» cloudstack_template

Use this datasource to get the ID of a template for use in other resources.

» Example Usage

data "cloudstack_template" "my_template"

{ template_filter = "featured"

filter {
name = "name"
value = "CentOS 7\\.1"
}

filter {
name = "hypervisor"
value = "KVM"
}
}

» Argument Reference

• template_filter - (Required) The template filter. Possible

values are featured, self, selfexecutable, sharedexecutable,
executable and community (see the Cloudstack API listTemplate
command documenta- tion).
• filter - (Required) One or more name/value pairs to filter off
of. You can apply filters on any exported attributes.

» Attributes Reference

The following attributes are exported:

• id - The template ID.
• account - The account name to which the template belongs.
• created - The date this template was created.
• display_text - The template display text.
• format - The format of the template.
• hypervisor - The hypervisor on which the templates runs.
• name - The template name.
• size - The size of the template.

1
 » cloudstack_affinity_group

Creates an affinity group.

» Example Usage

resource "cloudstack_affinity_group" "default" {

name = "test-affinity-group"
type = "host anti-affinity"
}

» Argument Reference

The following arguments are supported:

• name - (Required) The name of the affinity group. Changing
this forces a new resource to be created.
• description - (Optional) The description of the affinity group.
• type - (Required) The affinity group type. Changing this
forces a new resource to be created.
• project - (Optional) The name or ID of the project to register
this affinity group to. Changing this forces a new resource to
be created.

» Attributes Reference

The following attributes are exported:

• id - The id of the affinity group.
• description - The description of the affinity group.

» Import

Affinity groups can be imported; use <AFFINITY GROUP ID> as the

import ID. For example:
terraform import cloudstack_affinity_group.default 6226ea4d-9cbe-4cc9-b30c-b9532146da5b
When importing into a project you need to prefix the import ID with
the project name:
terraform import cloudstack_affinity_group.default my-project/6226ea4d-9cbe-4cc9-b30c-b9532

2
» cloudstack_disk

Creates a disk volume from a disk offering. This disk volume will be
attached to a virtual machine if the optional parameters are
configured.

» Example Usage

resource "cloudstack_disk" "default" {

name = "test-disk"
attach = "true"
disk_offering = "custom"
size = 50
virtual_machine_id = "server-1"
zone = "zone-1"
}

» Argument Reference

The following arguments are supported:

• name - (Required) The name of the disk volume. Changing this
forces a new resource to be created.
• attach - (Optional) Determines whether or not to attach the
disk volume to a virtual machine (defaults false).
• device_id - (Optional) The device ID to map the disk volume to
within the guest OS.
• disk_offering - (Required) The name or ID of the disk offering
to use for this disk volume.
• size - (Optional) The size of the disk volume in gigabytes.
• shrink_ok - (Optional) Verifies if the disk volume is allowed to
shrink when resizing (defaults false).
• virtual_machine_id - (Optional) The ID of the virtual machine to
which you want to attach the disk volume.
• project - (Optional) The name or ID of the project to deploy this
instance to. Changing this forces a new resource to be
created.
• zone - (Required) The name or ID of the zone where this disk
volume will be available. Changing this forces a new resource
to be created.

3
 » Attributes Reference

The following attributes are exported:

• id - The ID of the disk volume.
• device_id - The device ID the disk volume is mapped to within
the guest OS.

» Import

Disks can be imported; use <DISK ID> as the import ID. For example:
terraform import cloudstack_disk.default 6f3ee798-d417-4e7a-92bc-95ad41cf1244
When importing into a project you need to prefix the import ID with
the project name:
terraform import cloudstack_disk.default my-project/6f3ee798-d417-4e7a-92bc-95ad41cf1244

» cloudstack_egress_firewall

Creates egress firewall rules for a given network.

» Example Usage

resource "cloudstack_egress_firewall" "default" {

network_id = "6eb22f91-7454-4107-89f4-36afcdf33021"

rule {
cidr_list = ["10.0.0.0/8"]
protocol = "tcp"
ports = ["80", "1000-2000"]
}
}

» Argument Reference

The following arguments are supported:

• network_id - (Required) The network ID for which to create
the egress firewall rules. Changing this forces a new resource
to be created.

