Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Creates and manages IonosCloud Backup Units.
Manages a Backup Unit on IonosCloud.
The following arguments are supported:
name
- (Required)[string] The name of the Backup Unit. This argument is immutable.
password
- (Required)[string] The desired password for the Backup Unit
email
- (Required)[string] The email address assigned to the backup unit
login
- (Computed) The login associated with the backup unit. Derived from the contract number
A Backup Unit resource can be imported using its resource id
, e.g.
This can be helpful when you want to import backup units which you have already created manually or using other means, outside of terraform. Please note that you need to manually specify the password when first declaring the resource in terraform, as there is no way to retrieve the password from the Cloud API.
Please note that at the moment, Backup Units cannot be renamed
Please note that the password attribute is write-only, and it cannot be retrieved from the API when importing a ionoscloud_backup_unit. The only way to keep track of it in Terraform is to specify it on the resource to be imported, thus, making it a required attribute.
Creates and manages IonosCloud Autoscaling Group.
Manages an Autoscaling Group on IonosCloud.
The following arguments are supported:
max_replica_count
- (Required)[int] The maximum value for the number of replicas on a VM Auto Scaling Group. Must be >= 0 and <= 200. Will be enforced for both automatic and manual changes.
min_replica_count
- (Required)[int] The minimum value for the number of replicas on a VM Auto Scaling Group. Must be >= 0 and <= 200. Will be enforced for both automatic and manual changes.
target_replica_count
- (Optional)[int] The target number of VMs in this Group. Depending on the scaling policy, this number will be adjusted automatically. VMs will be created or destroyed automatically in order to adjust the actual number of VMs to this number. If targetReplicaCount is given in the request body then it must be >= minReplicaCount and <= maxReplicaCount.
name
- (Required)[string] User-defined name for the Autoscaling Group.
policy
- (Required)[List] Specifies the behavior of this Autoscaling Group. A policy consists of Triggers and Actions, whereby an Action is some kind of automated behavior, and a Trigger is defined by the circumstances under which the Action is triggered. Currently, two separate Actions, namely Scaling In and Out are supported, triggered through Thresholds defined on a given Metric.
metric
- (Required)[string] The Metric that should trigger the scaling actions. Metric values are checked at fixed intervals. Possible values: INSTANCE_CPU_UTILIZATION_AVERAGE
, INSTANCE_NETWORK_IN_BYTES
, INSTANCE_NETWORK_IN_PACKETS
, INSTANCE_NETWORK_OUT_BYTES
, INSTANCE_NETWORK_OUT_PACKETS
range
- (Optional)[string] Defines the time range, for which the samples will be aggregated. Default is 120s. Note that when you set it to values like 5m the API will automatically transform it in PT5M, so the plan will show you a diff in state that should be ignored.
scale_in_action
- (Required)[list] Specifies the action to take when the scaleInThreshold
is exceeded. Hereby, scaling in is always about removing VMs that are currently associated with this autoscaling group. Default termination policy is OLDEST_SERVER_FIRST.
amount
- (Required)[int] When amountType == ABSOLUTE
, this is the number of VMs removed in one step. When amountType == PERCENTAGE
, this is a percentage value, which will be applied to the autoscaling group's current targetReplicaCount
in order to derive the number of VMs that will be removed in one step. There will always be at least one VM removed. For SCALE_IN operation new volumes are NOT deleted after the server deletion.
amount_type
- (Required)[string] The type for the given amount. Possible values are: ABSOLUTE
, PERCENTAGE
.
termination_policy_type
- (Optional)[string] The type of the termination policy for the autoscaling group so that a specific pattern is followed for Scaling-In replicas. Default termination policy is OLDEST_SERVER_FIRST
. Possible values are: OLDEST_SERVER_FIRST
, NEWEST_SERVER_FIRST
, RANDOM
cooldown_period
- (Optional)[string] Minimum time to pass after this Scaling action has started, until the next Scaling action will be started. Additionally, if a Scaling action is currently in progress, no second Scaling action will be started for the same autoscaling group. Instead, the Metric will be re-evaluated after the current Scaling action is completed (either successfully or with failures). This is validated with a minimum value of 2 minutes and a maximum of 24 hours currently. Default value is 5 minutes if not given. Note that when you set it to values like 5m the API will automatically transform it in PT5M, so the plan will show you a diff in state that should be ignored.
delete_volumes
- (Required)[bool] If set to true
, when deleting a replica during scale in, any attached volume will also be deleted. When set to false
, all volumes remain in the datacenter and must be deleted manually. Note that every scale-out creates new volumes. When they are not deleted, they will eventually use all of your contracts resource limits. At this point, scaling out would not be possible anymore.
scale_in_threshold
- (Required)[int] A lower threshold on the value of metric
. Will be used with less than
(<) operator. Exceeding this will start a Scale-In Action as specified by the scaleInAction
property. The value must have a higher minimum delta to the scaleOutThreshold
depending on the metric
to avoid competitive actions at the same time.
scale_out_action
- (Required)[list] Specifies the action to take when the scaleOutThreshold
is exceeded. Hereby, scaling out is always about adding new VMs to this autoscaling group.
amount
- (Required)[int] When amountType=ABSOLUTE
specifies the absolute number of VMs that are added. The value must be between 1 to 10. amountType=PERCENTAGE
specifies the percentage value that is applied to the current number of replicas of the VM Auto Scaling Group. The value must be between 1 to 200. At least one VM is always added.
amount_type
- (Required)[string] The type for the given amount. Possible values are: ABSOLUTE
, PERCENTAGE
.
cooldown_period
- (Optional)[string] Minimum time to pass after this Scaling action has started, until the next Scaling action will be started. Additionally, if a Scaling action is currently in progress, no second Scaling action will be started for the same autoscaling group. Instead, the Metric will be re-evaluated after the current Scaling action is completed (either successfully or with failures). This is validated with a minimum value of 2 minutes and a maximum of 24 hours currently. Default value is 5 minutes if not given. Note that when you set it to values like 5m the API will automatically transform it in PT5M, so the plan will show you a diff in state that should be ignored.
scale_out_threshold
- (Required)[int] The upper threshold for the value of the metric
. Used with the greater than
(>) operator. A scale-out action is triggered when this value is exceeded, specified by the scaleOutAction
property. The value must have a lower minimum delta to the scaleInThreshold
, depending on the metric, to avoid competing for actions simultaneously. If properties.policy.unit=TOTAL
, a value >= 40 must be chosen.
unit
- (Required)[string] Units of the applied Metric. Possible values are: PER_HOUR
, PER_MINUTE
, PER_SECOND
, TOTAL
.
replica_configuration
- (Required)[List]
availability_zone
- (Required)[string] The zone where the VMs are created using this configuration. Possible values are: AUTO
, ZONE_1
, ZONE_2
.
cores
- (Required)[int] The total number of cores for the VMs.
cpu_family
- (Optional)[string] PU family for the VMs created using this configuration. If null, the VM will be created with the default CPU family for the assigned location. Possible values are: INTEL_SKYLAKE
, INTEL_XEON
.
nics
- (Optional)[set] List of NICs associated with this Replica.
lan
- (Required)[int] Lan ID for this replica Nic.
name
- (Required)[string] Name for this replica NIC.
dhcp
- (Optional)[bool] Dhcp flag for this replica Nic. This is an optional attribute with default value of true
if not given in the request payload or given as null.
firewall_active
- (Optional)[bool] Firewall active flag.
firewall_type
- (Optional)[string] The type of firewall rules that will be allowed on the NIC. Valid values: INGRESS EGRESS BIDIRECTIONAL. If not specified, the default INGRESS value is used.
firewall_rules
- (Optional)[list] List of firewall rules associated with this NIC.
protocol
- (Required)[string] The protocol for the rule: TCP, UDP, ICMP, ANY. Property cannot be modified after creation (disallowed in update requests).
name
- (Optional)[string] The name of the firewall rule.
source_mac
- (Optional)[string] Only traffic originating from the respective MAC address is allowed. Valid format: aa:bb:cc:dd:ee:ff. Value null allows all source MAC address. Valid format: aa:bb:cc:dd:ee:ff.
source_ip
- (Optional)[string] Only traffic originating from the respective IPv4 address is allowed. Value null allows all source IPs.
target_ip
- (Optional)[string] In case the target NIC has multiple IP addresses, only traffic directed to the respective IP address of the NIC is allowed. Value null allows all target IPs.
port_range_start
- (Optional)[int] Defines the start range of the allowed port (from 1 to 65534) if protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.
port_range_end
- (Optional)[int] Defines the end range of the allowed port (from 1 to 65534) if the protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.
icmp_type
- (Optional)[string] Defines the allowed code (from 0 to 254) if protocol ICMP is chosen. Value null allows all codes.
icmp_code
- (Optional)[int] Defines the allowed code (from 0 to 254) if protocol ICMP is chosen.
type
- (Optional)[string] The type of firewall rule. If is not specified, it will take the default value INGRESS.
flow_log
- (Optional)[list] Only 1 flow log can be configured. Only the name field can change as part of an update. Flow logs holistically capture network information such as source and destination IP addresses, source and destination ports, number of packets, amount of bytes, the start and end time of the recording, and the type of protocol – and log the extent to which your instances are being accessed.
action
- (Required)[string] Specifies the action to be taken when the rule is matched. Possible values: ACCEPTED, REJECTED, ALL. Immutable, forces re-creation.
bucket
- (Required)[string] Specifies the IONOS Object Storage bucket where the flow log data will be stored. The bucket must exist. Immutable, forces re-creation.
direction
- (Required)[string] Specifies the traffic direction pattern. Valid values: INGRESS, EGRESS, BIDIRECTIONAL. Immutable, forces re-creation.
name
- (Required)[string] Specifies the name of the flow log.
target_group
- (Optional)[list] In order to link VM to ALB, target group must be provided
target_group_id
(Required)[string] The ID of the target group.
weight
(Optional)[int] The weight of the target group.
port
(Optional)[int] The port of the target group.
ram
- (Required)[int] The amount of memory for the VMs in MB, e.g. 2048. Size must be specified in multiples of 256 MB with a minimum of 256 MB; however, if you set ramHotPlug to TRUE then you must use a minimum of 1024 MB. If you set the RAM size more than 240GB, then ramHotPlug will be set to FALSE and can not be set to TRUE unless RAM size not set to less than 240GB.
volume
- (Optional)[list] List of volumes associated with this Replica.
image
- (Optional)[string] The image installed on the volume. Only the UUID of the image is presently supported.
image_alias
- (Optional)[string] The image installed on the volume. Must be an imageAlias
as specified via the images API. Note that one of image
or imageAlias
must be set, but not both.
name
- (Required)[string] Name for this replica volume.
size
- (Required)[int] Name for this replica volume.
ssh_keys
- (Optional) List of ssh keys, supports values or paths to files. Cannot be changed at update.
type
- (Required)[string] Storage Type for this replica volume. Possible values: SSD
, HDD
, SSD_STANDARD
or SSD_PREMIUM
.
user_data
- (Optional)[string] User-data (Cloud Init) for this replica volume. Make sure you provide a Cloud Init compatible image in conjunction with this parameter.
image_password
- (Optional)[string] Image password for this replica volume.
bus
- (Optional)[string] The bus type of the volume. Default setting is VIRTIO
. The bus type IDE
is also supported.
backup_unit_id
- (Optional)[string] The uuid of the Backup Unit that user has access to. The property is immutable and is only allowed to be set on a new volume creation. It is mandatory to provide either public image
or imageAlias
in conjunction with this property.
boot_order
- (Optional)[string] Determines whether the volume will be used as a boot volume. Set to NONE, the volume will not be used as boot volume. Set to PRIMARY, the volume will be used as boot volume and set to AUTO will delegate the decision to the provisioning engine to decide whether to use the volume as boot volume. Notice that exactly one volume can be set to PRIMARY or all of them set to AUTO.
datacenter_id
- (Required)[string] Unique identifier for the resource
location
- (Computed) Location of the data center.
API Gateway is an application that acts as a "front door" for backend services and APIs, handling client requests and routing them to the appropriate backend.
An API gateway consists of the generic rules and configurations.
id
- (Computed)[string] The ID of the API Gateway.
name
- (Required)[string] The name of the API Gateway.
logs
- (Optional)[bool] Enable or disable logging. Defaults to false
. NOTE: Central Logging must be enabled through the Logging API to enable this feature.
metrics
- (Optional)[bool] Enable or disable metrics. Defaults to false
.
custom_domains
- (Optional)[list] Custom domains for the API Gateway, a list that contains elements with the following structure:
name
- (Required)[string] The domain name. Externally reachable.
certificate_id
- (Optional)[string] The certificate ID for the domain. Must be a valid certificate in UUID form.
public_endpoint
- (Computed)[string] The public endpoint of the API Gateway.
In order to import an API Gateway, you can define an empty API Gateway resource in the plan:
The resource can be imported using the gateway_id
, for example:
Creates and manages IonosCloud API Gateway Route objects.
Manages an API Gateway Route on IonosCloud.
This resource will create an operational API Gateway Route. After this section completes, the provisioner can be called.
id
- (Computed)[string] The ID of the API Gateway Route.
name
- (Required)[string] Name of the API Gateway Route. Only alphanumeric characters are allowed.
gateway_id
- (Required)[string] The ID of the API Gateway that the route belongs to.
type
- (Optional)[string] This field specifies the protocol used by the ingress to route traffic to the backend service. Default value: http
.
paths
- (Required)[list] The paths that the route should match. Minimum items: 1.
methods
- (Required)[list] The HTTP methods that the route should match. Minimum items: 1. Possible values: GET
, POST
, PUT
, DELETE
, PATCH
, OPTIONS
, HEAD
, CONNECT
, TRACE
.
websocket
- (Optional)[bool] To enable websocket support. Default value: false
.
upstreams
- (Required) Upstreams information of the API Gateway Route. Minimum items: 1.
scheme
- (Optional)[string] The target URL of the upstream. Default value: http
.
host
- (Required)[string] The host of the upstream.
port
- (Optional)[int] The port of the upstream. Default value: 80
.
loadbalancer
- (Optional)[string] The load balancer algorithm. Default value: roundrobin
.
weight
- (Optional)[int] Weight with which to split traffic to the upstream. Default value: 100
.
API Gateway route can be imported using the apigateway route id
:
Creates and manages Certificate Manager AutoCertificate objects.
Manages a CM AutoCertificate.
provider_id
- (Required)[string] The certificate provider used to issue the certificates.
location
- (Required)[string] The location of the auto-certificate.
common_name
- (Required)[string] The common name (DNS) of the certificate to issue. The common name needs to be part of a zone in IONOS Cloud DNS.
key_algorithm
- (Required)[string] The key algorithm used to generate the certificate.
name
- (Optional)[string] A certificate name used for management purposes.
subject_alternative_names
- (Optional)[list][string] Optional additional names to be added to the issued certificate. The additional names needs to be part of a zone in IONOS Cloud DNS.
last_issued_certificate_id
- (Computed)[string] The ID of the last certificate that was issued.
The resource can be imported using the auto_certificate_id
and the location
, separated by :
, e.g.
Creates and manages IonosCloud CDN Distributions.
Manages a CDN Distribution on IonosCloud.
The following arguments are supported:
domain
- (Required)[string] The domain of the distribution.
certificate_id
- (Required)[string] The ID of the certificate to use for the distribution. You can create certificates with the certificate resource.
routing_rules
- (Required)[list] The routing rules for the distribution.
scheme
- (Required)[string] The scheme of the routing rule.
prefix
- (Required)[string] The prefix of the routing rule.
upstream
- (Required)[map] - A map of properties for the rule
host
- (Required)[string] The upstream host that handles the requests if not already cached. This host will be protected by the WAF if the option is enabled.
caching
- (Required)[bool] Enable or disable caching. If enabled, the CDN will cache the responses from the upstream host. Subsequent requests for the same resource will be served from the cache.
waf
- (Required)[bool] Enable or disable WAF to protect the upstream host.
sni_mode
- (Required)[string] The SNI (Server Name Indication) mode of the upstream. It supports two modes: 1) distribution
: for outgoing connections to the upstream host, the CDN requires the upstream host to present a valid certificate that matches the configured domain of the CDN distribution; 2) origin
: for outgoing connections to the upstream host, the CDN requires the upstream host to present a valid certificate that matches the configured upstream/origin hostname.
rate_limit_class
- (Required)[string] Rate limit class that will be applied to limit the number of incoming requests per IP.
geo_restrictions
- (Optional)[map] - A map of geo_restrictions
allow_list
- (Optional)[string] List of allowed countries
block_list
- (Optional)[string] List of blocked countries
public_endpoint_v4
- IP of the distribution, it has to be included on the domain DNS Zone as A record.
public_endpoint_v6
- IP of the distribution, it has to be included on the domain DNS Zone as AAAA record.
resource_urn
- Unique resource indentifier.
