CloudStack Provider

The CloudStack provider is used to interact with the many resources supported by CloudStack. The provider needs to be
con gured with a URL pointing to a running CloudStack API and the proper credentials before it can be used.

In order to provide the required con guration options you can either supply values for the api_url , api_key and
secret_key elds, or for the config and profile elds. A combination of both is not allowed and will not work.

Use the navigation to the left to read about the available resources.

Example Usage

provider "cloudstack" {
api_url = "${var.cloudstack_api_url}"
api_key = "${var.cloudstack_api_key}"
secret_key = "${var.cloudstack_secret_key}"
}

resource "cloudstack_instance" "web" {

Argument Reference
The following arguments are supported:

api_url - (Optional) This is the CloudStack API URL. It can also be sourced from the CLOUDSTACK_API_URL
environment variable.

api_key - (Optional) This is the CloudStack API key. It can also be sourced from the CLOUDSTACK_API_KEY
environment variable.

secret_key - (Optional) This is the CloudStack secret key. It can also be sourced from the CLOUDSTACK_SECRET_KEY
environment variable.

config - (Optional) The path to a CloudMonkey con g le. If set the API URL, key and secret will be retrieved from
this le.

profile - (Optional) Used together with the config option. Speci es which CloudMonkey pro le in the con g le to
use.

http_get_only - (Optional) Some cloud providers only allow HTTP GET calls to their CloudStack API. If using such a
provider, you need to set this to true in order for the provider to only make GET calls and no POST calls. It can also be
sourced from the CLOUDSTACK_HTTP_GET_ONLY environment variable.
timeout - (Optional) A value in seconds. This is the time allowed for Cloudstack to complete each asynchronous job
triggered. If unset, this can be sourced from the CLOUDSTACK_TIMEOUT environment variable. Otherwise, this will
default to 300 seconds.
cloudstack_template
Use this datasource to get the ID of a template for use in other resources.

Example Usage

data "cloudstack_template" "my_template" {

template_filter = "featured"

filter {
name = "name"
value = "CentOS 7\\.1"
}

filter {
name = "hypervisor"
value = "KVM"
}
}

Argument Reference
template_filter - (Required) The template lter. Possible values are featured , self , selfexecutable ,
sharedexecutable , executable and community (see the Cloudstack API listTemplate command documentation).

filter - (Required) One or more name/value pairs to lter o of. You can apply lters on any exported attributes.

Attributes Reference
The following attributes are exported:

id - The template ID.

account - The account name to which the template belongs.

created - The date this template was created.

display_text - The template display text.

format - The format of the template.

hypervisor - The hypervisor on which the templates runs.

name - The template name.

size - The size of the template.

cloudstack_a nity_group
Creates an a nity group.

Example Usage

resource "cloudstack_affinity_group" "default" {

name = "test-affinity-group"
type = "host anti-affinity"
}

Argument Reference
The following arguments are supported:

name - (Required) The name of the a nity group. Changing this forces a new resource to be created.

description - (Optional) The description of the a nity group.

type - (Required) The a nity group type. Changing this forces a new resource to be created.

project - (Optional) The name or ID of the project to register this a nity group to. Changing this forces a new
resource to be created.

Attributes Reference
The following attributes are exported:

id - The id of the a nity group.

description - The description of the a nity group.

Import
A nity groups can be imported; use <AFFINITY GROUP ID> as the import ID. For example:

terraform import cloudstack_affinity_group.default 6226ea4d-9cbe-4cc9-b30c-b9532146da5b

When importing into a project you need to pre x the import ID with the project name:

terraform import cloudstack_affinity_group.default my-project/6226ea4d-9cbe-4cc9-b30c-b9532146da5b

cloudstack_disk
Creates a disk volume from a disk o ering. This disk volume will be attached to a virtual machine if the optional parameters
are con gured.

Example Usage

resource "cloudstack_disk" "default" {

name = "test-disk"
attach = "true"
disk_offering = "custom"
size = 50
virtual_machine_id = "server-1"
zone = "zone-1"
}

Argument Reference
The following arguments are supported:

name - (Required) The name of the disk volume. Changing this forces a new resource to be created.

attach - (Optional) Determines whether or not to attach the disk volume to a virtual machine (defaults false).

device_id - (Optional) The device ID to map the disk volume to within the guest OS.

disk_offering - (Required) The name or ID of the disk o ering to use for this disk volume.

size - (Optional) The size of the disk volume in gigabytes.

shrink_ok - (Optional) Veri es if the disk volume is allowed to shrink when resizing (defaults false).

virtual_machine_id - (Optional) The ID of the virtual machine to which you want to attach the disk volume.

project - (Optional) The name or ID of the project to deploy this instance to. Changing this forces a new resource to
be created.

zone - (Required) The name or ID of the zone where this disk volume will be available. Changing this forces a new
resource to be created.

