News
BackResources in Multiple Projects With Terraform
You can use our Terraform provider to manage your resources at cloudscale.ch "as code". By grouping your cloud resources into different projects, you can separate them clearly according to your specific requirements. In the following we would like to introduce a Terraform feature that is easy to overlook, but that you can use to combine these benefits in order to use a single Terraform repository to manage cloud resources in multiple projects.
Terraform: infrastructure as Code
Terraform enables you to define the required cloud infrastructure in the form of configuration files. Based on this configuration, Terraform then creates the actual cloud resources via the API. In day-to-day operations, if there have been deviations in practice, Terraform can then recreate the state based on the configuration and apply any changes made to the configuration to the real setup. Terraform configs are also often managed in a version control repository, such as Git, and used as part of a CI/CD pipeline.
Projects: order, security and transparency
At cloudscale.ch, cloud resources such as servers and volumes are created in projects. Projects enable resources to be grouped, e.g. for each end client or in order to separate dev and prod environments. If several participants are working with cloud resources, access rights can be determined for individuals and teams on a project-by-project basis. Finally, the costs for each project can be displayed separately and can then be further broken down according to resources.
API tokens for the cloudscale.ch API are also linked to a project and only allow access to resources within that project. In practice, it may therefore be desirable e.g. to create a backup server in its own separate project. This means that an API token in the primary project that is frequently used in day-to-day operations (e.g. to move a Floating IP between servers) cannot be used to make changes to the backup server.
Central management in Terraform
If you want to create all your resources at once with Terraform, you will face the issue of how to use the cloudscale-ch provider with multiple API tokens. The solution consists of creating two provider
blocks, i.e. instantiating the provider twice and adding an alias
to one instance. You can then assign a separate API token to each instance.
This will look like this:
terraform {
required_providers {
cloudscale = {
source = "cloudscale-ch/cloudscale"
}
}
}
# Define variables for the API tokens
variable "cloudscale_api_token" {}
variable "cloudscale_backup_api_token" {}
# Define the provider for the default project
provider "cloudscale" {
token = var.cloudscale_api_token
}
# Define the provider for the second project with an alias
provider "cloudscale" {
alias = "backup"
token = var.cloudscale_backup_api_token
}
You can declare the resources in the first project as usual:
# Create servers using the default provider
# in the first project
resource "cloudscale_server" "demo-server" {
name = "demo-server-${count.index + 1}"
flavor_slug = "plus-8-4"
image_slug = "ubuntu-22.04"
ssh_keys = [file("~/.ssh/id_ed25519.pub")]
zone_slug = "lpg1"
count = 3
}
The resources that belong to the second project are then additionally given the provider keyword as an extension.
# Create a backup server using the aliased provider
# in the second project
resource "cloudscale_server" "backup-server" {
# Use the aliased provider
provider = cloudscale.backup
name = "backup-server"
flavor_slug = "flex-4-2"
image_slug = "ubuntu-22.04"
ssh_keys = [file("~/.ssh/id_ed25519.pub")]
zone_slug = "rma1"
}
Now all the resources in both projects can be created at once:
terraform apply -var="cloudscale_api_token=$TOKEN1" \
-var="cloudscale_backup_api_token=$TOKEN2"
Incidentally, as it is a Terraform feature, you can not only use the alias
keyword at cloudscale.ch to specify multiple API tokens, but generally whenever you want to use an otherwise identical provider
block with different parameters.
Choose the right approach for you to manage your resources at cloudscale.ch, depending on the specific setup, participants and preferred way of working for each case. Even if you spread your cloud resources across multiple projects in the process, you can use alias
instances of the cloudscale-ch
provider to bring the threads together in a single consolidated Terraform repository.
One goal, many names:
Your cloudscale.ch team