4
 • managed - (Optional) USE WITH CAUTION! If enabled all the
egress firewall rules for this network will be managed by this
resource. This means it will delete all firewall rules that are
not in your config! (defaults false)
• rule - (Optional) Can be specified multiple times. Each rule
block sup- ports fields documented below. If managed = false at
least one rule is required!
• parallelism (Optional) Specifies how much rules will be created
or deleted concurrently. (defaults 2)
The rule block supports:
• cidr_list - (Required) A CIDR list to allow access to the given ports.
• protocol - (Required) The name of the protocol to allow. Valid
options are: tcp, udp and icmp.
• icmp_type - (Optional) The ICMP type to allow. This can only be
speci- fied if the protocol is ICMP.
• icmp_code - (Optional) The ICMP code to allow. This can only be
spec- ified if the protocol is ICMP.
• ports - (Optional) List of ports and/or port ranges to allow.
This can only be specified if the protocol is TCP or UDP.

» Attributes Reference

The following attributes are exported:

• id - The network ID for which the egress firewall rules are created.

» cloudstack_firewall

Creates firewall rules for a given IP address.

» Example Usage

resource "cloudstack_firewall" "default" {

ip_address_id = "30b21801-d4b3-4174-852b-0c0f30bdbbfb"

rule {
cidr_list = ["10.0.0.0/8"]
protocol = "tcp"
ports = ["80", "1000-2000"]

5
 }
}

» Argument Reference

The following arguments are supported:

• ip_address_id - (Required) The IP address ID for which to create
the firewall rules. Changing this forces a new resource to be
created.
• managed - (Optional) USE WITH CAUTION! If enabled all the
firewall rules for this IP address will be managed by this
resource. This means it will delete all firewall rules that are
not in your config! (defaults false)
• rule - (Optional) Can be specified multiple times. Each rule
block sup- ports fields documented below. If managed = false at
least one rule is required!
• parallelism (Optional) Specifies how much rules will be created
or deleted concurrently. (defaults 2)
The rule block supports:
• cidr_list - (Required) A CIDR list to allow access to the given ports.
• protocol - (Required) The name of the protocol to allow. Valid
options are: tcp, udp and icmp.
• icmp_type - (Optional) The ICMP type to allow. This can only be
speci- fied if the protocol is ICMP.
• icmp_code - (Optional) The ICMP code to allow. This can only be
spec- ified if the protocol is ICMP.
• ports - (Optional) List of ports and/or port ranges to allow.
This can only be specified if the protocol is TCP or UDP.

» Attributes Reference

The following attributes are exported:

• id - The IP address ID for which the firewall rules are created.

» cloudstack_instance

Creates and automatically starts a virtual machine based on a

service offering, disk offering, and template.
6
» Example Usage

resource "cloudstack_instance" "web" {

name = "server-1"
service_offering = "small"
network_id = "6eb22f91-7454-4107-89f4-36afcdf33021"
template = "CentOS 6.5"
zone = "zone-1"
}

» Argument Reference

The following arguments are supported:

• name - (Required) The name of the instance.
• display_name - (Optional) The display name of the instance.
• service_offering - (Required) The name or ID of the service
offering used for this instance.
• network_id - (Optional) The ID of the network to connect this
instance to. Changing this forces a new resource to be
created.
• ip_address - (Optional) The IP address to assign to this instance.
Chang- ing this forces a new resource to be created.
• template - (Required) The name or ID of the template used for
this instance. Changing this forces a new resource to be
created.
• root_disk_size - (Optional) The size of the root disk in gigabytes.
The root disk is resized on deploy. Only applies to template-
based deployments. Changing this forces a new resource to be
created.
• group - (Optional) The group name of the instance.
• affinity_group_ids - (Optional) List of affinity group IDs to
apply to this instance.
• affinity_group_names - (Optional) List of affinity group names to
apply to this instance.
• security_group_ids - (Optional) List of security group IDs to
apply to this instance. Changing this forces a new resource to
be created.
• security_group_names - (Optional) List of security group names to
apply to this instance. Changing this forces a new resource to

7
 be created.
• project - (Optional) The name or ID of the project to deploy this
instance to. Changing this forces a new resource to be
created.

8
 • zone - (Required) The name or ID of the zone where this
instance will be created. Changing this forces a new resource
to be created.
• start_vm - (Optional) This determines if the instances is started
after it is created (defaults true)
• user_data - (Optional) The user data to provide when
launching the instance. This can be either plain text or
base64 encoded text.
• keypair - (Optional) The name of the SSH key pair that will be
used to access this instance.
• expunge - (Optional) This determines if the instance is
expunged when it is destroyed (defaults false)

» Attributes Reference

The following attributes are exported:

• id - The instance ID.
• display_name - The display name of the instance.

