Terraform is available as a managed service in Resource Orchestration Service (ROS). This topic describes the features and resources that are supported by Terraform in ROS.
Supported Terraform and provider versions
The following table lists the Terraform versions and provider versions that are supported by ROS.
Terraform version | Provider version |
0.12.28 |
|
0.15.3 |
|
1.0.11 |
|
1.1.9 |
|
1.2.9 |
|
1.3.10 |
|
1.4.7 |
|
1.5.7 |
|
ROS keeps updating the supported Terraform and provider versions. You can call the GetFeatureDetails operation to query the supported Terraform versions.
Supported ROS features
Feature | Supported | Unsupported |
Stack |
| You cannot use the rollback on failure feature, attach stack policies, control replacement updates, remediate drift, or configure signals. |
Stack group |
| None. |
Template |
| None. |
Resource scenario |
| None. |
Others |
| You cannot manage resource types. |
Supported ROS API operations
Feature | API operation |
Stack | PreviewStack, CreateStack, ContinueCreateStack, UpdateStack, DeleteStack, GetStack, ListStacks, ListStackResources, GetStackResource, ListStackEvents, SetDeletionProtection, ListStackOperationRisks, CancelUpdateStack, and CancelStackOperation Note If you set the StackType parameter to Terraform when you call the GetStack or ListStacks operation, Terraform stacks are queried. |
Change set and resource import | CreateChangeSet, ExecuteChangeSet, DeleteChangeSet, GetChangeSet, and ListChangeSets |
Drift detection | DetectStackDrift, DetectStackGroupDrift, GetStackDriftDetectionStatus, and ListStackResourceDrifts Note You cannot call the DetectStackResourceDrift operation to detect drift on multiple resources at the same time. |
Stack group | CreateStackGroup, UpdateStackGroup, DeleteStackGroup, GetStackGroup, ListStackGroups, CreateStackInstances, UpdateStackInstances, DeleteStackInstances, GetStackInstance, ListStackInstances, StopStackGroupOperation, GetStackGroupOperation, ListStackGroupOperations, and ListStackGroupOperationResults |
Template | CreateTemplate, UpdateTemplate, DeleteTemplate, GetTemplate, ListTemplates, ListTemplateVersions, SetTemplatePermission, ValidateTemplate, GetTemplateEstimateCost, GetTemplateSummary, GetTemplateParameterConstraints, and GenerateTemplatePolicy |
Resource scenario | CreateTemplateScratch, DeleteTemplateScratch, UpdateTemplateScratch, ListTemplateScratches, GetTemplateScratch, and GenerateTemplateByScratch |
Tag | TagResources, UntagResources, ListTagKeys, ListTagValues, and ListTagResources |
Resource group | MoveResourceGroup |
Others | GetServiceProvisions and GetFeatureDetails |
Supported resources
Terraform in ROS supports the following resources that are provided by mainstream cloud service providers (CSPs):
Alibaba Cloud resources. For more information, see Alibaba Cloud Provider.
NoteYou can debug Terraform data online. For more information, visit OpenAPI Explorer.
ROS provides a default provider that uses the temporary AccessKey pair or STS credential of your account and the region ID of your stack.
The following section lists the resources that support price inquiry, system tags, propagation of custom stack tags, propagation of stack resource groups, and risk detection.
NoteYou can call the GetFeatureDetails operation to query the resource types that support price inquiry, system tags, propagation of custom stack tags, propagation of stack resource groups, and risk detection.