Resource Distribution can be imported using the resource id
, e.g.
Creates and manages IonosCloud Container Registry.
Manages an Container Registry on IonosCloud.
The following arguments are supported:
name
- The name of the container registry. Immutable, update forces re-creation of the resource.
garbage_collection_schedule
- (Optional)[Map]
time
- (Required)[string]
days
- (Required)[list] Elements of list must have one of the values: Saturday
, Sunday
, Monday
, Tuesday
, Wednesday
, Thursday
, Friday
location
- (Required)[string] Immutable, update forces re-creation of the resource.
api_subnet_allow_list
- (Optional)[list] The subnet CIDRs that are allowed to connect to the registry. Specify "a.b.c.d/32" for an individual IP address. Note: If this list is empty or not set, there are no restrictions.
features
- (Optional)[Map]
vulnerability_scanning
- (Optional)[bool] Enables or disables the Vulnerability Scanning feature for the Container Registry. To disable this feature, set the attribute to false when creating the CR resource.
⚠ WARNING
Container Registry Vulnerability Scanning
is a paid feature which is enabled by default, and cannot be turned off after activation. To disable this feature for a Container Registry, ensurevulnerability_scanning
is set to false on resource creation.
Resource Container Registry can be imported using the resource id
, e.g.
Creates and manages a certificate.
Manages a Certificate on IonosCloud.
NOTE: You can also provide the values as multiline strings, as seen below:
The following arguments are supported:
name
- (Required)[string] The certificate name
certificate
- (Required)[string] The certificate body. Pem encoded. Immutable.
private_key
- (Required)[string] The certificate private key. Immutable. Sensitive.
certificate_chain
- (Optional)[string] The certificate chain. Pem encoded. Immutable.
Resource certificate can be imported using the resource id
, e.g.
Creates and manages IonosCloud Cube Server objects.
Manages a Cube Server on IonosCloud.
This resource will create an operational server. After this section completes, the provisioner can be called.
template_uuid
- (Required)[string] The UUID of the template for creating a CUBE server; the available templates for CUBE servers can be found on the templates resource
name
- (Required)[string] The name of the server.
datacenter_id
- (Required)[string] The ID of a Virtual Data Center.
hostname
- (Optional)(Computed) The hostname of the resource. Allowed characters are a-z, 0-9 and - (minus). Hostname should not start with minus and should not be longer than 63 characters. If no value provided explicitly, it will be populated with the name of the server
image_name
- (Optional)[string] The name, ID or alias of the image. May also be a snapshot ID. It is required if licence_type
is not provided. Attribute is immutable.
availability_zone
- (Optional)[string] The availability zone in which the server should exist. This property is immutable.
licence_type
- (Optional)[string] Sets the OS type of the server.
vm_state
- (Optional)[string] Sets the power state of the cube server. E.g: RUNNING
or SUSPENDED
.
volume
- (Required) See the Volume section.
nic
- (Required) See the Nic section.
boot_volume
- (Computed) The associated boot volume.
boot_cdrom
- DEPRECATED Please refer to ionoscloud_server_boot_device_selection (Optional)[string] The associated boot drive, if any. Must be the UUID of a bootable CDROM image that can be retrieved using the ionoscloud_image data source.
boot_image
- (Optional)[string] The image or snapshot UUID / name. May also be an image alias. It is required if licence_type
is not provided.
primary_nic
- (Computed) The associated NIC.
primary_ip
- (Computed) The associated IP address.
firewallrule_id
- (Computed) The associated firewall rule.
ssh_key_path
- (Optional)[list] List of paths to files containing a public SSH key that will be injected into IonosCloud provided Linux images. Required for IonosCloud Linux images. Required if image_password
is not provided.
image_password
- (Optional)[string] Required if ssh_key_path
is not provided.
security_groups_ids
- (Optional) The list of Security Group IDs for the resource.
allow_replace
- (Optional)[bool] When set to true, allows the update of immutable fields by first destroying and then re-creating the server.
⚠️ Warning: allow_replace
- lets you update immutable fields, but it first destroys and then re-creates the server in order to do it. This field should be used with care, understanding the risks.
⚠ WARNING
Image_name under volume level is deprecated, please use image_name under server level
⚠ WARNING
For creating a CUBE server, you can not set
volume.size
argument.
Resource Server can be imported using the resource id
and the datacenter id
, e.g.
Please note that for any secondary volume, you need to set the licence_type property to UNKNOWN
Links a Network Security Group to a IonosCloud datacenter.
Links a Network Security Group to a IonosCloud datacenter. The datacenter can only have one linked NSG. To set a new NSG for the datacenter, the current one will be unlinked.
A Network Security Group can be linked to a ionoscloud_datacenter
with this resource. Deleting the resource will unlink the NSG from the datacenter.
datacenter_id
- (Required)[string] The ID of a Virtual Data Center.
nsg_id
- (Required)[string] The ID of a Network Security Group.
Creates and manages IonosCloud Application Load Balancer Forwarding Rule.
Manages an Application Load Balancer Forwarding Rule on IonosCloud.
The following arguments are supported:
datacenter_id
- (Required)[string] The ID of a Virtual Data Center.
application_loadbalancer_id
- (Required)[string] The ID of Application Load Balancer.
name
- (Required)[string] The name of the Application Load Balancer forwarding rule.
protocol
- (Required)[string] Balancing protocol.
listener_ip
- (Required)[string] Listening (inbound) IP.
listener_port
- (Required)[int] Listening (inbound) port number; valid range is 1 to 65535.
client_timeout
- (Optional)[int] The maximum time in milliseconds to wait for the client to acknowledge or send data; default is 50,000 (50 seconds).
http_rules
- (Optional)[list] Array of items in that collection
name
- (Required)[string] The unique name of the Application Load Balancer HTTP rule.
type
- (Required)[string] Type of the Http Rule.
target_group
- (Optional)[string] The UUID of the target group; mandatory for FORWARD action.
drop_query
- (Optional)[bool] Default is false; valid only for REDIRECT actions.
location
- (Optional)[string] The location for redirecting; mandatory and valid only for REDIRECT actions.
status_code
- (Optional)[int] Valid only for REDIRECT and STATIC actions. For REDIRECT actions, default is 301 and possible values are 301, 302, 303, 307, and 308. For STATIC actions, default is 503 and valid range is 200 to 599.
response_message
- (Optional)[string] The response message of the request; mandatory for STATIC action.
content_type
- (Optional)[string] Valid only for STATIC actions.
conditions
- (Optional)[list] - An array of items in the collection.The action is only performed if each and every condition is met; if no conditions are set, the rule will always be performed.
type
- (Required)[string] Type of the Http Rule condition.
condition
- (Required)[string] Matching rule for the HTTP rule condition attribute; mandatory for HEADER, PATH, QUERY, METHOD, HOST, and COOKIE types; must be null when type is SOURCE_IP.
negate
- (Optional)[bool] Specifies whether the condition is negated or not; the default is False.
key
- (Optional)[string] Must be null when type is PATH, METHOD, HOST, or SOURCE_IP. Key can only be set when type is COOKIES, HEADER, or QUERY.
value
- (Optional)[string] Mandatory for conditions CONTAINS, EQUALS, MATCHES, STARTS_WITH, ENDS_WITH; must be null when condition is EXISTS; should be a valid CIDR if provided and if type is SOURCE_IP.
Resource Application Load Balancer Forwarding Rule can be imported using the resource id
, alb id
and datacenter id
, e.g.
Creates and manages Dataplatform Cluster objects.
Manages a Dataplatform Cluster.
datacenter_id
- (Required)[string] The UUID of the virtual data center (VDC) the cluster is provisioned.
name
- (Required)[string] The name of your cluster. Must be 63 characters or less and must be empty or begin and end with an alphanumeric character ([a-z0-9A-Z]). It can contain dashes (-), underscores (_), dots (.), and alphanumerics in-between.
version
- (Optional)[int] The version of the Data Platform.
maintenance_window
- (Optional) Starting time of a weekly 4 hour-long window, during which maintenance might occur in hh:mm:ss format
day_of_the_week
- (Required)[string] Must be set with one the values Monday
, Tuesday
, Wednesday
, Thursday
, Friday
, Saturday
or Sunday
.
lans
- (Optional)[list] A list of LANs you want this node pool to be part of.
lan_id
- (Required)[string] The LAN ID of an existing LAN at the related data center.
dhcp
- (Optional)[bool] Indicates if the Kubernetes node pool LAN will reserve an IP using DHCP. The default value is 'true'.
routes
- (Optional)[list] An array of additional LANs attached to worker nodes.
gateway
- (Required)[string] IPv4 or IPv6 gateway IP for the route.
network
- (Required)[string] IPv4 or IPv6 CIDR to be routed via the interface.
Resource Dataplatform Cluster can be imported using the cluster_id
, e.g.
Creates and manages IonosCloud Container Registry Token.
Manages an Container Registry Token on IonosCloud.
The following arguments are supported:
name
- (Required)[string] The name of the container registry token. Immutable, update forces re-creation of the resource.
expiry-date
- (Optional)[string] The value must be supplied as ISO 8601 timestamp
scopes
- (Optional)[map]
actions
- (Required)[string] Example: ["pull", "push", "delete"]
name
- (Required)[string]
type
- (Required)[string]
status
- (Optional)[string] Must have on of the values: enabled
, disabled
save_password_to_file
- (Optional)[string] Saves token password to file. Only works on create. Takes as argument a file name, or a file path
⚠ WARNING
save_password_to_file
must be used with caution. It will save the password(token) returned on create to a file. This is the only way to get the token.
Resource Container Registry Token can be imported using the container registry id
and resource id
, e.g.
Creates and manages Certificate Manager provider objects.
Manages a CM provider.
name
- (Required)[string] The name of the certificate provider.
email
- (Required)[string] The email address of the certificate requester.
location
- (Optional)[string] The location of the provider.
server
- (Required)[string] The URL of the certificate provider.
external_account_binding
- (Optional)[list] External account binding details.
key_id
- (Required)[string] The key ID of the external account binding.
key_secret
- (Required)[string] The key secret of the external account binding
The resource can be imported using the provider_id
and the location
, separated by :
, e.g.
Creates and manages Dataplatform Node Pool objects.
cluster_id
- (Required)[string] The UUID of an existing Dataplatform cluster.
name
- (Required)[string] The name of your node pool. Must be 63 characters or less and must be empty or begin and end with an alphanumeric character ([a-z0-9A-Z]). It can contain dashes (-), underscores (_), dots (.), and alphanumerics in-between.
node_count
- (Required)[int] The number of nodes that make up the node pool. Must be set with a minimum value of 1.
cpu_family
- (Optional)[string] A valid CPU family name or AUTO
if the platform shall choose the best fitting option. Available CPU architectures can be retrieved from the datacenter resource. The default value is AUTO
.
cores_count
- (Optional)[int] The number of CPU cores per node. Must be set with a minimum value of 1. The default value is 4
.
ram_size
- (Optional)[int] The RAM size for one node in MB. Must be set in multiples of 1024
MB, with a minimum size is of 2048
MB. The default value is 4096
.
availability_zone
- (Optional)[string] The availability zone of the virtual datacenter region where the node pool resources should be provisioned. Must be set with one of the values AUTO
, ZONE_1
or ZONE_2
. The default value is AUTO
.
storage_type
- (Optional)[int] The type of hardware for the volume. Must be set with one of the values HDD
or SSD
. The default value is SSD
.
storage_size
- (Optional)[int] The size of the volume in GB. The size must be greater than 10
GB. The default value is 20
.
maintenance_window
- (Optional) Starting time of a weekly 4 hour-long window, during which maintenance might occur in hh:mm:ss format
day_of_the_week
- (Required)[string] Must be set with one the values Monday
, Tuesday
, Wednesday
, Thursday
, Friday
, Saturday
or Sunday
.
auto_scaling
- (Optional)[string] Whether the Node Pool should autoscale. For more details, please check the API documentation
min_node_count
- (Optional)[int] The minimum number of worker nodes the node pool can scale down to. Should be less than max_node_count
max_node_count
- (Optional)[int] The maximum number of worker nodes that the node pool can scale to. Should be greater than min_node_count
A Dataplatform Node Pool resource can be imported using its cluster's UUID as well as its own UUID, e.g.:
Creates and manages IonosCloud Application Load Balancer.
Manages an Application Load Balancer on IonosCloud.
The following arguments are supported:
datacenter_id
- (Required)[string] ID of the datacenter.
name
- (Required)[string] The name of the Application Load Balancer.
listener_lan
- (Required)[int] ID of the listening (inbound) LAN.
ips
- (Optional)[set] Collection of the Application Load Balancer IP addresses. (Inbound and outbound) IPs of the listenerLan are customer-reserved public IPs for the public Load Balancers, and private IPs for the private Load Balancers.
target_lan
- (Required)[int] ID of the balanced private target LAN (outbound).
lb_private_ips
- (Optional)[set] Collection of private IP addresses with the subnet mask of the Application Load Balancer. IPs must contain valid a subnet mask. If no IP is provided, the system will generate an IP with /24 subnet.
central_logging
- (Optional)[bool] Turn logging on and off for this product. Default value is 'false'.
logging_lormat
- (Optional)[string] Specifies the format of the logs.
flowlog
- (Optional)[list] Only 1 flow log can be configured. Only the name field can change as part of an update. Flow logs holistically capture network information such as source and destination IP addresses, source and destination ports, number of packets, amount of bytes, the start and end time of the recording, and the type of protocol – and log the extent to which your instances are being accessed.
action
- (Required)[string] Specifies the action to be taken when the rule is matched. Possible values: ACCEPTED, REJECTED, ALL. Immutable, forces re-creation.
bucket
- (Required)[string] Specifies the IONOS Object Storage bucket where the flow log data will be stored. The bucket must exist. Immutable, forces re-creation.
direction
- (Required)[string] Specifies the traffic direction pattern. Valid values: INGRESS, EGRESS, BIDIRECTIONAL. Immutable, forces re-creation.
name
- (Required)[string] Specifies the name of the flow log.
⚠️ Note:: Removing the flowlog
forces re-creation of the application load balancer resource.
Resource Application Load Balancer can be imported using the resource id
and datacenter id
, e.g.
Creates and manages IonosCloud Virtual Data Center.
Manages a Virtual Data Center on IonosCloud.
ionoscloud_datacenter_nsg_selection
and provide the IDs of the NSG and Datacenter to link them.nsg_id
field will de-attach any previously linked NSG from the Datacenter.The following arguments are supported:
name
- (Required)[string] The name of the Virtual Data Center.
location
- (Required)[string] The regional location where the Virtual Data Center will be created. This argument is immutable.
description
- (Optional)[string] Description for the Virtual Data Center.
sec_auth_protection
- (Optional) [bool] Boolean value representing if the data center requires extra protection e.g. two factor protection
version
- (Computed) The version of that Data Center. Gets incremented with every change
features
- (Computed) List of features supported by the location this data center is part of
ipv6_cidr_block
- (Computed) The automatically-assigned /56 IPv6 CIDR block if IPv6 is enabled on this virtual data center
cpu_architecture
- (Computed) Array of features and CPU families available in a location
cpu_family
- A valid CPU family name
max_cores
- The maximum number of cores available
max_ram
- The maximum number of RAM in MB
vendor
- A valid CPU vendor name
Resource Datacenter can be imported using the resource id
, e.g.
server_certificates
- (Optional)[list] Array of certificate ids. You can create certificates with the resource.
time
- (Required)[string] Time at which the maintenance should start. Must conform to the 'HH:MM:SS' 24-hour format. This pattern matches the "HH:MM:SS 24-hour format with leading 0" format. For more information take a look at .
time
- (Required)[string] Time at which the maintenance should start. Must conform to the 'HH:MM:SS' 24-hour format. This pattern matches the "HH:MM:SS 24-hour format with leading 0" format. For more information take a look at .
labels
- (Optional)[map] Key-value pairs attached to the node pool resource as .
annotations
- (Optional)[map] Key-value pairs attached to node pool resource as .
Creates and manages DbaaS Postgres Database objects.
Manages a DbaaS PgSql Database.
