https://github.com/terraform-ibm-modules/terraform-ibm-watsonx-ai
Terraform module to create and configure watsonx.ai Project
https://github.com/terraform-ibm-modules/terraform-ibm-watsonx-ai
core-team ibm-cloud machine-learning terraform terraform-module watson-studio watsonx watsonx-ai watsonx-ai-runtime watsonx-ai-studio
Last synced: about 1 month ago
JSON representation
Terraform module to create and configure watsonx.ai Project
- Host: GitHub
- URL: https://github.com/terraform-ibm-modules/terraform-ibm-watsonx-ai
- Owner: terraform-ibm-modules
- License: apache-2.0
- Created: 2024-11-07T11:32:11.000Z (6 months ago)
- Default Branch: main
- Last Pushed: 2025-04-13T03:26:39.000Z (about 1 month ago)
- Last Synced: 2025-04-13T04:24:57.225Z (about 1 month ago)
- Topics: core-team, ibm-cloud, machine-learning, terraform, terraform-module, watson-studio, watsonx, watsonx-ai, watsonx-ai-runtime, watsonx-ai-studio
- Language: HCL
- Size: 316 KB
- Stars: 0
- Watchers: 12
- Forks: 1
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# IBM watsonx.ai module
[-green)](https://terraform-ibm-modules.github.io/documentation/#/badge-status)
[](https://github.com/terraform-ibm-modules/terraform-ibm-watsonx-ai/releases/latest)
[](https://github.com/pre-commit/pre-commit)
[](https://renovatebot.com/)
[](https://github.com/semantic-release/semantic-release)
IBM `watsonx.ai` provides an enterprise-grade studio of integrated tools for developing AI services and deploying them into your applications of choice. Refer [here](https://dataplatform.cloud.ibm.com/docs/content/wsj/getting-started/overview-wx.html?context=wx&audience=wdp#watsonxai) for more information on `watsonx.ai`.
## Overview
* [terraform-ibm-watsonx-ai](#terraform-ibm-watsonx-ai)
* [Submodules](./modules)
* [configure_project](./modules/configure_project)
* [configure_user](./modules/configure_user)
* [storage_delegation](./modules/storage_delegation)
* [Examples](./examples)
* [Basic example](./examples/basic)
* [Complete example](./examples/complete)
* [Contributing](#contributing)
## terraform-ibm-watsonx-ai
This module supports the following:
* Provisions the following services:
* `watsonx.ai Studio` (formerly known as `Watson Studio`)
* `watsonx.ai Runtime` (formerly known as `Watson Machine Learning`)
* Configures the IBM `watsonx.ai` user profile for an existing IBM Cloud user. This user is also referred as IBM `watsonx.ai` admin.
* Enables storage delegation for the `Cloud Object Storage` instance when `KMS` encryption is enabled.
* Creates a starter `watsonx.ai` project.
### Usage
```hcl
module "watsonx_ai" {
source = "terraform-ibm-modules/watsonx-ai/ibm"
prefix = "watsonx"
region = "us-south"
resource_tags = ["tag1", "tag2"]
resource_group_id = "xxXXx...X" # replace with ID of the resource group
watsonx_ai_studio_plan = "free-v1"
watsonx_ai_runtime_plan = "lite"
project_name = "my-project"
enable_cos_kms_encryption = true
cos_instance_crn = "xxXXx...X" # replace with CRN of the COS instance
cos_kms_key_crn = "xxXXx...X" # replace with CRN of KMS key
}
```
### Required access policies
You need the following permissions to run this module:
- Account Management
- **Resource group**
- `Viewer` access on the specific resource group
- IAM services
- **watsonx.ai Runtime** service
- `Editor` platform access
- **watsonx.ai Studio** service
- `Editor` platform access
- **Cloud Object Storage** service
- `Editor` platform access
- `Manager` service access
> Note: If you are not the IBM Cloud account owner, then the addition of the policy `All Account Management Services` with role `Administrator` is required for storage delegation. To add the required access, go to:
`IBM Cloud -> Manage -> Access (IAM) -> Users -> {USER} -> Access -> Access Policies`
### Requirements
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.9.0 |
| [ibm](#requirement\_ibm) | >=1.70.1, < 2.0.0 |
### Modules
| Name | Source | Version |
|------|--------|---------|
