Terraform on Oracle Cloud OCI

Mastering Terraform on Oracle Cloud Infrastructure – Deep dive training

Table of Content


Infrastructure as Code (IaC) is the management of infrastructure (networks, virtual machines, load balancers and connection topology) , Infrastructure is described using a high-level configuration syntax. This allows a blueprint of your datacenter to be versioned and treated as you would any other code. Additionally, infrastructure can be shared and re-used

Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions. Configuration files describe to Terraform the components needed to run a single application or your entire datacenter.

Scope of this Blog: To run Terraform script on Oracle Cloud Infrastructure OCI and to create resources such as Compute, Network, Users , Groups, Dynamic Groups, Policies, Load Balancer, Cluster of Compute Instances , Managing Clusters, Deep Dive into Dockers etc more from a Practical hands-on approach.


  1. Install latest version of Terraform
  2. Generate Keys
  3. Get User’s Fingerprint Id
  4. Gather the required variables
  5. Terraform variable file

1. Install latest version of Terraform 

You can check this article to have latest version of Terraform running on your desktop or laptop or even a virtual machine running on cloud environment.

[email protected] ~ % terraform -v
Terraform v0.13.5

2. Generate Keys

Pubic and Private Keys Open SSL .pem format

Generate Public and Private Keys

[email protected] keys % openssl genrsa -out /Users/madhusudhanrao/tf/keys/myopensslkey.pem 2048
Generating RSA private key, 2048 bit long modulus
e is 65537 (0x10001)
[email protected] keys % chmod go-rwx /Users/madhusudhanrao/tf/keys/myopensslkey.pem
[email protected] keys % openssl rsa -pubout -in /Users/madhusudhanrao/tf/keys/myopensslkey.pem -out /Users/madhusudhanrao/tf/keys/myopensslkey_public.pem
writing RSA key  

Generate an SSH Key Pair on UNIX and UNIX-Like Systems (id_rsa)

Refer this link

[email protected] keys % openssl genrsa -out /Users/madhusudhanrao/tf/keys/myopensslkey.pem 2048
[email protected] keys % ls
aishu_rsa_private_key.pem	id_rsa.pub			llgb.pub			myopensslkey.pem
aishu_rsa_public_key.pem	key_name_public.pem		mykey				myopensslkey_public.pem
id_rsa				llgb				mykey.pub
[email protected] keys % cat myopensslkey_public.pem | pbcopy

3. Get Users Fingerprint Id. 

Refer this link

Upload the Public Key

You can upload the PEM public key in the Console, located at https://console.us-ashburn-1.oraclecloud.com. If you don’t have a login and password for the Console, contact an administrator.

  1. Open the Console, and sign in.
  2. View the details for the user who will be calling the API with the key pair:

    • If you’re signed in as the user:

      Open the Profile menu and click User Settings.

    • If you’re an administrator doing this for another userOpen the navigation menu. Under Governance and Administration, go to Identity and click Users. Select the user from the list.
  3. Click Add Public Key.
  4. Paste the contents of the PEM public key in the dialog box and click Add.

The key’s fingerprint is displayed (for example, 12:34:56:78:90:ab:cd:ef:12:34:56:78:90:ab:cd:ef).

Notice that after you’ve uploaded your first public key, you can also use the UploadApiKey API operation to upload additional keys. You can have up to three API key pairs per user. In an API request, you specify the key’s fingerprint to indicate which key you’re using to sign the request.

4. Gather required Terraform Variables

Login to cloud console https://console.us-ashburn-1.oraclecloud.com/tenancy

A) tenancy_ocid : Navigation Administrator > Tenancy Details 

Copy the OCID Example :


B) Region :  Region is taken browser url , for example if URL is https://console.us-ashburn-1.oraclecloud.com/tenancy , then region will be us-ashburn-1 

C) user_ocid : Navigation Identity > Users

Select the Federated User and copy the OCID

Example User OCID:


D) Fingerprint : Navigation Identity > Users > API Keys

fingerprint should have been copied in previous step itself , when you uploaded Public Key or if not you can take it from API Keys listed under the Federated User,

Most important the fingerprint should match the Public Key that you uploaded for this Terraform scripts and you cannot just use any other fingerprints under API Keys

Example Fingerprint


E) compartment_ocid : Navigation Identity > Compartments

Copy the compartment ocid under which we plan to create resources

Example Compartment id


F) private_key_path 

Keys were generated in previous steps so private key would be something like this


G) ssh_private_key


H) ssh_public_key

Public Key is something you would need to copy paste , so this would look something like this

cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAXXXXXLOs14kmtnCR6TihglaQ8QbXVi5nB5yauZw== [email protected]

5) Terraform variable file  

We now have required variable information to create terraform variable file variables.tf

#           TF Requirements
variable "tenancy_ocid" {
  default = "ocid1.tenancy.oc1..XXXlwwvtqvzpfdp255vjqpsdd6ahdouq"
variable "region" {
  default = "us-ashburn-1"
variable "user_ocid" {
  default = "ocid1.user.oc1..XXXtvmjhudi3fcue4nbuxjsf3s4mca"
variable "private_key_path"{
  default = "/Users/username/keys/myopensslkey.pem"
variable "fingerprint"{
  default = "e6:65:XX:YY:ZZ:9c:9b:45:a1"
variable "compartment_ocid" {
  default = "ocid1.compartment.oc1..XXXXx6rhcktfgexwdddsn6j4paqphq"
variable "ssh_public_key" { 
   # cat id_rsa.pub       
   default =  "ssh-rsa AAAAB3NzaC1XXXXQ8QbXVi5nB5yauZw== [email protected]" 
variable "ssh_private_key" { 
    default = "/Users/username/keys/myopensslkey.pem"

Disclaimer : All views expressed in my blogs are my own.