Create a PgSQL
cluster as presented in the documentation for the cluster, then define a database resource and link it with the previously created cluster:
cluster_id
- (Required)[string] The unique ID of the cluster.
name
- (Required)[string] The name of the database.
owner
- (Required)[string] The owner of the database.
In order to import a PgSql database, you can define an empty database resource in the plan:
The resource can be imported using the clusterId
and the name
, for example:
Creates and manages DBaaS InMemoryDB Replica Set objects.
Manages a DBaaS InMemoryDB Replica Set.
display_name
- (Required)[string] The human-readable name of your replica set.
location
- (Optional)[string] The location of your replica set. Updates to the value of the field force the replica set to be re-created. If this is not set and if no value is provided for the IONOS_API_URL
env var, the default location
will be: de/fra
.
version
- (Required)[string] The InMemoryDB version of your replica set.
replicas
- (Required)[int] The total number of replicas in the replica set (one active and n-1 passive). In case of a standalone instance, the value is 1. In all other cases, the value is > 1. The replicas will not be available as read replicas, they are only standby for a failure of the active instance.
resources
- (Required)[object] The resources of the individual replicas.
cores
- (Required)[int] The number of CPU cores per instance.
ram
- (Required)[int] The amount of memory per instance in gigabytes (GB).
storage
- (Computed)[int] The size of the storage in GB. The size is derived from the amount of RAM and the persistence mode and is not configurable.
persistence_mode
- (Required)[string] Specifies How and If data is persisted, possible values are:
None
- Data is inMemory only and will not be persisted. Useful for cache only applications.
AOF
- (Append Only File) AOF persistence logs every write operation received by the server. These operations can then be replayed again at server startup, reconstructing the original dataset. Commands are logged using the same format as the InMemoryDB protocol itself.
RDB
- RDB persistence performs snapshots of the current in memory state.
RDB_AOF
- Both RDB and AOF persistence are enabled.
eviction_policy
- (Required)[string] The eviction policy for the replica set, possible values are:
noeviction
- No eviction policy is used. InMemoryDB will never remove any data. If the memory limit is reached, an error will be returned on write operations.
allkeys-lru
- The least recently used keys will be removed first.
allkeys-lfu
- The least frequently used keys will be removed first.
allkeys-random
- Random keys will be removed.
volatile-lru
- The least recently used keys will be removed first, but only among keys with the expire
field set to true
.
volatile-lfu
- The least frequently used keys will be removed first, but only among keys with the expire
field set to true
.
volatile-random
- Random keys will be removed, but only among keys with the expire
field set to true
.
volatile-ttl
- The key with the nearest time to live will be removed first, but only among keys with the expire
field set to true
.
connections
- (Required)[object] The network connection for your replica set. Only one connection is allowed. Updates to the value of the fields force the replica set to be re-created.
datacenter_id
- (Required)[string] The datacenter to connect your instance to.
lan_id
- (Required)[string] The numeric LAN ID to connect your instance to.
cidr
- (Required)[string] The IP and subnet for your instance. Note the following unavailable IP ranges: 10.233.64.0/18, 10.233.0.0/18, 10.233.114.0/24.
credentials
- (Required)[object] Credentials for the InMemoryDB replicaset, only one type of password can be used since they are mutually exclusive. These values are used to create the initial InMemoryDB user, updating any of these will force recreation of the replica set resource.
username
- (Required)[string] The username for the initial InMemoryDB user. Some system usernames are restricted (e.g. 'admin', 'standby').
plain_text_password
- (Optional)[string] The password for a InMemoryDB user, this is a field that is marked as Sensitive
.
hashed_password
- (Optional)[object] The hashed password for a InMemoryDB user.
algorithm
- (Required)[string] The value can be only: "SHA-256".
hash
- (Required)[string] The hashed password.
maintenance_window
- (Optional)(Computed) A weekly 4 hour-long window, during which maintenance might occur.
time
- (Required)[string] Start of the maintenance window in UTC time.
day_of_the_week
- (Required)[string] The name of the week day.
initial_snapshot_id
- (Optional)[string] The ID of a snapshot to restore the replica set from. If set, the replica set will be created from the snapshot.
dns_name
- (Computed)[string] The DNS name pointing to your replica set. Will be used to connect to the active/standalone instance.
⚠ NOTE:
IONOS_API_URL_INMEMORYDB
can be used to set a custom API URL for the resource.location
field needs to be empty, otherwise it will override the custom API URL. Settingtoken
orIONOS_API_URL
does not have any effect.
Resource DBaaS InMemoryDB Replica Set can be imported using the replicaset_id
and the location
, separated by :
, e.g:
Creates and manages DbaaS MongoDB Cluster objects.
Manages a DbaaS Mongo Cluster.
Enterprise Support: With MongoDB Enterprise, you gain access to professional support from the MongoDB team ensuring that you receive timely assistance and expert guidance when needed. IONOS offers enterprise-grade Service Level Agreements (SLAs), guaranteeing rapid response times and 24/7 support to address any critical issues that may arise.
edition
- (Optional)(Computed)[string] Cluster edition. Playground, business or enterprise.
mongodb_version
- (Required)[string] The MongoDB version of your cluster. Updates to the value of the field force the cluster to be re-created.
template_id
- (Optional)[string] The unique ID of the template, which specifies the number of cores, storage size, and memory. Updates to the value of the field force the cluster to be re-created. Required for playground and business editions. Must not be provided for enterprise edition.
instances
- (Required)[int] The total number of instances in the cluster (one master and n-1 standbys). Example: 1, 3, 5, 7. Updates to the value of the field force the cluster to be re-created.
display_name
- (Required)[string] The name of your cluster. Updates to the value of the field force the cluster to be re-created.
location
- (Required)[string] The physical location where the cluster will be created. Property cannot be modified after datacenter creation (disallowed in update requests). Available locations: de/txl, gb/lhr, es/vit. Update forces cluster re-creation.
connections
- (Required)[List] Details about the network connection for your cluster. Updates to the value of the field force the cluster to be re-created.
datacenter_id
- (Required)[string] The datacenter to connect your cluster to.
lan_id
- (Required)[string] The LAN to connect your cluster to.
cidr_list
- (Required)[List] The list of IPs and subnet for your cluster. Note the following unavailable IP ranges:10.233.64.0/18, 10.233.0.0/18, 10.233.114.0/24. example: [192.168.1.100/24, 192.168.1.101/24]. See Private IPs and Cluster Setup - Preparing the network.
maintenance_window
- (Optional)(Computed) A weekly 4 hour-long window, during which maintenance might occur. Updates to the value of the field force the cluster to be re-created.
time
- (Required)[string]
day_of_the_week
- (Required)[string]
connection_string
- (Computed)[string] The physical location where the cluster will be created. This will be where all of your instances live. Updates to the value of the field force the cluster to be re-created. Available locations: de/txl, gb/lhr, es/vit
ram
- (Optional)(Computed)[int]The amount of memory per instance in megabytes. Required for enterprise edition.
storage_size
- (Optional)(Computed)[int] The amount of storage per instance in MB. Required for enterprise edition.
storage_type
- (Optional)(Computed)[String] The storage type used in your cluster. Required for enterprise edition.
cores
- (Optional)(Computed)[int] The number of CPU cores per replica. Required for enterprise edition.
shards
- (Optional)[int]The total number of shards in the cluster.
type
- (Optional)(Computed)[string]The cluster type, either replicaset
or sharded-cluster
.
bi_connector
- (Optional)(Computed)The MongoDB Connector for Business Intelligence allows you to query a MongoDB database using SQL commands to aid in data analysis.
enabled
: (Optional)[bool] - The status of the BI Connector. If not set, the BI Connector is disabled.
host
: (Computed)[string] - The host where this new BI Connector is installed.
port
: (Computed)[string] - Port number used when connecting to this new BI Connector.
backup
- (Optional)[list]
location
: (Optional)[string] - The location where the cluster backups will be stored. If not set, the backup is stored in the nearest location of the cluster. Possible values are de, eu-south-2, or eu-central-2.
Resource DbaaS MongoDb Cluster can be imported using the cluster_id
, e.g.
Creates and manages DbaaS Postgres User objects.
Manages a DbaaS PgSql User.
Create a PgSQL
cluster as presented in the documentation for the cluster, then define a user resource and link it with the previously created cluster:
cluster_id
- (Required)[string] The unique ID of the cluster. Updates to the value of the field force the cluster to be re-created.
username
- (Required)[string] Used for authentication. Updates to the value of the field force the cluster to be re-created.
password
- (Required)[string] User password.
is_system_user
- (Computed)[bool] Describes whether this user is a system user or not. A system user cannot be updated or deleted.
In order to import a PgSql user, you can define an empty user resource in the plan:
The resource can be imported using the clusterId
and the username
, for example:
Creates and manages DBaaS MariaDB Cluster objects.
Manages a DBaaS MariaDB Cluster.
mariadb_version
- (Required)[string] The MariaDB version of your cluster. Cannot be downgraded.
instances
- (Required)[int] The total number of instances in the cluster (one primary and n-1 secondary).
location
- (Optional)[string] The location in which the cluster will be created. Different service endpoints are used based on location, possible options are: "de/fra", "de/txl", "es/vit", "fr/par", "gb/lhr", "us/ewr", "us/las", "us/mci". If not set, the endpoint will be the one corresponding to "de/txl".
cores
- (Required)[int] The number of CPU cores per instance.
ram
- (Required)[int] The amount of memory per instance in gigabytes (GB).
storage_size
- (Required)[int] The amount of storage per instance in gigabytes (GB).
connections
- (Required) The network connection for your cluster. Only one connection is allowed.
datacenter_id
- (Required)[true] The datacenter to connect your cluster to.
lan_id
- (Required)[true] The numeric LAN ID to connect your cluster to.
cidr
- (Required)[true] The IP and subnet for the database. Note the following unavailable IP ranges: 10.233.64.0/18, 10.233.0.0/18, 10.233.114.0/24. Please enter in the correct format like IP/Subnet, exp: 192.168.10.0/24. See Private IPs and Configuring the network.
display_name
- (Required)[string] The friendly name of your cluster.
maintenance_window
- (Optional)(Computed) A weekly 4 hour-long window, during which maintenance might occur
time
- (Required)[string] Start of the maintenance window in UTC time.
day_of_the_week
- (Required)[string] The name of the week day.
credentials
- (Required) Credentials for the database user to be created.
username
- (Required)[string] The username for the initial MariaDB user. Some system usernames are restricted (e.g 'mariadb', 'admin', 'standby').
password
- (Required)[string] The password for a MariaDB user.
dns_name
- (Computed)[string] The DNS name pointing to your cluster.
⚠ WARNING:
IONOS_API_URL_MARIADB
can be used to set a custom API URL for the MariaDB Cluster.location
field needs to be empty, otherwise it will override the custom API URL. Settingtoken
orIONOS_API_URL
does not have any effect.
Resource DBaaS MariaDB Cluster can be imported using the cluster_id
and the location
, separated by :
, e.g.
Creates and manages DNS Record objects.
Manages a DNS Record.
⚠️ Only tokens are accepted for authorization in the ionoscloud_dns_record resource. Please ensure you are using tokens as other methods will not be valid.
name
- (Required)[string] The name of the DNS Record.
type
- (Required)[string] The type of the DNS Record, can have one of these values: A, AAAA, CNAME, ALIAS, MX, NS, SRV, TXT, CAA, SSHFP, TLSA, SMIMEA, DS, HTTPS, SVCB, OPENPGPKEY, CERT, URI, RP, LOC
. More details about types can be found here.
content
- (Required)[string] The content of the DNS Record.
ttl
- (Optional)[int] Time to live for the DNS Record. Default is 3600
.
priority
- (Optional)[int] The priority for the DNS Record.
enabled
- (Optional)[bool] Indicates if the DNS Record is active or not. Default is true
.
zone_id
- (Required)[string] The DNS Zone ID in which the DNS Record will be created.
In order to import a DNS Record, you can define an empty DNS Record resource in the plan:
The resource can be imported using the zone_id
and the record_id
, for example:
Creates and manages DbaaS Postgres Cluster objects.
Manages a DbaaS PgSql Cluster.
postgres_version
- (Required)[string] The PostgreSQL version of your cluster.
instances
- (Required)[int] The total number of instances in the cluster (one master and n-1 standbys)
cores
- (Required)[int] The number of CPU cores per replica.
ram
- (Required)[int] The amount of memory per instance in megabytes. Has to be a multiple of 1024.
storage_size
- (Required)[int] The amount of storage per instance in MB. Has to be a multiple of 2048.
storage_type
- (Required)[string] SSD, SSD Standard, SSD Premium, or HDD. Value "SSD" is deprecated, use the equivalent "SSD Premium" instead. This attribute is immutable(disallowed in update requests).
connection_pooler
- (Optional)[object]
enabled
- (Required)[bool]
pool_mode
- (Required)[string] Represents different modes of connection pooling for the connection pooler.
connections
- (Required)[string] Details about the network connection for your cluster.
datacenter_id
- (Required)[true] The datacenter to connect your cluster to.
lan_id
- (Required)[true] The LAN to connect your cluster to.
cidr
- (Required)[true] The IP and subnet for the database. Note the following unavailable IP ranges: 10.233.64.0/18, 10.233.0.0/18, 10.233.114.0/24. Please enter in the correct format like IP/Subnet, exp: 192.168.10.0/24. See Private IPs and Configuring the network.
location
- (Required)[string] The physical location where the cluster will be created. This will be where all of your instances live. Property cannot be modified after datacenter creation. Possible values are: de/fra
, de/txl
, gb/lhr
, es/vit
, us/ewr
, us/las
. This attribute is immutable(disallowed in update requests).
backup_location
- (Optional)(Computed)[string] The IONOS Object Storage location where the backups will be stored. Possible values are: de
, eu-south-2
, eu-central-2
. This attribute is immutable (disallowed in update requests).
display_name
- (Required)[string] The friendly name of your cluster.
maintenance_window
- (Optional)(Computed) A weekly 4 hour-long window, during which maintenance might occur
time
- (Required)[string]
day_of_the_week
- (Required)[string]
credentials
- (Required)[string] Credentials for the database user to be created. This attribute is immutable(disallowed in update requests).
username
- (Required)[string] The username for the initial postgres user. Some system usernames are restricted (e.g. "postgres", "admin", "standby")
password
- (Required)[string]
synchronization_mode
- (Required) [string] Represents different modes of replication. Can have one of the following values: ASYNCHRONOUS, SYNCHRONOUS, STRICTLY_SYNCHRONOUS. This attribute is immutable(disallowed in update requests).
from_backup
- (Optional)[string] The unique ID of the backup you want to restore. This attribute is immutable(disallowed in update requests).
backup_id
- (Required)[string] The unique ID of the backup you want to restore.
recovery_target_time
- (Optional)[string] If this value is supplied as ISO 8601 timestamp, the backup will be replayed up until the given timestamp. If empty, the backup will be applied completely.
dns_name
- (Computed)[string] The DNS name pointing to your cluster.
Resource DbaaS Postgres Cluster can be imported using the cluster_id
, e.g.
Creates and manages DbaaS MongoDB users.
Manages a DbaaS Mongo User. .
cluster_id
- (Required)[string] The unique ID of the cluster. Updates to the value of the field force the cluster to be re-created.
username
- (Required)[string] Used for authentication. Updates to the value of the field force the cluster to be re-created.
database
- (Required)[string] The user database to use for authentication. Updates to the value of the field force the cluster to be re-created.
password
- (Required)[string] User password. Updates to the value of the field force the cluster to be re-created.
roles
- (Required)[string] a list of mongodb user roles. Updates to the value of the field force the cluster to be re-created.
role
- (Required)[true] Mongodb user role. Examples: read, readWrite, readAnyDatabase, readWriteAnyDatabase, dbAdmin, dbAdminAnyDatabase, clusterMonitor.
database
- (Required)[true] Database on which to apply the role.
NOTE: MongoDb users do not support update at the moment. Changing any attribute will result in the user being re-created.
Resource DBaaS MongoDB User can be imported using the clusterID
and the username
. First, define an empty resource in the plan:
Then you can import the user using the following command:
Creates and manages DNS Zone objects.
Manages a DNS Zone.
⚠️ Only tokens are accepted for authorization in the ionoscloud_dns_zone resource. Please ensure you are using tokens as other methods will not be valid.
name
- (Required)[string] The name of the DNS Zone.
description
- (Optional)[string] The description for the DNS Zone.
enabled
- (Optional)[bool] Indicates if the DNS Zone is active or not. Default is true
.
