Intel® Optimized Cloud Modules for Terraform

© Copyright 2025, Intel Corporation

IBM VPC Compute Instance

This module provides the functionality to ensure that you are utilizing Intel's latest generation processor in the creation of a virtual machine in IBM Cloud in a VPC.

This Optimized Cloud Module leverages Intel's 4th Generation Intel® Xeon® Scalable processors, the Intel 8474C processor (previously code named Sapphire Rapids). This is IBM's 3rd generation profile labeled with the bx3d, cx3d, andmx3d prefixes. These are available in the Dallas, London, and Frankfurt regions as of 3/18/2024. See https://cloud.ibm.com/docs/vpc?topic=vpc-profiles&interface=ui for availability updates.

Performance Data

Find all the information below plus even more by navigating our full library

4th Gen Intel® Xeon® Scalable Processor (Sapphire Rapids)

Usage

See examples folder for code:

• Single Instance created in existing VPC - ./examples/intel-ibm-linux-vpc
• Single Instances with multiple data disks in existing VPC - ./examples/intel-ibm-linux-vpc-multidisk

This module is designed to allow you to provision a virtual machine in an existing IBM cloud account where you have a VPC created. You will need to provide several variables to specify certain settings. These settings include:

Required Variables:

• region = name of the IBM Cloud region you want to use
• name = (This is the VM name, and it will also be used in the name of the Security Group that gets created)
• profile_name = Instance size and family
• resource_group_id = This is the unique ID of the IBM cloud resource group that you want to use.
• vpc_id = The unique ID of the VPC that you want to use.
• subnet_id = The unique ID of the subnet that you want to use.
• ssh_key_ids = List of the unique SSH Key ID's that you want to add to the instance once it is created. Seperate ID's with commas to add more than one to the Instance.
• allow_ssh_from = IP Address that you want to allow SSH access to your instance's public ip address. Security best practices is to not allow 0.0.0.0/0 and specify your ip or range of ip addresses.
• image_name = This will be the OS image that you want to use for your instance.

Example of how to pass variable :

# terraform apply -var="region=us-south" -var="name=name1"

Environment variables can also be used https://www.terraform.io/language/values/variables#environment-variables

Provision Intel Cloud Optimization Module module "module-example" { source = "github.com/intel/terraform-intel-ibm-vm" }

Run Terraform test

terraform init  
terraform plan
terraform apply

Note that this example may create resources. Run terraform destroy when you don't need these resources anymore. Example of how to pass variable :

# terraform destroy -var="region=us-south" -var="name=name1"

Considerations

Requirements

Name	Version
terraform	>=1.3.0
ibm	~> 1.53.0
random	~>3.4.3

Providers

Name	Version
ibm	~> 1.53.0

Modules

No modules.

Resources

Name	Type
ibm_is_floating_ip.vpcinstance	resource
ibm_is_instance.vpcinstance	resource
ibm_is_security_group.vpcinstance	resource
ibm_is_security_group_rule.additional_all_rules	resource
ibm_is_security_group_rule.additional_icmp_rules	resource
ibm_is_security_group_rule.additional_udp_rules	resource
ibm_is_security_group_rule.allow_outbound	resource
ibm_is_security_group_rule.ssh_inbound	resource
ibm_is_security_group_rule.ssh_to_self_public_ip	resource
ibm_is_volume.volumes	resource
ibm_is_image.image	data source
ibm_is_subnet.subnet	data source

Inputs

Name	Description	Type	Default	Required
access_tags	A list of access management tags to attach to the instance.	list(any)	[]	no
all_auto_delete_volume	If set to true, automatically deletes the volumes that are attached to an instance.	bool	null	no
allow_outbound	An IP address, a CIDR block, or a single security group identifier to allow outbound network connections	string	"0.0.0.0/0"	no
allow_ssh_from	An IP address, a CIDR block, or a single security group identifier to allow incoming SSH connection to the instance	string	"0.0.0.0/0"	no
availability_policy_host_failure	The availability policy to use for this virtual server instance. The action to perform if the compute host experiences a failure. Supported values are restart and stop.	string	null	no
boot_volume_auto_delete_volume	If set to true, when deleting the instance the volume will also be deleted.	string	null	no
boot_volume_encryption	The type of encryption to use for the boot volume.	string	null	no
boot_volume_size	The size of the boot volume.(The capacity of the volume in gigabytes. This defaults to 100gb capacity of the image and maximum to 250.	number	null	no
create_public_ip	Set whether to allocate a public IP address for the instance	bool	true	no
create_volume	If you want to create a volume, change from 0	number	0	no
dedicated_host	The placement restrictions to use the virtual server instance. Unique ID of the dedicated host where the instance id placed.	string	null	no
dedicated_host_group	The placement restrictions to use for the virtual server instance. Unique ID of the dedicated host group where the instance is placed.	string	null	no
existing_volume_ids	A list of maps describing the volumes for each instance	list(string)	[]	no
image_name	Name of the OS image to use for the instance	string	"ibm-ubuntu-22-04-2-minimal-amd64-1"	no
init_script	Script to run during the instance initialization. Defaults to an Ubuntu specific script when set to empty	string	""	no
instance_template	ID of the instance template to create the instance from.	string	null	no
name	Name of the instance	string	"vm01"	no
placement_group	Unique Identifier of the Placement Group for restricting the placement of the instance.	string	null	no
profile_name	Instance profile for an Intel based Xeon Processor size and family to use for the instance	string	"bx3d-2x10"	no
region	The region where the resources will be created.	string	"us-south"	no
resource_group_id	ID of the resource group that has the VPC, SSH key, etc.	string	n/a	yes
security_group_rules	List of security group rules to set on the new security group created, in addition to the SSH rules	list	[ { "direction": "outbound", "icmp": { "type": 8 }, "name": "icmp_outbound", "remote": "0.0.0.0/0" } ]	no
ssh_key_ids	List of SSH key IDs to inject into the instance. This is not the public key guid itself, but just the key's IBM ID	list(string)	n/a	yes
subnet_id	ID of the subnet in the VPC where to create the instance	string	n/a	yes
tags	List of tags to add on all created resources	list(string)	[]	no
total_volume_bandwidth	The amount of bandwidth (in megabits per second) allocated exclusively to instance storage volumes.	number	null	no
user_data	User data to transfer to the instance.	string	null	no
volume_name	Name of the volume to create	string	null	no
volume_profile	Profile to use for the volume	string	null	no
volumes	n/a	list(object({ volume_profile = string capacity = number }))	[]	no
vpc_id	ID of the VPC where to create the instance	string	n/a	yes

Outputs

Name	Description
bandwidth	The total bandwidth (in megabits per second) shared across the instance's network interfaces and storage volumes.
boot_volume	A list of boot volumes that the instance uses.
crn	The CRN of the instance.
disks	The collection of the instance's disks.
gpu	A list of GPUs that are assigned to the instance.
id	The ID of the instance.
memory	The amount of memory that is allocated to the instance in gigabytes.
name	The name of the instance.
network_interface	The network interface associated with the instance.
placement_target	The placement restrictions for the virtual server instance.
primary_network_interface	A list of primary network interfaces that are attached to the instance.
status	The status of the instance.
status_reasons	Array of reasons for the current status.
total_network_badwidth	The amount of bandwidth (in megabits per second) allocated exclusively to instance network interfaces.
vcpu	The number of virtual CPUs assigned to the instance.
volume_attachments	A list of volume attachments for the instance.