Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Creates and manages IonosCloud Application Load Balancer.
Manages an Application Load Balancer on IonosCloud.
The following arguments are supported:
datacenter_id - (Required)[string] ID of the datacenter.
name - (Required)[string] The name of the Application Load Balancer.
listener_lan - (Required)[int] ID of the listening (inbound) LAN.
ips - (Optional)[set] Collection of the Application Load Balancer IP addresses. (Inbound and outbound) IPs of the listenerLan are customer-reserved public IPs for the public Load Balancers, and private IPs for the private Load Balancers.
target_lan - (Required)[int] ID of the balanced private target LAN (outbound).
lb_private_ips - (Optional)[set] Collection of private IP addresses with the subnet mask of the Application Load Balancer. IPs must contain valid a subnet mask. If no IP is provided, the system will generate an IP with /24 subnet.
central_logging - (Optional)[bool] Turn logging on and off for this product. Default value is 'false'.
logging_lormat - (Optional)[string] Specifies the format of the logs.
flowlog - (Optional)[list] Only 1 flow log can be configured. Only the name field can change as part of an update. Flow logs holistically capture network information such as source and destination IP addresses, source and destination ports, number of packets, amount of bytes, the start and end time of the recording, and the type of protocol – and log the extent to which your instances are being accessed.
action - (Required)[string] Specifies the action to be taken when the rule is matched. Possible values: ACCEPTED, REJECTED, ALL. Immutable, forces re-creation.
bucket - (Required)[string] Specifies the IONOS Object Storage bucket where the flow log data will be stored. The bucket must exist. Immutable, forces re-creation.
direction - (Required)[string] Specifies the traffic direction pattern. Valid values: INGRESS, EGRESS, BIDIRECTIONAL. Immutable, forces re-creation.
name - (Required)[string] Specifies the name of the flow log.
⚠️ Note:: Removing the flowlog forces re-creation of the application load balancer resource.
Resource Application Load Balancer can be imported using the resource id and datacenter id, e.g.
Creates and manages IonosCloud Backup Units.
Manages a Backup Unit on IonosCloud.
The following arguments are supported:
name - (Required)[string] The name of the Backup Unit. This argument is immutable.
password - (Required)[string] The desired password for the Backup Unit
email - (Required)[string] The email address assigned to the backup unit
login - (Computed) The login associated with the backup unit. Derived from the contract number
A Backup Unit resource can be imported using its resource id, e.g.
This can be helpful when you want to import backup units which you have already created manually or using other means, outside of terraform. Please note that you need to manually specify the password when first declaring the resource in terraform, as there is no way to retrieve the password from the Cloud API.
Please note that at the moment, Backup Units cannot be renamed
Please note that the password attribute is write-only, and it cannot be retrieved from the API when importing a ionoscloud_backup_unit. The only way to keep track of it in Terraform is to specify it on the resource to be imported, thus, making it a required attribute.
API Gateway is an application that acts as a "front door" for backend services and APIs, handling client requests and routing them to the appropriate backend.
An API gateway consists of the generic rules and configurations.
id - (Computed)[string] The ID of the API Gateway.
name - (Required)[string] The name of the API Gateway.
logs - (Optional)[bool] Enable or disable logging. Defaults to false. NOTE: Central Logging must be enabled through the Logging API to enable this feature.
metrics - (Optional)[bool] Enable or disable metrics. Defaults to false.
custom_domains - (Optional)[list] Custom domains for the API Gateway, a list that contains elements with the following structure:
name - (Required)[string] The domain name. Externally reachable.
certificate_id - (Optional)[string] The certificate ID for the domain. Must be a valid certificate in UUID form.
public_endpoint - (Computed)[string] The public endpoint of the API Gateway.
In order to import an API Gateway, you can define an empty API Gateway resource in the plan:
The resource can be imported using the gateway_id, for example:
Creates and manages IonosCloud Container Registry.
Manages an Container Registry on IonosCloud.
The following arguments are supported:
name - The name of the container registry. Immutable, update forces re-creation of the resource.
garbage_collection_schedule - (Optional)[Map]
time - (Required)[string]
days - (Required)[list] Elements of list must have one of the values: Saturday, Sunday, Monday, Tuesday, Wednesday, Thursday, Friday
location - (Required)[string] Immutable, update forces re-creation of the resource.
api_subnet_allow_list - (Optional)[list] The subnet CIDRs that are allowed to connect to the registry. Specify "a.b.c.d/32" for an individual IP address. Note: If this list is empty or not set, there are no restrictions.
features - (Optional)[Map]
vulnerability_scanning - (Optional)[bool] Enables or disables the Vulnerability Scanning feature for the Container Registry. To disable this feature, set the attribute to false when creating the CR resource.
⚠ WARNING
Container Registry Vulnerability Scanningis a paid feature which is enabled by default, and cannot be turned off after activation. To disable this feature for a Container Registry, ensurevulnerability_scanningis set to false on resource creation.
Resource Container Registry can be imported using the resource id, e.g.
Creates and manages Certificate Manager AutoCertificate objects.
Manages a CM AutoCertificate.
provider_id - (Required)[string] The certificate provider used to issue the certificates.
location - (Required)[string] The location of the auto-certificate.
common_name - (Required)[string] The common name (DNS) of the certificate to issue. The common name needs to be part of a zone in IONOS Cloud DNS.
key_algorithm - (Required)[string] The key algorithm used to generate the certificate.
name - (Required)[string] A certificate name used for management purposes.
subject_alternative_names - (Optional)[list][string] Optional additional names to be added to the issued certificate. The additional names needs to be part of a zone in IONOS Cloud DNS.
last_issued_certificate_id - (Computed)[string] The ID of the last certificate that was issued.
The resource can be imported using the auto_certificate_id and the location, separated by :, e.g.
Creates and manages IonosCloud API Gateway Route objects.
Manages an API Gateway Route on IonosCloud.
This resource will create an operational API Gateway Route. After this section completes, the provisioner can be called.
id - (Computed)[string] The ID of the API Gateway Route.
name - (Required)[string] Name of the API Gateway Route. Only alphanumeric characters are allowed.
gateway_id - (Required)[string] The ID of the API Gateway that the route belongs to.
type - (Optional)[string] This field specifies the protocol used by the ingress to route traffic to the backend service. Default value: http.
paths - (Required)[list] The paths that the route should match. Minimum items: 1.
methods - (Required)[list] The HTTP methods that the route should match. Minimum items: 1. Possible values: GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD, CONNECT, TRACE.
websocket - (Optional)[bool] To enable websocket support. Default value: false.
upstreams - (Required) Upstreams information of the API Gateway Route. Minimum items: 1.
scheme - (Optional)[string] The target URL of the upstream. Default value: http.
host - (Required)[string] The host of the upstream.
port - (Optional)[int] The port of the upstream. Default value: 80.
loadbalancer - (Optional)[string] The load balancer algorithm. Default value: roundrobin.
weight - (Optional)[int] Weight with which to split traffic to the upstream. Default value: 100.
API Gateway route can be imported using the apigateway route id:
Creates and manages IonosCloud Application Load Balancer Forwarding Rule.
Manages an Application Load Balancer Forwarding Rule on IonosCloud.
The following arguments are supported:
datacenter_id - (Required)[string] The ID of a Virtual Data Center.
application_loadbalancer_id - (Required)[string] The ID of Application Load Balancer.
name - (Required)[string] The name of the Application Load Balancer forwarding rule.
protocol - (Required)[string] Balancing protocol.
listener_ip - (Required)[string] Listening (inbound) IP.
listener_port - (Required)[int] Listening (inbound) port number; valid range is 1 to 65535.
client_timeout - (Optional)[int] The maximum time in milliseconds to wait for the client to acknowledge or send data; default is 50,000 (50 seconds).
server_certificates - (Optional)[list] Array of certificate ids. You can create certificates with the certificate resource.
http_rules - (Optional)[list] Array of items in that collection
name - (Required)[string] The unique name of the Application Load Balancer HTTP rule.
type - (Required)[string] Type of the Http Rule.
target_group - (Optional)[string] The UUID of the target group; mandatory for FORWARD action.
drop_query - (Optional)[bool] Default is false; valid only for REDIRECT actions.
location - (Optional)[string] The location for redirecting; mandatory and valid only for REDIRECT actions.
status_code - (Optional)[int] Valid only for REDIRECT and STATIC actions. For REDIRECT actions, default is 301 and possible values are 301, 302, 303, 307, and 308. For STATIC actions, default is 503 and valid range is 200 to 599.
response_message - (Optional)[string] The response message of the request; mandatory for STATIC action.
content_type - (Optional)[string] Valid only for STATIC actions.
conditions - (Optional)[list] - An array of items in the collection.The action is only performed if each and every condition is met; if no conditions are set, the rule will always be performed.
type - (Required)[string] Type of the Http Rule condition.
condition - (Required)[string] Matching rule for the HTTP rule condition attribute; mandatory for HEADER, PATH, QUERY, METHOD, HOST, and COOKIE types; must be null when type is SOURCE_IP.
negate - (Optional)[bool] Specifies whether the condition is negated or not; the default is False.
key - (Optional)[string] Must be null when type is PATH, METHOD, HOST, or SOURCE_IP. Key can only be set when type is COOKIES, HEADER, or QUERY.
value - (Optional)[string] Mandatory for conditions CONTAINS, EQUALS, MATCHES, STARTS_WITH, ENDS_WITH; must be null when condition is EXISTS; should be a valid CIDR if provided and if type is SOURCE_IP.
Resource Application Load Balancer Forwarding Rule can be imported using the resource id, alb id and datacenter id, e.g.
Creates and manages IonosCloud Autoscaling Group.
Manages an Autoscaling Group on IonosCloud.