In order to import a DNS Zone, you can define an empty DNS Zone resource in the plan:
The resource can be imported using the zone_id
, for example:
Creates and manages IonosCloud Kubernetes Clusters.
Manages a Managed Kubernetes Cluster on IonosCloud.
The following arguments are supported:
name
- (Required)[string] The name of the Kubernetes Cluster.
k8s_version
- (Optional)[string] The desired Kubernetes Version. For supported values, please check the API documentation. Downgrades are not supported. The provider will ignore downgrades of patch level.
maintenance_window
- (Optional) A maintenance window comprise of a day of the week and a time for maintenance to be allowed
time
- (Required)[string] A clock time in the day when maintenance is allowed
day_of_the_week
- (Required)[string] Day of the week when maintenance is allowed
viable_node_pool_versions
- (Computed)[list] List of versions that may be used for node pools under this cluster
api_subnet_allow_list
- (Optional)[list] Access to the K8s API server is restricted to these CIDRs. Cluster-internal traffic is not affected by this restriction. If no allowlist is specified, access is not restricted. If an IP without subnet mask is provided, the default value will be used: 32 for IPv4 and 128 for IPv6.
s3_buckets
- (Optional)[list] List of IONOS Object Storage buckets configured for K8s usage. For now it contains only an IONOS Object Storage bucket used to store K8s API audit logs.
public
- (Optional)[boolean] Indicates if the cluster is public or private. This attribute is immutable.
nat_gateway_ip
- (Optional)[string] The NAT gateway IP of the cluster if the cluster is private. This attribute is immutable. Must be a reserved IP in the same location as the cluster's location. This attribute is mandatory if the cluster is private.
node_subnet
- (Optional)[string] The node subnet of the cluster, if the cluster is private. This attribute is optional and immutable. Must be a valid CIDR notation for an IPv4 network prefix of 16 bits length.
location
- (Optional)[string] This attribute is mandatory if the cluster is private. The location must be enabled for your contract, or you must have a data center at that location. This property is not adjustable.
allow_replace
- (Optional)[bool] When set to true, allows the update of immutable fields by first destroying and then re-creating the cluster.
⚠️ Warning: allow_replace
- lets you update immutable fields, but it first destroys and then re-creates the cluster in order to do it. Set the field to true only if you know what you are doing.
A Kubernetes Cluster resource can be imported using its resource id
, e.g.
This can be helpful when you want to import kubernetes clusters which you have already created manually or using other means, outside of terraform.
⚠️ Warning: **During a maintenance window, k8s can update your k8s_version
if the old one reaches end of life. This upgrade will not be shown in the plan, as we prevent terraform from doing a downgrade, as downgrading k8s_version
is not supported.
Creates and manages group objects.
Manages Groups and Group Privileges on IonosCloud.
name
- (Required) [string] A name for the group.
create_datacenter
- (Optional) [Boolean] The group will be allowed to create virtual data centers.
create_snapshot
- (Optional) [Boolean] The group will be allowed to create snapshots.
reserve_ip
- (Optional) [Boolean] The group will be allowed to reserve IP addresses.
access_activity_log
- (Optional) [Boolean] The group will be allowed to access the activity log.
create_pcc
- (Optional) [Boolean] The group will be allowed to create Cross Connects privilege.
s3_privilege
- (Optional) [Boolean] The group will have S3 privilege.
create_backup_unit
- (Optional) [Boolean] The group will be allowed to create backup unit privilege.
create_internet_access
- (Optional) [Boolean] The group will be allowed to create internet access privilege.
create_k8s_cluster
- (Optional) [Boolean] The group will be allowed to create kubernetes cluster privilege.
create_flow_log
- (Optional) [Boolean] The group will be allowed to create flow log.
access_and_manage_monitoring
- (Optional) [Boolean] The group will be allowed to access and manage monitoring.
access_and_manage_certificates
- (Optional) [Boolean] The group will be allowed to access and manage certificates.
manage_dbaas
- (Optional) [Boolean] Privilege for a group to manage DBaaS related functionality.
user_ids
- (Optional) [list] A list of users to add to the group.
user_id
- (Optional) [string] The ID of the specific user to add to the group. Please use user_ids argument since this is DEPRECATED
users
- (Computed) List of users - See the User section
NOTE: user_id/user_ids field cannot be used at the same time with group_ids field in user resource. Trying to add the same user to the same group in both ways in the same plan will result in a cyclic dependency error.
Resource Group can be imported using the resource id
, e.g.
Creates and manages ipfailover objects.
Manages IP Failover groups on IonosCloud.
datacenter_id
- (Required)[string] The ID of a Virtual Data Center.
ip
- (Required)[string] The reserved IP address to be used in the IP failover group.
lan_id
- (Required)[string] The ID of a LAN.
nicuuid
- (Required)[string] The ID of a NIC.
⚠ WARNING: Do not modify the IP for an IP failover group (that was provisioned via Terraform) using the DCD, the API or other means because it may lead to unexpected behavior. If you provisioned an IP failover group using Terraform, please use only Terraform in order to manage the created IP failover group.
⚠ WARNING: For creating multiple IP failover groups at the same time, you can use one of the following options:
Create multiple IP failover groups resources and use depends_on
meta-argument to specify the order of creation, for example:
Define the resources as presented above, but without using the depends_on
meta-argument and run the apply command using -parallelism=1
as presented below:
Resource IpFailover can be imported using the resource id
, e.g.
If you want to add a secondary NIC to an IP Failover, follow these steps:
Creating NIC A with failover IP on LAN 1
Create NIC B unde the same LAN but with a different IP
Create the IP Failover on LAN 1 with NIC A and failover IP of NIC A (A becomes now "master", no slaves)
Update NIC B IP to be the failover IP ( B becomes now a slave, A remains master)
After this you can create a new NIC C, NIC D and so on, in LAN 1, directly with the failover IP.
Creates and manages IonosCloud Kubernetes Node Pools.
Manages a Managed Kubernetes Node Pool, part of a managed Kubernetes cluster on IonosCloud.
Note: Set create_before_destroy
on the lan resource if you want to remove it from the nodepool during an update. This is to ensure that the nodepool is updated before the lan is destroyed.
The following arguments are supported:
name
- (Required)[string] The name of the Kubernetes Cluster. This attribute is immutable.
k8s_version
- (Optional)[string] The desired Kubernetes Version. For supported values, please check the API documentation. Downgrades are not supported. The provider will ignore downgrades of patch level.
auto_scaling
- (Optional)[string] Whether the Node Pool should autoscale. For more details, please check the API documentation
min_node_count
- (Optional)[int] The minimum number of worker nodes the node pool can scale down to. Should be less than max_node_count
max_node_count
- (Optional)[int] The maximum number of worker nodes that the node pool can scale to. Should be greater than min_node_count
lans
- (Optional)[list] A list of numeric LAN id's you want this node pool to be part of. For more details, please check the API documentation, as well as the example above
id
- (Required)[int] The LAN ID of an existing LAN at the related datacenter
dhcp
- (Optional)[boolean] Indicates if the Kubernetes Node Pool LAN will reserve an IP using DHCP. Default value is true
routes
- (Optional) An array of additional LANs attached to worker nodes
network
- (Required)[string] IPv4 or IPv6 CIDR to be routed via the interface
gateway_ip
- (Required)[string] IPv4 or IPv6 Gateway IP for the route
maintenance_window
- (Optional) See the maintenance_window section in the example above
time
- (Required)[string] A clock time in the day when maintenance is allowed
day_of_the_week
- (Required)[string] Day of the week when maintenance is allowed
datacenter_id
- (Required)[string] A Datacenter's UUID
k8s_cluster_id
- (Required)[string] A k8s cluster's UUID
cpu_family
- (Required)[string] The desired CPU Family - See the API documentation for more information. This attribute is immutable.
availability_zone
- (Required)[string] - The desired Compute availability zone - See the API documentation for more information. This attribute is immutable.
storage_type
-(Required)[string] - The desired storage type - SSD/HDD. This attribute is immutable.
node_count
-(Required)[int] - The desired number of nodes in the node pool
cores_count
-(Required)[int] - The CPU cores count for each node of the node pool. This attribute is immutable.
ram_size
-(Required)[int] - The desired amount of RAM, in MB. This attribute is immutable.
storage_size
-(Required)[int] - The size of the volume in GB. The size should be greater than 10GB. This attribute is immutable.
public_ips
- (Optional)[list] A list of public IPs associated with the node pool; must have at least node_count + 1
elements
labels
- (Optional)[map] A key/value map of labels
annotations
- (Optional)[map] A key/value map of annotations
allow_replace
- (Optional)[bool] When set to true, allows the update of immutable fields by first destroying and then re-creating the node pool.
⚠️ Warning: allow_replace
- lets you update immutable fields, but it first destroys and then re-creates the node pool in order to do it. Set the field to true only if you know what you are doing. This will cause a downtime for all pods on that nodepool. Consider adding multiple nodepools and update one after the other for downtime free nodepool upgrade.
Immutable fields list: name, cpu_family, availability_zone, cores_count, ram_size, storage_size, storage_type.
⚠️ Note:
Be careful when using auto_scaling
since the number of nodes can change. Because of that, when running terraform plan
, Terraform will think that an update is required (since node_count
from the tf
plan will be different from the number of nodes set by the scheduler). To avoid that, you can use:
A Kubernetes Node Pool resource can be imported using its Kubernetes cluster's uuid as well as its own UUID, both of which you can retrieve from the cloud API: resource id
, e.g.:
This can be helpful when you want to import kubernetes node pools which you have already created manually or using other means, outside of terraform, towards the goal of managing them via Terraform
⚠️ Warning: **During a maintenance window, k8s can update your k8s_version
if the old one reaches end of life. This upgrade will not be shown in the plan, as we prevent terraform from doing a downgrade, as downgrading k8s_version
is not supported.
⚠️ Warning: If you are upgrading from v5.x.x to v6.x.x: You have to modify you plan for lans to match the new structure, by putting the ids from the old slice in lans.id fields. This is not backwards compatible.
Creates and manages IonosCloud Kafka Cluster Topic objects.
Manages a Kafka Cluster Topic on IonosCloud.
This resource will create an operational Kafka Cluster Topic. After this section completes, the provisioner can be called.
id
- (Computed)[string] The UUID of the Kafka Cluster Topic.
name
- (Required)[string] Name of the Kafka Cluster.
location
- (Optional)[string] The location of the Kafka Cluster Topic. Possible values: de/fra
, de/txl
. If this is not set and if no value is provided for the IONOS_API_URL
env var, the default location
will be: de/fra
.
cluster_id
- (Required)[string] ID of the Kafka Cluster that the topic belongs to.
replication_factor
- (Optional)[int] The number of replicas of the topic. The replication factor determines how many copies of the topic are stored on different brokers. The replication factor must be less than or equal to the number of brokers in the Kafka Cluster. Minimum value: 1. Default value: 3.
number_of_partitions
- (Optional)[int] The number of partitions of the topic. Partitions allow for parallel processing of messages. The partition count must be greater than or equal to the replication factor. Minimum value: 1. Default value: 3.
retention_time
- (Optional)[int] This configuration controls the maximum time we will retain a log before we will discard old log segments to free up space. This represents an SLA on how soon consumers must read their data. If set to -1, no time limit is applied. Default value: 604800000.
segment_bytes
- (Optional)[int] This configuration controls the segment file size for the log. Retention and cleaning is always done a file at a time so a larger segment size means fewer files but less granular control over retention. Default value: 1073741824.
Kafka Cluster Topic can be imported using the location
, kafka cluster id
and the kafka cluster topic id
:
Creates and manages Load Balancers
Manages a Load Balancer on IonosCloud.
name
- (Required)[string] The name of the load balancer.
datacenter_id
- (Required)[string] The ID of a Virtual Data Center.
nic_ids
- (Required)[list] A list of NIC IDs that are part of the load balancer.
dhcp
- (Optional)[Boolean] Indicates if the load balancer will reserve an IP using DHCP.
ip
- (Optional)[string] IPv4 address of the load balancer.
Resource Load Balancer can be imported using the resource id
, e.g.
When declaring NIC resources to be used with the load balancer, please make sure you use the "lifecycle meta-argument" to make sure changes to the lan attribute of the nic are ignored.
Creates and manages IP Block objects.
Manages IP Blocks on IonosCloud. IP Blocks contain reserved public IP addresses that can be assigned servers or other resources.
name
- (Optional)[string] The name of Ip Block
location
- (Required)[string] The regional location for this IP Block: us/las, us/ewr, de/fra, de/fkb.
size
- (Required)[integer] The number of IP addresses to reserve for this block.
ips
- (Computed)[integer] The list of IP addresses associated with this block.
ip_consumers
(Computed) Read-Only attribute. Lists consumption detail of an individual ip
ip
mac
nic_uuid
server_id
server_name
datacenter_id
datacenter_name
k8s_nodepool_uuid
k8s_cluster_uuid
Resource Ipblock can be imported using the resource id
, e.g.
Creates and manages IonosCloud Kafka Cluster objects.
Manages a Kafka Cluster on IonosCloud.
This resource will create an operational Kafka Cluster. After this section completes, the provisioner can be called.
id
- (Computed)[string] The UUID of the Kafka Cluster.
name
- (Required)[string] Name of the Kafka Cluster.
location
- (Optional)[string] The location of the Kafka Cluster. Possible values: de/fra
, de/txl
. If this is not set and if no value is provided for the IONOS_API_URL
env var, the default location
will be: de/fra
.
version
- (Required)[string] Version of the Kafka Cluster. Possible values: 3.7.0
size
- (Required)[string] Size of the Kafka Cluster. Possible values: XS
, S
connections
- (Required) Connection information of the Kafka Cluster. Minimum items: 1, maximum items: 1.
datacenter_id
- (Required)[string] The datacenter to connect your instance to.
lan_id
- (Required)[string] The numeric LAN ID to connect your instance to.
broker_addresses
- (Required)[list] IP addresses and subnet of cluster brokers. Note the following unavailable IP range: 10.224.0.0/11
broker_addresses
- (Computed)[list] IP address and port of cluster brokers.
⚠ NOTE:
IONOS_API_URL_KAFKA
can be used to set a custom API URL for the kafka resource.location
field needs to be empty, otherwise it will override the custom API URL. Settingtoken
orIONOS_API_URL
does not have any effect.
Kafka Cluster can be imported using the location
and kafka cluster id
:
Creates and manages LAN objects.
Manages a LAN on IonosCloud.
datacenter_id
- (Required)[string] The ID of a Virtual Data Center.
name
- (Optional)[string] The name of the LAN.
public
- (Optional)[Boolean] Indicates if the LAN faces the public Internet (true) or not (false).
pcc
- (Optional)[String] The unique id of a ionoscloud_private_crossconnect
resource, in order. It needs to be ensured that IP addresses of the NICs of all LANs connected to a given Cross Connect is not duplicated and belongs to the same subnet range
ipv6_cidr_block
- (Computed, Optional) Contains the LAN's /64 IPv6 CIDR block if this LAN is IPv6 enabled. 'AUTO' will result in enabling this LAN for IPv6 and automatically assign a /64 IPv6 CIDR block to this LAN. If you specify your own IPv6 CIDR block then you must provide a unique /64 block, which is inside the IPv6 CIDR block of the virtual datacenter and unique inside all LANs from this virtual datacenter.
ip_failover
- (Computed) IP failover configurations for lan
ip
nic_uuid
Resource Lan can be imported using the resource id
, e.g.
Please note that only LANs datacenters found in the same physical location can be connected through a Cross-connect
A LAN cannot be a part of two Cross-connects
Creates and manages Firewall Rules.
Manages a set of Firewall Rules on IonosCloud.
datacenter_id
- (Required)[string] The Virtual Data Center ID.
server_id
- (Required)[string] The Server ID.
nic_id
- (Required)[string] The NIC ID.
protocol
- (Required)[string] The protocol for the rule: TCP, UDP, ICMP, ANY. Property cannot be modified after creation (disallowed in update requests).
name
- (Optional)[string] The name of the firewall rule.
source_mac
- (Optional)[string] Only traffic originating from the respective MAC address is allowed. Valid format: aa:bb:cc:dd:ee:ff. Value null allows all source MAC address. Valid format: aa:bb:cc:dd:ee:ff.
source_ip
- (Optional)[string] Only traffic originating from the respective IPv4 address is allowed. Value null allows all source IPs.
target_ip
- (Optional)[string] In case the target NIC has multiple IP addresses, only traffic directed to the respective IP address of the NIC is allowed. Value null allows all target IPs.
port_range_start
- (Optional)[int] Defines the start range of the allowed port (from 1 to 65534) if protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.
port_range_end
- (Optional)[int] Defines the end range of the allowed port (from 1 to 65534) if the protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.
icmp_type
- (Optional)[string] Defines the allowed code (from 0 to 254) if protocol ICMP is chosen. Value null allows all codes.
icmp_code
- (Optional)[int] Defines the allowed code (from 0 to 254) if protocol ICMP is chosen.
type
- (Optional)[string] The type of firewall rule. If is not specified, it will take the default value INGRESS.
