is not provided.
type - (Optional)(Computed)[string] Server usages: * type - Server usages: now named dedicated core, or . This property is immutable.
label - (Optional)[set] A label can be seen as an object with only two required fields: key and value, both of the string type. Please check the example presented above to see how a label can be used in the plan. A server can have multiple labels.
key
inline_volume_ids - (Computed) A list with the IDs for the volumes that are defined inside the server resource.
security_groups_ids - (Optional) The list of Security Group IDs for the
allow_replace - (Optional)[bool] When set to true, allows the update of immutable fields by first destroying and then re-creating the server.
nic_multi_queue - (Optional)[bool] Activate or deactivate the Multi Queue feature on all NICs of the server. This feature is beneficial to enable when the NICs are experiencing performance issues (e.g. low throughput). Toggling this feature will also initiate a restart of the server. If the specified value is true, the feature will be activated; if it is not specified or set to false, the feature will be deactivated. The feature cannot be activated for CUBE servers.
⚠️ Warning: allow_replace - lets you update immutable fields, but it first destroys and then re-creates the server in order to do it. This field should be used with care, understanding the risks.
⚠ WARNING
Image_name under volume level is deprecated, please use image_name under server level ssh_key_path and ssh_keys fields are immutable.
⚠ WARNING
If you want to create a CUBE server, you have to provide the template_uuid. In this case you can not set cores, ram and volume.size arguments, these being mutually exclusive with template_uuid.
In all the other cases (ENTERPRISE servers) you have to provide values for cores, ram and volume size.
Import
Resource Server can be imported using the resource id and the datacenter id, e.g.. Passing only resource id and datacenter id means that the first nic found linked to the server will be attached to it.
Auto-generate the server resource in the generated.tf file using the following command:
The older syntax can be for importing the resource is still supported:
Optionally, you can pass primary_nic and firewallrule_id so terraform will know to import also the first nic and firewall rule (if it exists on the server):
Notes
Please note that for any secondary volume, you need to set the licence_type property to UNKNOWN
⚠️ Note: Important for deleting an firewall rule from within a list of inline resources defined on the same nic. There is one limitation to removing one firewall rule from the middle of the list of firewall rules. Terraform will actually modify the existing rules and delete the last one. More details here. There is a workaround described in the issue that involves moving the resources in the list prior to deletion. terraform state mv <resource-name>.<resource-id>[<i>] <resource-name>.<resource-id>[<j>]