Data Engine (SQL Query) Module

---

⚠️ Deprecated: IBM Cloud® Data Engine is deprecated. As of 18 February 2024 you can't create new instances, and access to free instances will be removed. Existing Standard plan instances are supported until 18 January 2025. Any instances that still exist on that date will be deleted.

---

This module provisions an IBM Cloud® Data Engine instance.

Overview

• terraform-ibm-data-engine
• Examples
  • Basic Example
  • Complete example with BYOK encryption
• Contributing

terraform-ibm-data-engine

Usage

provider "ibm" {
  ibmcloud_api_key = "XXXXXXXXXX"
  region           = "us-south"
}

module "data_engine" {
  source  = "terraform-ibm-modules/data-engine/ibm"
  version = "latest" # Replace "latest" with a release version to lock into a specific release
  resource_group_id    = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
  region               = "us-south"
}

Required IAM access policies

You need the following permissions to run this module.

• Account Management
  • All Identity and Access Enabled service
    • Viewer platform access
  • All Resource Groups service
    • Viewer platform access
• IAM Services
  • Data Engine service
    • Editor platform access
    • Manager service access

Requirements

Name	Version
terraform	>= 1.0.0, <1.6.0
ibm	>= 1.49.0
time	>= 0.9.1

Modules

No modules.

Resources

Name	Type
ibm_iam_authorization_policy.kms_policy	resource
ibm_resource_instance.data_engine_instance	resource
time_sleep.wait_for_authorization_policy	resource

Inputs

Name	Description	Type	Default	Required
existing_kms_instance_guid	The GUID the Key Protect instance in which the key specified in var.kms_key_crn is coming from. Required only if var.kms_encryption_enabled is set to true, var.skip_iam_authorization_policy is set to false. NOTE: Hyper Protect Crypto Services is not currently supported by Data Engine.	string	null	no
instance_name	The name to give the Data Engine instance.	string	n/a	yes
kms_encryption_enabled	Set this to true to control the encryption keys used to encrypt the data that you store in Data Engine. If set to false, the data is encrypted by using randomly generated keys. For more info on Key Protect integration, see https://cloud.ibm.com/docs/sql-query?topic=sql-query-securing-data.	bool	false	no
kms_endpoint	The KMS endpoint to use when configuring KMS encryption. Must be private or public.	string	"private"	no
kms_key_id	The root key ID of a Key Protect key that you want to use to encrypt your stored Data Engine jobs. Only used if var.kms_encryption_enabled is set to true. NOTE: Hyper Protect Crypto Services is not currently supported by Data Engine.	string	null	no
kms_region	The region where KMS instance exists if using KMS encryption.	string	"us-south"	no
plan	The plan for the Data Engine instance. Supported plans: standard or lite.	string	"lite"	no
region	The region where you want to deploy your instance.	string	"us-south"	no
resource_group_id	The resource group ID where the Data Engine instance will be created.	string	n/a	yes
skip_iam_authorization_policy	Set to true to skip the creation of an IAM authorization policy that permits all Data Engine instances in the resource group to read the encryption key from the KMS instance. If set to false, pass in a value for the KMS instance in the existing_kms_instance_guid variable. In addition, no policy is created if var.kms_encryption_enabled is set to false.	bool	false	no
tags	(Optional, Array of Strings) A list of tags that you want to add to your instance.	list(any)	[]	no

Outputs

Name	Description
crn	data engine crn
guid	data engine guid
id	data engine id

Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.

To set up your local development environment, see Local development setup in the project documentation.