SAP · julian-schambeck · Dec 15, 2025 · Dec 17, 2025 · Dec 19, 2025 · Dec 19, 2025
@@ -9,6 +9,10 @@
 .cache-loader
 /src/data
 
+.terraform.lock.hcl
+.terraform/
+terraform.tfstate*
+
 # Misc
 .DS_Store
 .env
@@ -28,4 +32,4 @@ backend/.vscode
 
 # Ignoring the mapping file
 src/constant/pageMapping.ts
-**/dist
+**/dist
@@ -167,6 +167,34 @@ Take a look at the following examples that build upon or implement elements of t
 -   [GenAI Mail Insights - Develop a CAP-based application using GenAI and RAG on SAP BTP](https://discovery-center.cloud.sap/missiondetail/4371/)
 -   [CAP Application: Semantic Search Integrated with Generative AI Hub and SAP HANA Cloud's Vector Engine](https://github.com/SAP-samples/btp-cap-genai-semantic-search)
 
+## Terraform - Infrastructure as Code
+
+Chances are you already use [Terraform](https://developer.hashicorp.com/terraform) to manage your cloud infrastructure. You describe your
+infrastructure in declarative code and keep it under version control with Git to maintain a history of changes. Because every change made through
+Terraform is recorded, you can roll back to a previous state.
+
+If this sounds familiar and you want to build on the reference architecture shown, check out the Terraform files linked
+[here](https://github.com/SAP/architecture-center/tree/main/docs/ref-arch/RA0005/terraform). They include Terraform resources for most of the
+essential infrastructure in the reference architecture. If you’re new to Terraform and want to learn more, click
+[here](https://sap-docs.github.io/terraform-landingpage-for-btp/) to get started with Terraform on SAP BTP.
+
+Run the commands below to set up the infrastructure. Before you run Terraform, fill in the values in the terraform.tfvars file. See variables.tf for
+more information about these variables.
+
+```
+git clone https://github.com/SAP/architecture-center.git
+
+cd architecture-center/docs/ref-arch/RA0005/terraform
+
+terraform init
+
+cf login -a https://api.cf.<cf_landscape_label>.hana.ondemand.com
+
+BTP_ENABLE_SSO=true terraform plan -out=the-plan
+
+BTP_ENABLE_SSO=true terraform apply the-plan
+```
+
 ## Resources
 
 For more information related to this Reference Architecture in general you may check out the following resources:

