This module provisions an IBM Cloud® Data Engine instance.
provider "ibm" {
ibmcloud_api_key = "XXXXXXXXXX"
region = "us-south"
}
module "data_engine" {
source = "terraform-ibm-modules/data-engine/ibm"
version = "latest" # Replace "latest" with a release version to lock into a specific release
resource_group_id = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX"
region = "us-south"
}
You need the following permissions to run this module.
- Account Management
- All Identity and Access Enabled service
Viewer
platform access
- All Resource Groups service
Viewer
platform access
- All Identity and Access Enabled service
- IAM Services
- Data Engine service
Editor
platform accessManager
service access
- Data Engine service
Name | Version |
---|---|
terraform | >= 1.0.0, <1.6.0 |
ibm | >= 1.49.0 |
time | >= 0.9.1 |
No modules.
Name | Type |
---|---|
ibm_iam_authorization_policy.kms_policy | resource |
ibm_resource_instance.data_engine_instance | resource |
time_sleep.wait_for_authorization_policy | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
existing_kms_instance_guid | The GUID the Key Protect instance in which the key specified in var.kms_key_crn is coming from. Required only if var.kms_encryption_enabled is set to true, var.skip_iam_authorization_policy is set to false. NOTE: Hyper Protect Crypto Services is not currently supported by Data Engine. | string |
null |
no |
instance_name | The name to give the Data Engine instance. | string |
n/a | yes |
kms_encryption_enabled | Set this to true to control the encryption keys used to encrypt the data that you store in Data Engine. If set to false, the data is encrypted by using randomly generated keys. For more info on Key Protect integration, see https://cloud.ibm.com/docs/sql-query?topic=sql-query-securing-data. | bool |
false |
no |
kms_endpoint | The KMS endpoint to use when configuring KMS encryption. Must be private or public. | string |
"private" |
no |
kms_key_id | The root key ID of a Key Protect key that you want to use to encrypt your stored Data Engine jobs. Only used if var.kms_encryption_enabled is set to true. NOTE: Hyper Protect Crypto Services is not currently supported by Data Engine. | string |
null |
no |
kms_region | The region where KMS instance exists if using KMS encryption. | string |
"us-south" |
no |
plan | The plan for the Data Engine instance. Supported plans: standard or lite. | string |
"lite" |
no |
region | The region where you want to deploy your instance. | string |
"us-south" |
no |
resource_group_id | The resource group ID where the Data Engine instance will be created. | string |
n/a | yes |
skip_iam_authorization_policy | Set to true to skip the creation of an IAM authorization policy that permits all Data Engine instances in the resource group to read the encryption key from the KMS instance. If set to false, pass in a value for the KMS instance in the existing_kms_instance_guid variable. In addition, no policy is created if var.kms_encryption_enabled is set to false. | bool |
false |
no |
tags | (Optional, Array of Strings) A list of tags that you want to add to your instance. | list(any) |
[] |
no |
Name | Description |
---|---|
crn | data engine crn |
guid | data engine guid |
id | data engine id |
You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.
To set up your local development environment, see Local development setup in the project documentation.