Resources that support price inquiry
Elastic Compute Service (ECS): alicloud_instance, alicloud_ecs_disk, alicloud_disk, alicloud_ecs_dedicated_host, and alicloud_ecs_instance_set
Virtual Private Cloud (VPC): alicloud_eip_address, alicloud_eip, alicloud_common_bandwidth_package, alicloud_nat_gateway, alicloud_vpn_gateway, alicloud_eipanycast_anycast_eip_address, alicloud_vpc_ipv6_gateway, and alicloud_router_interface
Server Load Balancer (SLB): alicloud_slb_load_balancer and alicloud_slb
ApsaraDB RDS: alicloud_db_instance and alicloud_db_readonly_instance
Tair (Redis OSS-compatible): alicloud_kvstore_instance
PolarDB: alicloud_polardb_cluster
ApsaraDB for MongoDB: alicloud_mongodb_instance, alicloud_mongodb_serverless_instance, and alicloud_mongodb_sharding_instance
Cloud Enterprise Network (CEN): alicloud_cen_bandwidth_package
Alibaba Cloud Marketplace: alicloud_market_order
PolarDB for Xscale (PolarDB-X): alicloud_drds_instance
Elastic Container Instance: alicloud_eci_container_group and alicloud_eci_image_cache
E-MapReduce (EMR): alicloud_emr_cluster
Elasticsearch: alicloud_elasticsearch_instance
Serverless App Engine (SAE): alicloud_sae_application
AnalyticDB for PostgreSQL: alicloud_gpdb_elastic_instance and alicloud_gpdb_instance
Global Accelerator (GA): alicloud_ga_accelerator
AnalyticDB for MySQL: alicloud_adb_cluster and alicloud_adb_db_cluster
File Storage NAS (NAS): alicloud_nas_file_system
ApsaraMQ for Kafka: alicloud_alikafka_instance
Microservices Engine (MSE): alicloud_mse_cluster
Application Load Balancer (ALB): alicloud_alb_load_balancer
Data Transmission Service (DTS): alicloud_dts_migration_instance and alicloud_dts_synchronization_instance
Elastic Desktop Service (EDS): alicloud_ecd_desktop
ROS: alicloud_ros_stack
Container Service for Kubernetes (ACK): alicloud_cs_kubernetes, alicloud_cs_edge_kubernetes, alicloud_cs_managed_kubernetes, and alicloud_cs_serverless_kubernetes
Time Series Database (TSDB): alicloud_tsdb_instance
Elastic High Performance Computing (E-HPC): alicloud_ehpc_cluster
ApsaraDB for ClickHouse: alicloud_click_house_db_cluster
Web Application Firewall (WAF): alicloud_waf_instance
ApsaraDB for MyBase: alicloud_cddc_dedicated_host
Resources that support system tags
ECS: alicloud_instance, alicloud_ecs_disk, alicloud_disk, alicloud_ecs_dedicated_host, alicloud_security_group, alicloud_key_pair, alicloud_ecs_launch_template, alicloud_ecs_network_interface, alicloud_image_copy, alicloud_image, alicloud_ecs_snapshot, alicloud_launch_template, alicloud_snapshot, alicloud_snapshot_policy, alicloud_network_interface, alicloud_ecs_instance_set, alicloud_ecs_auto_snapshot_policy, alicloud_ecs_dedicated_host_cluster, and alicloud_ecs_key_pair
VPC: alicloud_eip_address, alicloud_eip, alicloud_common_bandwidth_package, alicloud_nat_gateway, alicloud_vpn_gateway, alicloud_vpc, alicloud_vswitch, alicloud_route_table, and alicloud_vpc_ipv6_gateway
SLB: alicloud_slb_load_balancer, alicloud_slb, alicloud_slb_acl, and alicloud_slb_server_certificate
ApsaraDB RDS: alicloud_db_instance, alicloud_db_readonly_instance, alicloud_rds_clone_db_instance, and alicloud_rds_upgrade_db_instance