Resource Firewall can be imported using the resource id
, e.g.
Creates and manages Network File Storage (NFS) Cluster objects
Create clusters of Network File Storage (NFS) on IonosCloud.
The following arguments are supported:
name
- (Required) The name of the Network File Storage cluster.
location
- (Optional) The location where the Network File Storage cluster is located. If this is not set and if no value is provided for the IONOS_API_URL
env var, the default location
will be: de/fra
.
de/fra
- Frankfurt
de/txl
- Berlin
size
- (Required) The size of the Network File Storage cluster in TiB. Note that the cluster size cannot be reduced after provisioning. This value determines the billing fees. Default is 2
. The minimum value is 2
and the maximum value is 42
.
nfs
- (Optional) The NFS configuration for the Network File Storage cluster. Each NFS configuration supports the following:
min_version
- (Optional) The minimum supported version of the NFS cluster. Supported values: 4.2
. Default is 4.2
.
connections
- (Required) A list of connections for the Network File Storage cluster. You can specify only one connection. Connections are immutable. Each connection supports the following:
datacenter_id
- (Required) The ID of the datacenter where the Network File Storage cluster is located.
ip_address
- (Required) The IP address and prefix of the Network File Storage cluster. The IP address can be either IPv4 or IPv6. The IP address has to be given with CIDR notation.
lan
- (Required) The Private LAN to which the Network File Storage cluster must be connected.
⚠ NOTE:
IONOS_API_URL_NFS
can be used to set a custom API URL for the resource.location
field needs to be empty, otherwise it will override the custom API URL. Settingtoken
orIONOS_API_URL
does not have any effect.
A Network File Storage Cluster resource can be imported using its location
and resource id
:
Creates and manages Network Load Balancer objects.
Manages a Network Load Balancer on IonosCloud.
This will configure flowlog for ALL(rejected and accepted) ingress traffic and will log it into an existing ionos bucket named flowlog-bucket
. Any s3 compatible client can be used to create it. Adding a flowlog does not force re-creation or the nic, but changing any other field than name
will. Deleting a flowlog will also force nic re-creation.
name
- (Required)[string] A name of that Network Load Balancer.
listener_lan
- (Required)[int] Id of the listening LAN. (inbound)
ips
- (Optional)[list] Collection of IP addresses of the Network Load Balancer. (inbound and outbound) IP of the listenerLan must be a customer reserved IP for the public load balancer and private IP for the private load balancer.
target_lan
- (Required)[int] Id of the balanced private target LAN. (outbound)
lb_private_ips
- (Optional)[list] Collection of private IP addresses with subnet mask of the Network Load Balancer. IPs must contain valid subnet mask. If user will not provide any IP then the system will generate one IP with /24 subnet.
central_logging
- (Optional)[bool] Turn logging on and off for this product. Default value is 'false'.
logging_lormat
- (Optional)[string] Specifies the format of the logs.
datacenter_id
- (Required)[string] A Datacenter's UUID.
flowlog
- (Optional)[list] Only 1 flow log can be configured. Only the name field can change as part of an update. Flow logs holistically capture network information such as source and destination IP addresses, source and destination ports, number of packets, amount of bytes, the start and end time of the recording, and the type of protocol – and log the extent to which your instances are being accessed.
action
- (Required)[string] Specifies the action to be taken when the rule is matched. Possible values: ACCEPTED, REJECTED, ALL. Immutable, forces re-creation.
bucket
- (Required)[string] Specifies the IONOS Object Storage bucket where the flow log data will be stored. The bucket must exist. Immutable, forces re-creation.
direction
- (Required)[string] Specifies the traffic direction pattern. Valid values: INGRESS, EGRESS, BIDIRECTIONAL. Immutable, forces re-creation.
name
- (Required)[string] Specifies the name of the flow log.
⚠️ Note:: Removing the flowlog
forces re-creation of the network load balancer resource.
A Network Load Balancer resource can be imported using its resource id
and the datacenter id
e.g.
Creates and manages Logging pipeline objects.
Manages a Logging pipeline.
⚠️ Only tokens are accepted for authorization in the logging_pipeline resource. Please ensure you are using tokens as other methods will not be valid.
For re-usability, an array of logs can be defined in a tfvars file or inside the terraform plan, and used as presented below:
The content inside vars.tfvars file:
The content inside the tf plan:
The configuration can then be applied using the following commands:
location
- (Optional)[string] The location of the Logging pipeline. Default: de/txl
One of de/fra
, de/txl
, gb/lhr
, es/vit
, fr/par
. If this is not set and if no value is provided for the IONOS_API_URL
env var, the default location
will be: de/fra
.
name
- (Required)[string] The name of the Logging pipeline.
grafana_address
- (Computed)[string] The address of the client's grafana instance.
log
- (Required)[list] Pipeline logs, a list that contains elements with the following structure:
source
- (Required)[string] The source parser to be used.
tag
- (Required)[string] The tag is used to distinguish different pipelines. Must be unique amongst the pipeline's array items.
protocol
- (Required)[string] "Protocol to use as intake. Possible values are: http, tcp."
public
- (Computed)[bool]
destinations
- (Optional)[list] The configuration of the logs datastore, a list that contains elements with the following structure:
type
- (Optional)[string] The internal output stream to send logs to.
retention_in_days
- (Optional)[int] Defines the number of days a log record should be kept in loki. Works with loki destination type only. Can be one of: 7, 14, 30.
In order to import a Logging pipeline, you can define an empty Logging pipeline resource in the plan:
The resource can be imported using the location
and pipeline_id
, for example:
Creates and manages Network Load Balancer Forwarding Rule objects.
Manages a Network Load Balancer Forwarding Rule on IonosCloud.
name
- (Required)[string] A name of that Network Load Balancer forwarding rule.
algorithm
- (Required)[string] Algorithm for the balancing.
protocol
- (Required)[string] Protocol of the balancing.
listener_ip
- (Required)[string] Listening IP. (inbound)
listener_port
- (Required)[int] Listening port number. (inbound) (range: 1 to 65535)
health_check
- (Optional) Health check attributes for Network Load Balancer forwarding rule.
client_timeout
- (Optional)[int] ClientTimeout is expressed in milliseconds. This inactivity timeout applies when the client is expected to acknowledge or send data. If unset the default of 50 seconds will be used.
connect_timeout
- (Optional)[int] It specifies the maximum time (in milliseconds) to wait for a connection attempt to a target VM to succeed. If unset, the default of 5 seconds will be used.
target_timeout
- (Optional)[int] TargetTimeout specifies the maximum inactivity time (in milliseconds) on the target VM side. If unset, the default of 50 seconds will be used.
retries
- (Optional)[int] Retries specifies the number of retries to perform on a target VM after a connection failure. If unset, the default value of 3 will be used.
targets
- (Required)[Set] Array of items in that collection.
ip
- (Required)[string] IP of a balanced target VM.
port
- (Required)[int] Port of the balanced target service. (range: 1 to 65535).
weight
- (Required)[int] Weight parameter is used to adjust the target VM's weight relative to other target VMs.
proxy_protocol
- (Optional)[string] The proxy protocol version. Accepted values are none
, v1
, v2
, v2ssl
. If unspecified, the default value of none
is used.
health_check
- (Optional) Health check attributes for Network Load Balancer forwarding rule target.
check
- (Optional)[boolean] Check specifies whether the target VM's health is checked.
check_interval
- (Optional)[int] CheckInterval determines the duration (in milliseconds) between consecutive health checks. If unspecified a default of 2000 ms is used.
maintenance
- (Optional)[boolean] Maintenance specifies if a target VM should be marked as down, even if it is not.
datacenter_id
- (Required)[string] A Datacenter's UUID.
natgateway_id
- (Required)[string] Network Load Balancer's UUID.
A Network Load Balancer Forwarding Rule resource can be imported using its resource id
, the datacenter id
and the networkloadbalancer id
e.g.
Creates and manages Nat Gateway objects.
Manages a Nat Gateway on IonosCloud.
name
- (Required)[string] Name of the NAT gateway.
public_ips
- (Required)[list]Collection of public IP addresses of the NAT gateway. Should be customer reserved IP addresses in that location.
lans
- (Required)[list] A list of Local Area Networks the node pool should be part of.
id
- (Required)[int] Id for the LAN connected to the NAT gateway.
gateway_ips
- (Optional)[list] Collection of gateway IP addresses of the NAT gateway. Will be auto-generated if not provided. Should ideally be an IP belonging to the same subnet as the LAN.
datacenter_id
- (Required)[string] A Datacenter's UUID.
A Nat Gateway resource can be imported using its resource id
and the datacenter id
, e.g.
Creates and manages Nat Gateway Rule objects.
Manages a Nat Gateway Rule on IonosCloud.
name
- (Required)[string] Name of the NAT gateway rule.
type
- (Optional)[string] Type of the NAT gateway rule.
protocol
- (Optional)[string] Protocol of the NAT gateway rule. Defaults to ALL. If protocol is 'ICMP' then targetPortRange start and end cannot be set.
source_subnet
- (Required)[string] Source subnet of the NAT gateway rule. For SNAT rules it specifies which packets this translation rule applies to based on the packets source IP address.
public_ip
- (Required)[string] Public IP address of the NAT gateway rule. Specifies the address used for masking outgoing packets source address field. Should be one of the customer reserved IP address already configured on the NAT gateway resource.
target_subnet
- (Optional)[string] Target or destination subnet of the NAT gateway rule. For SNAT rules it specifies which packets this translation rule applies to based on the packets destination IP address. If none is provided, rule will match any address.
target_port_range
- (Optional) Target port range of the NAT gateway rule. For SNAT rules it specifies which packets this translation rule applies to based on destination port. If none is provided, rule will match any port.
start
- (Optional)[int] Target port range start associated with the NAT gateway rule.
end
- (Optional)[int] Target port range end associated with the NAT gateway rule.
datacenter_id
- (Required)[string] A Datacenter's UUID.
natgateway_id
- (Required)[string] Nat Gateway's UUID.
A Nat Gateway Rule resource can be imported using its resource id
, the datacenter id
and the `natgateway id , e.g.
Creates and manages IonosCloud Object Storage Accesskeys.
Manages an Object Storage Accesskey on IonosCloud.
The following arguments are supported:
description
- (Optional)[string] Description of the Access key.
id
- (Computed) The ID (UUID) of the AccessKey.
accesskey
- (Computed) Access key metadata is a string of 92 characters.
secretkey
- (Computed) The secret key of the Access key.
canonical_user_id
- (Computed) The canonical user ID which is valid for user-owned buckets.
contract_user_id
- (Computed) The contract user ID which is valid for contract-owned buckets
timeouts
- (Optional) Timeouts for this resource.
create
- (Optional)[string] Time to wait for the bucket to be created. Default is 10m
.
delete
- (Optional)[string] Time to wait for the bucket to be deleted. Default is 10m
.
An object storage accesskey resource can be imported using its resource id
, e.g.
This can be helpful when you want to import Object Storage Accesskeys which you have already created manually or using other means, outside of terraform.
Creates and manages IonosCloud Network Security Group Firewall Rule.
Manages a Network Security Group Rule on IonosCloud.
The following arguments are supported:
nsg_id
- (Required)[string] The ID of a Network Security Group.
datacenter_id
- (Required)[string] The ID of a Virtual Data Center.
name
- (Optional)[string] The name of the Network Security Group.
protocol
- (Required)[string] The protocol for the rule: TCP, UDP, ICMP, ANY. Property cannot be modified after creation (disallowed in update requests).
name
- (Optional)[string] The name of the firewall rule.
source_mac
- (Optional)[string] Only traffic originating from the respective MAC address is allowed. Valid format: aa:bb:cc:dd:ee:ff. Value null allows all source MAC address. Valid format: aa:bb:cc:dd:ee:ff.
source_ip
- (Optional)(computed)[string] Only traffic originating from the respective IPv4 address is allowed. Value null allows all source IPs.
target_ip
- (Optional)(Computed)[string] In case the target NIC has multiple IP addresses, only traffic directed to the respective IP address of the NIC is allowed. Value null allows all target IPs.
port_range_start
- (Optional)[int] Defines the start range of the allowed port (from 1 to 65534) if protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.
port_range_end
- (Optional)[int] Defines the end range of the allowed port (from 1 to 65534) if the protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.
icmp_type
- (Optional)[string] Defines the allowed code (from 0 to 254) if protocol ICMP is chosen. Value null allows all codes.
icmp_code
- (Optional)[int] Defines the allowed code (from 0 to 254) if protocol ICMP is chosen.
type
- (Optional)(Computed)[string] The type of firewall rule. If is not specified, it will take the default value INGRESS.
Resource Server can be imported using the resource id
, nsg id
and datacenter id
, e.g.
Or by using an import
block.
Creates and manages IonosCloud Network Security Group.
Manages a Network Security Group on IonosCloud.
The following arguments are supported:
datacenter_id
- (Required)[string] The ID of a Virtual Data Center.
name
- (Optional)[string] The name of the Network Security Group.
description
- (Optional)[string] Description for the Network Security Group.
rule_ids
- (Computed) List of Firewall Rules that are part of the Network Security Group
Resource Server can be imported using the resource id
and the datacenter id
, e.g.
Or by using an import
block. Here is an example that allows you to import the default created nsg into terraform.
Creates and manages Cross Connections between virtual datacenters.
Manages a Cross Connect on IonosCloud. Cross Connect allows you to connect virtual data centers (VDC) with each other using a private LAN. The VDCs to be connected need to belong to the same IONOS Cloud contract and location. You can only use private LANs for a Cross Connect connection. A LAN can only be a part of one Cross Connect.
The IP addresses of the NICs used for the Cross Connect connection may not be used in more than one NIC and they need to belong to the same IP range.
To connect two datacenters we need 2 lans defined, one in each datacenter. After, we reference the cross-connect through which we want the connection to be established.
The following arguments are supported:
name
- (Required)[string] The name of the cross-connection.
description
- (Optional)[string] A short description for the cross-connection.
connectable datacenters
- (Computed) A list containing all the connectable datacenters
id
- The UUID of the connectable datacenter
name
- The name of the connectable datacenter
location
- The physical location of the connectable datacenter
peers
- (Computed) Lists LAN's joined to this cross connect
lan_id
- The id of the cross-connected LAN
lan_name
- The name of the cross-connected LAN
datacenter_id
- The id of the cross-connected datacenter
datacenter_name
- The name of the cross-connected datacenter
location
- The location of the cross-connected datacenter
A Cross Connect resource can be imported using its resource id
, e.g.
This can be helpful when you want to import cross-connects which you have already created manually or using other means, outside of terraform.
Creates and manages IONOS Object Storage Buckets.
Manages IONOS Object Storage Buckets on IonosCloud.
The following arguments are supported:
name
- (Required)[string] The bucket name. [ 3 .. 63 ] characters
region
- (Optional)[string] Specifies the Region where the bucket will be created. Please refer to the list of available regions
object_lock_enabled
- (Optional)[bool] The object lock configuration status of the bucket. Must be true
or false
.
tags
- (Optional) A mapping of tags to assign to the bucket.
timeouts
- (Optional) Timeouts for this resource.
create
- (Optional)[string] Time to wait for the bucket to be created. Default is 10m
.
delete
- (Optional)[string] Time to wait for the bucket to be deleted. Default is 10m
.
force_destroy
- (Optional)[bool] Default is false
.By setting force_destroy to true, you instruct Terraform to delete the bucket and all its contents during the terraform destroy process. This is particularly useful when dealing with buckets that contain objects, as it allows for automatic cleanup without requiring the manual deletion of objects beforehand. If force_destroy is not set or is set to false, Terraform will refuse to delete a bucket that still contains objects. You must manually empty the bucket before Terraform can remove it.There is a significant risk of accidental data loss when using this attribute, as it irreversibly deletes all contents of the bucket. It's crucial to ensure that the bucket does not contain critical data before using force_destroy.
id
- (Computed) Name of the bucket
Resource Bucket can be imported using the bucket name
Creates and manages Network Interface objects.