Attributes Reference
The following attributes are exported:

id - The ID of the disk volume.

device_id - The device ID the disk volume is mapped to within the guest OS.
Import
Disks can be imported; use <DISK ID> as the import ID. For example:

terraform import cloudstack_disk.default 6f3ee798-d417-4e7a-92bc-95ad41cf1244

When importing into a project you need to pre x the import ID with the project name:

terraform import cloudstack_disk.default my-project/6f3ee798-d417-4e7a-92bc-95ad41cf1244

cloudstack_egress_ rewall
Creates egress rewall rules for a given network.

Example Usage

resource "cloudstack_egress_firewall" "default" {

network_id = "6eb22f91-7454-4107-89f4-36afcdf33021"

rule {
cidr_list = ["10.0.0.0/8"]
protocol = "tcp"
ports = ["80", "1000-2000"]
}
}

Argument Reference
The following arguments are supported:

network_id - (Required) The network ID for which to create the egress rewall rules. Changing this forces a new
resource to be created.

managed - (Optional) USE WITH CAUTION! If enabled all the egress rewall rules for this network will be managed by
this resource. This means it will delete all rewall rules that are not in your con g! (defaults false)

rule - (Optional) Can be speci ed multiple times. Each rule block supports elds documented below. If managed =
false at least one rule is required!

parallelism (Optional) Speci es how much rules will be created or deleted concurrently. (defaults 2)

The rule block supports:

cidr_list - (Required) A CIDR list to allow access to the given ports.

protocol - (Required) The name of the protocol to allow. Valid options are: tcp , udp and icmp .

icmp_type - (Optional) The ICMP type to allow. This can only be speci ed if the protocol is ICMP.

icmp_code - (Optional) The ICMP code to allow. This can only be speci ed if the protocol is ICMP.

ports - (Optional) List of ports and/or port ranges to allow. This can only be speci ed if the protocol is TCP or UDP.

Attributes Reference
The following attributes are exported:

id - The network ID for which the egress rewall rules are created.
cloudstack_ rewall
Creates rewall rules for a given IP address.

Example Usage

resource "cloudstack_firewall" "default" {

ip_address_id = "30b21801-d4b3-4174-852b-0c0f30bdbbfb"

rule {
cidr_list = ["10.0.0.0/8"]
protocol = "tcp"
ports = ["80", "1000-2000"]
}
}

Argument Reference
The following arguments are supported:

ip_address_id - (Required) The IP address ID for which to create the rewall rules. Changing this forces a new
resource to be created.

managed - (Optional) USE WITH CAUTION! If enabled all the rewall rules for this IP address will be managed by this
resource. This means it will delete all rewall rules that are not in your con g! (defaults false)

rule - (Optional) Can be speci ed multiple times. Each rule block supports elds documented below. If managed =
false at least one rule is required!

parallelism (Optional) Speci es how much rules will be created or deleted concurrently. (defaults 2)

The rule block supports:

cidr_list - (Required) A CIDR list to allow access to the given ports.

protocol - (Required) The name of the protocol to allow. Valid options are: tcp , udp and icmp .

icmp_type - (Optional) The ICMP type to allow. This can only be speci ed if the protocol is ICMP.

icmp_code - (Optional) The ICMP code to allow. This can only be speci ed if the protocol is ICMP.

ports - (Optional) List of ports and/or port ranges to allow. This can only be speci ed if the protocol is TCP or UDP.

Attributes Reference
The following attributes are exported:

id - The IP address ID for which the rewall rules are created.

cloudstack_instance
Creates and automatically starts a virtual machine based on a service o ering, disk o ering, and template.