The following arguments are supported:
max_replica_count - (Required)[int] The maximum value for the number of replicas on a VM Auto Scaling Group. Must be >= 0 and <= 200. Will be enforced for both automatic and manual changes.
min_replica_count - (Required)[int] The minimum value for the number of replicas on a VM Auto Scaling Group. Must be >= 0 and <= 200. Will be enforced for both automatic and manual changes.
target_replica_count - (Optional)[int] The target number of VMs in this Group. Depending on the scaling policy, this number will be adjusted automatically. VMs will be created or destroyed automatically in order to adjust the actual number of VMs to this number. If targetReplicaCount is given in the request body then it must be >= minReplicaCount and <= maxReplicaCount.
name - (Required)[string] User-defined name for the Autoscaling Group.
policy - (Required)[List] Specifies the behavior of this Autoscaling Group. A policy consists of Triggers and Actions, whereby an Action is some kind of automated behavior, and a Trigger is defined by the circumstances under which the Action is triggered. Currently, two separate Actions, namely Scaling In and Out are supported, triggered through Thresholds defined on a given Metric.
metric - (Required)[string] The Metric that should trigger the scaling actions. Metric values are checked at fixed intervals. Possible values: INSTANCE_CPU_UTILIZATION_AVERAGE, INSTANCE_NETWORK_IN_BYTES, INSTANCE_NETWORK_IN_PACKETS, INSTANCE_NETWORK_OUT_BYTES, INSTANCE_NETWORK_OUT_PACKETS
range - (Optional)[string] Defines the time range, for which the samples will be aggregated. Default is 120s. Note that when you set it to values like 5m the API will automatically transform it in PT5M, so the plan will show you a diff in state that should be ignored.
scale_in_action - (Required)[list] Specifies the action to take when the scaleInThreshold is exceeded. Hereby, scaling in is always about removing VMs that are currently associated with this autoscaling group. Default termination policy is OLDEST_SERVER_FIRST.
amount - (Required)[int] When amountType == ABSOLUTE, this is the number of VMs removed in one step. When amountType == PERCENTAGE, this is a percentage value, which will be applied to the autoscaling group's current targetReplicaCount in order to derive the number of VMs that will be removed in one step. There will always be at least one VM removed. For SCALE_IN operation new volumes are NOT deleted after the server deletion.
amount_type - (Required)[string] The type for the given amount. Possible values are: ABSOLUTE, PERCENTAGE.
termination_policy_type - (Optional)[string] The type of the termination policy for the autoscaling group so that a specific pattern is followed for Scaling-In replicas. Default termination policy is OLDEST_SERVER_FIRST. Possible values are: OLDEST_SERVER_FIRST, NEWEST_SERVER_FIRST, RANDOM
cooldown_period - (Optional)[string] Minimum time to pass after this Scaling action has started, until the next Scaling action will be started. Additionally, if a Scaling action is currently in progress, no second Scaling action will be started for the same autoscaling group. Instead, the Metric will be re-evaluated after the current Scaling action is completed (either successfully or with failures). This is validated with a minimum value of 2 minutes and a maximum of 24 hours currently. Default value is 5 minutes if not given. Note that when you set it to values like 5m the API will automatically transform it in PT5M, so the plan will show you a diff in state that should be ignored.
delete_volumes - (Required)[bool] If set to true, when deleting a replica during scale in, any attached volume will also be deleted. When set to false, all volumes remain in the datacenter and must be deleted manually. Note that every scale-out creates new volumes. When they are not deleted, they will eventually use all of your contracts resource limits. At this point, scaling out would not be possible anymore.
scale_in_threshold - (Required)[int] A lower threshold on the value of metric. Will be used with less than (<) operator. Exceeding this will start a Scale-In Action as specified by the scaleInAction property. The value must have a higher minimum delta to the scaleOutThreshold depending on the metric to avoid competitive actions at the same time.
scale_out_action - (Required)[list] Specifies the action to take when the scaleOutThreshold is exceeded. Hereby, scaling out is always about adding new VMs to this autoscaling group.
amount - (Required)[int] When amountType=ABSOLUTE specifies the absolute number of VMs that are added. The value must be between 1 to 10. amountType=PERCENTAGE specifies the percentage value that is applied to the current number of replicas of the VM Auto Scaling Group. The value must be between 1 to 200. At least one VM is always added.
amount_type - (Required)[string] The type for the given amount. Possible values are: ABSOLUTE, PERCENTAGE.
cooldown_period - (Optional)[string] Minimum time to pass after this Scaling action has started, until the next Scaling action will be started. Additionally, if a Scaling action is currently in progress, no second Scaling action will be started for the same autoscaling group. Instead, the Metric will be re-evaluated after the current Scaling action is completed (either successfully or with failures). This is validated with a minimum value of 2 minutes and a maximum of 24 hours currently. Default value is 5 minutes if not given. Note that when you set it to values like 5m the API will automatically transform it in PT5M, so the plan will show you a diff in state that should be ignored.
scale_out_threshold - (Required)[int] The upper threshold for the value of the metric. Used with the greater than (>) operator. A scale-out action is triggered when this value is exceeded, specified by the scaleOutAction property. The value must have a lower minimum delta to the scaleInThreshold, depending on the metric, to avoid competing for actions simultaneously. If properties.policy.unit=TOTAL, a value >= 40 must be chosen.
unit - (Required)[string] Units of the applied Metric. Possible values are: PER_HOUR, PER_MINUTE, PER_SECOND, TOTAL.
replica_configuration - (Required)[List]
availability_zone - (Required)[string] The zone where the VMs are created using this configuration. Possible values are: AUTO, ZONE_1, ZONE_2.
cores - (Required)[int] The total number of cores for the VMs.
cpu_family - (Optional)[string] CPU family for the VMs created using this configuration. If null, the VM will be created with the default CPU family for the assigned location. Possible values are: INTEL_SKYLAKE, INTEL_XEON.
nics - (Optional)[set] List of NICs associated with this Replica.
lan - (Required)[int] Lan ID for this replica Nic.
name - (Required)[string] Name for this replica NIC.
dhcp - (Optional)[bool] Dhcp flag for this replica Nic. This is an optional attribute with default value of true if not given in the request payload or given as null.
firewall_active - (Optional)[bool] Firewall active flag.
firewall_type - (Optional)[string] The type of firewall rules that will be allowed on the NIC. Valid values: INGRESS EGRESS BIDIRECTIONAL. If not specified, the default INGRESS value is used.
firewall_rules - (Optional)[list] List of firewall rules associated with this NIC.
protocol - (Required)[string] The protocol for the rule: TCP, UDP, ICMP, ANY. Property cannot be modified after creation (disallowed in update requests).
name - (Optional)[string] The name of the firewall rule.
source_mac - (Optional)[string] Only traffic originating from the respective MAC address is allowed. Valid format: aa:bb:cc:dd:ee:ff. Value null allows all source MAC address. Valid format: aa:bb:cc:dd:ee:ff.
source_ip - (Optional)[string] Only traffic originating from the respective IPv4 address is allowed. Value null allows all source IPs.
target_ip - (Optional)[string] In case the target NIC has multiple IP addresses, only traffic directed to the respective IP address of the NIC is allowed. Value null allows all target IPs.
port_range_start - (Optional)[int] Defines the start range of the allowed port (from 1 to 65534) if protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.
port_range_end - (Optional)[int] Defines the end range of the allowed port (from 1 to 65534) if the protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.
icmp_type - (Optional)[string] Defines the allowed code (from 0 to 254) if protocol ICMP is chosen. Value null allows all codes.
icmp_code - (Optional)[int] Defines the allowed code (from 0 to 254) if protocol ICMP is chosen.
type - (Optional)[string] The type of firewall rule. If is not specified, it will take the default value INGRESS.
flow_log - (Optional)[list] Only 1 flow log can be configured. Only the name field can change as part of an update. Flow logs holistically capture network information such as source and destination IP addresses, source and destination ports, number of packets, amount of bytes, the start and end time of the recording, and the type of protocol – and log the extent to which your instances are being accessed.
action - (Required)[string] Specifies the action to be taken when the rule is matched. Possible values: ACCEPTED, REJECTED, ALL. Immutable, forces re-creation.
bucket - (Required)[string] Specifies the IONOS Object Storage bucket where the flow log data will be stored. The bucket must exist. Immutable, forces re-creation.
direction - (Required)[string] Specifies the traffic direction pattern. Valid values: INGRESS, EGRESS, BIDIRECTIONAL. Immutable, forces re-creation.
name - (Required)[string] Specifies the name of the flow log.
target_group - (Optional)[list] In order to link VM to ALB, target group must be provided
target_group_id (Required)[string] The ID of the target group.
weight (Optional)[int] The weight of the target group.
port (Optional)[int] The port of the target group.
ram - (Required)[int] The amount of memory for the VMs in MB, e.g. 2048. Size must be specified in multiples of 256 MB with a minimum of 256 MB; however, if you set ramHotPlug to TRUE then you must use a minimum of 1024 MB. If you set the RAM size more than 240GB, then ramHotPlug will be set to FALSE and can not be set to TRUE unless RAM size not set to less than 240GB.
volume - (Optional)[list] List of volumes associated with this Replica.
image - (Optional)[string] The image installed on the volume. Only the UUID of the image is presently supported.
image_alias - (Optional)[string] The image installed on the volume. Must be an imageAlias as specified via the images API. Note that one of image or imageAlias must be set, but not both.
name - (Required)[string] Name for this replica volume.
size - (Required)[int] Name for this replica volume.
ssh_keys - (Optional) List of ssh keys, supports values or paths to files. Cannot be changed at update.
type - (Required)[string] Storage Type for this replica volume. Possible values: SSD, HDD, SSD_STANDARD or SSD_PREMIUM.
user_data - (Optional)[string] User-data (Cloud Init) for this replica volume. Make sure you provide a Cloud Init compatible image in conjunction with this parameter.
image_password - (Optional)[string] Image password for this replica volume.
bus - (Optional)[string] The bus type of the volume. Default setting is VIRTIO. The bus type IDE is also supported.
backup_unit_id - (Optional)[string] The uuid of the Backup Unit that user has access to. The property is immutable and is only allowed to be set on a new volume creation. It is mandatory to provide either public image or imageAlias in conjunction with this property.
boot_order - (Optional)[string] Determines whether the volume will be used as a boot volume. Set to NONE, the volume will not be used as boot volume. Set to PRIMARY, the volume will be used as boot volume and set to AUTO will delegate the decision to the provisioning engine to decide whether to use the volume as boot volume. Notice that exactly one volume can be set to PRIMARY or all of them set to AUTO.
datacenter_id - (Required)[string] Unique identifier for the resource
location - (Computed) Location of the data center.
Creates and manages a certificate.
Manages a Certificate on IonosCloud.
NOTE: You can also provide the values as multiline strings, as seen below:
The following arguments are supported:
name - (Required)[string] The certificate name
certificate - (Required)[string] The certificate body. Pem encoded. Immutable.
private_key - (Required)[string] The certificate private key. Immutable. Sensitive.
certificate_chain - (Optional)[string] The certificate chain. Pem encoded. Immutable.
Resource certificate can be imported using the resource id, e.g.
Creates and manages IonosCloud Virtual Data Center.