Manages a NIC on IonosCloud.
This will configure flowlog for accepted ingress traffic and will log it into an existing IONOS Object Storage bucket named flowlog-bucket
. Any s3 compatible client can be used to create it. Adding a flowlog does not force re-creation of the NIC, but changing any other field than name
will. Deleting a flowlog will also force NIC re-creation.
datacenter_id
- (Required)[string] The ID of a Virtual Data Center.
server_id
- (Required)[string] The ID of a server.
lan
- (Required)[integer] The LAN ID the NIC will sit on.
name
- (Optional)[string] The name of the LAN.
dhcp
- (Optional)[Boolean] Indicates if the NIC should get an IP address using DHCP (true) or not (false).
dhcpv6
- (Optional)[Boolean] Indicates if the NIC should get an IPv6 address using DHCP (true) or not (false).
ipv6_cidr_block
- (Computed, Optional) Automatically assigned /80 IPv6 CIDR block if the NIC is connected to an IPv6 enabled LAN. You can also specify an /80 IPv6 CIDR block for the NIC on your own, which must be inside the /64 IPv6 CIDR block of the LAN and unique.
ips
- (Optional)[list] Collection of IP addresses assigned to a NIC. Explicitly assigned public IPs need to come from reserved IP blocks, Passing value null or empty array will assign an IP address automatically.
ipv6_ips
- (Optional)[list] Collection of IPv6 addresses assigned to a NIC. Explicitly assigned public IPs need to come from the NIC's Ipv6 CIDR block, Passing value null or empty array will assign an IPv6 address automatically from the NIC's CIDR block.
firewall_active
- (Optional)[Boolean] If this resource is set to true and is nested under a server resource firewall, with open SSH port, resource must be nested under the NIC.
firewall_type
- (Optional) [String] The type of firewall rules that will be allowed on the NIC. If it is not specified it will take the default value INGRESS
id
- (Computed) The ID of the NIC.
mac
- (Optional) The MAC address of the NIC. Can be set on creation only. If not set, one will be assigned automatically by the API. Immutable, update forces re-creation.
device_number
- (Computed) The Logical Unit Number (LUN) of the storage volume. Null if this NIC was created from CloudAPI and no DCD changes were done on the Datacenter.
pci_slot
- (Computed) The PCI slot number of the Nic.
flowlog
- (Optional) Only 1 flow log can be configured. Only the name field can change as part of an update. Flow logs holistically capture network information such as source and destination IP addresses, source and destination ports, number of packets, amount of bytes, the start and end time of the recording, and the type of protocol – and log the extent to which your instances are being accessed.
action
- (Required) Specifies the action to be taken when the rule is matched. Possible values: ACCEPTED, REJECTED, ALL. Immutable, update forces re-creation.
bucket
- (Required) Specifies the IONOS Object Storage bucket where the flow log data will be stored. The bucket must exist. Immutable, update forces re-creation.
direction
- (Required) Specifies the traffic direction pattern. Valid values: INGRESS, EGRESS, BIDIRECTIONAL. Immutable, update forces re-creation.
name
- (Required) Specifies the name of the flow log.
security_groups_ids
- (Optional) The list of Security Group IDs for the resource.
⚠️ Note:: Removing the flowlog
forces re-creation of the NIC resource.
Resource Nic can be imported using the resource id
, e.g.
Please be aware that when using a NIC in a load balancer, the load balancer will change the NIC's ID behind the scenes, therefore the plan will always report this change trying to revert the state to the one specified by your terraform file. In order to prevent this, use the "lifecycle meta-argument" when declaring your NIC, in order to ignore changes to the lan
attribute:
Here's an example:
Creates and manages IonosCloud IONOS Object Storage Buckets policies.
Manages Buckets policies on IonosCloud.
The following arguments are supported:
bucket
- (Required)[string] The name of the bucket where the object will be stored.
policy
- (Required)[string] The policy document. This is a JSON formatted string.
Resource Policy can be imported using the bucket name
Manages Buckets object_lock_configuration on IonosCloud.
Manages Object Lock Configuration for Buckets on IonosCloud.
The following arguments are supported:
bucket
- (Required)[string] The name of the bucket where the object will be stored.
object_lock_enabled
- (Required)[Optional] The object lock configuration status of the bucket. Must be Enabled
.
rule
- (Optional)[block] A block of rule as defined below.
default_retention
- (Required)[block] A block of default_retention as defined below.
mode
- (Optional)[string] The default retention mode of the bucket. Can be GOVERNANCE
or COMPLIANCE
.
days
- (Optional)[int] The default retention period of the bucket in days.
years
- (Optional)[int] The default retention period of the bucket in years.
Days and years are mutually exclusive. You can only specify one of them.
IONOS Object Storage Bucket object lock configuration can be imported using the bucket
name.
Manages Buckets lifecycle configuration on IonosCloud.
Manages Lifecycle Configuration for Buckets on IonosCloud.
The following arguments are supported:
bucket
- (Required)[string] The name of the bucket where the object will be stored.
lifecycle_rule
- (Required)[block] A block of lifecycle_rule as defined below.
id
- (Optional)[int] Container for the Contract Number of the owner
prefix
- (Required)[string] Prefix identifying one or more objects to which the rule applies.
status
- (Required)[string] The lifecycle rule status. Valid values are Enabled
or Disabled
.
expiration
- (Optional)[block] A lifecycle rule for when an object expires.
days
- (Optional)[int] Specifies the number of days after object creation when the object expires. Required if 'date' is not specified.
date
- (Optional)[string] Specifies the date after which you want the specific rule action to take effect.
expired_object_delete_marker
- (Optional)[bool] Indicates whether IONOS Object Storage will remove a delete marker with no noncurrent versions. If set to true, the delete marker will be expired; if set to false the policy takes no operation. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.
noncurrent_version_expiration
- (Optional)[block] A lifecycle rule for when non-current object versions expire.
noncurrent_days
- (Optional)[int] Specifies the number of days an object is noncurrent before the associated action can be performed.
abort_incomplete_multipart_upload
- (Optional)[block] Specifies the days since the initiation of an incomplete multipart upload that IONOS Object Storage will wait before permanently removing all parts of the upload.
days_after_initiation
- (Optional)[int] Specifies the number of days after which IONOS Object Storage aborts an incomplete multipart upload.
IONOS Object Storage Bucket lifecycle configuration can be imported using the bucket
name.
If you are upgrading to v6.2.0: You have to modify you plan for user_ids to match the new structure, by renaming the field old field, user_id, to user_ids and put the old value into an array. This is not backwards compatible.
Please check for a full example with the above steps.
This will also ignore the manual changes for node_count
made in the tf
plan. You can read more details about the ignore_changes
attribute .
Please see the resource's documentation for an example on how to do that.
⚠️ Note: The name must be unique across all IONOS accounts in all IONOS Object Storage regions. The name should adhere to the following .
Manages Buckets server side encryption configuration on IonosCloud.
Manages Server Side Encryption Configuration for Buckets on IonosCloud.
The following arguments are supported:
bucket
- (Required)[string] The name of the bucket where the object will be stored.
rule
- (Required)[block] A block of rule as defined below.
apply_server_side_encryption_by_default
- (Required)[block] Defines the default encryption settings.
sse_algorithm
- (Required)[string] Server-side encryption algorithm to use. Valid values are 'AES256'
IONOS Object Storage Bucket server side encryption configuration can be imported using the bucket
name.
Manages Buckets versioning on IonosCloud.
Manages Buckets versioning on IonosCloud.
The following arguments are supported:
bucket
- (Required)[string] The name of the bucket where the object will be stored.
versioning_configuration
- (Required)[block] A block of versioning_configuration as defined below.
status
- (Required)[string] The versioning state of the bucket. Can be Enabled
or Suspended
.
mfa_delete
- (Optional)[string] Specifies whether MFA delete is enabled or not. Can be Enabled
or Disabled
.
IONOS Object Storage Bucket Versioning can be imported using the bucket
name.
Manages Buckets website configuration on IonosCloud.
Manages Website Configuration for Buckets on IonosCloud.
The following arguments are supported:
bucket
- (Required)[string] The name of the bucket where the object will be stored.
index_document
- (Optional) Container for the Suffix element.
suffix
- (Required) A suffix that is appended to a request that is for a directory on the website endpoint (for example, if the suffix is index.html and you make a request to samplebucket/images/ the data that is returned will be for the object with the key name images/index.html) The suffix must not be empty and must not include a slash character. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests.
error_document
- (Optional) The object key name to use when a 4XX class error occurs. Replacement must be made for object keys containing special characters (such as carriage returns) when using XML requests
key
- (Required) The object key
redirect_all_requests_to
- (Optional) Container for redirect information. You can redirect requests to another host, to another page, or with another protocol. In the event of an error, you can can specify a different error code to return.
host_name
- (Optional) Name of the host where requests will be redirected.
protocol
- (Optional) Protocol to use (http, https).
routing_rule
- (Optional) A container for describing a condition that must be met for the specified redirect to apply.
condition
- (Required) A container for describing a condition that must be met for the specified redirect to apply.
http_error_code_returned_equals
- (Optional) The HTTP error code when the redirect is applied. In the event of an error, if the error code equals this value, then the specified redirect is applied.
key_prefix_equals
- (Optional) The object key name prefix when the redirect is applied. For example, to redirect requests for ExamplePage.html, the key prefix will be ExamplePage.html. To redirect request for all pages with the prefix example, the key prefix will be /example.
redirect
- (Required) Container for the redirect information.
host_name
- (Optional) The host name to use in the redirect request.
http_redirect_code
- (Optional) The HTTP redirect code to use on the response. Not required if one of the siblings is present.
protocol
- (Optional) Protocol to use (http, https).
replace_key_prefix_with
- (Optional) The object key to be used in the redirect request. For example, redirect request to error.html, the replace key prefix will be /error.html. Not required if one of the siblings is present.
replace_key_with
- (Optional) The specific object key to use in the redirect request. For example, redirect request for error.html, the replace key will be /error.html. Not required if one of the siblings is present.
http_redirect_code
- (Optional) The HTTP redirect code to use on the response. Not required if one of the siblings is present.
IONOS Object Storage Bucket website configuration can be imported using the bucket
name.
Manages Buckets cors_configuration on IonosCloud.
Manages Object Lock Configuration for Buckets on IonosCloud.
The following arguments are supported:
bucket
- (Required)[string] The name of the bucket where the object will be stored.
cors_rule
- (Required)[block] A block of cors_rule as defined below.
allowed_headers
- (Optional)[list] Specifies which headers are allowed in a preflight OPTIONS request through the Access-Control-Request-Headers header
allowed_methods
- (Required)[list] An HTTP method that you allow the origin to execute. Valid values are GET, PUT, HEAD, POST, DELETE.
allowed_origins
- (Required)[list] Specifies which origins are allowed to make requests to the resource.
expose_headers
- (Optional)[list] Specifies which headers are exposed to the browser.
max_age_seconds
- (Optional)[int] Specifies how long the results of a pre-flight request can be cached in seconds.
id
- (Optional)[int] Container for the Contract Number of the owner
Days and years are mutually exclusive. You can only specify one of them.
IONOS Object Storage Bucket cors configuration can be imported using the bucket
name.
Creates and manages IonosCloud IONOS Object Storage Public Access Block for buckets.
Manages public acccess for Buckets on IonosCloud.
The following arguments are supported:
bucket
- (Required)[string] The name of the bucket where the object will be stored.
ignore_public_acls
- (Optional)[bool] Instructs the system to ignore any ACLs that grant public access. Even if ACLs are set to allow public access, they will be disregarded.
restrict_public_buckets
- (Optional)[bool] Restricts access to buckets that have public policies. Buckets with policies that grant public access will have their access restricted.
block_public_policy
- (Optional)[bool] Blocks public access to the bucket via bucket policies. Bucket policies that grant public access will not be allowed.
block_public_acls
- (Optional)[bool] Indicates that access to the bucket via Access Control Lists (ACLs) that grant public access is blocked. In other words, ACLs that allow public access are not permitted.
Resource Bucket access block can be imported using the bucket name
Creates a copy of an object that is already stored in IONOS Object Storage.
Creates a copy of an object that is already stored in IONOS Object Storage.
The following arguments are supported:
bucket
- (Required)[string] The name of the bucket where the object will be stored. Must be between 3 and 63 characters.
key
- (Required)[string] The key of the object. Must be at least 1 character long.
source
- (Optional)[string] The source of the object to be copied
copy_source_if_match
- (Optional)[string] Copies the object if its entity tag (ETag) matches the specified tag.
copy_source_if_none_match
- (Optional)[string] Copies the object if its entity tag (ETag) is different than the specified ETag.
copy_source_if_modified_since
- (Optional)[string] Copies the object if it has been modified since the specified time.
copy_source_if_unmodified_since
- (Optional)[string] Copies the object if it hasn't been modified since the specified time.
cache_control
- (Optional)[string] Specifies caching behavior along the request/reply chain.
content_disposition
- (Optional)[string] Specifies presentational information for the object.
content_encoding
- (Optional)[string] Specifies what content encodings have been applied to the object.
content_language
- (Optional)[string] The natural language or languages of the intended audience for the object.
content_type
- (Optional)[string] A standard MIME type describing the format of the contents.
expires
- (Optional)[string] The date and time at which the object is no longer cacheable.
server_side_encryption
- (Optional)[string] The server-side encryption algorithm used when storing this object in IONOS Object Storage. Valid value is AES256.
storage_class
- (Optional)[string] The storage class of the object. Valid value is STANDARD. Default is STANDARD.
website_redirect
- (Optional)[string] Redirects requests for this object to another object in the same bucket or to an external URL.
server_side_encryption_customer_algorithm
- (Optional)[string] Specifies the algorithm to use for encrypting the object. Valid value is AES256.
server_side_encryption_customer_key
- (Optional)[string] Specifies the 256-bit, base64-encoded encryption key to use to encrypt and decrypt your data.
server_side_encryption_customer_key_md5
- (Optional)[string] Specifies the 128-bit MD5 digest of the encryption key.
server_side_encryption_context
- (Optional)[string] Specifies the IONOS Object Storage Encryption Context for object encryption.
source_customer_algorithm
- (Optional)[string] Specifies the algorithm used for source object encryption. Valid value is AES256.
source_customer_key
- (Optional)[string] Specifies the 256-bit, base64-encoded encryption key for source object encryption.
source_customer_key_md5
- (Optional)[string] Specifies the 128-bit MD5 digest of the encryption key for source object encryption.
object_lock_mode
- (Optional)[string] The object lock mode that you want to apply to the object. Valid values are GOVERNANCE
and COMPLIANCE
.
object_lock_retain_until_date
- (Optional)[string] The date and time when the object lock retention expires.Must be in RFC3999 format
object_lock_legal_hold
- (Optional)[string] Indicates whether a legal hold is in effect for the object. Valid values are ON
and OFF
.
etag
- (Computed)[string] An entity tag (ETag) is an opaque identifier assigned by a web server to a specific version of a resource found at a URL.
last_modified
- (Computed)[string] The date and time at which the object was last modified.
metadata_directive
- (Optional)[string] Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request. Valid values are COPY
and REPLACE
.
metadata
- (Optional)[map] A map of metadata to store with the object in IONOS Object Storage. Metadata keys must be lowercase alphanumeric characters.
tagging_directive
- (Optional)[string] Specifies whether the object tag-set is copied from the source object or replaced with tag-set provided in the request. Valid values are COPY
and REPLACE
.
tags
- (Optional)[map] The tag-set for the object.
version_id
- (Computed)[string] The version of the object.
force_destroy
- (Optional)[bool] If true, the object will be destroyed if versioning is enabled then all versions will be destroyed. Default is false
.
Creates and manages IonosCloud Server objects.
Manages a Server on IonosCloud.
