Exoscale Terraform Provider

Exoscale Provider

Configuration

The following provider-level settings are supported, either via HCL parameters or environment variables:

key / EXOSCALE_API_KEY: Exoscale account API key
secret / EXOSCALE_API_SECRET: Exoscale account API secret
timeout: Global async operations waiting time in seconds (default: 300)

At least an Exoscale API key and secret must be provided to use the Exoscale Terraform provider.

Example

terraform {
  required_providers {
    exoscale = {
      source  = "exoscale/exoscale"
    }
  }
  
  # backend "s3" {
  #   Optional backend configuration. See below!
  # } 
}

variable "exoscale_api_key" { 
  type = string 
}
variable "exoscale_api_secret" { 
  type = string 
}

provider "exoscale" {
  key    = var.exoscale_api_key
  secret = var.exoscale_api_secret
}

Terraform Backend (Optional)

If you want to use Simple Object Storage (SOS) as a Terraform backend to persist the Terraform state (terraform.tfstate object), you can extend the configuration above with the following:

backend "s3" {
  bucket = "exoscale-terraform-state"
  key    = "terraform.tfstate"
  region = "ch-gva-2"
  
  endpoints = {
    s3 = "https://sos-ch-gva-2.exo.io"
  }
  
  # Disable AWS-specific features
  skip_credentials_validation = true
  skip_region_validation      = true
  skip_requesting_account_id  = true
}

The specified bucket must already exist and must be accessible by the Exoscale IAM policy attached to your IAM api-key.

The S3 backend is coupled with AWS-specific nomenclature. The environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY must be set to the Exoscale IAM api-key and api-secret respectively:

# Assuming you have stored your Exoscale api-key and api-secret in `pass`
export AWS_ACCESS_KEY_ID="$(pass exoscale/api_key)" 
export AWS_SECRET_ACCESS_KEY="$(pass exoscale/api_secret)"

terraform init

Fine-tuning Timeout durations

In addition of the global timeout provider setting, the waiting time of async operations can be fine-tuned per resource and per operation type:

resource "exoscale_instance_pool" "web" {
  # ...

  timeouts {
    create = "1m"
    read   = "2m"
    update = "3m"
    delete = "4m"
  }
}

Usage

Here is a simple HCL configuration provisioning an Exoscale Compute instance:

terraform {
  required_providers {
    exoscale = {
      source  = "exoscale/exoscale"
    }
  }
}

variable "exoscale_api_key" {
  type = string
}
variable "exoscale_api_secret" {
  type = string
}

provider "exoscale" {
  key    = var.exoscale_api_key
  secret = var.exoscale_api_secret
}

locals {
  my_zone     = "ch-gva-2"
  my_template = "Linux Ubuntu 22.04 LTS 64-bit"
}

data "exoscale_template" "my_template" {
  zone = local.my_zone
  name = local.my_template
}

resource "exoscale_compute_instance" "my_instance" {
  zone        = local.my_zone
  name        = "my-instance"

  template_id = data.exoscale_template.my_template.id
  type        = "standard.medium"
  disk_size   = 10

  user_data   = "#cloud-config\npackage_upgrade: true\n"
}

Terraform init

Without a backend, the following command will initialize the provider and create the Terraform state file:

terraform init

Output:

Initializing the backend...

Initializing provider plugins...
- Finding latest version of exoscale/exoscale...
- Installing exoscale/exoscale v0.38.0...
- Installed exoscale/exoscale v0.38.0 (signed by a HashiCorp partner, key ID 81426F034A3D05F7)

...

Terraform apply

terraform apply \
  -var exoscale_api_key=$EXOSCALE_API_KEY \
  -var exoscale_api_secret=$EXOSCALE_API_SECRET

Output:

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # exoscale_compute_instance.my-server will be created
  + resource "exoscale_compute_instance" "my-server" {
      + created_at        = (known after apply)
      + disk_size         = 50
      + id                = (known after apply)
      + ipv6              = false
      + ipv6_address      = (known after apply)
      + name              = "my-instance"
      + public_ip_address = (known after apply)
      + ssh_key           = "my-ssh-key"
      + state             = (known after apply)
      + template_id       = "3ebca0c5-63f4-4055-b325-3cef0e68fa98"
      + type              = "standard.medium"
      + user_data         = <<-EOT
            #cloud-config
            package_upgrade: true
        EOT
      + zone              = "ch-gva-2"
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value:
...

Additional examples can be found in the examples directory of the source code.

Simple Object Storage (SOS)

The Exoscale provider does not manage SOS resources. As SOS is S3-compatible, Terraform AWS provider can be used instead to manage your SOS resources.