Manages a Virtual Data Center on IonosCloud.
ionoscloud_datacenter_nsg_selection and provide the IDs of the NSG and Datacenter to link them.nsg_id field will de-attach any previously linked NSG from the Datacenter.The following arguments are supported:
name - (Required)[string] The name of the Virtual Data Center.
location - (Required)[string] The regional location where the Virtual Data Center will be created. This argument is immutable.
description - (Optional)[string] Description for the Virtual Data Center.
sec_auth_protection - (Optional) [bool] Boolean value representing if the data center requires extra protection e.g. two factor protection
version - (Computed) The version of that Data Center. Gets incremented with every change
features - (Computed) List of features supported by the location this data center is part of
ipv6_cidr_block - (Computed) The automatically-assigned /56 IPv6 CIDR block if IPv6 is enabled on this virtual data center
cpu_architecture - (Computed) Array of features and CPU families available in a location
cpu_family - A valid CPU family name
max_cores - The maximum number of cores available
max_ram - The maximum number of RAM in MB
vendor - A valid CPU vendor name
Resource Datacenter can be imported using the resource id, e.g.
Creates and manages IonosCloud Cube Server objects.
A Cube is a Virtual Machine (VM) with an attached NVMe Volume. You can use each newly created Cube as a new VM, either standalone or in combination with other IONOS Cloud products.
Check out Configuration templates
This resource will create an operational server. After this section completes, the provisioner can be called.
template_uuid - (Required)[string] The UUID of the template for creating a CUBE server; the available templates for CUBE servers can be found on the templates resource
name - (Required)[string] The name of the server.
datacenter_id - (Required)[string] The ID of a Virtual Data Center.
hostname - (Optional)(Computed) The hostname of the resource. Allowed characters are a-z, 0-9 and - (minus). Hostname should not start with minus and should not be longer than 63 characters. If no value provided explicitly, it will be populated with the name of the server
image_name - (Optional)[string] The name, ID or alias of the image. May also be a snapshot ID. It is required if licence_type is not provided. Attribute is immutable.
availability_zone - (Optional)[string] The availability zone in which the server should exist. This property is immutable.
licence_type - (Optional)[string] Sets the OS type of the server.
vm_state - (Optional)[string] Sets the power state of the cube server. E.g: RUNNING or SUSPENDED.
volume - (Required) See the Volume section.
nic - (Required) See the Nic section.
boot_volume - (Computed) The associated boot volume.
boot_cdrom - DEPRECATED Please refer to ionoscloud_server_boot_device_selection (Optional)[string] The associated boot drive, if any. Must be the UUID of a bootable CDROM image that can be retrieved using the ionoscloud_image data source.
boot_image - (Optional)[string] The image or snapshot UUID / name. May also be an image alias. It is required if licence_type is not provided.
primary_nic - (Computed) The associated NIC.
primary_ip - (Computed) The associated IP address.
firewallrule_id - (Computed) The associated firewall rule.
ssh_key_path - (Optional)[list] List of paths to files containing a public SSH key that will be injected into IonosCloud provided Linux images. Required for IonosCloud Linux images. Required if image_password is not provided.
image_password - (Optional)[string] Required if ssh_key_path is not provided.
security_groups_ids - (Optional) The list of Security Group IDs for the resource.
allow_replace - (Optional)[bool] When set to true, allows the update of immutable fields by first destroying and then re-creating the server.
⚠️ Warning: allow_replace - lets you update immutable fields, but it first destroys and then re-creates the server in order to do it. This field should be used with care, understanding the risks.
⚠ WARNING
Image_name under volume level is deprecated, please use image_name under server level
⚠ WARNING
For creating a CUBE server, you can not set
volume.sizeargument.
Resource Server can be imported using the resource id and the datacenter id, e.g.
Please note that for any secondary volume, you need to set the licence_type property to UNKNOWN
Creates and manages IonosCloud Container Registry Token.
Manages an Container Registry Token on IonosCloud.
The following arguments are supported:
name - (Required)[string] The name of the container registry token. Immutable, update forces re-creation of the resource.
expiry-date - (Optional)[string] The value must be supplied as ISO 8601 timestamp
scopes - (Optional)[map]
actions - (Required)[string] Example: ["pull", "push", "delete"]
name - (Required)[string]
type - (Required)[string]
status - (Optional)[string] Must have on of the values: enabled, disabled
save_password_to_file - (Optional)[string] Saves token password to file. Only works on create. Takes as argument a file name, or a file path
⚠ WARNING
save_password_to_filemust be used with caution. It will save the password(token) returned on create to a file. This is the only way to get the token.
Resource Container Registry Token can be imported using the container registry id and resource id, e.g.
Creates and manages Certificate Manager provider objects.
Manages a CM provider.
name - (Required)[string] The name of the certificate provider.
email - (Required)[string] The email address of the certificate requester.
location - (Optional)[string] The location of the provider.
server - (Required)[string] The URL of the certificate provider.
external_account_binding - (Optional)[list] External account binding details.
key_id - (Required)[string] The key ID of the external account binding.
key_secret - (Required)[string] The key secret of the external account binding
The resource can be imported using the provider_id and the location, separated by :, e.g.
Creates and manages IonosCloud CDN Distributions.
Manages a CDN Distribution on IonosCloud.
The following arguments are supported:
domain - (Required)[string] The domain of the distribution.
certificate_id - (Required)[string] The ID of the certificate to use for the distribution. You can create certificates with the certificate resource.
routing_rules - (Required)[list] The routing rules for the distribution.
scheme - (Required)[string] The scheme of the routing rule.
prefix - (Required)[string] The prefix of the routing rule.
upstream - (Required)[map] - A map of properties for the rule
host - (Required)[string] The upstream host that handles the requests if not already cached. This host will be protected by the WAF if the option is enabled.
caching - (Required)[bool] Enable or disable caching. If enabled, the CDN will cache the responses from the upstream host. Subsequent requests for the same resource will be served from the cache.
waf - (Required)[bool] Enable or disable WAF to protect the upstream host.
sni_mode - (Required)[string] The SNI (Server Name Indication) mode of the upstream. It supports two modes: 1) distribution: for outgoing connections to the upstream host, the CDN requires the upstream host to present a valid certificate that matches the configured domain of the CDN distribution; 2) origin: for outgoing connections to the upstream host, the CDN requires the upstream host to present a valid certificate that matches the configured upstream/origin hostname.
rate_limit_class - (Required)[string] Rate limit class that will be applied to limit the number of incoming requests per IP.
geo_restrictions - (Optional)[map] - A map of geo_restrictions
allow_list - (Optional)[string] List of allowed countries
block_list - (Optional)[string] List of blocked countries
public_endpoint_v4 - IP of the distribution, it has to be included on the domain DNS Zone as A record.
public_endpoint_v6 - IP of the distribution, it has to be included on the domain DNS Zone as AAAA record.
resource_urn - Unique resource indentifier.
Resource Distribution can be imported using the resource id, e.g.
Creates and manages DbaaS MongoDB Cluster objects.
Manages a DbaaS Mongo Cluster.
Enterprise Support: With MongoDB Enterprise, you gain access to professional support from the MongoDB team ensuring that you receive timely assistance and expert guidance when needed. IONOS offers enterprise-grade Service Level Agreements (SLAs), guaranteeing rapid response times and 24/7 support to address any critical issues that may arise.
edition - (Optional)(Computed)[string] Cluster edition. Playground, business or enterprise.
mongodb_version - (Required)[string] The MongoDB version of your cluster. Updates to the value of the field force the cluster to be re-created.
template_id - (Optional)[string] The unique ID of the template, which specifies the number of cores, storage size, and memory. Updates to the value of the field force the cluster to be re-created. Required for playground and business editions. Must not be provided for enterprise edition.
instances - (Required)[int] The total number of instances in the cluster (one master and n-1 standbys). Example: 1, 3, 5, 7. Updates to the value of the field force the cluster to be re-created.
display_name - (Required)[string] The name of your cluster. Updates to the value of the field force the cluster to be re-created.
location - (Required)[string] The physical location where the cluster will be created. Property cannot be modified after datacenter creation (disallowed in update requests). Available locations: de/txl, gb/lhr, es/vit. Update forces cluster re-creation.
connections - (Required)[List] Details about the network connection for your cluster. Updates to the value of the field force the cluster to be re-created.
datacenter_id - (Required)[string] The datacenter to connect your cluster to.
lan_id - (Required)[string] The LAN to connect your cluster to.
cidr_list - (Required)[List] The list of IPs and subnet for your cluster. Note the following unavailable IP ranges:10.233.64.0/18, 10.233.0.0/18, 10.233.114.0/24. example: [192.168.1.100/24, 192.168.1.101/24]. See Private IPs and Cluster Setup - Preparing the network.
maintenance_window - (Optional)(Computed) A weekly 4 hour-long window, during which maintenance might occur. Updates to the value of the field force the cluster to be re-created.
time - (Required)[string]
day_of_the_week - (Required)[string]
connection_string - (Computed)[string] The physical location where the cluster will be created. This will be where all of your instances live. Updates to the value of the field force the cluster to be re-created. Available locations: de/txl, gb/lhr, es/vit
ram - (Optional)(Computed)[int]The amount of memory per instance in megabytes. Required for enterprise edition.
storage_size - (Optional)(Computed)[int] The amount of storage per instance in MB. Required for enterprise edition.
storage_type - (Optional)(Computed)[String] The storage type used in your cluster. Required for enterprise edition.
cores - (Optional)(Computed)[int] The number of CPU cores per replica. Required for enterprise edition.
shards - (Optional)[int]The total number of shards in the cluster.
type - (Optional)(Computed)[string]The cluster type, either replicaset or sharded-cluster.
bi_connector - (Optional)(Computed)The MongoDB Connector for Business Intelligence allows you to query a MongoDB database using SQL commands to aid in data analysis.
enabled: (Optional)[bool] - The status of the BI Connector. If not set, the BI Connector is disabled.
host: (Computed)[string] - The host where this new BI Connector is installed.
port: (Computed)[string] - Port number used when connecting to this new BI Connector.
backup - (Optional)[list]
location: (Optional)[string] - The location where the cluster backups will be stored. If not set, the backup is stored in the nearest location of the cluster. Possible values are de, eu-south-2, or eu-central-2.
Resource DbaaS MongoDb Cluster can be imported using the cluster_id, e.g.
Links a Network Security Group to a IonosCloud datacenter.
Links a Network Security Group to a IonosCloud datacenter. The datacenter can only have one linked NSG. To set a new NSG for the datacenter, the current one will be unlinked.
A Network Security Group can be linked to a ionoscloud_datacenter with this resource. Deleting the resource will unlink the NSG from the datacenter.
datacenter_id - (Required)[string] The ID of a Virtual Data Center.
nsg_id - (Required)[string] The ID of a Network Security Group.
Creates and manages Dataplatform Cluster objects.
