With your repository and Terraform configuration files in place, you can design a Cloud Assembly template for them.

  1. Prerequisites
  2. Enable Terraform runtime versions
  3. Add Terraform resources to the design
  4. Deploy the cloud template


Set up and integrate your version control repository. See Preparing for Terraform configurations in Cloud Assembly.

Enable Terraform runtime versions

You can define the Terraform runtime versions available to users when deploying Terraform configurations. Note that Terraform configurations might also include internally coded version constraints.

To create the list of allowable versions, go to Infrastructure > Configure > Terraform Versions.

Add Terraform resources to the design

Create your cloud template that includes Terraform configurations.

  1. In Cloud Assembly, go to Design > Cloud Templates and click New from > Terraform.

    The Terraform configuration wizard appears.

  2. Follow the prompts.
    Wizard Page Setting Value
    New Cloud Template Name Give the design an identifying name.
    Description Explain what the design is for.
    Project Select the project that includes the repository integration where the Terraform configuration is stored.
    Configuration Source Repository Select the integrated repository where you stored the Terraform configuration.

    Select a repository commit, or leave the entry blank to use the Terraform configuration from the repository head.

    Bitbucket Limitation—The number of selectable commits might be truncated because of the Bitbucket repository server configuration.

    Source directory

    Select a subdirectory from the repository structure that you created. The example subdirectories shown in the earlier setup were demo1, demo2, and demo3.

    GitHub Enterprise Limitation—The source directory field is a plain text field in which you manually enter the name of the Terraform configuration subdirectory that you want.

    Finalize Configuration Repository Verify the correct repository selection.
    Source directory Verify the correct directory selection.
    Terraform version Select the Terraform runtime version to run when deploying the Terraform configuration.

    If the Terraform configuration included a provider block, verify the provider and cloud zone that this cloud template will deploy to.

    Having no provider isn't a problem. After finishing the wizard, just edit the provider and cloud zone in the template properties to add or change the deployment target.

    Variables Select sensitive values for encryption, such as passwords.
    Outputs Verify the outputs from the Terraform configuration, which convert to expressions that your design code can further reference.
  3. Click Create.

    The Terraform resource appears on the cloud template canvas, with Cloud Assembly code that reflects the Terraform configuration to deploy.

Terraform resource added to the design

If desired, you can add other Cloud Assembly resources to the cloud template, to combine Terraform and non-Terraform code into a hybrid design.

Note: Updating Terraform configurations in the repository doesn't synchronize the changes into your cloud template. Automatic synchronization can introduce security risks, such as newly added sensitive variables.

To capture Terraform configuration changes, rerun the wizard, choose the new commit, and identify any new sensitive variables.

Deploy the cloud template

When you deploy the cloud template, the deployment History tab lets you expand an event such as an allocate or create phase, to inspect a log of messages from the Terraform CLI.

Approvals—In addition to the expected Terraform phases such as PLAN, ALLOCATE, or CREATE, Cloud Assembly introduces governance by means of an approval phase. See How do I configure Service Broker approval policies for more information about request approvals.

Terraform CLI messages in the log

After deploying, you see an outer resource that represents the overall Terraform component, with child resources inside for the separate components that Terraform created. The parent Terraform resource controls the lifecycle of the child resources.

Terraform parent and child resources