IBM Cloud Private Path module

The Private Path solution solves security, privacy and complexity problems. Through Private Path, providers can deliver their services over the IBM Cloud private network backbone, ensuring secure and private interactions for consumers. Providers can offer their services to IBM Cloud customers over Private Path using the IBM Cloud infrastructure. Private Path components are used when connecting to IBM Cloud services, and can now be used for third-party applications and services. Learn more

Overview

• terraform-ibm-vpc-private-path
• Examples
  • Advanced example
• Contributing

terraform-ibm-vpc-private-path

Usage

terraform {
  required_version = ">= 1.9.0"
  required_providers {
    ibm = {
      source  = "IBM-Cloud/ibm"
      version = "X.Y.Z"  # Lock into a provider version that satisfies the module constraints
    }
  }
}

locals {
    region = "us-south"
}

provider "ibm" {
  ibmcloud_api_key = "XXXXXXXXXX"  # replace with apikey value
  region           = local.region
}

module "private_path" {
  source                         = "terraform-ibm-modules/vpc-private-path/ibm"
  resource_group_id              = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX" # Replace with the actual ID of resource group to use
  subnet_id                      = "xxXXxxXXxXxXXXXxxXxxxXXXXxXXXXX" # Replace with the actual ID of subnet to use
  nlb_name                       = "nlb-name"
  private_path_name              = "private-path-name"
  private_path_service_endpoints = ["vpc-pps.example.com"]
}

Required access policies

You need the following permissions to run this module.

• Account Management
  • Resource Group service
    • Viewer platform access
• IAM Services
  • VPC Infrastructure Services service
    • Editor platform access

Requirements

Name	Version
terraform	>= 1.9.0
ibm	>= 1.78.2, < 2.0.0

Modules

No modules.

Resources

Name	Type
ibm_is_lb.ppnlb	resource
ibm_is_lb_listener.listener	resource
ibm_is_lb_pool.pool	resource
ibm_is_lb_pool_member.nlb_pool_members	resource
ibm_is_private_path_service_gateway.private_path	resource
ibm_is_private_path_service_gateway_account_policy.private_path_account_policies	resource
ibm_is_private_path_service_gateway_operations.private_path_publish	resource

Inputs

Name	Description	Type	Default	Required
access_tags	A list of access tags to apply to the private path service created by the module, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial for more details	list(string)	[]	no
nlb_backend_pools	A list describing backend pools for the private path network load balancer.	list(object({ pool_name = string pool_algorithm = optional(string, "round_robin") pool_health_delay = optional(number, 5) pool_health_retries = optional(number, 2) pool_health_timeout = optional(number, 2) pool_health_type = optional(string, "tcp") pool_health_monitor_url = optional(string, "/") pool_health_monitor_port = optional(number, 80) pool_member_port = optional(number) pool_member_instance_ids = optional(list(string), []) pool_member_application_load_balancer_id = optional(string) listener_port = optional(number) listener_accept_proxy_protocol = optional(bool, false) }))	[]	no
nlb_name	The name of the private path netwrok load balancer.	string	"pp-nlb"	no
private_path_account_policies	The account-specific connection request policies.	list(object({ account = string access_policy = string }))	[]	no
private_path_default_access_policy	The policy to use for bindings from accounts without an explicit account policy. The default policy is set to Review all requests. Supported options are permit, deny, or review.	string	"review"	no
private_path_name	The name of the Private Path service for VPC.	string	n/a	yes
private_path_publish	Set this variable to true to allows any account to request access to to the Private Path service. If need be, you can also unpublish where access is restricted to the account that created the Private Path service by setting this variable to false.	bool	false	no
private_path_service_endpoints	The list of name for the service endpoint where you want to connect your Private Path service. Enter a maximum number of 10 unique endpoint names for your service.	list(string)	n/a	yes
private_path_zonal_affinity	When enabled, the endpoint service preferentially permits connection requests from endpoints in the same zone. Without zonal affinity, requests are distributed to all instances in any zone.	bool	false	no
resource_group_id	The ID of the resource group where you want to create the service.	string	n/a	yes
subnet_id	ID of subnet.	string	n/a	yes
tags	Optional list of tags to be added to the private path service.	list(string)	[]	no

Outputs

Name	Description
account_policy_id	The unique identifier of the PrivatePathServiceGatewayAccountPolicy.
lb_crn	The CRN for this load balancer.
lb_id	The unique identifier of the load balancer.
listener_id	The unique identifier of the load balancer listener.
pool_id	The unique identifier of the load balancer pool.
pool_member_id	The unique identifier of the load balancer pool member.
private_path_crn	The CRN for this private path service gateway.
private_path_id	The unique identifier of the PrivatePathServiceGateway.
private_path_vpc	The VPC this private path service gateway resides in.

Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.

To set up your local development environment, see Local development setup in the project documentation.