Manages a Dataplatform Cluster.
datacenter_id - (Required)[string] The UUID of the virtual data center (VDC) the cluster is provisioned.
name - (Required)[string] The name of your cluster. Must be 63 characters or less and must be empty or begin and end with an alphanumeric character ([a-z0-9A-Z]). It can contain dashes (-), underscores (_), dots (.), and alphanumerics in-between.
version - (Optional)[int] The version of the Data Platform.
maintenance_window - (Optional) Starting time of a weekly 4 hour-long window, during which maintenance might occur in hh:mm:ss format
time - (Required)[string] Time at which the maintenance should start. Must conform to the 'HH:MM:SS' 24-hour format. This pattern matches the "HH:MM:SS 24-hour format with leading 0" format. For more information take a look at this link.
day_of_the_week - (Required)[string] Must be set with one the values Monday, Tuesday, Wednesday, Thursday, Friday, Saturday or Sunday.
lans - (Optional)[list] A list of LANs you want this node pool to be part of.
lan_id - (Required)[string] The LAN ID of an existing LAN at the related data center.
dhcp - (Optional)[bool] Indicates if the Kubernetes node pool LAN will reserve an IP using DHCP. The default value is 'true'.
routes - (Optional)[list] An array of additional LANs attached to worker nodes.
gateway - (Required)[string] IPv4 or IPv6 gateway IP for the route.
network - (Required)[string] IPv4 or IPv6 CIDR to be routed via the interface.
Resource Dataplatform Cluster can be imported using the cluster_id, e.g.
Creates and manages DBaaS InMemoryDB Replica Set objects.
Manages a DBaaS InMemoryDB Replica Set Replica Set.
display_name - (Required)[string] The human-readable name of your replica set.
location - (Optional)[string] The location of your replica set. Updates to the value of the field force the replica set to be re-created. If this is not set and if no value is provided for the IONOS_API_URL env var, the default location will be: de/fra.
version - (Required)[string] The InMemoryDB version of your replica set.
replicas - (Required)[int] The total number of replicas in the replica set (one active and n-1 passive). In case of a standalone instance, the value is 1. In all other cases, the value is > 1. The replicas will not be available as read replicas, they are only standby for a failure of the active instance.
resources - (Required)[object] The resources of the individual replicas.
cores - (Required)[int] The number of CPU cores per instance.
ram - (Required)[int] The amount of memory per instance in gigabytes (GB).
storage - (Computed)[int] The size of the storage in GB. The size is derived from the amount of RAM and the persistence mode and is not configurable.
persistence_mode - (Required)[string] Specifies How and If data is persisted, possible values are:
None - Data is inMemory only and will not be persisted. Useful for cache only applications.
AOF - (Append Only File) AOF persistence logs every write operation received by the server. These operations can then be replayed again at server startup, reconstructing the original dataset. Commands are logged using the same format as the InMemoryDB protocol itself.
RDB - RDB persistence performs snapshots of the current in memory state.
RDB_AOF - Both RDB and AOF persistence are enabled.
eviction_policy - (Required)[string] The eviction policy for the replica set, possible values are:
noeviction - No eviction policy is used. InMemoryDB will never remove any data. If the memory limit is reached, an error will be returned on write operations.
allkeys-lru - The least recently used keys will be removed first.
allkeys-lfu - The least frequently used keys will be removed first.
allkeys-random - Random keys will be removed.
volatile-lru - The least recently used keys will be removed first, but only among keys with the expire field set to true.
volatile-lfu - The least frequently used keys will be removed first, but only among keys with the expire field set to true.
volatile-random - Random keys will be removed, but only among keys with the expire field set to true.
volatile-ttl - The key with the nearest time to live will be removed first, but only among keys with the expire field set to true.
connections - (Required)[object] The network connection for your replica set. Only one connection is allowed. Updates to the value of the fields force the replica set to be re-created.
datacenter_id - (Required)[string] The datacenter to connect your instance to.
lan_id - (Required)[string] The numeric LAN ID to connect your instance to.
cidr - (Required)[string] The IP and subnet for your instance. Note the following unavailable IP ranges: 10.233.64.0/18, 10.233.0.0/18, 10.233.114.0/24.
credentials - (Required)[object] Credentials for the InMemoryDB replicaset, only one type of password can be used since they are mutually exclusive. These values are used to create the initial InMemoryDB user, updating any of these will force recreation of the replica set resource.
username - (Required)[string] The username for the initial InMemoryDB user. Some system usernames are restricted (e.g. 'admin', 'standby').
plain_text_password - (Optional)[string] The password for a InMemoryDB user, this is a field that is marked as Sensitive.
hashed_password - (Optional)[object] The hashed password for a InMemoryDB user.
algorithm - (Required)[string] The value can be only: "SHA-256".
hash - (Required)[string] The hashed password.
maintenance_window - (Optional)(Computed) A weekly 4 hour-long window, during which maintenance might occur.
time - (Required)[string] Start of the maintenance window in UTC time.
day_of_the_week - (Required)[string] The name of the week day.
initial_snapshot_id - (Optional)[string] The ID of a snapshot to restore the replica set from. If set, the replica set will be created from the snapshot.
dns_name - (Computed)[string] The DNS name pointing to your replica set. Will be used to connect to the active/standalone instance.
⚠ NOTE:
IONOS_API_URL_INMEMORYDBcan be used to set a custom API URL for the resource.locationfield needs to be empty, otherwise it will override the custom API URL. SettingendpointorIONOS_API_URLdoes not have any effect.
Resource DBaaS InMemoryDB Replica Set can be imported using the replicaset_id and the location, separated by :, e.g:
Creates and manages DBaaS MariaDB Cluster objects.
Manages a DBaaS MariaDB Cluster.
mariadb_version - (Required)[string] The MariaDB version of your cluster. Cannot be downgraded.
instances - (Required)[int] The total number of instances in the cluster (one primary and n-1 secondary).
location- (Optional)[string] The location in which the cluster will be created. Different service endpoints are used based on location, possible options are: "de/fra", "de/txl", "es/vit", "fr/par", "gb/lhr", "us/ewr", "us/las", "us/mci". If not set, the endpoint will be the one corresponding to "de/txl".
cores - (Required)[int] The number of CPU cores per instance.
ram - (Required)[int] The amount of memory per instance in gigabytes (GB).
storage_size - (Required)[int] The amount of storage per instance in gigabytes (GB).
connections - (Required) The network connection for your cluster. Only one connection is allowed.
datacenter_id - (Required)[true] The datacenter to connect your cluster to.
lan_id - (Required)[true] The numeric LAN ID to connect your cluster to.
cidr - (Required)[true] The IP and subnet for the database. Note the following unavailable IP ranges: 10.233.64.0/18, 10.233.0.0/18, 10.233.114.0/24. Please enter in the correct format like IP/Subnet, exp: 192.168.10.0/24. See Private IPs and Configuring the network.
display_name - (Required)[string] The friendly name of your cluster.
maintenance_window - (Optional)(Computed) A weekly 4 hour-long window, during which maintenance might occur
time - (Required)[string] Start of the maintenance window in UTC time.
day_of_the_week - (Required)[string] The name of the week day.
credentials - (Required) Credentials for the database user to be created.
username - (Required)[string] The username for the initial MariaDB user. Some system usernames are restricted (e.g 'mariadb', 'admin', 'standby').
password - (Required)[string] The password for a MariaDB user.
dns_name - (Computed)[string] The DNS name pointing to your cluster.
⚠ WARNING:
IONOS_API_URL_MARIADBcan be used to set a custom API URL for the MariaDB Cluster.locationfield needs to be empty, otherwise it will override the custom API URL. SettingendpointorIONOS_API_URLdoes not have any effect.
Resource DBaaS MariaDB Cluster can be imported using the cluster_id and the location, separated by :, e.g.
Creates and manages Dataplatform Node Pool objects.
Manages a Dataplatform Node Pool
cluster_id - (Required)[string] The UUID of an existing Dataplatform cluster.
name - (Required)[string] The name of your node pool. Must be 63 characters or less and must be empty or begin and end with an alphanumeric character ([a-z0-9A-Z]). It can contain dashes (-), underscores (_), dots (.), and alphanumerics in-between.
node_count - (Required)[int] The number of nodes that make up the node pool. Must be set with a minimum value of 1.
cpu_family - (Optional)[string] A valid CPU family name or AUTO if the platform shall choose the best fitting option. Available CPU architectures can be retrieved from the datacenter resource. The default value is AUTO.
cores_count - (Optional)[int] The number of CPU cores per node. Must be set with a minimum value of 1. The default value is 4.
ram_size - (Optional)[int] The RAM size for one node in MB. Must be set in multiples of 1024MB, with a minimum size is of 2048MB. The default value is 4096.
availability_zone - (Optional)[string] The availability zone of the virtual datacenter region where the node pool resources should be provisioned. Must be set with one of the values AUTO, ZONE_1 or ZONE_2. The default value is AUTO.
storage_type - (Optional)[int] The type of hardware for the volume. Must be set with one of the values HDD or SSD. The default value is SSD.
storage_size - (Optional)[int] The size of the volume in GB. The size must be greater than 10GB. The default value is 20.
maintenance_window - (Optional) Starting time of a weekly 4 hour-long window, during which maintenance might occur in hh:mm:ss format
time - (Required)[string] Time at which the maintenance should start. Must conform to the 'HH:MM:SS' 24-hour format. This pattern matches the "HH:MM:SS 24-hour format with leading 0" format. For more information take a look at this link.
day_of_the_week - (Required)[string] Must be set with one the values Monday, Tuesday, Wednesday, Thursday, Friday, Saturday or Sunday.
labels - (Optional)[map] Key-value pairs attached to the node pool resource as Kubernetes labels.
annotations - (Optional)[map] Key-value pairs attached to node pool resource as Kubernetes annotations.
auto_scaling - (Optional)[string] Whether the Node Pool should autoscale. For more details, please check the API documentation
min_node_count - (Optional)[int] The minimum number of worker nodes the node pool can scale down to. Should be less than max_node_count
max_node_count - (Optional)[int] The maximum number of worker nodes that the node pool can scale to. Should be greater than min_node_count
A Dataplatform Node Pool resource can be imported using its cluster's UUID as well as its own UUID, e.g.:
Creates and manages DbaaS Postgres User objects.
Manages a DbaaS PgSql User.
Create a PgSQL cluster as presented in the documentation for the cluster, then define a user resource and link it with the previously created cluster:
cluster_id - (Required)[string] The unique ID of the cluster. Updates to the value of the field force the cluster to be re-created.
username - (Required)[string] Used for authentication. Updates to the value of the field force the cluster to be re-created.
password - (Required)[string] User password.
is_system_user - (Computed)[bool] Describes whether this user is a system user or not. A system user cannot be updated or deleted.
In order to import a PgSql user, you can define an empty user resource in the plan:
The resource can be imported using the clusterId and the username, for example:
Creates and manages DbaaS MongoDB users.