This resource will create an operational server. After this section completes, the provisioner can be called.
template_uuid
- (Optional)[string] The UUID of the template for creating a CUBE server; the available templates for CUBE servers can be found on the templates resource
name
- (Required)[string] The name of the server.
datacenter_id
- (Required)[string] The ID of a Virtual Data Center.
hostname
- (Optional)(Computed)[string] The hostname of the resource. Allowed characters are a-z, 0-9 and - (minus). Hostname should not start with minus and should not be longer than 63 characters. If no value provided explicitly, it will be populated with the name of the server
cores
- (Optional)(Computed)[integer] Number of server CPU cores.
ram
- (Optional)(Computed)[integer] The amount of memory for the server in MB.
image_name
- (Optional)[string] The name, ID or alias of the image. May also be a snapshot ID. It is required if licence_type
is not provided. Attribute is immutable.
availability_zone
- (Optional)[string] The availability zone in which the server should exist. E.g: AUTO
, ZONE_1
, ZONE_2
. This property is immutable.
licence_type
- (Optional)[string] Sets the OS type of the server.
cpu_family
- (Optional)[string] CPU architecture on which server gets provisioned; not all CPU architectures are available in all datacenter regions; available CPU architectures can be retrieved from the datacenter resource. E.g.: "INTEL_SKYLAKE" or "INTEL_XEON".
vm_state
- (Optional)[string] Sets the power state of the server. E.g: RUNNING
, SHUTOFF
or SUSPENDED
. SUSPENDED state is only valid for cube. SHUTOFF state is only valid for enterprise.
volume
- (Required) See the Volume section.
nic
- (Optional) See the Nic section.
firewall
- (Optional) Allows to define firewall rules inline in the server. See the Firewall section.
boot_volume
- (Computed) The associated boot volume.
boot_cdrom
- DEPRECATED Please refer to ionoscloud_server_boot_device_selection (Optional)(Computed)[string] The associated boot drive, if any. Must be the UUID of a bootable CDROM image that can be retrieved using the ionoscloud_image data source.
boot_image
- (Optional)[string] The image or snapshot UUID / name. May also be an image alias. It is required if licence_type
is not provided.
primary_nic
- (Computed) The associated NIC.
primary_ip
- (Computed) The associated IP address.
firewallrule_id
- (Computed) The associated firewall rule.
firewallrule_ids
- (Computed) The associated firewall rules.
ssh_key_path
- (Optional)[list] List of absolute paths to files containing a public SSH key that will be injected into IonosCloud provided Linux images. Also accepts ssh keys directly. Required for IonosCloud Linux images. Required if image_password
is not provided. Does not support ~
expansion to homedir in the given path. This property is immutable.
ssh_keys
- (Optional)[list] Immutable List of absolute or relative paths to files containing public SSH key that will be injected into IonosCloud provided Linux images. Also accepts ssh keys directly. Public SSH keys are set on the image as authorized keys for appropriate SSH login to the instance using the corresponding private key. This field may only be set in creation requests. When reading, it always returns null. SSH keys are only supported if a public Linux image is used for the volume creation. Does not support ~
expansion to homedir in the given path.
image_password
- (Optional)[string] Required if ssh_key_path
is not provided.
type
- (Optional)(Computed)[string] Server usages: ENTERPRISE or CUBE. This property is immutable.
label
- (Optional)[set] A label can be seen as an object with only two required fields: key
and value
, both of the string
type. Please check the example presented above to see how a label
can be used in the plan. A server can have multiple labels.
key
- (Required)[string] The key of the label.
value
- (Required)[string] The value of the label.
inline_volume_ids
- (Computed) A list with the IDs for the volumes that are defined inside the server resource.
security_groups_ids
- (Optional) The list of Security Group IDs for the
allow_replace
- (Optional)[bool] When set to true, allows the update of immutable fields by first destroying and then re-creating the server.
⚠️ Warning: allow_replace
- lets you update immutable fields, but it first destroys and then re-creates the server in order to do it. This field should be used with care, understanding the risks.
⚠ WARNING
Image_name under volume level is deprecated, please use image_name under server level ssh_key_path and ssh_keys fields are immutable.
⚠ WARNING
If you want to create a CUBE server, you have to provide the
template_uuid
. In this case you can not setcores
,ram
andvolume.size
arguments, these being mutually exclusive withtemplate_uuid
.In all the other cases (ENTERPRISE servers) you have to provide values for
cores
,ram
andvolume size
.
Resource Server can be imported using the resource id
and the datacenter id
, e.g.. Passing only resource id and datacenter id means that the first nic found linked to the server will be attached to it.
Optionally, you can pass primary_nic
and firewallrule_id
so terraform will know to import also the first nic and firewall rule (if it exists on the server):
Please note that for any secondary volume, you need to set the licence_type property to UNKNOWN
⚠️ Note: Important for deleting an firewall
rule from within a list of inline resources defined on the same nic. There is one limitation to removing one firewall rule from the middle of the list of firewall
rules. Terraform will actually modify the existing rules and delete the last one. More details here. There is a workaround described in the issue that involves moving the resources in the list prior to deletion. terraform state mv <resource-name>.<resource-id>[<i>] <resource-name>.<resource-id>[<j>]
Creates and manages Network File Storage (NFS) Share objects on IonosCloud.
Creates and manages Network File Storage (NFS) Share objects on IonosCloud.
The following arguments are supported:
location
- (Optional) The location of the Network File Storage Cluster. If this is not set and if no value is provided for the IONOS_API_URL
env var, the default location
will be: de/fra
.
cluster_id
- (Required) The ID of the Network File Storage Cluster.
name
- (Required) The directory being exported.
quota
- (Optional) The quota in MiB for the export. The quota can restrict the amount of data that can be stored within the export. The quota can be disabled using 0
. Default is 0
.
gid
- (Optional) The group ID that will own the exported directory. If not set, anonymous (512
) will be used.
uid
- (Optional) The user ID that will own the exported directory. If not set, anonymous (512
) will be used.
client_groups
- (Required) The groups of clients are the systems connecting to the Network File Storage cluster. Each group includes:
description
- (Optional) Optional description for the clients groups.
ip_networks
- (Required) The allowed host or network to which the export is being shared. The IP address can be either IPv4 or IPv6 and has to be given with CIDR notation.
hosts
- (Required) A singular host allowed to connect to the share. The host can be specified as IP address and can be either IPv4 or IPv6.
nfs
- (Required) NFS specific configurations. Each configuration includes:
squash
- (Required) The squash mode for the export. The squash mode can be:
none
- No squash mode. no mapping,
root-anonymous
- Map root user to anonymous uid,
all-anonymous
- Map all users to anonymous uid.
A Network File Storage Share resource can be imported using its location
, cluster_id
and resource id
:
Manages the selection of boot devices for IonosCloud Server objects.
Manages the selection of a boot device for IonosCloud Servers.
The boot device of a ionoscloud_server
, ionoscloud_vcpu_server
or ionoscloud_cube_server
can be selected with this resource. Deleting this resource will revert the boot device back to the default volume, which is the first inline volume created together with the server. This resource also allows switching between a volume
and a ionoscloud_image
CDROM. Note that CDROM images are detached after they are no longer set as boot devices.
datacenter_id
- (Required)[string] The ID of a Virtual Data Center.
server_id
- (Required)[string] The ID of a server.
boot_device_id
- (Optional)[string] The ID of a bootable device such as a volume or an image data source. If this field is omitted from the configuration, the VM will be restarted with no primary boot device, and it will enter the PXE shell for network booting. Note: If the network booting process started by the PXE shell fails, the VM will still boot into the image of the attached storage as a fallback. This behavior imitates the "Boot from Network" option from DCD.
Creates and manages IONOS Object Storage keys.
Manages an IONOS Object Storage Key on IonosCloud.
The following arguments are supported:
user_id
- (Required)[string] The UUID of the user owning the IONOS Object Storage Key.
active
- (Optional)[boolean] Whether the IONOS Object Storage is active / enabled or not - Please keep in mind this is only required on create. Default value in true
secret_key
- (Computed) The IONOS Object Storage Secret key.
An IONOS Object Storage Unit resource can be imported using its user id as well as its resource id
, e.g.
This can be helpful when you want to import IONOS Object Storage Keys which you have already created manually or using other means, outside of terraform.
Creates and manages share objects.
Manages Shares and list shares permissions granted to the group members for each shared resource.
edit_privilege
- (Optional)[Boolean] The group has permission to edit privileges on this resource.
group_id
- (Required)[string] The ID of the specific group containing the resource to update.
resource_id
- (Required)[string] The ID of the specific resource to update.
share_privilege
- (Optional)[Boolean] The group has permission to share this resource.
⚠️ Note: There is a limitation due to which the creation of several shares at the same time leads to an error. To avoid this, parallelism=1
can be used when running terraform apply
command in order to create the resources in a sequential manner. Another solution involves the usage of depends_on
attributes inside the ionoscloud_share
resource to enforce the sequential creation of the shares.
Resource Share can be imported using the resource id
, e.g.
Creates and manages IONOS Object Storage Objects.
Manages IONOS Object Storage Objects on IonosCloud.
The following arguments are supported:
bucket
- (Required)[string] The name of the bucket where the object will be stored. Must be between 3 and 63 characters.
key
- (Required)[string] The key of the object. Must be at least 1 character long.
source
- (Optional)[string] The path to the file to upload.
content
- (Optional)[string] Inline content of the object.
cache_control
- (Optional)[string] Specifies caching behavior along the request/reply chain.
content_disposition
- (Optional)[string] Specifies presentational information for the object.
content_encoding
- (Optional)[string] Specifies what content encodings have been applied to the object.
content_language
- (Optional)[string] The natural language or languages of the intended audience for the object.
content_type
- (Optional)[string] A standard MIME type describing the format of the contents.
expires
- (Optional)[string] The date and time at which the object is no longer cacheable.
server_side_encryption
- (Optional)[string] The server-side encryption algorithm used when storing this object in IONOS Object Storage. Valid value is AES256.
storage_class
- (Optional)[string] The storage class of the object. Valid value is STANDARD. Default is STANDARD.
website_redirect
- (Optional)[string] Redirects requests for this object to another object in the same bucket or to an external URL.
server_side_encryption_customer_algorithm
- (Optional)[string] Specifies the algorithm to use for encrypting the object. Valid value is AES256.
server_side_encryption_customer_key
- (Optional)[string] Specifies the 256-bit, base64-encoded encryption key to use to encrypt and decrypt your data.
server_side_encryption_customer_key_md5
- (Optional)[string] Specifies the 128-bit MD5 digest of the encryption key.
server_side_encryption_context
- (Optional)[string] Specifies the IONOS Object Storage Encryption Context for object encryption.
request_payer
- (Optional)[string] Confirms that the requester knows that they will be charged for the request.
object_lock_mode
- (Optional)[string] The object lock mode that you want to apply to the object. Valid values are GOVERNANCE
and COMPLIANCE
.
object_lock_retain_until_date
- (Optional)[string] The date and time when the object lock retention expires.Must be in RFC3999 format
object_lock_legal_hold
- (Optional)[string] Indicates whether a legal hold is in effect for the object. Valid values are ON
and OFF
.
etag
- (Computed)[string] An entity tag (ETag) is an opaque identifier assigned by a web server to a specific version of a resource found at a URL.
metadata
- (Optional)[map] A map of metadata to store with the object in IONOS Object Storage. Metadata keys must be lowercase alphanumeric characters.
tags
- (Optional)[map] The tag-set for the object.
version_id
- (Computed)[string] The version of the object.
mfa
- (Optional) [string]The concatenation of the authentication device's serial number, a space, and the value displayed on your authentication device.
force_destroy
- (Optional)[bool] If true, the object will be destroyed if versioning is enabled then all versions will be destroyed. Default is false
.
Resource Object can be imported using the bucket name
and object key
Creates and manages IonosCloud Volume objects.
Manages a Volume on IonosCloud.
A primary volume will be created with the server. If there is a need for additional volumes, this resource handles it.
datacenter_id
- (Required)[string] The ID of a Virtual Data Center.
server_id
- (Required)[string] The ID of a server.
disk_type
- (Required)[string] The volume type: HDD or SSD. This property is immutable.
bus
- (Optional)[Boolean] The bus type of the volume: VIRTIO or IDE.
size
- (Required)[integer] The size of the volume in GB.
ssh_key_path
- (Optional)[list] List of absolute paths to files containing a public SSH key that will be injected into IonosCloud provided Linux images. Also accepts ssh keys directly. Required for IonosCloud Linux images. Required if image_password
is not provided. This property is immutable.
ssh_keys
- (Optional)[list] List of absolute paths to files containing a public SSH key that will be injected into IonosCloud provided Linux images. Also accepts ssh keys directly. Required for IonosCloud Linux images. Required if image_password
is not provided. This property is immutable.
sshkey
- (Computed) The associated public SSH key.
image_password
- (Optional)[string] Required if sshkey_path
is not provided.
image_name
- (Optional)[string] The name, ID or alias of the image. May also be a snapshot ID. It is required if licence_type
is not provided. Attribute is immutable.
image
- (Computed) The image or snapshot UUID.
licence_type
- (Optional)[string] Required if image_name
is not provided.
name
- (Optional)[string] The name of the volume.
availability_zone
- (Optional)[string] The storage availability zone assigned to the volume: AUTO, ZONE_1, ZONE_2, or ZONE_3. This property is immutable
user_data
- (Optional)[string] The cloud-init configuration for the volume as base64 encoded string. The property is immutable and is only allowed to be set on a new volume creation. This option will work only with cloud-init compatible images.
backup_unit_id
- (Optional)[string] The uuid of the Backup Unit that user has access to. The property is immutable and is only allowed to be set on a new volume creation. It is mandatory to provide either 'public image' or 'imageAlias' in conjunction with this property.
device_number
- (Computed) The Logical Unit Number of the storage volume. Null for volumes not mounted to any VM.
pci_slot
- (Computed) The PCI slot number of the storage volume. Null for volumes not mounted to any VM.
cpu_hot_plug
- (Computed)[string] Is capable of CPU hot plug (no reboot required)
ram_hot_plug
- (Computed)[string] Is capable of memory hot plug (no reboot required)
nic_hot_plug
- (Computed)[string] Is capable of nic hot plug (no reboot required)
nic_hot_unplug
- (Computed)[string] Is capable of nic hot unplug (no reboot required)
disc_virtio_hot_plug
- (Computed)[string] Is capable of Virt-IO drive hot plug (no reboot required)
disc_virtio_hot_unplug
- (Computed)[string] Is capable of Virt-IO drive hot unplug (no reboot required). This works only for non-Windows virtual Machines.
boot_server
- (Computed)[string] The UUID of the attached server.
⚠ WARNING
ssh_key_path and ssh_keys fields are immutable. If you want to create a CUBE server, the type of the inline volume must be set to DAS. In this case, you can not set the
size
argument since it is taken from thetemplate_uuid
you set in the server.
Resource Volume can be imported using the resource id
, e.g.
IPSec Gateway
An IPSec Gateway resource manages the creation, management, and deletion of VPN IPSec Gateways within the IONOS Cloud infrastructure. This resource facilitates the creation of VPN IPSec Gateways, enabling secure connections between your network resources.
name
- (Required)[string] The name of the IPSec Gateway.
location
- (Optional)[string] The location of the IPSec Gateway. Supported locations: de/fra, de/txl, es/vit, gb/bhx, gb/lhr, us/ewr, us/las, us/mci, fr/par.
gateway_ip
- (Required)[string] Public IP address to be assigned to the gateway. Note: This must be an IP address in the same datacenter as the connections.
description
- (Optional)[string] The human-readable description of the IPSec Gateway.
connections
- (Required)[list] The network connection for your gateway. Note: all connections must belong to the same datacenter. Minimum items: 1. Maximum items: 10.
datacenter_id
- (Required)[string] The datacenter to connect your VPN Gateway to.
lan_id
- (Required)[string] The numeric LAN ID to connect your VPN Gateway to.
ipv4_cidr
- (Required)[string] Describes the private ipv4 subnet in your LAN that should be accessible by the VPN Gateway. Note: this should be the subnet already assigned to the LAN
ipv6_cidr
- (Optional)[string] Describes the ipv6 subnet in your LAN that should be accessible by the VPN Gateway. Note: this should be the subnet already assigned to the LAN
version
- (Required)[string] The IKE version that is permitted for the VPN tunnels. Default: IKEv2
. Possible values: IKEv2
.
maintenance_window
- (Optional)(Computed) A weekly 4 hour-long window, during which maintenance might occur.
time
- (Required)[string] Start of the maintenance window in UTC time.
day_of_the_week
- (Required)[string] The name of the week day.
tier
- (Optional)(Computed)[string] Gateway performance options. See product documentation for full details. Options: STANDARD, STANDARD_HA, ENHANCED, ENHANCED_HA, PREMIUM, PREMIUM_HA.
The resource can be imported using the location
and gateway_id
, for example:
Creates and manages snapshot objects.
