By Steve Strutt 2 min read
June 12, 2020

Secure SSH access to IBM Cloud VPC Gen2 environments for application provisioning with Red Hat Ansible and IBM Cloud Schematics.

With IBM Cloud VPC, it is quick and simple to deploy new applications—a characteristic that becomes even more powerful when coupled with Terraform and Red Hat Ansible to automate the end-to-end deployment of both VPC infrastructure and applications. Applying Infrastructure as Code (IaC) principles, Terraform and Ansible enable open-source-based apps to be deployed repeatably and reliably into VPC Gen2 environments in minutes. 

Terraform modules for IBM Cloud Gen2 VPC

To get users started with Terraform, Red Hat Ansible, and VPC, IBM Cloud Schematics has released Terraform modules for IBM Cloud Gen2 VPC. These modules and an example Terraform template implement a best practice configuration for secure application provisioning with Ansible in VPC environments.

The example delivers an out-of-the-box implementation of SSH access via a bastion host. At the same time, it keeps strong control over network security configuration using VPC Security Groups and network Access Control Lists (ACLs). The configuration also gives Ansible users access to the wide choice of open source software available from public repositories. 

These Terraform 0.12 modules for application provisioning in IBM Cloud VPC environments support the following features:

  • Automation of network ACL and Security Group setup
  • Best practice application of ACLs and Security groups to secure SSH public network access
  • Bastion host deployment and config
  • Multi-tier application support  
  • Network config for multi-zone high availability

More details

For more information on Infrastructure as Code practices and IBM Cloud Schematics, read “IBM Cloud Schematics: Enabling Infrastructure as Code.” The modules and Terraform example can be found in the Cloud Schematics GitHub repo.

For an in-depth review of the VPC security configuration, read the IBM Developer article, “Discover best-practice VPC configuration for application deployment.”

If you have questions, engage our team via Slack by registering here and join the discussion in the #general channel on our public IBM Cloud Schematics Slack channel.

Categories

Cloud  |  Automation  |  devops  | 
Steve Strutt
Architect, IBM Cloud Schematics Service

More from Cloud
October 2, 2023

IBM Tech Now: October 2, 2023

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 86 On this episode, we're covering the following topics: AI on IBM Z IBM Maximo Application Suite 8.11 IBM NS1 Connect Stay plugged in You can check out the IBM Blog Announcements for a…

September 29, 2023

IBM Cloud inactive identities: Ideas for automated processing

4 min read - Regular cleanup is part of all account administration and security best practices, not just for cloud environments. In our blog post on identifying inactive identities, we looked at the APIs offered by IBM Cloud Identity and Access Management (IAM) and how to utilize them to obtain details on IAM identities and API keys. Some readers provided feedback and asked on how to proceed and act on identified inactive identities. In response, we are going lay out possible steps to take.…

September 26, 2023

IBM Cloud VMware as a Service introduces multitenant as a new, cost-efficient consumption model

4 min read - Businesses often struggle with ongoing operational needs like monitoring, patching and maintenance of their VMware infrastructure or the added concerns over capacity management. At the same time, cost efficiency and control are very important. Not all workloads have identical needs and different business applications have variable requirements. For example, production applications and regulated workloads may require strong isolation, but development/testing, training environments, disaster recovery sites or other applications may have lower availability requirements or they can be ephemeral in nature,…

September 26, 2023

IBM accelerates enterprise AI for clients with new capabilities on IBM Z

5 min read - Today, we are excited to unveil a new suite of AI offerings for IBM Z that are designed to help clients improve business outcomes by speeding the implementation of enterprise AI on IBM Z across a wide variety of use cases and industries. We are bringing artificial intelligence (AI) to emerging use cases that our clients (like Swiss insurance provider La Mobilière) have begun exploring, such as enhancing the accuracy of insurance policy recommendations, increasing the accuracy and timeliness of…