| [configure\_project](#module\_configure\_project) | ./modules/configure_project | n/a |
| [configure\_user](#module\_configure\_user) | ./modules/configure_user | n/a |
| [cos\_crn\_parser](#module\_cos\_crn\_parser) | terraform-ibm-modules/common-utilities/ibm//modules/crn-parser | 1.1.0 |
| [cos\_kms\_key\_crn\_parser](#module\_cos\_kms\_key\_crn\_parser) | terraform-ibm-modules/common-utilities/ibm//modules/crn-parser | 1.1.0 |
| [storage\_delegation](#module\_storage\_delegation) | ./modules/storage_delegation | n/a |
### Resources
| Name | Type |
|------|------|
| [ibm_resource_instance.watsonx_ai_runtime_instance](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_instance) | resource |
| [ibm_resource_instance.watsonx_ai_studio_instance](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/resource_instance) | resource |
| [ibm_resource_instance.existing_watsonx_ai_runtime_instance](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/resource_instance) | data source |
| [ibm_resource_instance.existing_watsonx_ai_studio_instance](https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/data-sources/resource_instance) | data source |
### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [cos\_instance\_crn](#input\_cos\_instance\_crn) | The CRN of the Cloud Object Storage instance. | `string` | n/a | yes |
| [cos\_kms\_key\_crn](#input\_cos\_kms\_key\_crn) | The CRN of a KMS (Key Protect) key. It is used to encrypt the COS buckets used by the watsonx.ai projects. | `string` | `null` | no |
| [create\_watsonx\_ai\_project](#input\_create\_watsonx\_ai\_project) | Whether to create and configure a starter watsonx.ai project. | `bool` | `true` | no |
| [enable\_cos\_kms\_encryption](#input\_enable\_cos\_kms\_encryption) | Flag to enable COS KMS encryption. If set to true, a value must be passed for `cos_kms_key_crn`. | `bool` | `false` | no |
| [existing\_watsonx\_ai\_runtime\_instance\_crn](#input\_existing\_watsonx\_ai\_runtime\_instance\_crn) | The CRN of an existing watsonx.ai Runtime instance. If not provided, a new instance will be provisioned. | `string` | `null` | no |
| [existing\_watsonx\_ai\_studio\_instance\_crn](#input\_existing\_watsonx\_ai\_studio\_instance\_crn) | The CRN of an existing watsonx.ai Studio instance. If not provided, a new instance will be provisioned. | `string` | `null` | no |
| [mark\_as\_sensitive](#input\_mark\_as\_sensitive) | Set to true to allow the watsonx.ai project to be created with 'Mark as sensitive' flag. It enforces access restriction and prevents data from being moved out of the project. | `bool` | `false` | no |
| [prefix](#input\_prefix) | Prefix to add to all watsonx.ai resources created by this module. | `string` | n/a | yes |
| [project\_description](#input\_project\_description) | A description of the watsonx.ai project that is created. | `string` | `"Watsonx project created by the watsonx.ai module."` | no |
| [project\_name](#input\_project\_name) | The name of the watsonx.ai project. | `string` | `"demo"` | no |
| [project\_tags](#input\_project\_tags) | A list of tags associated with the watsonx.ai project. Each tag consists of a string containing up to 255 characters. These tags can include spaces, letters, numbers, underscores, dashes, as well as the symbols # and @. | `list(string)` |
[
"watsonx-ai"
]
| no |
| [region](#input\_region) | Region where the watsonx.ai resources will be provisioned. | `string` | `"us-south"` | no |
| [resource\_group\_id](#input\_resource\_group\_id) | The resource group ID where the watsonx services will be provisioned. Required when creating a new instance. | `string` | `null` | no |
| [resource\_tags](#input\_resource\_tags) | Optional list of tags to describe the service instances created by the module. | `list(string)` | `[]` | no |
| [skip\_iam\_authorization\_policy](#input\_skip\_iam\_authorization\_policy) | Whether to create an IAM authorization policy that permits the Object Storage instance to read the encryption key from the KMS instance. An authorization policy must exist before an encrypted bucket can be created. Set to `true` to avoid creating the policy. | `bool` | `false` | no |