Manages a DbaaS Mongo User. .
cluster_id - (Required)[string] The unique ID of the cluster. Updates to the value of the field force the cluster to be re-created.
username - (Required)[string] Used for authentication. Updates to the value of the field force the cluster to be re-created.
database - (Required)[string] The user database to use for authentication. Updates to the value of the field force the cluster to be re-created.
password - (Required)[string] User password. Updates to the value of the field force the cluster to be re-created.
roles - (Required)[string] a list of mongodb user roles. Updates to the value of the field force the cluster to be re-created.
role - (Required)[true] Mongodb user role. Examples: read, readWrite, readAnyDatabase, readWriteAnyDatabase, dbAdmin, dbAdminAnyDatabase, clusterMonitor.
database - (Required)[true] Database on which to apply the role.
NOTE: MongoDb users do not support update at the moment. Changing any attribute will result in the user being re-created.
Resource DBaaS MongoDB User can be imported using the clusterID and the username. First, define an empty resource in the plan:
Then you can import the user using the following command:
Creates and manages DbaaS Postgres Database objects.
Manages a DbaaS PgSql Database.
Create a PgSQL cluster as presented in the documentation for the cluster, then define a database resource and link it with the previously created cluster:
cluster_id - (Required)[string] The unique ID of the cluster.
name - (Required)[string] The name of the database.
owner - (Required)[string] The owner of the database.
In order to import a PgSql database, you can define an empty database resource in the plan:
The resource can be imported using the clusterId and the name, for example:
Creates and manages DbaaS Postgres Cluster objects.
Manages a DbaaS PgSql Cluster.
postgres_version - (Required)[string] The PostgreSQL version of your cluster.
instances - (Required)[int] The total number of instances in the cluster (one master and n-1 standbys)
cores - (Required)[int] The number of CPU cores per replica.
ram - (Required)[int] The amount of memory per instance in megabytes. Has to be a multiple of 1024.
storage_size - (Required)[int] The amount of storage per instance in MB. Has to be a multiple of 2048.
storage_type - (Required)[string] SSD, SSD Standard, SSD Premium, or HDD. Value "SSD" is deprecated, use the equivalent "SSD Premium" instead. This attribute is immutable(disallowed in update requests).
connection_pooler - (Optional)[object]
enabled - (Required)[bool]
pool_mode - (Required)[string] Represents different modes of connection pooling for the connection pooler.
connections - (Required)[string] Details about the network connection for your cluster.
datacenter_id - (Required)[true] The datacenter to connect your cluster to.
lan_id - (Required)[true] The LAN to connect your cluster to.
cidr - (Required)[true] The IP and subnet for the database. Note the following unavailable IP ranges: 10.233.64.0/18, 10.233.0.0/18, 10.233.114.0/24. Please enter in the correct format like IP/Subnet, exp: 192.168.10.0/24. See Private IPs and Configuring the network.
location - (Required)[string] The physical location where the cluster will be created. This will be where all of your instances live. Property cannot be modified after datacenter creation. Possible values are: de/fra, de/txl, gb/lhr, es/vit, us/ewr, us/las. This attribute is immutable(disallowed in update requests).
backup_location - (Optional)(Computed)[string] The IONOS Object Storage location where the backups will be stored. Possible values are: de, eu-south-2, eu-central-2. This attribute is immutable (disallowed in update requests).
display_name - (Required)[string] The friendly name of your cluster.
maintenance_window - (Optional)(Computed) A weekly 4 hour-long window, during which maintenance might occur
time - (Required)[string]
day_of_the_week - (Required)[string]
credentials - (Required)[string] Credentials for the database user to be created. This attribute is immutable(disallowed in update requests).
username - (Required)[string] The username for the initial postgres user. Some system usernames are restricted (e.g. "postgres", "admin", "standby")
password - (Required)[string]
synchronization_mode - (Required) [string] Represents different modes of replication. Can have one of the following values: ASYNCHRONOUS, SYNCHRONOUS, STRICTLY_SYNCHRONOUS. This attribute is immutable(disallowed in update requests).
from_backup - (Optional)[string] The unique ID of the backup you want to restore. This attribute is immutable(disallowed in update requests).
backup_id - (Required)[string] The unique ID of the backup you want to restore.
recovery_target_time - (Optional)[string] If this value is supplied as ISO 8601 timestamp, the backup will be replayed up until the given timestamp. If empty, the backup will be applied completely.
dns_name - (Computed)[string] The DNS name pointing to your cluster.
allow_replace - (Optional)[bool] When set to true, allows the update of immutable fields by destroying and re-creating the cluster."
Warning: allow_replace - lets you update immutable fields, but it first destroys and then re-creates the cluster in order to do it. Set the field to true only if you know what you are doing.
Resource DbaaS Postgres Cluster can be imported using the cluster_id, e.g.
Creates and manages DNS Zone objects.
Manages a DNS Zone.
⚠️ Only tokens are accepted for authorization in the ionoscloud_dns_zone resource. Please ensure you are using tokens as other methods will not be valid.
name - (Required)[string] The name of the DNS Zone.
description - (Optional)[string] The description for the DNS Zone.
enabled - (Optional)[bool] Indicates if the DNS Zone is active or not. Default is true.
In order to import a DNS Zone, you can define an empty DNS Zone resource in the plan:
The resource can be imported using the zone_id, for example:
Creates and manages DNS Record objects.
⚠️ Only tokens are accepted for authorization in the ionoscloud_dns_record resource. Please ensure you are using tokens as other methods will not be valid.
name - (Required)[string] The name of the DNS Record.
content - (Required)[string] The content of the DNS Record.
ttl - (Optional)[int] Time to live for the DNS Record. Default is 3600.
priority - (Optional)[int] The priority for the DNS Record.
enabled - (Optional)[bool] Indicates if the DNS Record is active or not. Default is true.
zone_id - (Required)[string] The DNS Zone ID in which the DNS Record will be created.
In order to import a DNS Record, you can define an empty DNS Record resource in the plan:
The resource can be imported using the zone_id and the record_id, for example:
Manages a .
type - (Required)[string] The type of the DNS Record, can have one of these values: A, AAAA, CNAME, ALIAS, MX, NS, SRV, TXT, CAA, SSHFP, TLSA, SMIMEA, DS, HTTPS, SVCB, OPENPGPKEY, CERT, URI, RP, LOC. More details about types can be found .
Creates and manages IP Block objects.
Manages IP Blocks on IonosCloud. IP Blocks contain reserved public IP addresses that can be assigned servers or other resources.
name - (Optional)[string] The name of Ip Block
location - (Required)[string] The regional location for this IP Block: us/las, us/ewr, de/fra, de/fkb.
size - (Required)[integer] The number of IP addresses to reserve for this block.
ips - (Computed)[integer] The list of IP addresses associated with this block.
ip_consumers (Computed) Read-Only attribute. Lists consumption detail of an individual ip
ip
mac
nic_uuid
server_id
server_name
datacenter_id
datacenter_name
k8s_nodepool_uuid
k8s_cluster_uuid
Resource Ipblock can be imported using the resource id, e.g.
Creates and manages Firewall Rules.
Manages a set of Firewall Rules on IonosCloud.
datacenter_id - (Required)[string] The Virtual Data Center ID.
server_id - (Required)[string] The Server ID.
nic_id - (Required)[string] The NIC ID.
protocol - (Required)[string] The protocol for the rule: TCP, UDP, ICMP, ANY. Property cannot be modified after creation (disallowed in update requests).
name - (Optional)[string] The name of the firewall rule.
source_mac - (Optional)[string] Only traffic originating from the respective MAC address is allowed. Valid format: aa:bb:cc:dd:ee:ff. Value null allows all source MAC address. Valid format: aa:bb:cc:dd:ee:ff.
source_ip - (Optional)[string] Only traffic originating from the respective IPv4 address is allowed. Value null allows all source IPs.
target_ip - (Optional)[string] In case the target NIC has multiple IP addresses, only traffic directed to the respective IP address of the NIC is allowed. Value null allows all target IPs.
port_range_start - (Optional)[int] Defines the start range of the allowed port (from 1 to 65534) if protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.
port_range_end - (Optional)[int] Defines the end range of the allowed port (from 1 to 65534) if the protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.
icmp_type - (Optional)[string] Defines the allowed code (from 0 to 254) if protocol ICMP is chosen. Value null allows all codes.
icmp_code - (Optional)[int] Defines the allowed code (from 0 to 254) if protocol ICMP is chosen.
type - (Optional)[string] The type of firewall rule. If is not specified, it will take the default value INGRESS.
Resource Firewall can be imported using the resource id, e.g.
Creates and manages group objects.
Manages Groups and Group Privileges on IonosCloud.
name - (Required) [string] A name for the group.
create_datacenter - (Optional) [Boolean] The group will be allowed to create virtual data centers.
create_snapshot - (Optional) [Boolean] The group will be allowed to create snapshots.
reserve_ip - (Optional) [Boolean] The group will be allowed to reserve IP addresses.
access_activity_log - (Optional) [Boolean] The group will be allowed to access the activity log.
create_pcc - (Optional) [Boolean] The group will be allowed to create Cross Connects privilege.
s3_privilege - (Optional) [Boolean] The group will have S3 privilege.
create_backup_unit - (Optional) [Boolean] The group will be allowed to create backup unit privilege.
create_internet_access - (Optional) [Boolean] The group will be allowed to create internet access privilege.
create_k8s_cluster - (Optional) [Boolean] The group will be allowed to create kubernetes cluster privilege.
create_flow_log - (Optional) [Boolean] The group will be allowed to create flow log.
access_and_manage_monitoring - (Optional) [Boolean] The group will be allowed to access and manage monitoring.
access_and_manage_certificates - (Optional) [Boolean] The group will be allowed to access and manage certificates.
access_and_manage_dns - (Optional) [Boolean] The group will be allowed to access and manage dns records.
manage_registry - (Optional) [Boolean] The group will be allowed to access container registry related functionality.
manage_dataplatform - (Optional) [Boolean] The group will be allowed to access and manage the Data Platform.
access_and_manage_logging - (Optional) [Boolean] The group will be allowed to access and manage logging.
access_and_manage_cdn - (Optional) [Boolean] The group will be allowed to access and manage cdn.
access_and_manage_vpn - (Optional) [Boolean] The group will be allowed to access and manage vpn.
access_and_manage_api_gateway - (Optional) [Boolean] The group will be allowed to access and manage api gateway.
access_and_manage_kaas - (Optional) [Boolean] The group will be allowed to access and manage kaas.
access_and_manage_network_file_storage - (Optional) [Boolean] The group will be allowed to access and manage network file storage.
access_and_manage_ai_model_hub - (Optional) [Boolean] The group will be allowed to access and manage ai model hub.
access_and_manage_iam_resources - (Optional) [Boolean] The group will be allowed to access and manage iam resources.
create_network_security_groups - (Optional) [Boolean] The group will be allowed to create network security groups.
manage_dbaas - (Optional) [Boolean] Privilege for a group to manage DBaaS related functionality.
user_ids - (Optional) [list] A list of users to add to the group.
user_id - (Optional) [string] The ID of the specific user to add to the group. Please use user_ids argument since this is DEPRECATED
users - (Computed) List of users - See the User section
NOTE: user_id/user_ids field cannot be used at the same time with group_ids field in user resource. Trying to add the same user to the same group in both ways in the same plan will result in a cyclic dependency error.