» Import

Instances can be imported; use <INSTANCE ID> as the import ID. For example:
terraform import cloudstack_instance.default 5cf69677-7e4b-4bf4-b868-f0b02bb72ee0
When importing into a project you need to prefix the import ID with
the project name:
terraform import cloudstack_instance.default my-project/5cf69677-7e4b-4bf4-b868-f0b02bb72ee

» cloudstack_ipaddress

Acquires and associates a public IP.

» Example Usage
resource "cloudstack_ipaddress" "default" {
network_id = "6eb22f91-7454-4107-89f4-36afcdf33021"
}

9
» Argument Reference

The following arguments are supported:

• is_portable - (Optional) This determines if the IP address should
be transferable across zones (defaults false)
• network_id - (Optional) The ID of the network for which an IP
address should be acquired and associated. Changing this
forces a new resource to be created.
• vpc_id - (Optional) The ID of the VPC for which an IP address
should be acquired and associated. Changing this forces a
new resource to be created.
• zone - (Optional) The name or ID of the zone for which an IP
address should be acquired and associated. Changing this
forces a new resource to be created.
• project - (Optional) The name or ID of the project to deploy this
instance to. Changing this forces a new resource to be
created.
NOTE: network_id and/or zone should have a value when
is_portable is false! NOTE: Either network_id or vpc_id should have a
value when is_portable is true!

» Attributes Reference

The following attributes are exported:

• id - The ID of the acquired and associated IP address.
• ip_address - The IP address that was acquired and associated.

» cloudstack_loadbalancer_rule

Creates a loadbalancer rule.

» Example Usage

resource "cloudstack_loadbalancer_rule" "default" {

name = "loadbalancer-rule-1"
description = "Loadbalancer rule 1"
ip_address_id = "30b21801-d4b3-4174-852b-0c0f30bdbbfb"
algorithm = "roundrobin"
private_port = 80
public_port = 80
1
0
 member_ids = ["f8141e2f-4e7e-4c63-9362-986c908b7ea7"]
}

» Argument Reference

The following arguments are supported:

• name - (Required) Name of the loadbalancer rule. Changing
this forces a new resource to be created.
• description - (Optional) The description of the load balancer rule.
• ip_address_id - (Required) Public IP address ID from where the
network traffic will be load balanced from. Changing this
forces a new resource to be created.
• network_id - (Optional) The network ID this rule will be created
for. Required when public IP address is not associated with
any network yet (VPC case).
• algorithm - (Required) Load balancer rule algorithm (source,
roundrobin, leastconn). Changing this forces a new resource
to be created.
• private_port - (Required) The private port of the private IP
address (vir- tual machine) where the network traffic will be
load balanced to. Changing this forces a new resource to be
created.
• public_port - (Required) The public port from where the network
traffic will be load balanced from. Changing this forces a new
resource to be created.
• protocol - (Optional) Load balancer protocol (tcp, udp, tcp-
proxy). Changing this forces a new resource to be created.
• member_ids - (Required) List of instance IDs to assign to the load
balancer rule. Changing this forces a new resource to be
created.
• project - (Optional) The name or ID of the project to deploy this
instance to. Changing this forces a new resource to be
created.

» Attributes Reference

The following attributes are exported:

• id - The load balancer rule ID.
• description - The description of the load balancer rule.
1
1
 » cloudstack_network

Creates a network.

» Example Usage

Basic usage:
resource "cloudstack_network" "default" {
name = "test-network"
cidr = "10.0.0.0/16"
network_offering = "Default Network"
zone = "zone-1"
}

» Argument Reference

The following arguments are supported:

• name - (Required) The name of the network.
• display_text - (Optional) The display text of the network.
• cidr - (Required) The CIDR block for the network. Changing
this forces a new resource to be created.
• gateway - (Optional) Gateway that will be provided to the
instances in this network. Defaults to the first usable IP in the
range.
• startip - (Optional) Start of the IP block that will be
available on the network. Defaults to the second available IP
in the range.
• endip - (Optional) End of the IP block that will be available
on the network. Defaults to the last available IP in the range.
• network_domain - (Optional) DNS domain for the network.
• network_offering - (Required) The name or ID of the network
offering to use for this network.
• vlan - (Optional) The VLAN number (1-4095) the network will
use. This might be required by the Network Offering if
specifyVlan=true is set. Only the ROOT admin can set this
value.
• vpc_id - (Optional) The VPC ID in which to create this network.
Chang- ing this forces a new resource to be created.

