This sample shows how to provision virtual private endpoint gateways from terraform.
- Copy terraform.tfvars.templatetoterraform.tfvars:cp terraform.tfvars.template terraform.tfvars
- Edit terraform.tfvarsto match your environment.
- Make sure you have Terraform 0.14 installed. Use tfswitchto easily move between Terraform versions.
- Run terraform:
terraform init terraform apply
The script lookup.sh iterates over all provisioned virtual server instances and does a dig to resolve the IP addresses of Redis, Object Storage and Key Protect.
In the first apply, VPE is not yet enabled, only cloud service endpoints are.
- 
Run ./lookup.shto show how the virtual server instances are resolving endpoints. Here is an excerpt for the first instance:Source Destination Resolved IPs vpe-example-instance-1 redis (123456.private.databases.appdomain.cloud) 166.9.16.93, 166.9.12.115, 166.9.14.76 vpe-example-instance-1 cos (s3.direct.us-south.cloud-object-storage.appdomain.cloud) 161.26.0.34 vpe-example-instance-1 kms (private.us-south.kms.cloud.ibm.com) 166.9.250.227, 166.9.250.195, 166.9.251.3 
- 
Edit terraform.tfvars, adduse_vpe = trueand save.
- 
Apply terraformagain:terraform apply
- 
After a short while, run ./lookup.shagain to see the VPE Reserved IPs allocated to the services. Here is an excerpt for the first instance:Source Destination Resolved IPs vpe-example-instance-1 redis (123456.private.databases.appdomain.cloud) 10.20.10.9 vpe-example-instance-1 cos (s3.direct.us-south.cloud-object-storage.appdomain.cloud) 10.20.10.10 vpe-example-instance-1 kms (private.us-south.kms.cloud.ibm.com) 10.20.10.8 Notice how the hostnames now resolve to private IPs within the VPC. 
To destroy the environment:
terraform destroy