| [watsonx\_ai\_runtime\_instance\_name](#input\_watsonx\_ai\_runtime\_instance\_name) | The name of the watsonx.ai Runtime instance to create. If a prefix input variable is passed, it is prefixed to the value in the `-value` format. | `string` | `"watsonx-runtime"` | no |
| [watsonx\_ai\_runtime\_plan](#input\_watsonx\_ai\_runtime\_plan) | The plan that is used to provision the watsonx.ai Runtime instance. Allowed values are 'lite', 'v2-professional' and 'v2-standard'. 'lite' refers to 'Lite', 'v2-professional' refers to 'Standard' and 'v2-standard' refers to 'Essentials' plan on IBM Cloud dashboard. For 'lite' plan, the `watsonx_ai_runtime_service_endpoints` value is ignored and the default service configuration is applied. | `string` | `"lite"` | no |
| [watsonx\_ai\_runtime\_service\_endpoints](#input\_watsonx\_ai\_runtime\_service\_endpoints) | The type of service endpoints for watsonx.ai Runtime. Possible values: 'public', 'private', 'public-and-private'. | `string` | `"public"` | no |
| [watsonx\_ai\_studio\_instance\_name](#input\_watsonx\_ai\_studio\_instance\_name) | The name of the watsonx.ai Studio instance to create. If a prefix input variable is passed, it is prefixed to the value in the `-value` format. | `string` | `"watsonx-studio"` | no |
| [watsonx\_ai\_studio\_plan](#input\_watsonx\_ai\_studio\_plan) | The plan that is used to provision the watsonx.ai Studio instance. Allowed values are 'free-v1' and 'professional-v1'. 'free-v1' refers to 'Lite' and 'professional-v1' refers to 'Professional' plan on IBM Cloud dashboard. | `string` | `"free-v1"` | no |
### Outputs
| Name | Description |
|------|-------------|
| [watsonx\_ai\_project\_bucket\_name](#output\_watsonx\_ai\_project\_bucket\_name) | The name of the COS bucket created for the watsonx.ai project. |
| [watsonx\_ai\_project\_id](#output\_watsonx\_ai\_project\_id) | The ID of the watsonx.ai project that is created. |
| [watsonx\_ai\_project\_url](#output\_watsonx\_ai\_project\_url) | The URL of the watsonx.ai project that is created. |
| [watsonx\_ai\_runtime\_account\_id](#output\_watsonx\_ai\_runtime\_account\_id) | The account id of the watsonx.ai Runtime instance. |
| [watsonx\_ai\_runtime\_crn](#output\_watsonx\_ai\_runtime\_crn) | The CRN of the watsonx.ai Runtime instance. |
| [watsonx\_ai\_runtime\_dashboard\_url](#output\_watsonx\_ai\_runtime\_dashboard\_url) | The dashboard URL of the watsonx.ai Runtime instance. |
| [watsonx\_ai\_runtime\_guid](#output\_watsonx\_ai\_runtime\_guid) | The GUID of the watsonx.ai Runtime instance. |
| [watsonx\_ai\_runtime\_name](#output\_watsonx\_ai\_runtime\_name) | The name of the watsonx.ai Runtime instance. |
| [watsonx\_ai\_runtime\_plan\_id](#output\_watsonx\_ai\_runtime\_plan\_id) | The plan ID of the watsonx.ai Runtime instance. |
| [watsonx\_ai\_studio\_crn](#output\_watsonx\_ai\_studio\_crn) | The CRN of the watsonx.ai Studio instance. |
| [watsonx\_ai\_studio\_dashboard\_url](#output\_watsonx\_ai\_studio\_dashboard\_url) | The dashboard URL of the watsonx.ai Studio instance. |
| [watsonx\_ai\_studio\_guid](#output\_watsonx\_ai\_studio\_guid) | The GUID of the watsonx.ai Studio instance. |
| [watsonx\_ai\_studio\_name](#output\_watsonx\_ai\_studio\_name) | The name of the watsonx.ai Studio instance. |
| [watsonx\_ai\_studio\_plan\_id](#output\_watsonx\_ai\_studio\_plan\_id) | The plan ID of the watsonx.ai Studio instance. |
## Contributing
You can report issues and request features for this module in GitHub issues in the module repo. See [Report an issue or request a feature](https://github.com/terraform-ibm-modules/.github/blob/main/.github/SUPPORT.md).
To set up your local development environment, see [Local development setup](https://terraform-ibm-modules.github.io/documentation/#/local-dev-setup) in the project documentation.