Secure SSH access to IBM Cloud VPC Gen2 environments for application provisioning with Red Hat Ansible and IBM Cloud Schematics.
With IBM Cloud VPC, it is quick and simple to deploy new applications—a characteristic that becomes even more powerful when coupled with Terraform and Red Hat Ansible to automate the end-to-end deployment of both VPC infrastructure and applications. Applying Infrastructure as Code (IaC) principles, Terraform and Ansible enable open-source-based apps to be deployed repeatably and reliably into VPC Gen2 environments in minutes.
Terraform modules for IBM Cloud Gen2 VPC
To get users started with Terraform, Red Hat Ansible, and VPC, IBM Cloud Schematics has released Terraform modules for IBM Cloud Gen2 VPC. These modules and an example Terraform template implement a best practice configuration for secure application provisioning with Ansible in VPC environments.
The example delivers an out-of-the-box implementation of SSH access via a bastion host. At the same time, it keeps strong control over network security configuration using VPC Security Groups and network Access Control Lists (ACLs). The configuration also gives Ansible users access to the wide choice of open source software available from public repositories.
These Terraform 0.12 modules for application provisioning in IBM Cloud VPC environments support the following features:
- Automation of network ACL and Security Group setup
- Best practice application of ACLs and Security groups to secure SSH public network access
- Bastion host deployment and config
- Multi-tier application support
- Network config for multi-zone high availability
More details
For more information on Infrastructure as Code practices and IBM Cloud Schematics, read “IBM Cloud Schematics: Enabling Infrastructure as Code.” The modules and Terraform example can be found in the Cloud Schematics GitHub repo.
For an in-depth review of the VPC security configuration, read the IBM Developer article, “Discover best-practice VPC configuration for application deployment.”
If you have questions, engage our team via Slack by registering here and join the discussion in the #general channel on our public IBM Cloud Schematics Slack channel.