Example Usage

resource "cloudstack_instance" "web" {

name = "server-1"
service_offering = "small"
network_id = "6eb22f91-7454-4107-89f4-36afcdf33021"
template = "CentOS 6.5"
zone = "zone-1"
}

Argument Reference
The following arguments are supported:

name - (Required) The name of the instance.

display_name - (Optional) The display name of the instance.

service_offering - (Required) The name or ID of the service o ering used for this instance.

network_id - (Optional) The ID of the network to connect this instance to. Changing this forces a new resource to be
created.

ip_address - (Optional) The IP address to assign to this instance. Changing this forces a new resource to be created.

template - (Required) The name or ID of the template used for this instance. Changing this forces a new resource to
be created.

root_disk_size - (Optional) The size of the root disk in gigabytes. The root disk is resized on deploy. Only applies to
template-based deployments. Changing this forces a new resource to be created.

group - (Optional) The group name of the instance.

affinity_group_ids - (Optional) List of a nity group IDs to apply to this instance.

affinity_group_names - (Optional) List of a nity group names to apply to this instance.

security_group_ids - (Optional) List of security group IDs to apply to this instance. Changing this forces a new
resource to be created.

security_group_names - (Optional) List of security group names to apply to this instance. Changing this forces a new
resource to be created.

project - (Optional) The name or ID of the project to deploy this instance to. Changing this forces a new resource to
be created.
 zone - (Required) The name or ID of the zone where this instance will be created. Changing this forces a new resource
to be created.

start_vm - (Optional) This determines if the instances is started after it is created (defaults true)

user_data - (Optional) The user data to provide when launching the instance. This can be either plain text or base64
encoded text.

keypair - (Optional) The name of the SSH key pair that will be used to access this instance.

expunge - (Optional) This determines if the instance is expunged when it is destroyed (defaults false)

Attributes Reference
The following attributes are exported:

id - The instance ID.

display_name - The display name of the instance.

Import
Instances can be imported; use <INSTANCE ID> as the import ID. For example:

terraform import cloudstack_instance.default 5cf69677-7e4b-4bf4-b868-f0b02bb72ee0

When importing into a project you need to pre x the import ID with the project name:

terraform import cloudstack_instance.default my-project/5cf69677-7e4b-4bf4-b868-f0b02bb72ee0

cloudstack_ipaddress
Acquires and associates a public IP.

Example Usage

resource "cloudstack_ipaddress" "default" {

network_id = "6eb22f91-7454-4107-89f4-36afcdf33021"
}

Argument Reference
The following arguments are supported:

is_portable - (Optional) This determines if the IP address should be transferable across zones (defaults false)

network_id - (Optional) The ID of the network for which an IP address should be acquired and associated. Changing
this forces a new resource to be created.

vpc_id - (Optional) The ID of the VPC for which an IP address should be acquired and associated. Changing this forces
a new resource to be created.

zone - (Optional) The name or ID of the zone for which an IP address should be acquired and associated. Changing
this forces a new resource to be created.

project - (Optional) The name or ID of the project to deploy this instance to. Changing this forces a new resource to
be created.

NOTE: network_id and/or zone should have a value when is_portable is false ! NOTE: Either network_id or vpc_id
should have a value when is_portable is true !

Attributes Reference
The following attributes are exported:

id - The ID of the acquired and associated IP address.

ip_address - The IP address that was acquired and associated.

cloudstack_loadbalancer_rule
Creates a loadbalancer rule.

Example Usage

resource "cloudstack_loadbalancer_rule" "default" {

name = "loadbalancer-rule-1"
description = "Loadbalancer rule 1"
ip_address_id = "30b21801-d4b3-4174-852b-0c0f30bdbbfb"
algorithm = "roundrobin"
private_port = 80
public_port = 80
member_ids = ["f8141e2f-4e7e-4c63-9362-986c908b7ea7"]
}

Argument Reference
The following arguments are supported:

name - (Required) Name of the loadbalancer rule. Changing this forces a new resource to be created.

description - (Optional) The description of the load balancer rule.

ip_address_id - (Required) Public IP address ID from where the network tra c will be load balanced from. Changing
this forces a new resource to be created.

network_id - (Optional) The network ID this rule will be created for. Required when public IP address is not
associated with any network yet (VPC case).

algorithm - (Required) Load balancer rule algorithm (source, roundrobin, leastconn). Changing this forces a new
resource to be created.

private_port - (Required) The private port of the private IP address (virtual machine) where the network tra c will
be load balanced to. Changing this forces a new resource to be created.

public_port - (Required) The public port from where the network tra c will be load balanced from. Changing this
forces a new resource to be created.

protocol - (Optional) Load balancer protocol (tcp, udp, tcp-proxy). Changing this forces a new resource to be created.

member_ids - (Required) List of instance IDs to assign to the load balancer rule. Changing this forces a new resource
to be created.

project - (Optional) The name or ID of the project to deploy this instance to. Changing this forces a new resource to
be created.

Attributes Reference
The following attributes are exported:

id - The load balancer rule ID.

description - The description of the load balancer rule.

cloudstack_network_acl
Creates a Network ACL for the given VPC.

Example Usage

resource "cloudstack_network_acl" "default" {

name = "test-acl"
vpc_id = "76f6e8dc-07e3-4971-b2a2-8831b0cc4cb4"
}

Argument Reference
The following arguments are supported:

name - (Required) The name of the ACL. Changing this forces a new resource to be created.

description - (Optional) The description of the ACL. Changing this forces a new resource to be created.

project - (Optional) The name or ID of the project to deploy this instance to. Changing this forces a new resource to
be created.

vpc_id - (Required) The ID of the VPC to create this ACL for. Changing this forces a new resource to be created.

Attributes Reference
The following attributes are exported:

id - The ID of the Network ACL

Import
Network ACLs can be imported; use <NETWORK ACL ID> as the import ID. For example:

terraform import cloudstack_network_acl.default e8b5982a-1b50-4ea9-9920-6ea2290c7359

When importing into a project you need to pre x the import ID with the project name:

terraform import cloudstack_network_acl.default my-project/e8b5982a-1b50-4ea9-9920-6ea2290c7359

cloudstack_network_acl_rule
Creates network ACL rules for a given network ACL.

Example Usage

resource "cloudstack_network_acl_rule" "default" {

acl_id = "f3843ce0-334c-4586-bbd3-0c2e2bc946c6"

rule {
action = "allow"
cidr_list = ["10.0.0.0/8"]
protocol = "tcp"
ports = ["80", "1000-2000"]
traffic_type = "ingress"
}
}

Argument Reference
The following arguments are supported:

acl_id - (Required) The network ACL ID for which to create the rules. Changing this forces a new resource to be
created.

managed - (Optional) USE WITH CAUTION! If enabled all the rewall rules for this network ACL will be managed by this
resource. This means it will delete all rewall rules that are not in your con g! (defaults false)

rule - (Optional) Can be speci ed multiple times. Each rule block supports elds documented below. If managed =
false at least one rule is required!

project - (Optional) The name or ID of the project to deploy this instance to. Changing this forces a new resource to
be created.

parallelism (Optional) Speci es how much rules will be created or deleted concurrently. (defaults 2)

The rule block supports:

action - (Optional) The action for the rule. Valid options are: allow and deny (defaults allow).

cidr_list - (Required) A CIDR list to allow access to the given ports.

protocol - (Required) The name of the protocol to allow. Valid options are: tcp , udp , icmp , all or a valid protocol
number.

icmp_type - (Optional) The ICMP type to allow, or -1 to allow any . This can only be speci ed if the protocol is ICMP.
(defaults 0)

icmp_code - (Optional) The ICMP code to allow, or -1 to allow any . This can only be speci ed if the protocol is ICMP.
(defaults 0)
 ports - (Optional) List of ports and/or port ranges to allow. This can only be speci ed if the protocol is TCP, UDP, ALL
or a valid protocol number.

traffic_type - (Optional) The tra c type for the rule. Valid options are: ingress or egress (defaults ingress).

Attributes Reference
The following attributes are exported:

id - The ACL ID for which the rules are created.

cloudstack_network
Creates a network.

Example Usage
Basic usage:

resource "cloudstack_network" "default" {

name = "test-network"
cidr = "10.0.0.0/16"
network_offering = "Default Network"
zone = "zone-1"
}

Argument Reference
The following arguments are supported:

name - (Required) The name of the network.

display_text - (Optional) The display text of the network.

cidr - (Required) The CIDR block for the network. Changing this forces a new resource to be created.

gateway - (Optional) Gateway that will be provided to the instances in this network. Defaults to the rst usable IP in
the range.

startip - (Optional) Start of the IP block that will be available on the network. Defaults to the second available IP in
the range.

endip - (Optional) End of the IP block that will be available on the network. Defaults to the last available IP in the
range.

network_domain - (Optional) DNS domain for the network.

network_offering - (Required) The name or ID of the network o ering to use for this network.

vlan - (Optional) The VLAN number (1-4095) the network will use. This might be required by the Network O ering if
specifyVlan=true is set. Only the ROOT admin can set this value.

vpc_id - (Optional) The VPC ID in which to create this network. Changing this forces a new resource to be created.

acl_id - (Optional) The ACL ID that should be attached to the network or none if you do not want to attach an ACL.
You can dynamically attach and swap ACL's, but if you want to detach an attached ACL and revert to using none , this
will force a new resource to be created. (defaults none )

project - (Optional) The name or ID of the project to deploy this instance to. Changing this forces a new resource to
be created.
 source_nat_ip - (Optional) If set to true a public IP will be associated with the network. This is mainly used when
the network supports the source NAT service which claims the rst associated IP address. This prevents the ability to
manage the IP address as an independent entity.

zone - (Required) The name or ID of the zone where this network will be available. Changing this forces a new
resource to be created.