1
2
• acl_id - (Optional) The ACL ID that should be attached to the
network or none if you do not want to attach an ACL. You can
dynamically attach

1
3
 and swap ACL’s, but if you want to detach an attached ACL and
revert to using none, this will force a new resource to be
created. (defaults none)
• project - (Optional) The name or ID of the project to deploy this
instance to. Changing this forces a new resource to be
created.
• source_nat_ip - (Optional) If set to true a public IP will be
associated with the network. This is mainly used when the
network supports the source NAT service which claims the
first associated IP address. This prevents the ability to
manage the IP address as an independent entity.
• zone - (Required) The name or ID of the zone where this
network will be available. Changing this forces a new
resource to be created.

» Attributes Reference

The following attributes are exported:

• id - The ID of the network.
• display_text - The display text of the network.
• network_domain - DNS domain for the network.
• source_nat_ip_id - The ID of the associated source NAT IP.

» Import

Networks can be imported; use <NETWORK ID> as the import ID. For example:
terraform import cloudstack_network.default 36619b20-5584-43bf-9a84-e242bacd5582
When importing into a project you need to prefix the import ID with
the project name:
terraform import cloudstack_network.default my-project/36619b20-5584-43bf-9a84-e242bacd5582

» cloudstack_network_acl

Creates a Network ACL for the given VPC.

» Example Usage

resource "cloudstack_network_acl" "default" {

name = "test-acl"
1
4
vpc_id = "76f6e8dc-07e3-4971-b2a2-8831b0cc4cb4"
}

1
5
» Argument Reference

The following arguments are supported:

• name - (Required) The name of the ACL. Changing this
forces a new resource to be created.
• description - (Optional) The description of the ACL.
Changing this forces a new resource to be created.
• project - (Optional) The name or ID of the project to deploy this
instance to. Changing this forces a new resource to be
created.
• vpc_id - (Required) The ID of the VPC to create this ACL for.
Changing this forces a new resource to be created.

» Attributes Reference

The following attributes are exported:

• id - The ID of the Network ACL

» Import

Network ACLs can be imported; use <NETWORK ACL ID> as the import
ID. For example:
terraform import cloudstack_network_acl.default e8b5982a-1b50-4ea9-9920-6ea2290c7359
When importing into a project you need to prefix the import ID with
the project name:
terraform import cloudstack_network_acl.default my-project/e8b5982a-1b50-4ea9-9920-6ea2290c

» cloudstack_network_acl_rule

Creates network ACL rules for a given network ACL.

» Example Usage

resource "cloudstack_network_acl_rule" "default" {

acl_id = "f3843ce0-334c-4586-bbd3-0c2e2bc946c6"

rule {
action = "allow"

1
6
 cidr_list = ["10.0.0.0/8"]
protocol = "tcp"
ports = ["80", "1000-2000"]
traffic_type = "ingress"
}
}

» Argument Reference

The following arguments are supported:

• acl_id - (Required) The network ACL ID for which to create the
rules. Changing this forces a new resource to be created.
• managed - (Optional) USE WITH CAUTION! If enabled all the
firewall rules for this network ACL will be managed by this
resource. This means it will delete all firewall rules that are
not in your config! (defaults false)
• rule - (Optional) Can be specified multiple times. Each rule
block sup- ports fields documented below. If managed = false at
least one rule is required!
• project - (Optional) The name or ID of the project to deploy this
instance to. Changing this forces a new resource to be
created.
• parallelism (Optional) Specifies how much rules will be created
or deleted concurrently. (defaults 2)
The rule block supports:
• action - (Optional) The action for the rule. Valid options are: allow and
deny (defaults allow).
• cidr_list - (Required) A CIDR list to allow access to the given ports.
• protocol - (Required) The name of the protocol to allow.
Valid options are: tcp, udp, icmp, all or a valid protocol
number.
• icmp_type - (Optional) The ICMP type to allow, or -1 to allow
any. This can only be specified if the protocol is ICMP.
(defaults 0)
• icmp_code - (Optional) The ICMP code to allow, or -1 to allow
any. This can only be specified if the protocol is ICMP.
(defaults 0)
• ports - (Optional) List of ports and/or port ranges to allow. This
can only be specified if the protocol is TCP, UDP, ALL or a
valid protocol number.
1
7
• traffic_type - (Optional) The traffic type for the rule. Valid
options are: ingress or egress (defaults ingress).

1
8
 » Attributes Reference

The following attributes are exported:

• id - The ACL ID for which the rules are created.