@@ -0,0 +1,126 @@
+resource "random_uuid" "uuid" {}
+
+resource "btp_subaccount" "subaccount" {
+  name      = var.subaccount_name
+  subdomain = random_uuid.uuid.result
+  region    = lower(var.region)
+  # usage     = "USED_FOR_PRODUCTION"
+}
+
+# The services AI Core, Destination, CF runtime must be manually entitled and available at the global account level
+# before they can be entitled on the subaccount level.
+
+resource "btp_subaccount_entitlement" "ai_core" {
+  subaccount_id = btp_subaccount.subaccount.id
+  service_name  = "aicore"
+  plan_name     = "extended"
+}
+
+data "btp_subaccount_service_plan" "ai_core" {
+  subaccount_id = btp_subaccount.subaccount.id
+  offering_name = "aicore"
+  name          = "extended"
+  depends_on    = [btp_subaccount_entitlement.ai_core]
+}
+
+resource "btp_subaccount_service_instance" "ai_core" {
+  subaccount_id  = btp_subaccount.subaccount.id
+  serviceplan_id = data.btp_subaccount_service_plan.ai_core.id
+  name           = "aicore"
+  depends_on     = [btp_subaccount_entitlement.ai_core, btp_subaccount_role_collection_assignment.subaccount_service_admins]
+}
+
+resource "btp_subaccount_service_binding" "ai_core_binding" {
+  subaccount_id       = btp_subaccount.subaccount.id
+  service_instance_id = btp_subaccount_service_instance.ai_core.id
+  name                = "ai-core-key"
+}
+
+resource "btp_subaccount_entitlement" "destination" {
+  subaccount_id = btp_subaccount.subaccount.id
+  service_name  = "destination"
+  plan_name     = "lite"
+}
+
+data "btp_subaccount_service_plan" "destination" {
+  subaccount_id = btp_subaccount.subaccount.id
+  offering_name = "destination"
+  name          = "lite"
+  depends_on    = [btp_subaccount_entitlement.destination]
+}
+
+resource "btp_subaccount_service_instance" "destination" {
+  subaccount_id  = btp_subaccount.subaccount.id
+  serviceplan_id = data.btp_subaccount_service_plan.destination.id
+  name           = "destination"
+  depends_on     = [btp_subaccount_entitlement.destination]
+}
+
+resource "btp_subaccount_entitlement" "cf_runtime" {
+  subaccount_id = btp_subaccount.subaccount.id
+  service_name  = "APPLICATION_RUNTIME"
+  plan_name     = "MEMORY"
+  # memory in GBs
+  amount = 1
+}
+
+resource "btp_subaccount_environment_instance" "cloudfoundry" {
+  subaccount_id    = btp_subaccount.subaccount.id
+  name             = var.cf_org_name
+  environment_type = "cloudfoundry"
+  service_name     = "cloudfoundry"
+  plan_name        = "standard"
+  landscape_label  = var.cf_landscape_label
+  parameters = jsonencode({
+    instance_name = var.cf_org_name
+  })
+}
+
+resource "cloudfoundry_space" "dev" {
+  name = "dev"
+  org  = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org ID"]
+}
+
+resource "btp_subaccount_role_collection_assignment" "subaccount_admins" {
+  for_each             = toset(var.subaccount_admins)
+  subaccount_id        = btp_subaccount.subaccount.id
+  role_collection_name = "Subaccount Administrator"
+  user_name            = each.value
+}
+
+resource "btp_subaccount_role_collection_assignment" "subaccount_service_admins" {
+  for_each             = toset(var.subaccount_admins)
+  subaccount_id        = btp_subaccount.subaccount.id
+  role_collection_name = "Subaccount Service Administrator"
+  user_name            = each.value
+}
+
+resource "cloudfoundry_org_role" "organization_manager" {
+  for_each = toset(var.cf_org_members)
+  username = each.value
+  type     = "organization_manager"
+  org      = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org ID"]
+}
+
+resource "cloudfoundry_org_role" "organization_user" {
+  for_each = toset(var.cf_org_members)
+  username = each.value
+  type     = "organization_user"
+  org      = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org ID"]
+}
+
+resource "cloudfoundry_space_role" "space_manager" {
+  for_each   = toset(var.cf_space_members)
+  username   = each.value
+  type       = "space_manager"
+  space      = cloudfoundry_space.dev.id
+  depends_on = [cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager]
+}
+
+resource "cloudfoundry_space_role" "space_developer" {
+  for_each   = toset(var.cf_space_members)
+  username   = each.value
+  type       = "space_developer"
+  space      = cloudfoundry_space.dev.id
+  depends_on = [cloudfoundry_org_role.organization_user, cloudfoundry_org_role.organization_manager]
+}
@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    btp = {
+      source  = "SAP/btp"
+      version = "1.18.1"
+    }
+    cloudfoundry = {
+      source  = "cloudfoundry/cloudfoundry"
+      version = "1.11.0"
+    }
+  }
+}
+
+provider "btp" {
+  globalaccount  = var.globalaccount_subdomain
+  cli_server_url = "https://cli.btp.cloud.sap"
+}
+
+provider "cloudfoundry" {}
@@ -0,0 +1,8 @@
+globalaccount_subdomain = ""
+subaccount_name         = "Build on Reference Architecture"
+region                  = "eu10"
+cf_landscape_label      = "cf-eu10-004"
+cf_org_name             = "build-on-reference-architecture-org"
+subaccount_admins       = ["[email protected]"]
+cf_org_members          = ["[email protected]"]
+cf_space_members        = ["[email protected]"]
@@ -0,0 +1,38 @@
+variable "globalaccount_subdomain" {
+  type        = string
+  description = "The subdomain of the global account. It looks similar to sa1010002681"
+}
+
+variable "subaccount_name" {
+  type = string
+}
+
+variable "region" {
+  type        = string
+  description = "The main region of the subaccount"
+}
+
+variable "cf_landscape_label" {
+  type        = string
+  description = "The landscape used for Cloud Foundry (CF). More and more these are extension landscapes such as eu10-004, us10-002"
+}
+
+variable "cf_org_name" {
+  type        = string
+  description = "The name used for the CF org in the subaccount"
+}
+
+variable "subaccount_admins" {
+  type = list(string)
+}
+
+# Don't add the user that is running Terraform or it will throw an error.
+# They will be added anyway to the CF org.
+variable "cf_org_members" {
+  type = list(string)
+}
+
+# User must be in the CF org before they can be added to the CF space
+variable "cf_space_members" {
+  type = list(string)
+}