Attributes Reference
The following attributes are exported:

id - The ID of the network.

display_text - The display text of the network.

network_domain - DNS domain for the network.

source_nat_ip_id - The ID of the associated source NAT IP.

Import
Networks can be imported; use <NETWORK ID> as the import ID. For example:

terraform import cloudstack_network.default 36619b20-5584-43bf-9a84-e242bacd5582

When importing into a project you need to pre x the import ID with the project name:

terraform import cloudstack_network.default my-project/36619b20-5584-43bf-9a84-e242bacd5582

cloudstack_nic
Creates an additional NIC to add a VM to the speci ed network.

Example Usage
Basic usage:

resource "cloudstack_nic" "test" {

network_id = "6eb22f91-7454-4107-89f4-36afcdf33021"
ip_address = "192.168.1.1"
virtual_machine_id = "f8141e2f-4e7e-4c63-9362-986c908b7ea7"
}

Argument Reference
The following arguments are supported:

network_id - (Required) The ID of the network to plug the NIC into. Changing this forces a new resource to be
created.

ip_address - (Optional) The IP address to assign to the NIC. Changing this forces a new resource to be created.

virtual_machine_id - (Required) The ID of the virtual machine to which to attach the NIC. Changing this forces a
new resource to be created.

Attributes Reference
The following attributes are exported:

id - The ID of the NIC.

ip_address - The assigned IP address.

cloudstack_port_forward
Creates port forwards.

Example Usage

resource "cloudstack_port_forward" "default" {

ip_address_id = "30b21801-d4b3-4174-852b-0c0f30bdbbfb"

forward {
protocol = "tcp"
private_port = 80
public_port = 8080
virtual_machine_id = "f8141e2f-4e7e-4c63-9362-986c908b7ea7"
}
}

Argument Reference
The following arguments are supported:

ip_address_id - (Required) The IP address ID for which to create the port forwards. Changing this forces a new
resource to be created.

managed - (Optional) USE WITH CAUTION! If enabled all the port forwards for this IP address will be managed by this
resource. This means it will delete all port forwards that are not in your con g! (defaults false)

project - (Optional) The name or ID of the project to create this port forward in. Changing this forces a new resource
to be created.

forward - (Required) Can be speci ed multiple times. Each forward block supports elds documented below.

The forward block supports:

protocol - (Required) The name of the protocol to allow. Valid options are: tcp and udp .

private_port - (Required) The private port to forward to.

public_port - (Required) The public port to forward from.

virtual_machine_id - (Required) The ID of the virtual machine to forward to.

vm_guest_ip - (Optional) The virtual machine IP address for the port forwarding rule (useful when the virtual
machine has secondairy NICs or IP addresses).

Attributes Reference
The following attributes are exported:
id - The ID of the IP address for which the port forwards are created.

vm_guest_ip - The IP address of the virtual machine that is used for the port forwarding rule.
cloudstack_private_gateway
Creates a private gateway for the given VPC.

NOTE: private gateway can only be created using a ROOT account!

Example Usage

resource "cloudstack_private_gateway" "default" {

gateway = "10.0.0.1"
ip_address = "10.0.0.2"
netmask = "255.255.255.252"
vlan = "200"
vpc_id = "76f6e8dc-07e3-4971-b2a2-8831b0cc4cb4"
}

Argument Reference
The following arguments are supported:

gateway - (Required) the gateway of the Private gateway. Changing this forces a new resource to be created.

ip_address - (Required) the IP address of the Private gateway. Changing this forces a new resource to be created.

netmask - (Required) The netmask of the Private gateway. Changing this forces a new resource to be created.

vlan - (Required) The VLAN number (1-4095) the network will use.

physical_network_id - (Optional) The ID of the physical network this private gateway belongs to.

network_offering - (Optional) The name or ID of the network o ering to use for the private gateways network
connection.

acl_id - (Required) The ACL ID that should be attached to the network.

vpc_id - (Required) The VPC ID in which to create this Private gateway. Changing this forces a new resource to be
created.

Attributes Reference
The following attributes are exported:

id - The ID of the private gateway.