Resource Group can be imported using the resource id, e.g.
If you are upgrading to v6.2.0: You have to modify you plan for user_ids to match the new structure, by renaming the field old field, user_id, to user_ids and put the old value into an array. This is not backwards compatible.
Creates and manages IonosCloud Kubernetes Clusters.
Manages a Managed Kubernetes Cluster on IonosCloud.
The following arguments are supported:
name - (Required)[string] The name of the Kubernetes Cluster.
k8s_version - (Optional)[string] The desired Kubernetes Version. For supported values, please check the API documentation. Downgrades are not supported. The provider will ignore downgrades of patch level.
maintenance_window - (Optional) A maintenance window comprise of a day of the week and a time for maintenance to be allowed
time - (Required)[string] A clock time in the day when maintenance is allowed
day_of_the_week - (Required)[string] Day of the week when maintenance is allowed
viable_node_pool_versions - (Computed)[list] List of versions that may be used for node pools under this cluster
api_subnet_allow_list - (Optional)[list] Access to the K8s API server is restricted to these CIDRs. Cluster-internal traffic is not affected by this restriction. If no allowlist is specified, access is not restricted. If an IP without subnet mask is provided, the default value will be used: 32 for IPv4 and 128 for IPv6.
s3_buckets - (Optional)[list] List of IONOS Object Storage buckets configured for K8s usage. For now it contains only an IONOS Object Storage bucket used to store K8s API audit logs.
public - (Optional)[boolean] Indicates if the cluster is public or private. This attribute is immutable.
nat_gateway_ip - (Optional)[string] The NAT gateway IP of the cluster if the cluster is private. This attribute is immutable. Must be a reserved IP in the same location as the cluster's location. This attribute is mandatory if the cluster is private.
node_subnet - (Optional)[string] The node subnet of the cluster, if the cluster is private. This attribute is optional and immutable. Must be a valid CIDR notation for an IPv4 network prefix of 16 bits length.
location - (Optional)[string] This attribute is mandatory if the cluster is private. The location must be enabled for your contract, or you must have a data center at that location. This property is not adjustable.
allow_replace - (Optional)[bool] When set to true, allows the update of immutable fields by first destroying and then re-creating the cluster.
⚠️ Warning: allow_replace - lets you update immutable fields, but it first destroys and then re-creates the cluster in order to do it. Set the field to true only if you know what you are doing.
A Kubernetes Cluster resource can be imported using its resource id, e.g.
This can be helpful when you want to import kubernetes clusters which you have already created manually or using other means, outside of terraform.
⚠️ Warning: **During a maintenance window, k8s can update your k8s_version if the old one reaches end of life. This upgrade will not be shown in the plan, as we prevent terraform from doing a downgrade, as downgrading k8s_version is not supported.
Creates and manages ipfailover objects.
Manages IP Failover groups on IonosCloud.
datacenter_id - (Required)[string] The ID of a Virtual Data Center.
ip - (Required)[string] The reserved IP address to be used in the IP failover group.
lan_id - (Required)[string] The ID of a LAN.
nicuuid - (Required)[string] The ID of a NIC.
⚠ WARNING: Do not modify the IP for an IP failover group (that was provisioned via Terraform) using the DCD, the API or other means because it may lead to unexpected behavior. If you provisioned an IP failover group using Terraform, please use only Terraform in order to manage the created IP failover group.
⚠ WARNING: For creating multiple IP failover groups at the same time, you can use one of the following options:
Create multiple IP failover groups resources and use depends_on meta-argument to specify the order of creation, for example:
Define the resources as presented above, but without using the depends_on meta-argument and run the apply command using -parallelism=1 as presented below:
Resource IpFailover can be imported using the resource id, e.g.
If you want to add a secondary NIC to an IP Failover, follow these steps:
Creating NIC A with failover IP on LAN 1
Create NIC B unde the same LAN but with a different IP
Create the IP Failover on LAN 1 with NIC A and failover IP of NIC A (A becomes now "master", no slaves)
Update NIC B IP to be the failover IP ( B becomes now a slave, A remains master)
After this you can create a new NIC C, NIC D and so on, in LAN 1, directly with the failover IP.
Please check examples for a full example with the above steps.
Creates and manages IonosCloud Kubernetes Node Pools.
Manages a Managed Kubernetes Node Pool, part of a managed Kubernetes cluster on IonosCloud.
Note: Set create_before_destroy on the lan resource if you want to remove it from the nodepool during an update. This is to ensure that the nodepool is updated before the lan is destroyed.
The following arguments are supported:
name - (Required)[string] The name of the Kubernetes Cluster. This attribute is immutable.
k8s_version - (Optional)[string] The desired Kubernetes Version. For supported values, please check the API documentation. Downgrades are not supported. The provider will ignore downgrades of patch level.
auto_scaling - (Optional)[string] Whether the Node Pool should autoscale. For more details, please check the API documentation
min_node_count - (Optional)[int] The minimum number of worker nodes the node pool can scale down to. Should be less than max_node_count
max_node_count - (Optional)[int] The maximum number of worker nodes that the node pool can scale to. Should be greater than min_node_count
lans - (Optional)[list] A list of numeric LAN id's you want this node pool to be part of. For more details, please check the API documentation, as well as the example above
id - (Required)[int] The LAN ID of an existing LAN at the related datacenter
dhcp - (Optional)[boolean] Indicates if the Kubernetes Node Pool LAN will reserve an IP using DHCP. Default value is true
routes - (Optional) An array of additional LANs attached to worker nodes
network - (Required)[string] IPv4 or IPv6 CIDR to be routed via the interface
gateway_ip - (Required)[string] IPv4 or IPv6 Gateway IP for the route
maintenance_window - (Optional) See the maintenance_window section in the example above
time - (Required)[string] A clock time in the day when maintenance is allowed
day_of_the_week - (Required)[string] Day of the week when maintenance is allowed
datacenter_id - (Required)[string] A Datacenter's UUID
k8s_cluster_id- (Required)[string] A k8s cluster's UUID
cpu_family - (Required)[string] The desired CPU Family - See the API documentation for more information. This attribute is immutable.
availability_zone - (Required)[string] - The desired Compute availability zone - See the API documentation for more information. This attribute is immutable.
storage_type -(Required)[string] - The desired storage type - SSD/HDD. This attribute is immutable.
node_count -(Required)[int] - The desired number of nodes in the node pool
cores_count -(Required)[int] - The CPU cores count for each node of the node pool. This attribute is immutable.
ram_size -(Required)[int] - The desired amount of RAM, in MB. This attribute is immutable.
storage_size -(Required)[int] - The size of the volume in GB. The size should be greater than 10GB. This attribute is immutable.
public_ips - (Optional)[list] A list of public IPs associated with the node pool; must have at least node_count + 1 elements
labels - (Optional)[map] A key/value map of labels
annotations - (Optional)[map] A key/value map of annotations
allow_replace - (Optional)[bool] When set to true, allows the update of immutable fields by first destroying and then re-creating the node pool.
⚠️ Warning: allow_replace - lets you update immutable fields, but it first destroys and then re-creates the node pool in order to do it. Set the field to true only if you know what you are doing. This will cause a downtime for all pods on that nodepool. Consider adding multiple nodepools and update one after the other for downtime free nodepool upgrade.
Immutable fields list: name, cpu_family, availability_zone, cores_count, ram_size, storage_size, storage_type.
⚠️ Note:
Be careful when using auto_scaling since the number of nodes can change. Because of that, when running terraform plan, Terraform will think that an update is required (since node_count from the tf plan will be different from the number of nodes set by the scheduler). To avoid that, you can use:
This will also ignore the manual changes for node_count made in the tf plan. You can read more details about the ignore_changes attribute here.
A Kubernetes Node Pool resource can be imported using its Kubernetes cluster's uuid as well as its own UUID, both of which you can retrieve from the cloud API: resource id, e.g.:
This can be helpful when you want to import kubernetes node pools which you have already created manually or using other means, outside of terraform, towards the goal of managing them via Terraform
⚠️ Warning: **During a maintenance window, k8s can update your k8s_version if the old one reaches end of life. This upgrade will not be shown in the plan, as we prevent terraform from doing a downgrade, as downgrading k8s_version is not supported.
⚠️ Warning: If you are upgrading from v5.x.x to v6.x.x: You have to modify you plan for lans to match the new structure, by putting the ids from the old slice in lans.id fields. This is not backwards compatible.
Creates and manages LAN objects.
Manages a LAN on IonosCloud.
datacenter_id - (Required)[string] The ID of a Virtual Data Center.
name - (Optional)[string] The name of the LAN.
public - (Optional)[Boolean] Indicates if the LAN faces the public Internet (true) or not (false).
pcc - (Optional)[String] The unique id of a ionoscloud_private_crossconnect resource, in order. It needs to be ensured that IP addresses of the NICs of all LANs connected to a given Cross Connect is not duplicated and belongs to the same subnet range
ipv4_cidr_block - (Computed)[String] For public LANs this property is null, for private LANs it contains the private IPv4 CIDR range. This property is a read only property.
ipv6_cidr_block - (Computed, Optional) Contains the LAN's /64 IPv6 CIDR block if this LAN is IPv6 enabled. 'AUTO' will result in enabling this LAN for IPv6 and automatically assign a /64 IPv6 CIDR block to this LAN. If you specify your own IPv6 CIDR block then you must provide a unique /64 block, which is inside the IPv6 CIDR block of the virtual datacenter and unique inside all LANs from this virtual datacenter.
ip_failover - (Computed) IP failover configurations for lan
ip
nic_uuid
Resource Lan can be imported using the resource id, e.g.
Please note that only LANs datacenters found in the same physical location can be connected through a Cross-connect
A LAN cannot be a part of two Cross-connects
Creates and manages IonosCloud Kafka Cluster objects.
Manages a Kafka Cluster on IonosCloud.