Tair (Redis OSS-compatible): alicloud_kvstore_instance
PolarDB: alicloud_polardb_cluster
ApsaraDB for MongoDB: alicloud_mongodb_instance, alicloud_mongodb_serverless_instance, and alicloud_mongodb_sharding_instance
Elasticsearch: alicloud_elasticsearch_instance
AnalyticDB for PostgreSQL: alicloud_gpdb_elastic_instance and alicloud_gpdb_instance
Certificate Management Service: alicloud_cas_certificate and alicloud_ssl_certificates_service_certificate
Object Storage Service (OSS): alicloud_oss_bucket, alicloud_oos_execution, and alicloud_oos_template
Alibaba Cloud DNS PrivateZone: alicloud_pvtz_zone
Anti-DDoS: alicloud_ddosbgp_instance and alicloud_ddoscoo_instance
Bastionhost (BH): alicloud_bastionhost_instance
Auto Scaling: alicloud_ess_scaling_group
ROS: alicloud_ros_template, alicloud_ros_stack, and alicloud_ros_stack_group
ApsaraMQ for Kafka: alicloud_alikafka_instance, alicloud_alikafka_consumer_group, and alicloud_alikafka_topic
Alibaba Cloud DNS (DNS): alicloud_alidns_domain
DTS: alicloud_dts_migration_instance and alicloud_dts_synchronization_instance
ACK: alicloud_cs_managed_kubernetes, alicloud_cs_serverless_kubernetes, alicloud_cs_edge_kubernetes, and alicloud_cs_kubernetes
ALB: alicloud_alb_security_policy, alicloud_alb_server_group, alicloud_alb_acl, and alicloud_alb_load_balancer
ApsaraMQ for RocketMQ: alicloud_ons_instance
NAS: alicloud_nas_file_system
ApsaraDB for MyBase: alicloud_cddc_dedicated_host
DataBase Audit: alicloud_yundun_dbaudit_instance
Function Compute: alicloud_fc_service
AnalyticDB for MySQL: alicloud_adb_cluster
Alibaba Cloud CDN (CDN): alicloud_cdn_domain_new
ApsaraDB for HBase: alicloud_hbase_instance
E-HPC: alicloud_ehpc_cluster
Resources that support propagation of custom stack tags
ECS: alicloud_instance, alicloud_ecs_disk, alicloud_disk, alicloud_ecs_dedicated_host, alicloud_security_group, alicloud_key_pair, alicloud_ecs_launch_template, alicloud_ecs_network_interface, alicloud_image_copy, alicloud_image, alicloud_ecs_snapshot, alicloud_launch_template, alicloud_snapshot, alicloud_network_interface, alicloud_ecs_key_pair, alicloud_ecs_instance_set, alicloud_ecs_auto_snapshot_policy, alicloud_snapshot_policy, and alicloud_ecs_dedicated_host_cluster
VPC: alicloud_eip_address, alicloud_eip, alicloud_common_bandwidth_package, alicloud_nat_gateway, alicloud_vpn_gateway, alicloud_vpc, alicloud_vswitch, alicloud_vpc_ipv6_gateway, and alicloud_route_table
SLB: alicloud_slb_load_balancer, alicloud_slb, alicloud_slb_server_certificate, and alicloud_slb_acl
ApsaraDB RDS: alicloud_db_instance, alicloud_db_readonly_instance, alicloud_rds_clone_db_instance, and alicloud_rds_upgrade_db_instance
Tair (Redis OSS-compatible): alicloud_kvstore_instance
PolarDB: alicloud_polardb_cluster
ApsaraDB for MongoDB: alicloud_mongodb_instance, alicloud_mongodb_serverless_instance, and alicloud_mongodb_sharding_instance
CEN: alicloud_cen_bandwidth_package and alicloud_cen_instance
PolarDB-X: alicloud_drds_instance
EMR: alicloud_emr_cluster
Elasticsearch: alicloud_elasticsearch_instance
