June 12, 2020 By Steve Strutt 2 min read

Secure SSH access to IBM Cloud VPC Gen2 environments for application provisioning with Red Hat Ansible and IBM Cloud Schematics.

With IBM Cloud VPC, it is quick and simple to deploy new applications—a characteristic that becomes even more powerful when coupled with Terraform and Red Hat Ansible to automate the end-to-end deployment of both VPC infrastructure and applications. Applying Infrastructure as Code (IaC) principles, Terraform and Ansible enable open-source-based apps to be deployed repeatably and reliably into VPC Gen2 environments in minutes. 

Terraform modules for IBM Cloud Gen2 VPC

To get users started with Terraform, Red Hat Ansible, and VPC, IBM Cloud Schematics has released Terraform modules for IBM Cloud Gen2 VPC. These modules and an example Terraform template implement a best practice configuration for secure application provisioning with Ansible in VPC environments.

The example delivers an out-of-the-box implementation of SSH access via a bastion host. At the same time, it keeps strong control over network security configuration using VPC Security Groups and network Access Control Lists (ACLs). The configuration also gives Ansible users access to the wide choice of open source software available from public repositories. 

These Terraform 0.12 modules for application provisioning in IBM Cloud VPC environments support the following features:

  • Automation of network ACL and Security Group setup
  • Best practice application of ACLs and Security groups to secure SSH public network access
  • Bastion host deployment and config
  • Multi-tier application support  
  • Network config for multi-zone high availability

More details

For more information on Infrastructure as Code practices and IBM Cloud Schematics, read “IBM Cloud Schematics: Enabling Infrastructure as Code.” The modules and Terraform example can be found in the Cloud Schematics GitHub repo.

For an in-depth review of the VPC security configuration, read the IBM Developer article, “Discover best-practice VPC configuration for application deployment.”

If you have questions, engage our team via Slack by registering here and join the discussion in the #general channel on our public IBM Cloud Schematics Slack channel.

More from Cloud

Level up your Kafka applications with schemas

4 min read - Apache Kafka is a well-known open-source event store and stream processing platform and has grown to become the de facto standard for data streaming. In this article, developer Michael Burgess provides an insight into the concept of schemas and schema management as a way to add value to your event-driven applications on the fully managed Kafka service, IBM Event Streams on IBM Cloud®. What is a schema? A schema describes the structure of data. For example: A simple Java class…

SSD vs. NVMe: What’s the difference?

7 min read - Recent technological advancements in data storage have prompted businesses and consumers to move away from traditional hard disk drives (HDDs) towards faster, lower-latency solid-state drive (SSD) technology. In this post, we’re going to look at this new technology, as well as the fastest and most popular protocol available to connect it to a computer’s motherboard—non-volatile memory express (NVMe). While the terms SSD and NVMe are often used to describe two different types of drives, they are actually different data storage…

Business leaders highlight the need for a hybrid cloud approach to unlock the power of generative AI

3 min read - In 2023, organizations have faced an unprecedented level of pressure to digitally transform with the rise of generative AI as well as imperatives such as sustainability, labor productivity and security. The “Cloud Transformation Report,” a new global survey from the IBM Institute for Business Value (IBV), found that many leading enterprises share a common foundation to digital transformation—a clear hybrid cloud strategy.¹ These businesses cite several key benefits to using a hybrid cloud approach to fuel business transformation, including modernization,…

An introduction to Wazi as a Service

4 min read - In today's hyper-competitive digital landscape, the rapid development of new digital services is essential for staying ahead of the curve. However, many organizations face significant challenges when it comes to integrating their core systems, including Mainframe applications, with modern technologies. This integration is crucial for modernizing core enterprise applications on hybrid cloud platforms. Shockingly, a staggering 33% of developers lack the necessary skills or resources, hindering their productivity in delivering products and services. Moreover, 36% of developers struggle with the…

IBM Newsletters

Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters