IBM Secure Landing Zone VSI Autoscale Module

This module creates an Auto Scale for VPC instance group which dynamically creates virtual server instances to meet the demands of your environment. The virtual server instances (VSI) perscribed via an instance template can be connected to a load balancers.

Overview

• terraform-ibm-landing-zone-vsi-autoscale
• Examples
  • Basic example
  • Complete example
• Contributing

terraform-ibm-module-vsi-autoscale

Prerequisites

• A Resource group
• A VPC
• A VPC SSH key
• A VPC subnet

Usage

module "vsi_autoscale" {
  source                        = "terraform-ibm-modules/landing-zone-vsi-autoscale/ibm"
  resource_group_id             = module.resource_group.resource_group_id
  zone                          = var.zone
  image_id                      = var.image_id
  create_security_group         = var.create_security_group
  security_group                = var.security_group
  tags                          = var.resource_tags
  access_tags                   = var.access_tags
  subnets                       = module.slz_vpc.subnet_zone_list
  vpc_id                        = module.slz_vpc.vpc_id
  prefix                        = var.prefix
  placement_group_id            = ibm_is_placement_group.placement_group.id
  machine_type                  = var.machine_type
  user_data                     = var.user_data
  skip_iam_authorization_policy = var.skip_iam_authorization_policy
  existing_kms_instance_guid    = var.existing_kms_instance_guid
  kms_encryption_enabled        = var.kms_encryption_enabled
  boot_volume_encryption_key    = var.boot_volume_encryption_key
  ssh_key_ids                   = [local.ssh_key_id]
  block_storage_volumes         = var.block_storage_volumes
  instance_count                = var.instance_count
  load_balancers                = var.load_balancers
  application_port              = var.application_port
  group_managers                = var.group_managers
}

Required IAM access policies

You need the following permissions to run this module.

• Account Management
  • Resource Group service
    • Viewer platform access
• IAM Services
  • VPC Infrastructure Services service
    • Editor platform access

Requirements

Name	Version
terraform	>= 1.3.0
ibm	>= 1.63.0, < 2.0.0
time	>= 0.9.1, < 1.0.0

Modules

Name	Source	Version
security_groups	terraform-ibm-modules/security-group/ibm	2.6.2

Resources

Name	Type
ibm_iam_authorization_policy.block_storage_policy	resource
ibm_is_instance_group.instance_group	resource
ibm_is_instance_group_manager.instance_group_manager	resource
ibm_is_instance_group_manager_action.instance_group_manager_actions	resource
ibm_is_instance_group_manager_policy.instance_group_manager_policies	resource
ibm_is_instance_template.instance_template	resource
ibm_is_lb.lb	resource
ibm_is_lb_listener.listener	resource
ibm_is_lb_listener_policy.listener_policies	resource
ibm_is_lb_listener_policy_rule.listener_policy_rule	resource
ibm_is_lb_pool.pool	resource
time_sleep.wait_180_seconds	resource
time_sleep.wait_for_authorization_policy	resource
ibm_is_vpc.vpc	data source