This resource will create an operational Kafka Cluster. After this section completes, the provisioner can be called.
id - (Computed)[string] The UUID of the Kafka Cluster.
name - (Required)[string] Name of the Kafka Cluster.
location - (Optional)[string] The location of the Kafka Cluster. Possible values: de/fra, de/txl. If this is not set and if no value is provided for the IONOS_API_URL env var, the default location will be: de/fra.
version - (Required)[string] Version of the Kafka Cluster. Possible values: 3.7.0
size - (Required)[string] Size of the Kafka Cluster. Possible values: XS, S
connections - (Required) Connection information of the Kafka Cluster. Minimum items: 1, maximum items: 1.
datacenter_id - (Required)[string] The datacenter to connect your instance to.
lan_id - (Required)[string] The numeric LAN ID to connect your instance to.
broker_addresses - (Required)[list] IP addresses and subnet of cluster brokers. Note the following unavailable IP range: 10.224.0.0/11
broker_addresses - (Computed)[list] IP address and port of cluster brokers.
⚠ NOTE:
IONOS_API_URL_KAFKAcan be used to set a custom API URL for the kafka resource.locationfield needs to be empty, otherwise it will override the custom API URL. SettingendpointorIONOS_API_URLdoes not have any effect.
Kafka Cluster can be imported using the location and kafka cluster id:
Creates and manages IonosCloud Kafka Cluster Topic objects.
Manages a Kafka Cluster Topic on IonosCloud.
This resource will create an operational Kafka Cluster Topic. After this section completes, the provisioner can be called.
id - (Computed)[string] The UUID of the Kafka Cluster Topic.
name - (Required)[string] Name of the Kafka Cluster.
location - (Optional)[string] The location of the Kafka Cluster Topic. Possible values: de/fra, de/txl. If this is not set and if no value is provided for the IONOS_API_URL env var, the default location will be: de/fra.
cluster_id - (Required)[string] ID of the Kafka Cluster that the topic belongs to.
replication_factor - (Optional)[int] The number of replicas of the topic. The replication factor determines how many copies of the topic are stored on different brokers. The replication factor must be less than or equal to the number of brokers in the Kafka Cluster. Minimum value: 1. Default value: 3.
number_of_partitions - (Optional)[int] The number of partitions of the topic. Partitions allow for parallel processing of messages. The partition count must be greater than or equal to the replication factor. Minimum value: 1. Default value: 3.
retention_time - (Optional)[int] This configuration controls the maximum time we will retain a log before we will discard old log segments to free up space. This represents an SLA on how soon consumers must read their data. If set to -1, no time limit is applied. Default value: 604800000.
segment_bytes - (Optional)[int] This configuration controls the segment file size for the log. Retention and cleaning is always done a file at a time so a larger segment size means fewer files but less granular control over retention. Default value: 1073741824.
Kafka Cluster Topic can be imported using the location, kafka cluster id and the kafka cluster topic id:
Creates and manages Monitoring pipeline objects.
Manages a Monitoring pipeline.
⚠️ Only tokens are accepted for authorization in the monitoring_pipeline resource. Please ensure you are using tokens as other methods will not be valid.
NOTE: The default timeout for all operations is 60 minutes. If you want to change the default value, you can use timeouts attribute inside the resource:
name - (Required)[string] The name of the Monitoring pipeline.
location - (Optional)[string] The location of the Monitoring pipeline. Default is de/fra. It can be one of de/fra, de/txl, gb/lhr, es/vit, fr/par. If this is not set and if no value is provided for the IONOS_API_URL_MONITORING env var, the default location will be: de/fra.
grafana_endpoint - (Computed)[string] The endpoint of the Grafana instance.
http_endpoint - (Computed)[string] The HTTP endpoint of the monitoring instance.
key - (Computed)(Sensitive)[string] The key used to connect to the monitoring pipeline.
⚠ NOTE:
IONOS_API_URL_MONITORINGcan be used to set a custom API URL for the resource.locationfield needs to be empty, otherwise it will override the custom API URL.
In order to import a Monitoring pipeline, you can define an empty Monitoring pipeline resource in the plan:
The resource can be imported using the location and pipeline_id, for example:
Creates and manages Load Balancers
Manages a Load Balancer on IonosCloud.
name - (Required)[string] The name of the load balancer.
datacenter_id - (Required)[string] The ID of a Virtual Data Center.
nic_ids - (Required)[list] A list of NIC IDs that are part of the load balancer.
dhcp - (Optional)[Boolean] Indicates if the load balancer will reserve an IP using DHCP.
ip - (Optional)[string] IPv4 address of the load balancer.
Resource Load Balancer can be imported using the resource id, e.g.
When declaring NIC resources to be used with the load balancer, please make sure you use the "lifecycle meta-argument" to make sure changes to the lan attribute of the nic are ignored.
Please see the Nic resource's documentation for an example on how to do that.
Creates and manages Nat Gateway objects.
name - (Required)[string] Name of the NAT gateway.
public_ips - (Required)[list]Collection of public IP addresses of the NAT gateway. Should be customer reserved IP addresses in that location.
lans - (Required)[list] A list of Local Area Networks the node pool should be part of.
id - (Required)[int] Id for the LAN connected to the NAT gateway.
gateway_ips - (Optional)[list] Collection of gateway IP addresses of the NAT gateway. Will be auto-generated if not provided. Should ideally be an IP belonging to the same subnet as the LAN.
datacenter_id - (Required)[string] A Datacenter's UUID.
A Nat Gateway resource can be imported using its resource id and the datacenter id, e.g.
Manages a on IonosCloud.
Creates and manages Logging pipeline objects.
Manages a Logging pipeline.
⚠️ Only tokens are accepted for authorization in the logging_pipeline resource. Please ensure you are using tokens as other methods will not be valid.
For re-usability, an array of logs can be defined in a tfvars file or inside the terraform plan, and used as presented below:
The content inside vars.tfvars file:
The content inside the tf plan:
The configuration can then be applied using the following commands:
location - (Optional)[string] The location of the Logging pipeline. Default: de/txl One of de/fra, de/txl, gb/lhr, es/vit, fr/par. If this is not set and if no value is provided for the IONOS_API_URL env var, the default location will be: de/fra.
name - (Required)[string] The name of the Logging pipeline.
grafana_address - (Computed)[string] The address of the client's grafana instance.
log - (Required)[list] Pipeline logs, a list that contains elements with the following structure:
source - (Required)[string] The source parser to be used.
tag - (Required)[string] The tag is used to distinguish different pipelines. Must be unique amongst the pipeline's array items.
protocol - (Required)[string] "Protocol to use as intake. Possible values are: http, tcp."
public - (Computed)[bool]
destinations - (Optional)[list] The configuration of the logs datastore, a list that contains elements with the following structure:
type - (Optional)[string] The internal output stream to send logs to.
retention_in_days - (Optional)[int] Defines the number of days a log record should be kept in loki. Works with loki destination type only. Can be one of: 7, 14, 30.
In order to import a Logging pipeline, you can define an empty Logging pipeline resource in the plan:
The resource can be imported using the location and pipeline_id, for example:
Creates and manages Network Load Balancer objects.
Manages a Network Load Balancer on IonosCloud.
This will configure flowlog for ALL(rejected and accepted) ingress traffic and will log it into an existing ionos bucket named flowlog-bucket. Any s3 compatible client can be used to create it. Adding a flowlog does not force re-creation or the nic, but changing any other field than name will. Deleting a flowlog will also force nic re-creation.
name - (Required)[string] A name of that Network Load Balancer.
listener_lan - (Required)[int] Id of the listening LAN. (inbound)
ips - (Optional)[list] Collection of IP addresses of the Network Load Balancer. (inbound and outbound) IP of the listenerLan must be a customer reserved IP for the public load balancer and private IP for the private load balancer.
target_lan - (Required)[int] Id of the balanced private target LAN. (outbound)
lb_private_ips - (Optional)[list] Collection of private IP addresses with subnet mask of the Network Load Balancer. IPs must contain valid subnet mask. If user will not provide any IP then the system will generate one IP with /24 subnet.
central_logging - (Optional)[bool] Turn logging on and off for this product. Default value is 'false'.
logging_lormat - (Optional)[string] Specifies the format of the logs.
datacenter_id - (Required)[string] A Datacenter's UUID.
flowlog - (Optional)[list] Only 1 flow log can be configured. Only the name field can change as part of an update. Flow logs holistically capture network information such as source and destination IP addresses, source and destination ports, number of packets, amount of bytes, the start and end time of the recording, and the type of protocol – and log the extent to which your instances are being accessed.
action - (Required)[string] Specifies the action to be taken when the rule is matched. Possible values: ACCEPTED, REJECTED, ALL. Immutable, forces re-creation.
bucket - (Required)[string] Specifies the IONOS Object Storage bucket where the flow log data will be stored. The bucket must exist. Immutable, forces re-creation.
direction - (Required)[string] Specifies the traffic direction pattern. Valid values: INGRESS, EGRESS, BIDIRECTIONAL. Immutable, forces re-creation.
name - (Required)[string] Specifies the name of the flow log.
⚠️ Note:: Removing the flowlog forces re-creation of the network load balancer resource.
A Network Load Balancer resource can be imported using its resource id and the datacenter id e.g.
Creates and manages Nat Gateway Rule objects.
Manages a Nat Gateway Rule on IonosCloud.
name - (Required)[string] Name of the NAT gateway rule.
type - (Optional)[string] Type of the NAT gateway rule.
protocol - (Optional)[string] Protocol of the NAT gateway rule. Defaults to ALL. If protocol is 'ICMP' then targetPortRange start and end cannot be set.
source_subnet - (Required)[string] Source subnet of the NAT gateway rule. For SNAT rules it specifies which packets this translation rule applies to based on the packets source IP address.
public_ip - (Required)[string] Public IP address of the NAT gateway rule. Specifies the address used for masking outgoing packets source address field. Should be one of the customer reserved IP address already configured on the NAT gateway resource.
target_subnet - (Optional)[string] Target or destination subnet of the NAT gateway rule. For SNAT rules it specifies which packets this translation rule applies to based on the packets destination IP address. If none is provided, rule will match any address.
target_port_range - (Optional) Target port range of the NAT gateway rule. For SNAT rules it specifies which packets this translation rule applies to based on destination port. If none is provided, rule will match any port.
start - (Optional)[int] Target port range start associated with the NAT gateway rule.
end - (Optional)[int] Target port range end associated with the NAT gateway rule.
datacenter_id - (Required)[string] A Datacenter's UUID.
natgateway_id - (Required)[string] Nat Gateway's UUID.
A Nat Gateway Rule resource can be imported using its resource id, the datacenter id and the `natgateway id , e.g.
Creates and manages IonosCloud Network Security Group.
The following arguments are supported:
datacenter_id - (Required)[string] The ID of a Virtual Data Center.
name - (Optional)[string] The name of the Network Security Group.
description - (Optional)[string] Description for the Network Security Group.
rule_ids - (Computed) List of Firewall Rules that are part of the Network Security Group
Resource Server can be imported using the resource id and the datacenter id, e.g.
