Creating a group of instances with fixed IP addresses

If you don't have Terraform, install it and configure the Yandex Cloud provider.

1. In the configuration file, describe the parameters of the resources you want to create:

   resource "yandex_compute_instance_group" "ig-1" {
     name                = "fixed-ig"
     folder_id           = "<folder_ID>"
     service_account_id  = "${yandex_iam_service_account.ig-sa.id}"
     deletion_protection = false
     depends_on          = [yandex_resourcemanager_folder_iam_member.editor]
     instance_template {
       name = "sample-vm-{instance.tag}"
       platform_id = "standard-v3"
       resources {
         memory = 2
         cores  = 2
       }
   
       boot_disk {
         mode = "READ_WRITE"
         initialize_params {
           image_id = "fd8dlvgiatiqd8tt2qke"
         }
       }
   
       network_interface {
         network_id         = "${yandex_vpc_network.ig-network.id}"
         subnet_ids         = ["${yandex_vpc_subnet.ig-subnet-a.id}", "${yandex_vpc_subnet.ig-subnet-b.id}"]
         nat                = true
         ip_address         = "{ip_{instance.tag}}"
         nat_ip_address     = "{external_ip_{instance.tag}}"
       }
   
       metadata = {
         user-data = "#cloud-config\n      datasource:\n       Ec2:\n        strict_id: false\n      ssh_pwauth: no\n      users:\n      - name: <VM_user_name>\n        sudo: ALL=(ALL) NOPASSWD:ALL\n        shell: /bin/bash\n        ssh_authorized_keys:\n        - <public_SSH_key>\n      runcmd: []"
       }
     }
   
     variables = {
       ip_ru1-a1 = "192.168.2.5"
       external_ip_ru1-a1 = "${yandex_vpc_address.external-address-a1.external_ipv4_address[0].address}"
       ip_ru1-a2 = "192.168.2.15"
       external_ip_ru1-a2 = "${yandex_vpc_address.external-address-a2.external_ipv4_address[0].address}"
       ip_ru1-b1 = "192.168.1.5"
       external_ip_ru1-b1 = "${yandex_vpc_address.external-address-b1.external_ipv4_address[0].address}"
       ip_ru1-b2 = "192.168.1.15"
       external_ip_ru1-b2 = "${yandex_vpc_address.external-address-b2.external_ipv4_address[0].address}"
     }
   
     scale_policy {
       fixed_scale {
         size = 4
       }
     }
   
     allocation_policy {
       zones = ["ru-central1-a","ru-central1-b"]
       instance_tags_pool {
         zone = "ru-central1-a"
         tags = ["ru1-a1","ru1-a2"]
       }
       instance_tags_pool {
         zone = "ru-central1-b"
         tags = ["ru1-b1","ru1-b2"]
       }
     }
   
     deploy_policy {
       max_unavailable = 1
       max_expansion   = 0
     }
   }
   
   resource "yandex_iam_service_account" "ig-sa" {
     name        = "instance-group-sa"
     description = "Service account for managing an instance group."
   }
   
   resource "yandex_resourcemanager_folder_iam_member" "editor" {
     folder_id  = "<folder_ID>"
     role       = "editor"
     member     = "serviceAccount:${yandex_iam_service_account.ig-sa.id}"
     depends_on = [
       yandex_iam_service_account.ig-sa,
     ]
   }
   
   resource "yandex_vpc_network" "ig-network" {
     name = "ig-network"
   }
   
   resource "yandex_vpc_subnet" "ig-subnet-a" {
     name           = "ig-subnet-a"
     zone           = "ru-central1-a"
     network_id     = "${yandex_vpc_network.ig-network.id}"
     v4_cidr_blocks = ["192.168.2.0/24"]
   }
   
   resource "yandex_vpc_subnet" "ig-subnet-b" {
     name           = "ig-subnet-b"
     zone           = "ru-central1-b"
     network_id     = "${yandex_vpc_network.ig-network.id}"
     v4_cidr_blocks = ["192.168.1.0/24"]
   }
   
   resource "yandex_vpc_address" "external-address-a1" {
     name = "external-address-a1"
   
     external_ipv4_address {
       zone_id = "ru-central1-a"
     }
   }
   
   resource "yandex_vpc_address" "external-address-a2" {
     name = "external-address-a2"
   
     external_ipv4_address {
       zone_id = "ru-central1-a"
     }
   }
   
   resource "yandex_vpc_address" "external-address-b1" {
     name = "external-address-b1"
   
     external_ipv4_address {
       zone_id = "ru-central1-b"
     }
   }
   
   resource "yandex_vpc_address" "external-address-b2" {
     name = "external-address-b2"
   
     external_ipv4_address {
       zone_id = "ru-central1-b"
     }
   }
   

   Where:

   • yandex_compute_instance_group: Description of the instance group.