Inputs

Name	Description	Type	Default	Required
access_tags	A list of access tags to apply to the VSI resources created by the module. For more information, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial.	list(string)	[]	no
allow_ip_spoofing	Allow IP spoofing on the primary network interface	bool	false	no
application_port	The instance group uses when scaling up instances to supply the port for the Load Balancer pool member.	number	null	no
auto_delete_volumes	Auto delete volumes when the instance is deleted	bool	true	no
availability_policy_host_failure	The availability policy to use for this virtual server instance. The action to perform if the compute host experiences a failure	string	"restart"	no
block_storage_volumes	List describing the block storage volumes that will be attached to each vsi	list( object({ name = string profile = string capacity = optional(number) iops = optional(number) encryption_key = optional(string) resource_group_id = optional(string) }) )	[]	no
boot_volume_encryption_key	CRN of boot volume encryption key	string	null	no
create_security_group	Create security group for VSI. If this is passed as false, the default will be used	bool	n/a	yes
dedicated_host	The placement restrictions to use for the virtual server instance. Unique Identifier of the dedicated host where the instance is placed.	string	null	no
dedicated_host_group	The placement restrictions to use for the virtual server instance. Unique Identifier of the dedicated host group where the instance is placed.	string	null	no
existing_kms_instance_guid	The GUID of the Hyper Protect Crypto Services instance in which the key specified in var.boot_volume_encryption_key is coming from.	string	null	no
group_managers	Instance group manager to add to the instance group	list( object({ name = string aggregation_window = optional(number) cooldown = optional(number) enable_manager = optional(bool) manager_type = string max_membership_count = optional(number) min_membership_count = optional(number) actions = optional( list( object({ name = string cron_spec = optional(string) membership_count = optional(number) max_membership_count = optional(number) min_membership_count = optional(number) run_at = optional(string) }) ) ) policies = optional( list( object({ name = string metric_type = string metric_value = number policy_type = string }) ) ) }) )	[]	no
image_id	Image ID used for VSI. Run 'ibmcloud is images' to find available images in a region	string	n/a	yes
instance_count	The number of instances to create in the instance group.	number	null	no
instance_group_name	The name to assign the instance group. If no name is provided then the default will be {prefix}-ins-group.	string	null	no
instance_tmplt_name	The name to assign the instance template. If no name is provided then the default will be {prefix}-ins-tmplt.	string	null	no
kms_encryption_enabled	Set this to true to control the encryption keys used to encrypt the data that for the block storage volumes for VPC. If set to false, the data is encrypted by using randomly generated keys. For more info on encrypting block storage volumes, see https://cloud.ibm.com/docs/vpc?topic=vpc-creating-instances-byok	bool	false	no
load_balancers	Load balancers to add to VSI	list( object({ name = string type = string logging = optional(bool) listener_port = number listener_protocol = string connection_limit = number idle_connection_timeout = optional(number) algorithm = string certificate_instance = optional(string) protocol = string health_delay = number health_retries = number health_timeout = number health_type = string pool_member_port = string profile = optional(string) dns = optional( object({ instance_crn = string zone_id = string }) ) security_group = optional( object({ name = string add_ibm_cloud_internal_rules = optional(bool, false) rules = list( object({ name = string direction = string source = string tcp = optional( object({ port_max = number port_min = number }) ) udp = optional( object({ port_max = number port_min = number }) ) icmp = optional( object({ type = number code = number }) ) }) ) }) ) policies = optional( list(object({ name = string action = string priority = number rules = optional(list( object({ condition = string type = string value = string field = string }) )) target = optional(list( object({ url = optional(string) http_status_code = optional(string) pool_id = optional(string) listener_id = optional(string) }) )) }) )) }) )	[]	no
machine_type	VSI machine type. Run 'ibmcloud is instance-profiles' to get a list of regional profiles	string	n/a	yes
placement_group_id	Unique Identifier of the Placement Group for restricting the placement of the instance, default behaviour is placement on any host	string	null	no
prefix	The value that you would like to prefix to the name of the resources provisioned by this module. Explicitly set to null if you do not wish to use a prefix. This value is ignored if using one of the optional variables for explicit control over naming.	string	null	no
resource_group_id	ID of resource group to create VSI and block storage volumes. If you wish to create the block storage volumes in a different resource group, you can optionally set that directly in the 'block_storage_volumes' variable.	string	n/a	yes
security_group	Security group created for VSI	object({ name = string add_ibm_cloud_internal_rules = optional(bool, false) rules = list( object({ name = string direction = string source = string tcp = optional( object({ port_max = number port_min = number }) ) udp = optional( object({ port_max = number port_min = number }) ) icmp = optional( object({ type = number code = number }) ) }) ) })	null	no
security_group_ids	IDs of additional security groups to be added to VSI deployment primary interface. A VSI interface can have a maximum of 5 security groups.	list(string)	[]	no
skip_iam_authorization_policy	Set to true to skip the creation of an IAM authorization policy that permits all Storage Blocks to read the encryption key from the KMS instance. If set to false, pass in a value for the KMS instance in the existing_kms_instance_guid variable. In addition, no policy is created if var.kms_encryption_enabled is set to false.	bool	false	no
ssh_key_ids	ssh key ids to use in creating vsi	list(string)	n/a	yes
subnets	A list of subnet IDs where VSI will be deployed	list( object({ name = string id = string zone = string cidr = optional(string) crn = optional(string) }) )	n/a	yes
tags	List of tags to apply to resources created by this module.	list(string)	[]	no
user_data	User data to initialize VSI deployment	string	null	no
vpc_id	ID of VPC	string	n/a	yes
zone	The zone to create the resource in	string	n/a	yes

Outputs

Name	Description
ibm_is_instance_group	Instance group information
intstance_template	Instance template information
lbs_list	Load balancer information
security_groups	Security group information

Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.

To set up your local development environment, see Local development setup in the project documentation.