Import
Private gateways can be imported; use <PRIVATE GATEWAY ID> as the import ID. For example:
terraform import cloudstack_private_gateway.default e42a24d2-46cb-4b18-9d41-382582fad309
cloudstack_secondary_ipaddress
Assigns a secondary IP to a NIC.

Example Usage

resource "cloudstack_secondary_ipaddress" "default" {

virtual_machine_id = "server-1"
}

Argument Reference
The following arguments are supported:

ip_address - (Optional) The IP address to bind the to NIC. If not supplied an IP address will be selected randomly.
Changing this forces a new resource to be created.

nic_id - (Optional) The NIC ID to which you want to attach the secondary IP address. Changing this forces a new
resource to be created (defaults to the ID of the primary NIC)

virtual_machine_id - (Required) The ID of the virtual machine to which you want to attach the secondary IP
address. Changing this forces a new resource to be created.

Attributes Reference
The following attributes are exported:

id - The secondary IP address ID.

ip_address - The IP address that was acquired and associated.

cloudstack_security_group
Creates a security group.

Example Usage

resource "cloudstack_security_group" "default" {

name = "allow_web"
description = "Allow access to HTTP and HTTPS"
}

Argument Reference
The following arguments are supported:

name - (Required) The name of the security group. Changing this forces a new resource to be created.

description - (Optional) The description of the security group. Changing this forces a new resource to be created.

project - (Optional) The name or ID of the project to create this security group in. Changing this forces a new
resource to be created.

Attributes Reference
The following attributes are exported:

id - The ID of the security group.

Import
Security groups can be imported; use <SECURITY GROUP ID> as the import ID. For example:

terraform import cloudstack_security_group.default e54970f1-f563-46dd-a365-2b2e9b78c54b

When importing into a project you need to pre x the import ID with the project name:

terraform import cloudstack_security_group.default my-project/e54970f1-f563-46dd-a365-2b2e9b78c54b

cloudstack_security_group_rule
Authorizes and revokes both ingress and egress rulea for a given security group.

Example Usage

resource "cloudstack_security_group_rule" "web" {

security_group_id = "e340b62b-fbc2-4081-8f67-e40455c44bce"

rule {
cidr_list = ["0.0.0.0/0"]
protocol = "tcp"
ports = ["80", "443"]
}

rule {
cidr_list = ["192.168.0.0/24", "192.168.1.0/25"]
protocol = "tcp"
ports = ["80-90", "443"]
traffic_type = "egress"
user_security_group_list = ["group01", "group02"]
}
}

Argument Reference
The following arguments are supported:

security_group_id - (Required) The security group ID for which to create the rules. Changing this forces a new
resource to be created.

rule - (Required) Can be speci ed multiple times. Each rule block supports elds documented below.

project - (Optional) The name or ID of the project in which the security group is created. Changing this forces a new
resource to be created.

parallelism (Optional) Speci es how much rules will be created or deleted concurrently. (defaults 2)

The rule block supports:

cidr_list - (Optional) A CIDR list to allow access to the given ports.

protocol - (Required) The name of the protocol to allow. Valid options are: tcp , udp , icmp , all or a valid protocol
number.

icmp_type - (Optional) The ICMP type to allow, or -1 to allow any . This can only be speci ed if the protocol is ICMP.
(defaults 0)

icmp_code - (Optional) The ICMP code to allow, or -1 to allow any . This can only be speci ed if the protocol is ICMP.
(defaults 0)
 ports - (Optional) List of ports and/or port ranges to allow. This can only be speci ed if the protocol is TCP, UDP, ALL
or a valid protocol number.

traffic_type - (Optional) The tra c type for the rule. Valid options are: ingress or egress . (defaults ingress)

user_security_group_list - (Optional) A list of security groups to apply the rules to.

Attributes Reference
The following attributes are exported:

id - The security group ID for which the rules are created.

cloudstack_ssh_keypair
Creates or registers an SSH key pair.

Example Usage

resource "cloudstack_ssh_keypair" "default" {

name = "myKey"
public_key = "${file("~
~ /.ssh/id_rsa.pub
pub")}"
project = "myProject"
}

Argument Reference
The following arguments are supported:

name - (Required) The name of the SSH key pair. This is a unique value within a CloudStack account. Changing this
forces a new resource to be created.

public_key - (Optional) The public key to register with CloudStack. If this is omitted, CloudStack will generate a new
key pair. The key can be loaded from a le on disk using the file() function
(https://www.terraform.io/docs/con guration/functions/ le.html). Changing this forces a new resource to be created.

project - (Optional) The name or ID of the project to register this key to. Changing this forces a new resource to be
created.