» cloudstack_nic

Creates an additional NIC to add a VM to the specified network.

» Example Usage

Basic usage:
resource "cloudstack_nic" "test" {
network_id = "6eb22f91-7454-4107-89f4-36afcdf33021"
ip_address = "192.168.1.1"
virtual_machine_id = "f8141e2f-4e7e-4c63-9362-986c908b7ea7"
}

» Argument Reference

The following arguments are supported:

• network_id - (Required) The ID of the network to plug the
NIC into. Changing this forces a new resource to be created.
• ip_address - (Optional) The IP address to assign to the NIC.
Changing this forces a new resource to be created.
• virtual_machine_id - (Required) The ID of the virtual machine to
which to attach the NIC. Changing this forces a new resource
to be created.

» Attributes Reference

The following attributes are exported:

• id - The ID of the NIC.
• ip_address - The assigned IP address.

» cloudstack_port_forward

1
9
Creates port forwards.

2
0
» Example Usage

resource "cloudstack_port_forward" "default" {

ip_address_id = "30b21801-d4b3-4174-852b-0c0f30bdbbfb"

forward {
protocol = "tcp"
private_port = 80
public_port = 8080
virtual_machine_id = "f8141e2f-4e7e-4c63-9362-986c908b7ea7"
}
}

» Argument Reference

The following arguments are supported:

• ip_address_id - (Required) The IP address ID for which to create
the port forwards. Changing this forces a new resource to be
created.
• managed - (Optional) USE WITH CAUTION! If enabled all the
port for- wards for this IP address will be managed by this
resource. This means it will delete all port forwards that are
not in your config! (defaults false)
• project - (Optional) The name or ID of the project to create this
port forward in. Changing this forces a new resource to be
created.
• forward - (Required) Can be specified multiple times. Each
forward block supports fields documented below.
The forward block supports:
• protocol - (Required) The name of the protocol to allow. Valid
options are: tcp and udp.
• private_port - (Required) The private port to forward to.
• public_port - (Required) The public port to forward from.
• virtual_machine_id - (Required) The ID of the virtual machine to
for- ward to.
• vm_guest_ip - (Optional) The virtual machine IP address for the
port forwarding rule (useful when the virtual machine has
secondairy NICs or IP addresses).

» Attributes Reference
2
1
The following attributes are exported:

2
2
 • id - The ID of the IP address for which the port forwards are created.
• vm_guest_ip - The IP address of the virtual machine that is used
for the port forwarding rule.

» cloudstack_private_gateway

Creates a private gateway for the given VPC.

NOTE: private gateway can only be created using a ROOT account!

» Example Usage

resource "cloudstack_private_gateway" "default" {

gateway = "10.0.0.1"
ip_address = "10.0.0.2"
netmask = "255.255.255.252"
vlan = "200"
vpc_id = "76f6e8dc-07e3-4971-b2a2-8831b0cc4cb4"
}

» Argument Reference

The following arguments are supported:

• gateway - (Required) the gateway of the Private gateway.
Changing this forces a new resource to be created.
• ip_address - (Required) the IP address of the Private gateway.
Changing this forces a new resource to be created.
• netmask - (Required) The netmask of the Private gateway.
Changing this forces a new resource to be created.
• vlan - (Required) The VLAN number (1-4095) the network will use.
• physical_network_id - (Optional) The ID of the physical
network this private gateway belongs to.
• network_offering - (Optional) The name or ID of the network
offering to use for the private gateways network connection.
• acl_id - (Required) The ACL ID that should be attached to the network.
• vpc_id - (Required) The VPC ID in which to create this Private
gateway. Changing this forces a new resource to be created.

2
3
 » Attributes Reference

The following attributes are exported:

• id - The ID of the private gateway.

» Import

Private gateways can be imported; use <PRIVATE GATEWAY ID> as the

import ID. For example:
terraform import cloudstack_private_gateway.default e42a24d2-46cb-4b18-9d41-382582fad309

» cloudstack_secondary_ipaddress

Assigns a secondary IP to a NIC.

» Example Usage
resource "cloudstack_secondary_ipaddress" "default"
{ virtual_machine_id = "server-1"
}

» Argument Reference

The following arguments are supported:

• ip_address - (Optional) The IP address to bind the to NIC. If not
sup- plied an IP address will be selected randomly. Changing
this forces a new resource to be created.
• nic_id - (Optional) The NIC ID to which you want to attach
the sec- ondary IP address. Changing this forces a new
resource to be created (defaults to the ID of the primary
NIC)
• virtual_machine_id - (Required) The ID of the virtual machine to
which you want to attach the secondary IP address. Changing
this forces a new resource to be created.

