Wednesday, September 7, 2022

Terraform multi-account setup for IBM Cloud

Making progress with Terraform
Today's post is a quick write-up for me, kind of my own documentation. I wanted to access two different IBM Cloud accounts within a single Terraform deployment. But how to proceed? It is relatively simple if you know how to (and found the relevant documentation). Here is what my setup looks like.

Provider alias

The first thing is to configure the IBM provider twice and give it an alias. I used "team_account" for the alias (and of course a different API key!). That configuration can / must be referred to as "ibm.team_account". One such use is in the required_providers section where I added a configuration alias (see below).

terraform {
required_version = ">= 1.2.0"
required_providers {
ibm = {
source = "ibm-cloud/ibm"
version = "1.45.0"
configuration_aliases = [ ibm.team_account]
}
}
}

provider "ibm" {
ibmcloud_api_key = var.ibmcloud_api_key
region = var.region
ibmcloud_timeout = var.ibmcloud_timeout
}

provider "ibm" {
alias = "team_account"
ibmcloud_api_key = var.ibmcloud_api_key_second_account
region = var.region
ibmcloud_timeout = var.ibmcloud_timeout

A provider without an alias is considered the default provider.

Working with resources

Later, when working with resources and data sources, I had to add the desired provider to each section or it would be the default provider.

data "ibm_iam_account_settings" "source_iam_account_settings" {
provider = ibm.team_account
}

The above retrieves the account settings from the second account, the "team_account". Another example is to obtain the resource group information to deploy resources to or read information about some service instances.

data "ibm_resource_group" "team_resource_group" {
provider = ibm.team_account
name = "Default"
}

Conclusions

It is easy to work with multiple IBM Cloud accounts within the same Terraform environment. Just define provider aliases and refer to them when needed.

UPDATE (2022-10-18): See this GitHub repository for sample code.

If you have feedback, suggestions, or questions about this post, please reach out to me on Twitter (@data_henrik) or LinkedIn.

at
Labels: , , ,