     • General information about the VM group:

       • name: VM group name.
       • folder_id: Folder ID.
       • service_account_id: Service account ID.
       • deletion_protection: Instance group protection against deletion, true or false. You cannot delete an instance group with this option enabled. The default value is false.

     • instance_template: VM template:

       • name: VM name containing the tag template, e.g., sample-vm-{instance.tag}. After inserting tag values into this template, the VM names will look like this: sample-vm-ru1-a1, sample-vm-ru1-b2, etc.

       • platform_id: Platform.

       • resources: Number of vCPU cores and RAM available to the VM. The values must match the selected platform.

       • boot_disk: Boot disk settings.

         • mode: Disk access mode, READ_ONLY or READ_WRITE.
         • image_id: ID of the selected image. You can get the image ID from the list of public images.

       • network_interface: Network settings:

         • subnet_ids: List of IDs for the subnets to host the VMs. You must specify one subnet in each availability zone where a group VM will be created.
         • nat: Specifies if a VM will have an assigned public IP address. The possible values are true and false.
         • ip_address: VM internal IP address. This is a template that will use the value from a variable specified for this VM in the variables section.
         • nat_ip_address: VM public IP address. This is a template that will use the value from a variable specified for this VM in the variables field.

       • metadata: In metadata, provide the VM user name and the public key to enable this user to access the VM via SSH.

         For more information, see VM metadata.

     • variables: Variables assigned to the instance group. This section contains a list of variables in <name> = <value> format to use in templates to provide IP addresses of the VMs you are creating to the instance group:

       • Variable name: Specify the name in <prefix>_<tag> format:

         • <prefix> defines the IP address type. For example, you can use the ip prefix for internal IP addresses and external_ip for public ones.

         • <tag> value must fully match the value of the relevant tag specified for this VM in the allocation_policy field, e.g., ru1-a1.

       • Variable value: This is either an internal or public IP address of the new VM.

         Internal IP addresses must belong to the IP address range allocated to the specified subnet in the respective availability zone.

         If you are not going to assign public IP addresses to the group instances, do not specify variables with the external_ip prefix.

       For more information about using variables in a VM template, see Variables in an instance template.

     • Policies:

       • deploy_policy: Deployment policy for instances in the group.
       • scale_policy: Scaling policy for instances in the group.
       • allocation_policy: Policy for allocating VM instances across availability zones and regions:

         • zones: Array containing the IDs of availability zones in which the VMs of the group will be created.

         • instance_tags_pool: List of unique tags for binding IP addresses to the VMs of the group. You need to specify it separately for each availability zone which will host your group instances.

           The values of tags specified in the tags array are used to generate VM names and variables containing IP addresses of the VMs. The number of tags specified in the tags array for an availability zone should match the number of VMs created in it. Examples of possible tag values: ru1-a1, ru1-b2, etc.

   • yandex_iam_service_account: Service account description. All operations in Instance Groups are performed on behalf of the service account.

     You cannot delete a service account while it is linked to an instance group.

   • yandex_resourcemanager_folder_iam_member: Description of access permissions to the folder the service account belongs to. To be able to create, update, and delete VM instances in the instance group, assign the editor role to the service account.

   • yandex_vpc_network: Description of the cloud network.

   • yandex_vpc_subnet: Description of the subnets to connect the VMs of the group to.

   • yandex_vpc_address: Description of the reserved static public IP address.

     Note

     If you already have suitable resources, such as a service account, cloud network, subnets, and reserved static IP addresses, you do not need to describe them again. Use their names and IDs in the appropriate parameters.

   For more information about the resources you can create with Terraform, see the provider documentation.

2. Create resources:

   1. In the terminal, change to the folder where you edited the configuration file.

   2. Make sure the configuration file is correct using the command:

      terraform validate
      

      If the configuration is correct, the following message is returned:

      Success! The configuration is valid.
      

   3. Run the command:

      terraform plan
      

      The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.

   4. Apply the configuration changes:

      terraform apply
      

   5. Confirm the changes: type yes in the terminal and press Enter.

   All the resources you need will then be created in the specified folder. You can check the new resources and their settings using the management console.

Use the create REST API method for the InstanceGroup resource or the InstanceGroupService/Create gRPC API call.