Or by using an import block. Here is an example that allows you to import the default created nsg into terraform.
Creates and manages Network File Storage (NFS) Cluster objects
The following arguments are supported:
name - (Required) The name of the Network File Storage cluster.
location - (Optional) The location where the Network File Storage cluster is located. If this is not set and if no value is provided for the IONOS_API_URL env var, the default location will be: de/fra.
de/fra - Frankfurt
de/txl - Berlin
size - (Required) The size of the Network File Storage cluster in TiB. Note that the cluster size cannot be reduced after provisioning. This value determines the billing fees. Default is 2. The minimum value is 2 and the maximum value is 42.
nfs - (Optional) The NFS configuration for the Network File Storage cluster. Each NFS configuration supports the following:
min_version - (Optional) The minimum supported version of the NFS cluster. Supported values: 4.2. Default is 4.2.
connections - (Required) A list of connections for the Network File Storage cluster. You can specify only one connection. Connections are immutable. Each connection supports the following:
datacenter_id - (Required) The ID of the datacenter where the Network File Storage cluster is located.
ip_address - (Required) The IP address and prefix of the Network File Storage cluster. The IP address can be either IPv4 or IPv6. The IP address has to be given with CIDR notation.
lan - (Required) The Private LAN to which the Network File Storage cluster must be connected.
⚠ NOTE:
IONOS_API_URL_NFScan be used to set a custom API URL for the resource.locationfield needs to be empty, otherwise it will override the custom API URL. SettingendpointorIONOS_API_URLdoes not have any effect.
A Network File Storage Cluster resource can be imported using its location and resource id:
Creates and manages Network File Storage (NFS) Share objects on IonosCloud.
Creates and manages Network File Storage (NFS) Share objects on IonosCloud.
The following arguments are supported:
location - (Optional) The location of the Network File Storage Cluster. If this is not set and if no value is provided for the IONOS_API_URL env var, the default location will be: de/fra.
cluster_id - (Required) The ID of the Network File Storage Cluster.
name - (Required) The directory being exported.
quota - (Optional) The quota in MiB for the export. The quota can restrict the amount of data that can be stored within the export. The quota can be disabled using 0. Default is 0.
gid - (Optional) The group ID that will own the exported directory. If not set, anonymous (512) will be used.
uid - (Optional) The user ID that will own the exported directory. If not set, anonymous (512) will be used.
client_groups - (Required) The groups of clients are the systems connecting to the Network File Storage cluster. Each group includes:
description - (Optional) Optional description for the clients groups.
ip_networks - (Required) The allowed host or network to which the export is being shared. The IP address can be either IPv4 or IPv6 and has to be given with CIDR notation.
hosts - (Required) A singular host allowed to connect to the share. The host can be specified as IP address and can be either IPv4 or IPv6.
nfs - (Required) NFS specific configurations. Each configuration includes:
squash - (Required) The squash mode for the export. The squash mode can be:
none - No squash mode. no mapping,
root-anonymous - Map root user to anonymous uid,
all-anonymous - Map all users to anonymous uid.
A Network File Storage Share resource can be imported using its location, cluster_id and resource id:
Creates and manages Network Load Balancer Forwarding Rule objects.
Manages a Network Load Balancer Forwarding Rule on IonosCloud.
name - (Required)[string] A name of that Network Load Balancer forwarding rule.
algorithm - (Required)[string] Algorithm for the balancing.
protocol - (Required)[string] Protocol of the balancing.
listener_ip - (Required)[string] Listening IP. (inbound)
listener_port - (Required)[int] Listening port number. (inbound) (range: 1 to 65535)
health_check - (Optional) Health check attributes for Network Load Balancer forwarding rule.
client_timeout - (Optional)[int] ClientTimeout is expressed in milliseconds. This inactivity timeout applies when the client is expected to acknowledge or send data. If unset the default of 50 seconds will be used.
connect_timeout - (Optional)[int] It specifies the maximum time (in milliseconds) to wait for a connection attempt to a target VM to succeed. If unset, the default of 5 seconds will be used.
target_timeout - (Optional)[int] TargetTimeout specifies the maximum inactivity time (in milliseconds) on the target VM side. If unset, the default of 50 seconds will be used.
retries - (Optional)[int] Retries specifies the number of retries to perform on a target VM after a connection failure. If unset, the default value of 3 will be used.
targets - (Required)[Set] Array of items in that collection.
ip - (Required)[string] IP of a balanced target VM.
port - (Required)[int] Port of the balanced target service. (range: 1 to 65535).
weight - (Required)[int] Weight parameter is used to adjust the target VM's weight relative to other target VMs.
proxy_protocol - (Optional)[string] The proxy protocol version. Accepted values are none, v1, v2, v2ssl. If unspecified, the default value of none is used.
health_check - (Optional) Health check attributes for Network Load Balancer forwarding rule target.
check - (Optional)[boolean] Check specifies whether the target VM's health is checked.
check_interval - (Optional)[int] CheckInterval determines the duration (in milliseconds) between consecutive health checks. If unspecified a default of 2000 ms is used.
maintenance - (Optional)[boolean] Maintenance specifies if a target VM should be marked as down, even if it is not.
datacenter_id - (Required)[string] A Datacenter's UUID.
natgateway_id - (Required)[string] Network Load Balancer's UUID.
A Network Load Balancer Forwarding Rule resource can be imported using its resource id, the datacenter id and the networkloadbalancer id e.g.
Creates and manages Network Interface objects.
This will configure flowlog for accepted ingress traffic and will log it into an existing IONOS Object Storage bucket named flowlog-bucket. Any s3 compatible client can be used to create it. Adding a flowlog does not force re-creation of the NIC, but changing any other field than name will. Deleting a flowlog will also force NIC re-creation.
datacenter_id - (Required)[string] The ID of a Virtual Data Center.
server_id - (Required)[string] The ID of a server.
lan - (Required)[integer] The LAN ID the NIC will sit on.
name - (Optional)[string] The name of the LAN.
dhcp - (Optional)[Boolean] Indicates if the NIC should get an IP address using DHCP (true) or not (false).
dhcpv6 - (Optional)[Boolean] Indicates if the NIC should get an IPv6 address using DHCP (true) or not (false).
ipv6_cidr_block - (Computed, Optional) Automatically assigned /80 IPv6 CIDR block if the NIC is connected to an IPv6 enabled LAN. You can also specify an /80 IPv6 CIDR block for the NIC on your own, which must be inside the /64 IPv6 CIDR block of the LAN and unique.
ips - (Optional)[list] Collection of IP addresses assigned to a NIC. Explicitly assigned public IPs need to come from reserved IP blocks, Passing value null or empty array will assign an IP address automatically.
ipv6_ips - (Optional)[list] Collection of IPv6 addresses assigned to a NIC. Explicitly assigned public IPs need to come from the NIC's Ipv6 CIDR block, Passing value null or empty array will assign an IPv6 address automatically from the NIC's CIDR block.
firewall_active - (Optional)[Boolean] If this resource is set to true and is nested under a server resource firewall, with open SSH port, resource must be nested under the NIC.
firewall_type - (Optional) [String] The type of firewall rules that will be allowed on the NIC. If it is not specified it will take the default value INGRESS
id - (Computed) The ID of the NIC.
mac - (Optional) The MAC address of the NIC. Can be set on creation only. If not set, one will be assigned automatically by the API. Immutable, update forces re-creation.
device_number- (Computed) The Logical Unit Number (LUN) of the storage volume. Null if this NIC was created from CloudAPI and no DCD changes were done on the Datacenter.
pci_slot- (Computed) The PCI slot number of the Nic.
flowlog - (Optional) Only 1 flow log can be configured. Only the name field can change as part of an update. Flow logs holistically capture network information such as source and destination IP addresses, source and destination ports, number of packets, amount of bytes, the start and end time of the recording, and the type of protocol – and log the extent to which your instances are being accessed.
action - (Required) Specifies the action to be taken when the rule is matched. Possible values: ACCEPTED, REJECTED, ALL. Immutable, update forces re-creation.
bucket - (Required) Specifies the IONOS Object Storage bucket where the flow log data will be stored. The bucket must exist. Immutable, update forces re-creation.
direction - (Required) Specifies the traffic direction pattern. Valid values: INGRESS, EGRESS, BIDIRECTIONAL. Immutable, update forces re-creation.
name - (Required) Specifies the name of the flow log.
security_groups_ids - (Optional) The list of Security Group IDs for the resource.
⚠️ Note:: Removing the flowlog forces re-creation of the NIC resource.
Resource Nic can be imported using the resource id, e.g.
Please be aware that when using a NIC in a load balancer, the load balancer will change the NIC's ID behind the scenes, therefore the plan will always report this change trying to revert the state to the one specified by your terraform file. In order to prevent this, use the "lifecycle meta-argument" when declaring your NIC, in order to ignore changes to the lan attribute:
Here's an example:
Manages a on IonosCloud.
Create clusters of on IonosCloud.
Manages a on IonosCloud.
Creates and manages IonosCloud Network Security Group Firewall Rule.
Manages a Network Security Group Rule on IonosCloud.
The following arguments are supported:
nsg_id - (Required)[string] The ID of a Network Security Group.
datacenter_id - (Required)[string] The ID of a Virtual Data Center.
name - (Optional)[string] The name of the Network Security Group.
protocol - (Required)[string] The protocol for the rule: TCP, UDP, ICMP, ANY. Property cannot be modified after creation (disallowed in update requests).
name - (Optional)[string] The name of the firewall rule.
source_mac - (Optional)[string] Only traffic originating from the respective MAC address is allowed. Valid format: aa:bb:cc:dd:ee:ff. Value null allows all source MAC address. Valid format: aa:bb:cc:dd:ee:ff.
source_ip - (Optional)(computed)[string] Only traffic originating from the respective IPv4 address is allowed. Value null allows all source IPs.
target_ip - (Optional)(Computed)[string] In case the target NIC has multiple IP addresses, only traffic directed to the respective IP address of the NIC is allowed. Value null allows all target IPs.
port_range_start - (Optional)[int] Defines the start range of the allowed port (from 1 to 65534) if protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.
port_range_end - (Optional)[int] Defines the end range of the allowed port (from 1 to 65534) if the protocol TCP or UDP is chosen. Leave portRangeStart and portRangeEnd null to allow all ports.
icmp_type - (Optional)[string] Defines the allowed code (from 0 to 254) if protocol ICMP is chosen. Value null allows all codes.
icmp_code - (Optional)[int] Defines the allowed code (from 0 to 254) if protocol ICMP is chosen.
type - (Optional)(Computed)[string] The type of firewall rule. If is not specified, it will take the default value INGRESS.
Resource Server can be imported using the resource id, nsg id and datacenter id, e.g.
Or by using an import block.