Attributes Reference
The following attributes are exported:

id - The key pair ID.

fingerprint - The ngerprint of the public key speci ed or created.

private_key - The private key generated by CloudStack. Only available if CloudStack generated the key pair.
cloudstack_static_nat
Enables static NAT for a given IP address

Example Usage

resource "cloudstack_static_nat" "default" {

ip_address_id = "f8141e2f-4e7e-4c63-9362-986c908b7ea7"
virtual_machine_id = "6ca2a163-bc68-429c-adc8-ab4a620b1bb3"
}

Argument Reference
The following arguments are supported:

ip_address_id - (Required) The public IP address ID for which static NAT will be enabled. Changing this forces a new
resource to be created.

virtual_machine_id - (Required) The virtual machine ID to enable the static NAT feature for. Changing this forces a
new resource to be created.

vm_guest_ip - (Optional) The virtual machine IP address to forward the static NAT tra c to (useful when the virtual
machine has secondary NICs or IP addresses). Changing this forces a new resource to be created.

project - (Optional) The name or ID of the project to deploy this instance to. Changing this forces a new resource to
be created.

Attributes Reference
The following attributes are exported:

id - The static nat ID.

vm_guest_ip - The IP address of the virtual machine that is used to forward the static NAT tra c to.
cloudstack_static_route
Creates a static route for the given private gateway or VPC.

Example Usage

resource "cloudstack_static_route" "default" {

cidr = "10.0.0.0/16"
gateway_id = "76f607e3-e8dc-4971-8831-b2a2b0cc4cb4"
}

Argument Reference
The following arguments are supported:

cidr - (Required) The CIDR for the static route. Changing this forces a new resource to be created.

gateway_id - (Required) The ID of the Private gateway. Changing this forces a new resource to be created.

Attributes Reference
The following attributes are exported:

id - The ID of the static route.

cloudstack_template
Registers an existing template into the CloudStack cloud.

Example Usage

resource "cloudstack_template" "centos64" {

name = "CentOS 6.4 x64"
format = "VHD"
hypervisor = "XenServer"
os_type = "CentOS 6.4 (64bit)"
url = "http://someurl.com/template.vhd"
zone = "zone-1"
}

Argument Reference
The following arguments are supported:

name - (Required) The name of the template.

display_text - (Optional) The display name of the template.

format - (Required) The format of the template. Valid values are QCOW2 , RAW , and VHD .

hypervisor - (Required) The target hypervisor for the template. Changing this forces a new resource to be created.

os_type - (Required) The OS Type that best represents the OS of this template.

url - (Required) The URL of where the template is hosted. Changing this forces a new resource to be created.

project - (Optional) The name or ID of the project to create this template for. Changing this forces a new resource to
be created.

zone - (Optional) The name or ID of the zone where this template will be created. Changing this forces a new resource
to be created.

is_dynamically_scalable - (Optional) Set to indicate if the template contains tools to support dynamic scaling of
VM cpu/memory (defaults false)

is_extractable - (Optional) Set to indicate if the template is extractable (defaults false)

is_featured - (Optional) Set to indicate if the template is featured (defaults false)

is_public - (Optional) Set to indicate if the template is available for all accounts (defaults true)

password_enabled - (Optional) Set to indicate if the template should be password enabled (defaults false)

is_ready_timeout - (Optional) The maximum time in seconds to wait until the template is ready for use (defaults 300
seconds)
Attributes Reference
The following attributes are exported:

id - The template ID.

display_text - The display text of the template.

is_dynamically_scalable - Set to "true" if the template is dynamically scalable.

is_extractable - Set to "true" if the template is extractable.

is_featured - Set to "true" if the template is featured.

is_public - Set to "true" if the template is public.

password_enabled - Set to "true" if the template is password enabled.

is_ready - Set to "true" once the template is ready for use.

cloudstack_vpc
Creates a VPC.

Example Usage
Basic usage:

resource "cloudstack_vpc" "default" {

name = "test-vpc"
cidr = "10.0.0.0/16"
vpc_offering = "Default VPC Offering"
zone = "zone-1"
}

Argument Reference
The following arguments are supported:

name - (Required) The name of the VPC.

display_text - (Optional) The display text of the VPC.

cidr - (Required) The CIDR block for the VPC. Changing this forces a new resource to be created.

vpc_offering - (Required) The name or ID of the VPC o ering to use for this VPC. Changing this forces a new
resource to be created.

network_domain - (Optional) The default DNS domain for networks created in this VPC. Changing this forces a new
resource to be created.

project - (Optional) The name or ID of the project to deploy this instance to. Changing this forces a new resource to
be created.

zone - (Required) The name or ID of the zone where this disk volume will be available. Changing this forces a new
resource to be created.