» Attributes Reference

The following attributes are exported:

2
4
 • id - The secondary IP address ID.
• ip_address - The IP address that was acquired and associated.

» cloudstack_security_group

Creates a security group.

» Example Usage

resource "cloudstack_security_group" "default" {

name = "allow_web"
description = "Allow access to HTTP and HTTPS"
}

» Argument Reference

The following arguments are supported:

• name - (Required) The name of the security group. Changing
this forces a new resource to be created.
• description - (Optional) The description of the security group.
Changing this forces a new resource to be created.
• project - (Optional) The name or ID of the project to create this
security group in. Changing this forces a new resource to be
created.

» Attributes Reference

The following attributes are exported:

• id - The ID of the security group.

» Import

Security groups can be imported; use <SECURITY GROUP ID> as the

import ID. For example:
terraform import cloudstack_security_group.default e54970f1-f563-46dd-a365-2b2e9b78c54b
When importing into a project you need to prefix the import ID with
the project name:
terraform import cloudstack_security_group.default my-project/e54970f1-f563-46dd-a365-2b2e9
2
5
» cloudstack_security_group_rule

Authorizes and revokes both ingress and egress rulea for a given security group.

» Example Usage

resource "cloudstack_security_group_rule" "web" {

security_group_id = "e340b62b-fbc2-4081-8f67-e40455c44bce"

rule {
cidr_list = ["0.0.0.0/0"]
protocol = "tcp"
ports = ["80", "443"]
}

rule {
cidr_list = ["192.168.0.0/24", "192.168.1.0/25"]
protocol = "tcp"
ports = ["80-90", "443"]
traffic_type = "egress"
user_security_group_list = ["group01", "group02"]
}
}

» Argument Reference

The following arguments are supported:

• security_group_id - (Required) The security group ID for which to
cre- ate the rules. Changing this forces a new resource to be
created.
• rule - (Required) Can be specified multiple times. Each rule
block sup- ports fields documented below.
• project - (Optional) The name or ID of the project in which the
security group is created. Changing this forces a new
resource to be created.
• parallelism (Optional) Specifies how much rules will be
created or deleted concurrently. (defaults 2)
The rule block supports:
• cidr_list - (Optional) A CIDR list to allow access to the given ports.
• protocol - (Required) The name of the protocol to allow. Valid
options are: tcp, udp, icmp, all or a valid protocol number.
2
6
 • icmp_type - (Optional) The ICMP type to allow, or -1 to allow
any. This can only be specified if the protocol is ICMP.
(defaults 0)
• icmp_code - (Optional) The ICMP code to allow, or -1 to allow
any. This can only be specified if the protocol is ICMP.
(defaults 0)
• ports - (Optional) List of ports and/or port ranges to allow. This
can only be specified if the protocol is TCP, UDP, ALL or a
valid protocol number.
• traffic_type - (Optional) The traffic type for the rule. Valid
options are: ingress or egress. (defaults ingress)
• user_security_group_list - (Optional) A list of security groups to
ap- ply the rules to.

» Attributes Reference

The following attributes are exported:

• id - The security group ID for which the rules are created.

» cloudstack_ssh_keypair

Creates or registers an SSH key pair.

» Example Usage

resource "cloudstack_ssh_keypair" "default" {

name = "myKey"
public_key = "${file("~/.ssh/id_rsa.pub")}"
project = "myProject"
}

» Argument Reference

The following arguments are supported:

• name - (Required) The name of the SSH key pair. This is a
unique value within a CloudStack account. Changing this
forces a new resource to be created.
• public_key - (Optional) The public key to register with
CloudStack. If this is omitted, CloudStack will generate a new
2
7
key pair. The key can be

2
8
 loaded from a file on disk using the file() function. Changing this
forces a new resource to be created.
• project - (Optional) The name or ID of the project to register
this key to. Changing this forces a new resource to be
created.

» Attributes Reference

The following attributes are exported:

• id - The key pair ID.
• fingerprint - The fingerprint of the public key specified or created.
• private_key - The private key generated by CloudStack. Only
available if CloudStack generated the key pair.