AnalyticDB for PostgreSQL: alicloud_gpdb_elastic_instance and alicloud_gpdb_instance
AnalyticDB for MySQL: alicloud_adb_db_cluster and alicloud_adb_cluster
ALB: alicloud_alb_acl, alicloud_alb_server_group, alicloud_alb_load_balancer, and alicloud_alb_security_policy
DNS: alicloud_alidns_domain, alicloud_dns_domain, and alicloud_dns
BH: alicloud_bastionhost_instance
Certificate Management Service: alicloud_cas_certificate and alicloud_ssl_certificates_service_certificate
ApsaraDB for MyBase: alicloud_cddc_dedicated_host
CDN: alicloud_cdn_domain_new
ACK: alicloud_cs_kubernetes, alicloud_cs_edge_kubernetes, alicloud_cs_managed_kubernetes, and alicloud_cs_serverless_kubernetes
Edge Security Acceleration (ESA): alicloud_dcdn_domain and alicloud_dcdn_ipa_domain
Anti-DDoS: alicloud_ddosbgp_instance and alicloud_ddoscoo_instance
DTS: alicloud_dts_synchronization_instance and alicloud_dts_migration_instance
Cloud Backup: alicloud_hbr_replication_vault, alicloud_hbr_vault, alicloud_hbr_hana_instance, and alicloud_hbr_ecs_backup_client
ApsaraDB for HBase: alicloud_hbase_instance
ApsaraMQ for Kafka: alicloud_alikafka_instance, alicloud_alikafka_topic, and alicloud_alikafka_consumer_group
NAS: alicloud_nas_file_system
CloudOps Orchestration Service (OOS): alicloud_oos_template and alicloud_oos_execution
Alibaba Cloud DNS PrivateZone: alicloud_pvtz_zone
ROS: alicloud_ros_template and alicloud_ros_stack
SAE: alicloud_sae_application
DataBase Audit: alicloud_yundun_dbaudit_instance
API Gateway: alicloud_api_gateway_group, alicloud_api_gateway_api, and alicloud_api_gateway_app
Function Compute: alicloud_fc_service
Auto Scaling: alicloud_ess_scaling_group
OSS: alicloud_oss_bucket
ApsaraVideo VOD (VOD): alicloud_vod_domain
ApsaraMQ for RocketMQ: alicloud_ons_instance
If you want to propagate the custom tags of stacks to resources that belong to a RAM user or RAM role, you must attach the
AliyunTagAdministratorAccesssystem policy to the RAM user or RAM role and calloss:GetBucketTagging. The following sample code shows the content of a custom RAM policy:{ "Version": "1", "Statement": [ { "Action": [ "tag:*", "*:ListTagResources", "*:TagResources", "*:UntagResources", "*:UnTagResources", "vod:TagVodResources", "vod:UnTagVodResources", "dcdn:TagDcdnResources", "dcdn:UntagDcdnResources", "ecs:DescribeResourceByTags", "*:DescribeTags", "*:DescribeTagKeys", "*:ListTagKeys", "*:ListTagValues", "ecs:AddTags", "ecs:RemoveTags", "slb:AddTags", "slb:RemoveTags", "rds:AddTagsToResource", "rds:DescribeDBInstanceByTags", "rds:RemoveTagsFromResource", "oss:PutBucketTagging", "oss:GetBucketTagging", "oss:DeleteBucketTagging", "oss:GetBucketTagging", "live:TagLiveResources", "live:ListLiveTagResources", "live:UnTagLiveResources" ], "Resource": "*", "Effect": "Allow" } ] }Resources that support propagation of stack resource groups
NoteIf you want to propagate the resource groups of stacks to resources that belong to a RAM user or RAM role, you must grant the required permissions to the RAM user or RAM role. For more information, see Services that work with Resource Group.
