IBM watsonx.ai module

IBM watsonx.ai provides an enterprise-grade studio of integrated tools for developing AI services and deploying them into your applications of choice. Refer here for more information on watsonx.ai.

Overview

• terraform-ibm-watsonx-ai
• Submodules
  • configure_project
  • configure_user
  • storage_delegation
• Examples
  • Basic example
  • Complete example
• Contributing

terraform-ibm-watsonx-ai

This module supports the following:

• Provisions the following services:
  • watsonx.ai Studio (formerly known as Watson Studio)
  • watsonx.ai Runtime (formerly known as Watson Machine Learning)
• Configures the IBM watsonx.ai user profile for an existing IBM Cloud user. This user is also referred as IBM watsonx.ai admin.
• Enables storage delegation for the Cloud Object Storage instance when KMS encryption is enabled.
• Creates a starter watsonx.ai project.

Usage

module "watsonx_ai" {
  source                        = "terraform-ibm-modules/watsonx-ai/ibm"
  prefix                        = "watsonx"
  region                        = "us-south"
  resource_tags                 = ["tag1", "tag2"]
  resource_group_id             = "xxXXx...X" # replace with ID of the resource group
  watsonx_ai_studio_plan        = "free-v1"
  watsonx_ai_runtime_plan       = "lite"
  project_name          = "my-project"
  enable_cos_kms_encryption     = true
  cos_instance_crn              = "xxXXx...X" # replace with CRN of the COS instance
  cos_kms_key_crn               = "xxXXx...X" # replace with CRN of KMS key
}

Required access policies

You need the following permissions to run this module:

• Account Management
  • Resource group
    • Viewer access on the specific resource group
• IAM services
  • watsonx.ai Runtime service
    • Editor platform access
  • watsonx.ai Studio service
    • Editor platform access
  • Cloud Object Storage service
    • Editor platform access
    • Manager service access

Note: If you are not the IBM Cloud account owner, then the addition of the policy All Account Management Services with role Administrator is required for storage delegation. To add the required access, go to: IBM Cloud -> Manage -> Access (IAM) -> Users -> {USER} -> Access -> Access Policies

Requirements

Name	Version
terraform	>= 1.9.0
ibm	>=1.70.1, < 2.0.0

Modules

Name	Source	Version
configure_project	./modules/configure_project	n/a
configure_user	./modules/configure_user	n/a
cos_crn_parser	terraform-ibm-modules/common-utilities/ibm//modules/crn-parser	1.2.0
cos_kms_key_crn_parser	terraform-ibm-modules/common-utilities/ibm//modules/crn-parser	1.2.0
storage_delegation	./modules/storage_delegation	n/a

Resources

Name	Type
ibm_resource_instance.watsonx_ai_runtime_instance	resource
ibm_resource_instance.watsonx_ai_studio_instance	resource
ibm_resource_instance.existing_watsonx_ai_runtime_instance	data source
ibm_resource_instance.existing_watsonx_ai_studio_instance	data source