» cloudstack_static_nat

Enables static NAT for a given IP address

» Example Usage

resource "cloudstack_static_nat" "default" {

ip_address_id = "f8141e2f-4e7e-4c63-9362-986c908b7ea7"
virtual_machine_id = "6ca2a163-bc68-429c-adc8-ab4a620b1bb3"
}

» Argument Reference

The following arguments are supported:

• ip_address_id - (Required) The public IP address ID for which
static NAT will be enabled. Changing this forces a new
resource to be created.
• virtual_machine_id - (Required) The virtual machine ID to enable
the static NAT feature for. Changing this forces a new
resource to be created.
• vm_guest_ip - (Optional) The virtual machine IP address to
forward the static NAT traffic to (useful when the virtual
machine has secondary NICs or IP addresses). Changing this
forces a new resource to be created.
• project - (Optional) The name or ID of the project to deploy this
2
9
instance to. Changing this forces a new resource to be
created.

3
0
 » Attributes Reference

The following attributes are exported:

• id - The static nat ID.
• vm_guest_ip - The IP address of the virtual machine that is
used to forward the static NAT traffic to.

» cloudstack_static_route

Creates a static route for the given private gateway or VPC.

» Example Usage

resource "cloudstack_static_route" "default" {

cidr = "10.0.0.0/16"
gateway_id = "76f607e3-e8dc-4971-8831-b2a2b0cc4cb4"
}

» Argument Reference

The following arguments are supported:

• cidr - (Required) The CIDR for the static route. Changing this
forces a new resource to be created.
• gateway_id - (Required) The ID of the Private gateway.
Changing this forces a new resource to be created.

» Attributes Reference

The following attributes are exported:

• id - The ID of the static route.

» cloudstack_template

Registers an existing template into the CloudStack cloud.

3
1
» Example Usage

resource "cloudstack_template" "centos64" {

name = "CentOS 6.4 x64"
format = "VHD"
hypervisor = "XenServer"
os_type = "CentOS 6.4 (64bit)"
url = "http://someurl.com/template.vhd"
zone = "zone-1"
}

» Argument Reference

The following arguments are supported:

• name - (Required) The name of the template.
• display_text - (Optional) The display name of the template.
• format - (Required) The format of the template. Valid values are
QCOW2, RAW, and VHD.
• hypervisor - (Required) The target hypervisor for the template.
Chang- ing this forces a new resource to be created.
• os_type - (Required) The OS Type that best represents the OS
of this template.
• url - (Required) The URL of where the template is hosted.
Changing this forces a new resource to be created.
• project - (Optional) The name or ID of the project to create this
template for. Changing this forces a new resource to be
created.
• zone - (Optional) The name or ID of the zone where this
template will be created. Changing this forces a new resource
to be created.
• is_dynamically_scalable - (Optional) Set to indicate if the template
contains tools to support dynamic scaling of VM cpu/memory
(defaults false)
• is_extractable - (Optional) Set to indicate if the template is
extractable (defaults false)
• is_featured - (Optional) Set to indicate if the template is
featured (de- faults false)
• is_public - (Optional) Set to indicate if the template is
available for all accounts (defaults true)

3
2
 • password_enabled - (Optional) Set to indicate if the template
should be password enabled (defaults false)
• is_ready_timeout - (Optional) The maximum time in seconds
to wait until the template is ready for use (defaults 300
seconds)

» Attributes Reference

The following attributes are exported:

• id - The template ID.
• display_text - The display text of the template.
• is_dynamically_scalable - Set to ”true” if the template is
dynamically scalable.
• is_extractable - Set to ”true” if the template is extractable.
• is_featured - Set to ”true” if the template is featured.
• is_public - Set to ”true” if the template is public.
• password_enabled - Set to ”true” if the template is password enabled.
• is_ready - Set to ”true” once the template is ready for use.

» cloudstack_vpc

Creates a VPC.

» Example Usage

Basic usage:
resource "cloudstack_vpc" "default" {
name = "test-vpc"
cidr = "10.0.0.0/16"
vpc_offering = "Default VPC Offering"
zone = "zone-1"
}

» Argument Reference

The following arguments are supported:

• name - (Required) The name of the VPC.
• display_text - (Optional) The display text of the VPC.

3
3
 • cidr - (Required) The CIDR block for the VPC. Changing this
forces a new resource to be created.
• vpc_offering - (Required) The name or ID of the VPC offering
to use for this VPC. Changing this forces a new resource to be
created.
• network_domain - (Optional) The default DNS domain for
networks cre- ated in this VPC. Changing this forces a new
resource to be created.
• project - (Optional) The name or ID of the project to deploy this
instance to. Changing this forces a new resource to be
created.
• zone - (Required) The name or ID of the zone where this disk
volume will be available. Changing this forces a new resource
to be created.