ECS: alicloud_instance, alicloud_ecs_disk, alicloud_disk, alicloud_ecs_dedicated_host, alicloud_security_group, alicloud_key_pair, alicloud_ecs_launch_template, alicloud_ecs_network_interface, alicloud_image_copy, alicloud_image, alicloud_snapshot, alicloud_ecs_key_pair, alicloud_launch_template, alicloud_ecs_instance_set, alicloud_snapshot_policy, alicloud_network_interface, alicloud_ecs_auto_snapshot_policy, and alicloud_ecs_snapshot
VPC: alicloud_vpc, alicloud_common_bandwidth_package, alicloud_eip_address, and alicloud_eip
SLB: alicloud_slb_load_balancer, alicloud_slb_server_certificate, alicloud_slb_acl, and alicloud_slb
ApsaraDB RDS: alicloud_db_instance, alicloud_db_readonly_instance, alicloud_rds_upgrade_db_instance, and alicloud_rds_clone_db_instance
Tair (Redis OSS-compatible): alicloud_kvstore_instance
PolarDB: alicloud_polardb_cluster
ApsaraDB for MongoDB: alicloud_mongodb_instance, alicloud_mongodb_serverless_instance, and alicloud_mongodb_sharding_instance
Elastic Container Instance: alicloud_eci_container_group and alicloud_eci_image_cache
PolarDB-X: alicloud_drds_instance
EMR: alicloud_emr_cluster
Elasticsearch: alicloud_elasticsearch_instance
Certificate Management Service: alicloud_cas_certificate and alicloud_ssl_certificates_service_certificate
ROS: alicloud_ros_stack, alicloud_ros_stack_group, and alicloud_ros_template
Alibaba Cloud DNS PrivateZone: alicloud_pvtz_zone
ACK: alicloud_cs_kubernetes, alicloud_cs_edge_kubernetes, alicloud_cs_managed_kubernetes, and alicloud_cs_serverless_kubernetes
ApsaraDB for HBase: alicloud_hbase_instance
ALB: alicloud_alb_acl, alicloud_alb_security_policy, alicloud_alb_load_balancer, and alicloud_alb_server_group
OOS: alicloud_oos_state_configuration, alicloud_oos_template, alicloud_oos_secret_parameter, and alicloud_oos_parameter
DNS: alicloud_dns_domain, alicloud_dns, alicloud_alidns_gtm_instance, and alicloud_alidns_domain
Anti-DDoS: alicloud_ddoscoo_instance and alicloud_ddosbgp_instance
BH: alicloud_bastionhost_instance
Enterprise Distributed Application Service (EDAS): alicloud_edas_k8s_application, alicloud_edas_cluster, alicloud_edas_k8s_cluster, and alicloud_edas_application
CDN: alicloud_cdn_domain_new
WAF: alicloud_waf_domain
ApsaraDB for Cassandra: alicloud_cassandra_cluster
ESA: alicloud_dcdn_domain and alicloud_dcdn_ipa_domain
OpenSearch: alicloud_open_search_app_group
DataBase Audit: alicloud_yundun_dbaudit_instance
Cloud Backup: alicloud_hbr_vault and alicloud_hbr_replication_vault
CEN: alicloud_cen_bandwidth_package and alicloud_cen_instance
AnalyticDB for MySQL: alicloud_adb_cluster and alicloud_adb_db_cluster
ApsaraMQ for Kafka: alicloud_alikafka_instance
Lindorm: alicloud_lindorm_instance
Resources that support risk detection
ECS: alicloud_instance, alicloud_ecs_instance_set, alicloud_ecs_disk, alicloud_ecs_dedicated_host, alicloud_security_group, and alicloud_security_group_rule
VPC: alicloud_eip, alicloud_eip_address, alicloud_vpn_gateway, alicloud_snat_entry, and alicloud_nat_gateway
SLB: alicloud_slb_load_balancer and alicloud_slb
ApsaraDB RDS: alicloud_db_instance
Tair (Redis OSS-compatible): alicloud_kvstore_instance
ApsaraDB for MongoDB: alicloud_mongodb_instance and alicloud_mongodb_sharding_instance
RAM: alicloud_ram_role
Amazon Web Services (AWS) resources. For more information, see AWS Provider.
Microsoft Azure resources. For more information, see Azure Provider.