Inputs

Name	Description	Type	Default	Required
cos_instance_crn	The CRN of the Object Storage instance.	string	n/a	yes
cos_kms_key_crn	The CRN of a Key Protect key. This key is used to encrypt the Object Storage buckets used by watsonx.ai.	string	null	no
create_watsonx_ai_project	Whether to create and configure a starter watsonx.ai project.	bool	true	no
enable_cos_kms_encryption	Flag to enable Object Storage key encryption. If set to true, a value must be passed for cos_kms_key_crn.	bool	false	no
existing_watsonx_ai_runtime_instance_crn	The CRN of an existing watsonx.ai Runtime instance. If not provided, a new instance is provisioned.	string	null	no
existing_watsonx_ai_studio_instance_crn	The CRN of an existing watsonx.ai Studio instance. If not provided, a new instance is provisioned.	string	null	no
mark_as_sensitive	Set to true to create the watsonx.ai project with the Mark as sensitive flag enabled. The flag enforces access restrictions and prevents data from being moved out of the project.	bool	false	no
project_description	A description of the watsonx.ai project that is created.	string	"Watsonx.ai project created by the watsonx.ai module."	no
project_name	The name of the watsonx.ai project.	string	"demo"	no
project_tags	A list of tags associated with the watsonx.ai project. Each tag consists of a string containing up to 255 characters. These tags can include spaces, letters, numbers, underscores, dashes, as well as the symbols # and @.	list(string)	[ "watsonx-ai" ]	no
region	Region where the watsonx.ai instance is provisioned.	string	"us-south"	no
resource_group_id	The resource group ID for the watsonx.ai instance. Required to create an instance of watsonx.ai.	string	null	no
resource_tags	Optional list of tags to describe the watsonx.ai instance.	list(string)	[]	no
skip_iam_authorization_policy	Whether to create an IAM authorization policy that permits the Object Storage instance to read the encryption key from the key management service instance. An authorization policy must exist before an encrypted bucket can be created. Set to true to not create this policy.	bool	false	no
watsonx_ai_new_project_members	The list of members to add to the watsonx.ai project.	list(object({ email = string iam_id = string role = string state = optional(string, "ACTIVE") type = optional(string, "user") }) )	[]	no
watsonx_ai_runtime_instance_name	The name of the watsonx.ai Runtime instance to create. If a prefix input variable is passed, it is prefixed to the value following a <prefix>-value format.	string	"watsonx-runtime"	no
watsonx_ai_runtime_plan	The plan that is used to provision the watsonx.ai Runtime instance. Allowed values are 'lite', 'v2-professional', and 'v2-standard'. 'lite' refers to the 'Lite' plan, 'v2-professional' refers to the 'Standard' plan, and 'v2-standard' refers to the 'Essentials' plan on the IBM Cloud dashboard. For 'lite' plan, the watsonx_ai_runtime_service_endpoints value is ignored and the default service configuration is applied.	string	"lite"	no
watsonx_ai_runtime_service_endpoints	The type of service endpoints for watsonx.ai Runtime. Possible values are 'public', 'private', or 'public-and-private'.	string	"public"	no
watsonx_ai_studio_instance_name	The name of the watsonx.ai Studio instance to create. If a prefix input variable is passed, it is prefixed to the value following a <prefix>-value format.	string	"watsonx-studio"	no
watsonx_ai_studio_plan	The plan that is used to provision the watsonx.ai Studio instance. Allowed values are 'free-v1' and 'professional-v1'. 'free-v1' refers to the 'Lite' plan and 'professional-v1' refers to the 'Professional' plan on IBM Cloud dashboard.	string	"free-v1"	no

Outputs

Name	Description
watsonx_ai_project_bucket_name	The name of the Object Storage bucket created for the watsonx.ai project.
watsonx_ai_project_id	The ID of the watsonx.ai project that is created.
watsonx_ai_project_url	The URL of the watsonx.ai project that is created.
watsonx_ai_runtime_account_id	The account ID of the watsonx.ai Runtime instance.
watsonx_ai_runtime_crn	The CRN of the watsonx.ai Runtime instance.
watsonx_ai_runtime_dashboard_url	The dashboard URL of the watsonx.ai Runtime instance.
watsonx_ai_runtime_guid	The GUID of the watsonx.ai Runtime instance.
watsonx_ai_runtime_name	The name of the watsonx.ai Runtime instance.
watsonx_ai_runtime_plan_id	The plan ID of the watsonx.ai Runtime instance.
watsonx_ai_studio_crn	The CRN of the watsonx.ai Studio instance.
watsonx_ai_studio_dashboard_url	The dashboard URL of the watsonx.ai Studio instance.
watsonx_ai_studio_guid	The GUID of the watsonx.ai Studio instance.
watsonx_ai_studio_name	The name of the watsonx.ai Studio instance.
watsonx_ai_studio_plan_id	The plan ID of the watsonx.ai Studio instance.

Contributing

You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.

To set up your local development environment, see Local development setup in the project documentation.