Attributes Reference
The following attributes are exported:

id - The ID of the VPC.

display_text - The display text of the VPC.

source_nat_ip - The source NAT IP assigned to the VPC.

Import
VPCs can be imported; use <VPC ID> as the import ID. For example:

terraform import cloudstack_vpc.default 84b23264-917a-4712-b8bf-cd7604db43b0

When importing into a project you need to pre x the import ID with the project name:

terraform import cloudstack_vpc.default my-project/84b23264-917a-4712-b8bf-cd7604db43b0

cloudstack_vpn_connection
Creates a site to site VPN connection.

Example Usage
Basic usage:

resource "cloudstack_vpn_connection" "default" {

customer_gateway_id = "8dab9381-ae73-48b8-9a3d-c460933ef5f7"
vpn_gateway_id = "a7900060-f8a8-44eb-be15-ea54cf499703"
}

Argument Reference
The following arguments are supported:

customer_gateway_id - (Required) The Customer Gateway ID to connect. Changing this forces a new resource to be
created.

vpn_gateway_id - (Required) The VPN Gateway ID to connect. Changing this forces a new resource to be created.

Attributes Reference
The following attributes are exported:

id - The ID of the VPN Connection.

cloudstack_vpn_customer_gateway
Creates a site to site VPN local customer gateway.

Example Usage
Basic usage:

resource "cloudstack_vpn_customer_gateway" "default" {

name = "test-vpc"
cidr = "10.0.0.0/8"
esp_policy = "aes256-sha1;modp1024"
gateway = "192.168.0.1"
ike_policy = "aes256-sha1;modp1024"
ipsec_psk = "terraform"
}

Argument Reference
The following arguments are supported:

name - (Required) The name of the VPN Customer Gateway.

cidr - (Required) The CIDR block that needs to be routed through this gateway.

esp_policy - (Required) The ESP policy to use for this VPN Customer Gateway.

gateway - (Required) The public IP address of the related VPN Gateway.

ike_policy - (Required) The IKE policy to use for this VPN Customer Gateway.

ipsec_psk - (Required) The IPSEC pre-shared key used for this gateway.

dpd - (Optional) If DPD is enabled for the related VPN connection (defaults false)

esp_lifetime - (Optional) The ESP lifetime of phase 2 VPN connection to this VPN Customer Gateway in seconds
(defaults 86400)

ike_lifetime - (Optional) The IKE lifetime of phase 2 VPN connection to this VPN Customer Gateway in seconds
(defaults 86400)

project - (Optional) The name or ID of the project to create this VPN Customer Gateway in. Changing this forces a
new resource to be created.

Attributes Reference
The following attributes are exported:

id - The ID of the VPN Customer Gateway.

 dpd - Enable or disable DPD is enabled for the related VPN connection.

esp_lifetime - The ESP lifetime of phase 2 VPN connection to this VPN Customer Gateway.

ike_lifetime - The IKE lifetime of phase 2 VPN connection to this VPN Customer Gateway.

Import
VPN customer gateways can be imported; use <VPN CUSTOMER GATEWAY ID> as the import ID. For example:

terraform import cloudstack_vpn_customer_gateway.default 741a7fca-1d05-4bb6-9290-1008300f0e5a

When importing into a project you need to pre x the import ID with the project name:

terraform import cloudstack_vpn_customer_gateway.default my-project/741a7fca-1d05-4bb6-9290-1008300f0e5a

cloudstack_vpn_gateway
Creates a site to site VPN local gateway.

Example Usage
Basic usage:

resource "cloudstack_vpn_gateway" "default" {

vpc_id = "f8141e2f-4e7e-4c63-9362-986c908b7ea7"
}

Argument Reference
The following arguments are supported:

vpc_id - (Required) The ID of the VPC for which to create the VPN Gateway. Changing this forces a new resource to be
created.

Attributes Reference
The following attributes are exported:

id - The ID of the VPN Gateway.

public_ip - The public IP address associated with the VPN Gateway.

Import
VPC gateways can be imported; use <VPN GATEWAY ID> as the import ID. For example:

terraform import cloudstack_vpn_gateway.default 49cf1821-3b9f-4627-be19-8a15ffec508d