Manages Snapshots on IonosCloud.
datacenter_id
- (Required)[string] The ID of the Virtual Data Center.
name
- (Required)[string] The name of the snapshot.
volume_id
- (Required)[string] The ID of the specific volume to take the snapshot from.
description
- (Optional)(Computed)[string] Human readable description
licence_type
- (Optional)(Computed)[string] OS type of this Snapshot
cpu_hot_plug
- (Optional)(Computed)[string] Is capable of CPU hot plug (no reboot required). Can only be updated.
ram_hot_plug
- (Optional)(Computed)[string] Is capable of memory hot plug (no reboot required). Can only be updated.
disc_virtio_hot_plug
- (Optional)(Computed)[string] Is capable of Virt-IO drive hot plug (no reboot required). Can only be updated.
disc_virtio_hot_unplug
- (Optional)(Computed)[string] Is capable of Virt-IO drive hot unplug (no reboot required). This works only for non-Windows virtual Machines. Can only be updated.
nic_hot_plug
- (Optional)(Computed)[string] Is capable of nic hot plug (no reboot required). Can only be updated.
nic_hot_unplug
- (Optional)(Computed)[string] Is capable of nic hot unplug (no reboot required). Can only be updated.
Beside the configurable arguments, the resource returns the following additional attributes:
location
- Location of that image/snapshot
size
- The size of the image in GB
sec_auth_protection
- Boolean value representing if the snapshot requires extra protection e.g. two factor protection
cpu_hot_unplug
- Is capable of CPU hot unplug (no reboot required)
ram_hot_unplug
- Is capable of memory hot unplug (no reboot required)
disc_scsi_hot_plug
- Is capable of SCSI drive hot plug (no reboot required)
disc_scsi_hot_unplug
- Is capable of SCSI drive hot unplug (no reboot required). This works only for non-Windows virtual Machines.
Resource Snapshot can be imported using the snapshot id
, e.g.
Creates and manages IonosCloud VPN Wireguard Gateway objects.
The ionoscloud_vpn_wireguard_gateway
resource manages a WireGuard Gateway within the IONOS Cloud infrastructure. This resource facilitates the creation, management, and deletion of WireGuard VPN Gateways, enabling secure connections between your network resources.
The following arguments are supported by the vpn_wireguard_gateway
resource:
location
- (Optional)[String] The location of the WireGuard Gateway. Supported locations: de/fra, de/txl, es/vit, gb/bhx, gb/lhr, us/ewr, us/las, us/mci, fr/par.
name
- (Required)[String] The name of the WireGuard Gateway.
description
- (Optional)[String] A description of the WireGuard Gateway.
endpoint
- (Optional, Block) The endpoint configuration for the WireGuard Gateway. This block supports fields documented below.
private_key
- (Required)[String] The private key for the WireGuard Gateway. To be created with the wg utility.
gateway_ip
- (Required)[String] The IP address of the WireGuard Gateway.
interface_ipv4_cidr
- (Optional)[String] The IPv4 CIDR for the WireGuard Gateway interface.
interface_ipv6_cidr
- (Optional)[String] The IPv6 CIDR for the WireGuard Gateway interface.
connections
- (Required)[Block] The connection configuration for the WireGuard Gateway. This block supports fields documented below.
datacenter_id
- (Required)[String] The ID of the datacenter where the WireGuard Gateway is located.
lan_id
- (Required)[String] The ID of the LAN where the WireGuard Gateway is connected.
ipv4_cidr
- (Required)[String] The IPv4 CIDR for the WireGuard Gateway connection.
ipv6_cidr
- (Optional)[String] The IPv6 CIDR for the WireGuard Gateway connection.
maintenance_window
- (Optional)(Computed) A weekly 4 hour-long window, during which maintenance might occur.
time
- (Required)[string] Start of the maintenance window in UTC time.
day_of_the_week
- (Required)[string] The name of the week day.
tier
- (Optional)(Computed)[string] Gateway performance options. See product documentation for full details. Options: STANDARD, STANDARD_HA, ENHANCED, ENHANCED_HA, PREMIUM, PREMIUM_HA.
In addition to all arguments above, the following attributes are exported:
status
- (Computed)[String] The current status of the WireGuard Gateway.
public_key
- (Computed)[String] The public key for the WireGuard Gateway.
⚠ NOTE:
IONOS_API_URL_VPN
can be used to set a custom API URL for the resource.location
field needs to be empty, otherwise it will override the custom API URL. Settingtoken
orIONOS_API_URL
does not have any effect.
WireGuard Gateways can be imported using their ID:
Creates and manages IonosCloud Target Group.
Manages a Target Group on IonosCloud.
The following arguments are supported:
name
- (Required)[string] The name of the target group.
algorithm
- (Required)[string] Balancing algorithm.
protocol
- (Required)[string] Balancing protocol.
protocol_version
- (Optional)[string] The forwarding protocol version. Value is ignored when protocol is not 'HTTP'.
targets
- (Required)[list] Array of items in the collection
ip
- (Required)[string] The IP of the balanced target VM.
port
- (Required)[int] The port of the balanced target service; valid range is 1 to 65535.
weight
- (Required)[int] Traffic is distributed in proportion to target weight, relative to the combined weight of all targets. A target with higher weight receives a greater share of traffic. Valid range is 0 to 256 and default is 1; targets with weight of 0 do not participate in load balancing but still accept persistent connections. It is best use values in the middle of the range to leave room for later adjustments.
proxy_protocol
- (Optional)[string] The proxy protocol version. Accepted values are none
, v1
, v2
, v2ssl
. If unspecified, the default value of none
is used.
health_check_enabled
- (Optional)[bool] Makes the target available only if it accepts periodic health check TCP connection attempts; when turned off, the target is considered always available. The health check only consists of a connection attempt to the address and port of the target. Default is True.
maintenance_enabled
- (Optional)[bool] Maintenance mode prevents the target from receiving balanced traffic.
health_check
- (Optional) Health check attributes for Target Group.
check_timeout
- (Optional)[int] The maximum time in milliseconds to wait for a target to respond to a check. For target VMs with 'Check Interval' set, the lesser of the two values is used once the TCP connection is established.
check_interval
- (Optional)[int] The interval in milliseconds between consecutive health checks; default is 2000.
retries
- (Optional)[int] The maximum number of attempts to reconnect to a target after a connection failure. Valid range is 0 to 65535, and default is three reconnection.
http_health_check
- (Optional) Http health check attributes for Target Group
path
- (Optional)[string] The path (destination URL) for the HTTP health check request; the default is /.
method
- (Optional)[string] The method for the HTTP health check.
match_type
- (Required)[string]
response
- (Required)[string] The response returned by the request, depending on the match type.
regex
- (Optional)[bool]
negate
- (Optional)[bool]
Resource Target Group can be imported using the resource id
, e.g.
IPSec Gateway Tunnel
An IPSec Gateway Tunnel resource manages the creation, management, and deletion of VPN IPSec Gateway Tunnels within the IONOS Cloud infrastructure. This resource facilitates the creation of VPN IPSec Gateway Tunnels, enabling secure connections between your network resources.
name
- (Required)[string] The name of the IPSec Gateway Tunnel.
location
- (Optional)[string] The location of the IPSec Gateway Tunnel. Supported locations: de/fra, de/txl, es/vit, gb/lhr, us/ewr, us/las, us/mci, fr/par
gateway_id
- (Required)[string] The ID of the IPSec Gateway that the tunnel belongs to.
description
- (Optional)[string] The human-readable description of your IPSec Gateway Tunnel.
remote_host
- (Required)[string] The remote peer host fully qualified domain name or public IPV4 IP to connect to.
ike
- (Required)[list] Settings for the initial security exchange phase. Minimum items: 1. Maximum items: 1.
diffie_hellman_group
- (Optional)[string] The Diffie-Hellman Group to use for IPSec Encryption. Possible values: 15-MODP3072
, 16-MODP4096
, 19-ECP256
, 20-ECP384
, 21-ECP521
, 28-ECP256BP
, 29-ECP384BP
, 30-ECP512BP
. Default value: 16-MODP4096
.
encryption_algorithm
- (Optional)[string] The encryption algorithm to use for IPSec Encryption. Possible values: AES128
, AES256
, AES128-CTR
, AES256-CTR
, AES128-GCM-16
, AES256-GCM-16
, AES128-GCM-12
, AES256-GCM-12
, AES128-CCM-12
, AES256-CCM-12
. Default value: AES256
.
integrity_algorithm
- (Optional)[string] The integrity algorithm to use for IPSec Encryption. Possible values: SHA256
, SHA384
, SHA512
, AES-XCBC
. Default value: SHA256
.
lifetime
- (Optional)[string] The phase lifetime in seconds. Minimum value: 3600
. Maximum value: 86400
. Default value: 86400
.
esp
- (Required)[list] Settings for the IPSec SA (ESP) phase. Minimum items: 1. Maximum items: 1.
diffie_hellman_group
- (Optional)[string] The Diffie-Hellman Group to use for IPSec Encryption. Possible values: 15-MODP3072
, 16-MODP4096
, 19-ECP256
, 20-ECP384
, 21-ECP521
, 28-ECP256BP
, 29-ECP384BP
, 30-ECP512BP
. Default value: 16-MODP4096
.
encryption_algorithm
- (Optional)[string] The encryption algorithm to use for IPSec Encryption. Possible values: AES128
, AES256
, AES128-CTR
, AES256-CTR
, AES128-GCM-16
, AES256-GCM-16
, AES128-GCM-12
, AES256-GCM-12
, AES128-CCM-12
, AES256-CCM-12
. Default value: AES256
.
integrity_algorithm
- (Optional)[string] The integrity algorithm to use for IPSec Encryption. Possible values: SHA256
, SHA384
, SHA512
, AES-XCBC
. Default value: SHA256
.
lifetime
- (Optional)[string] The phase lifetime in seconds. Minimum value: 3600
. Maximum value: 86400
. Default value: 86400
.
auth
- (Required)[string] Properties with all data needed to define IPSec Authentication. Minimum items: 1. Maximum items: 1.
method
- (Optional)[string] The authentication method to use for IPSec Authentication. Possible values: PSK
. Default value: PSK
.
psk_key
- (Optional)[string] The pre-shared key to use for IPSec Authentication. Note: Required if method is PSK.
cloud_network_cidrs
- (Required)[list] The network CIDRs on the "Left" side that are allowed to connect to the IPSec tunnel, i.e. the CIDRs within your IONOS Cloud LAN. Specify "0.0.0.0/0" or "::/0" for all addresses. Minimum items: 1. Maximum items: 20.
peer_network_cidrs
- (Required)[list] The network CIDRs on the "Right" side that are allowed to connect to the IPSec tunnel. Specify "0.0.0.0/0" or "::/0" for all addresses. Minimum items: 1. Maximum items: 20.
The resource can be imported using the location
, gateway_id
and tunnel_id
, for example:
Creates and manages user objects.
Manages Users and list users and groups associated with that user.
administrator
- (Required)[Boolean] Indicates if the user has administrative rights. Administrators do not need to be managed in groups, as they automatically have access to all resources associated with the contract.
email
- (Required)[string] An e-mail address for the user.
first_name
- (Required)[string] A first name for the user.
force_sec_auth
- (Required)[Boolean] Indicates if secure (two-factor) authentication should be forced for the user (true) or not (false).
last_name
- (Required)[string] A last name for the user.
password
- (Required)[string] A password for the user.
sec_auth_active
- (Optional)[Boolean] Indicates if secure authentication is active for the user or not. it can not be used in create requests - can be used in update
s3_canonical_user_id
- (Computed) Canonical (IONOS Object Storage) id of the user for a given identity
active
- (Optional)[Boolean] Indicates if the user is active
group_ids
- (Optional)[Set] The groups that this user will be a member of
NOTE: Group_ids field cannot be used at the same time with user_ids field in group resource. Trying to add the same user to the same group in both ways in the same plan will result in a cyclic dependency error.
Resource User can be imported using the resource id
, e.g.
Creates and manages IonosCloud VCPU Server objects.
Manages a VCPU Server on IonosCloud.
name
- (Required)[string] The name of the server.
datacenter_id
- (Required)[string] The ID of a Virtual Data Center.
hostname
- (Optional)(Computed)[string] The hostname of the resource. Allowed characters are a-z, 0-9 and - (minus). Hostname should not start with minus and should not be longer than 63 characters. If no value provided explicitly, it will be populated with the name of the server
cores
- (Optional)[integer] Number of server CPU cores.
ram
- (Optional)[integer] The amount of memory for the server in MB.
image_name
- (Optional)[string] The name, ID or alias of the image. May also be a snapshot ID. It is required if licence_type
is not provided. Attribute is immutable.
availability_zone
- (Optional)[string] The availability zone in which the server should exist. E.g: AUTO
, ZONE_1
, ZONE_2
. This property is immutable.
licence_type
- (Optional)[string] Sets the OS type of the server.
volume
- (Required) See the Volume section.
nic
- (Optional) See the Nic section.
firewall
- (Optional) Allows to define firewall rules inline in the server. See the Firewall section.
boot_volume
- (Computed) The associated boot volume.
boot_cdrom
- DEPRECATED Please refer to ionoscloud_server_boot_device_selection (Optional)[string] The associated boot drive, if any. Must be the UUID of a bootable CDROM image that can be retrieved using the ionoscloud_image data source.
boot_image
- (Optional)[string] The image or snapshot UUID / name. May also be an image alias. It is required if licence_type
is not provided.
primary_nic
- (Computed) The associated NIC.
primary_ip
- (Computed) The associated IP address.
firewallrule_id
- (Computed) The associated firewall rule.
firewallrule_ids
- (Computed) The associated firewall rules.
ssh_keys
- (Optional)[list] Immutable List of absolute or relative paths to files containing public SSH key that will be injected into IonosCloud provided Linux images. Also accepts ssh keys directly. Public SSH keys are set on the image as authorized keys for appropriate SSH login to the instance using the corresponding private key. This field may only be set in creation requests. When reading, it always returns null. SSH keys are only supported if a public Linux image is used for the volume creation. Does not support ~
expansion to homedir in the given path.
image_password
- (Optional)[string] The password for the image.
label
- (Optional) A label can be seen as an object with only two required fields: key
and value
, both of the string
type. Please check the example presented above to see how a label
can be used in the plan. A server can have multiple labels.
inline_volume_ids
- (Computed) A list with the IDs for the volumes that are defined inside the server resource.
security_groups_ids
- (Optional) The list of Security Group IDs for the resource.
⚠ WARNING
ssh_keys field is immutable.
Resource VCPU Server can be imported using the resource id
and the datacenter id
, for example, passing only resource id and datacenter id means that the first nic found linked to the server will be attached to it.
Optionally, you can pass primary_nic
and firewallrule_id
so terraform will know to import also the first nic and firewall rule (if it exists on the server):
Please note that for any secondary volume, you need to set the licence_type property to UNKNOWN
⚠️ Note: Important for deleting an firewall
rule from within a list of inline resources defined on the same nic. There is one limitation to removing one firewall rule from the middle of the list of firewall
rules. Terraform will actually modify the existing rules and delete the last one. More details here. There is a workaround described in the issue that involves moving the resources in the list prior to deletion. terraform state mv <resource-name>.<resource-id>[<i>] <resource-name>.<resource-id>[<j>]
Creates and manages IonosCloud VPN Wireguard Gateway Peer objects.
This page provides an overview of the ionoscloud_vpn_wireguard_peer
resource, which allows you to manage a WireGuard Peer in your cloud infrastructure. This resource enables the creation, management, and deletion of a WireGuard VPN Peer, facilitating secure connections between your network resources.
The following arguments are supported:
gateway_id
- (Required)[string] The ID of the WireGuard Gateway that the Peer will connect to.
location
- (Optional)[string] The location of the WireGuard Gateway.
name
- (Required)[string] The human-readable name of the WireGuard Gateway.
public_key
- (Required)[string] The public key for the WireGuard Gateway.
description
- (Optional)[string] A description of the WireGuard Gateway.
allowed_ips
- (Required)[list, string] A list of subnet CIDRs that are allowed to connect to the WireGuard Gateway.
endpoint
- (Optional)[block] An endpoint configuration block for the WireGuard Gateway. The structure of this block is as follows:
host
- (Required)[string] The hostname or IPV4 address that the WireGuard Server will connect to.
port
- (Optional)[int] The port that the WireGuard Server will connect to. Defaults to 51820
.
In addition to all arguments above, the following attributes are exported:
status
- The current status of the WireGuard Gateway Peer.
WireGuard Peers can be imported using the gateway_id
and id
, e.g.,