» Attributes Reference

The following attributes are exported:

• id - The ID of the VPC.
• display_text - The display text of the VPC.
• source_nat_ip - The source NAT IP assigned to the VPC.

» Import

VPCs can be imported; use <VPC ID> as the import ID. For example:
terraform import cloudstack_vpc.default 84b23264-917a-4712-b8bf-cd7604db43b0
When importing into a project you need to prefix the import ID with
the project name:
terraform import cloudstack_vpc.default my-project/84b23264-917a-4712-b8bf-cd7604db43b0

» cloudstack_vpn_gateway

Creates a site to site VPN local gateway.

» Example Usage

Basic usage:
resource "cloudstack_vpn_gateway" "default" {
3
4
 vpc_id = "f8141e2f-4e7e-4c63-9362-986c908b7ea7"
}

3
5
» Argument Reference

The following arguments are supported:

• vpc_id - (Required) The ID of the VPC for which to create
the VPN Gateway. Changing this forces a new resource to be
created.

» Attributes Reference

The following attributes are exported:

• id - The ID of the VPN Gateway.
• public_ip - The public IP address associated with the VPN Gateway.

» Import

VPC gateways can be imported; use <VPN GATEWAY ID> as the

import ID. For example:
terraform import cloudstack_vpn_gateway.default 49cf1821-3b9f-4627-be19-8a15ffec508d

» cloudstack_vpn_customer_gateway

Creates a site to site VPN local customer gateway.

» Example Usage

Basic usage:
resource "cloudstack_vpn_customer_gateway" "default" {
name = "test-vpc"
cidr = "10.0.0.0/8"
esp_policy = "aes256-sha1;modp1024"
gateway = "192.168.0.1"
ike_policy = "aes256-sha1;modp1024"
ipsec_psk = "terraform"
}

» Argument Reference

The following arguments are supported:

• name - (Required) The name of the VPN Customer Gateway.
3
6
 • cidr - (Required) The CIDR block that needs to be routed
through this gateway.
• esp_policy - (Required) The ESP policy to use for this VPN
Customer Gateway.
• gateway - (Required) The public IP address of the related VPN Gateway.
• ike_policy - (Required) The IKE policy to use for this VPN
Customer Gateway.
• ipsec_psk - (Required) The IPSEC pre-shared key used for this gateway.
• dpd - (Optional) If DPD is enabled for the related VPN
connection (de- faults false)
• esp_lifetime - (Optional) The ESP lifetime of phase 2 VPN
connection to this VPN Customer Gateway in seconds
(defaults 86400)
• ike_lifetime - (Optional) The IKE lifetime of phase 2 VPN
connection to this VPN Customer Gateway in seconds
(defaults 86400)
• project - (Optional) The name or ID of the project to create
this VPN Customer Gateway in. Changing this forces a new
resource to be created.

» Attributes Reference

The following attributes are exported:

• id - The ID of the VPN Customer Gateway.
• dpd - Enable or disable DPD is enabled for the related VPN connection.
• esp_lifetime - The ESP lifetime of phase 2 VPN connection to
this VPN Customer Gateway.
• ike_lifetime - The IKE lifetime of phase 2 VPN connection to
this VPN Customer Gateway.

» Import

VPN customer gateways can be imported; use <VPN CUSTOMER GATEWAY

ID> as the import ID. For example:
terraform import cloudstack_vpn_customer_gateway.default 741a7fca-1d05-4bb6-9290-1008300f0e
When importing into a project you need to prefix the import ID with
the project name:
terraform import cloudstack_vpn_customer_gateway.default my-project/741a7fca-1d05-4bb6-9290

3
7
» cloudstack_vpn_connection

Creates a site to site VPN connection.

» Example Usage

Basic usage:
resource "cloudstack_vpn_connection" "default" {
customer_gateway_id = "8dab9381-ae73-48b8-9a3d-c460933ef5f7"
vpn_gateway_id = "a7900060-f8a8-44eb-be15-ea54cf499703"
}

» Argument Reference

The following arguments are supported:

• customer_gateway_id - (Required) The Customer Gateway ID to
connect. Changing this forces a new resource to be created.
• vpn_gateway_id - (Required) The VPN Gateway ID to connect.
Chang- ing this forces a new resource to be created.

» Attributes Reference

The following attributes are exported:

• id - The ID of the VPN Connection.

3
8