Contact UsTry it for free
© 2026 Direct Cursus Technology L.L.C.

Terraform data sources

Written by
Updated at May 6, 2026

Terraform data sources allow you to get up-to-date information about the existing cloud resources and use this data in your infrastructure configuration.

With the Yandex Cloud Terraform provider, you can get information about various cloud resources, including VMs, disks, cloud networks, etc.

Data sources are available as read only, which prevents any changes to external resources.

Let's use Terraform data sources to get an Ubuntu 22.04 LTS image ID from Cloud Marketplace.

To get an Ubuntu 22.04 LTS image ID using Terraform:

  1. Get your cloud ready.
  2. Install and configure Terraform.
  3. Describe the data source.
  4. Check the result.

Get your cloud ready

Sign up for Yandex Cloud and create a billing account:

  1. Navigate to the management console and log in to Yandex Cloud or create a new account.
  2. On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one and link a cloud to it.

If you have an active billing account, you can create or select a folder for your infrastructure on the cloud page.

Learn more about clouds and folders here.

Install and configure Terraform

Install Terraform

Use one of the following methods:

Use one of the following methods:

Get the authentication credentials

Use a service account to manage the Yandex Cloud infrastructure via Terraform. It will help you flexibly configure access permissions to resources.

You can also use Terraform under your Yandex account, as well as a federated or local user account, but this method is less secure. For more information, see the end of this section.

  1. If you do not have the Yandex Cloud CLI yet, install it.

  2. Set up the CLI profile to run operations under the service account:

    1. Create an authorized key for your service account and save it to the file:

      yc iam key create \
  --service-account-id <service_account_ID> \
  --folder-name <service_account_folder_name> \
  --output key.json

      Where:

      • service-account-id: Service account ID.
      • folder-name: Name of the folder in which the service account was created.
      • output: Name of the file with the authorized key.

      Result:

      id: aje8nn871qo4********
service_account_id: ajehr0to1g8b********
created_at: "2022-09-14T09:11:43.479156798Z"
key_algorithm: RSA_2048

    2. Create a CLI profile to run operations on behalf of the service account. Name the profile:

      yc config profile create <profile_name>

      Result:

      Profile 'sa-terraform' created and activated

    3. Configure the profile:

      yc config set service-account-key key.json
yc config set cloud-id <cloud_ID>
yc config set folder-id <folder_ID>

      Where:

      • service-account-key: Service account authorized key file.
      • cloud-id: Cloud ID.
      • folder-id: Folder ID.

  3. Add your credentials to the environment variables:

    export YC_TOKEN=$(yc iam create-token)
export YC_CLOUD_ID=$(yc config get cloud-id)
export YC_FOLDER_ID=$(yc config get folder-id)

    Where:

    • YC_TOKEN: IAM token.
    • YC_CLOUD_ID: Cloud ID.
    • YC_FOLDER_ID: Folder ID.
    $Env:YC_TOKEN=$(yc iam create-token)
$Env:YC_CLOUD_ID=$(yc config get cloud-id)
$Env:YC_FOLDER_ID=$(yc config get folder-id)

    Where:

    • YC_TOKEN: IAM token.
    • YC_CLOUD_ID: Cloud ID.
    • YC_FOLDER_ID: Folder ID.

    Note

    The IAM token lifetime does not exceed 12 hours; however, we recommend requesting a token more often, e.g., every hour.

Managing resources under a Yandex account, local account, or federated account

Warning

Managing resources under a user's Yandex account, local account, or federated account is less secure than under a service account.

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder used by default is the one specified when creating the CLI profile. To change the default folder, use the yc config set folder-id <folder_ID> command. You can also specify a different folder for any command using --folder-name or --folder-id. If you access a resource by its name, the search will be limited to the default folder. If you access a resource by its ID, the search will be global, i.e., through all folders based on access permissions.

If you use a federated or local account, get authenticated in the CLI:

Add your credentials to the environment variables:

export YC_TOKEN=$(yc iam create-token)
export YC_CLOUD_ID=$(yc config get cloud-id)
export YC_FOLDER_ID=$(yc config get folder-id)

Where:

  • YC_TOKEN: IAM token.
  • YC_CLOUD_ID: Cloud ID.
  • YC_FOLDER_ID: Folder ID.
$Env:YC_TOKEN=$(yc iam create-token)
$Env:YC_CLOUD_ID=$(yc config get cloud-id)
$Env:YC_FOLDER_ID=$(yc config get folder-id)

Where:

  • YC_TOKEN: IAM token.
  • YC_CLOUD_ID: Cloud ID.
  • YC_FOLDER_ID: Folder ID.

Note

The IAM token lifetime does not exceed 12 hours; however, we recommend requesting a token more often, e.g., every hour.

Create a Terraform configuration file

  1. Create a directory with any name, for example, cloud-terraform. It will store the Terraform configuration files.
  2. Create a configuration file with the .tf extension in this directory, for example, example.tf.

Configure your provider

Note

These settings apply to Terraform 0.13 and higher. We recommend using the latest stable version of Terraform.

  1. If you previously configured a provider from the HashiCorp registry, save its settings:

    mv ~/.terraformrc ~/.terraformrc.old

    mv $env:APPDATA/terraform.rc $env:APPDATA/terraform.rc.old

  2. Specify the source the provider will be installed from.

    Open the Terraform CLI configuration file:

    nano ~/.terraformrc

    Note

    The .terraformrc file must be in the user's home root folder, e.g., /home/user/ or /User/user/.

    Open the Terraform CLI terraform.rc configuration file in your user's %APPDATA% folder.

    To find out the absolute path to the %APPDATA% folder, run the echo %APPDATA% command for cmd or the $env:APPDATA command for PowerShell.

    Add the following section to the file:

    provider_installation {
  network_mirror {
    url = "https://terraform-mirror.yandexcloud.net/"
    include = ["registry.terraform.io/*/*"]
  }
  direct {
    exclude = ["registry.terraform.io/*/*"]
  }
}

    For more information about setting up mirrors, see the documentation.

  3. At the beginning of the .tf configuration file, add the following sections:

    terraform {
  required_providers {
    yandex = {
      source = "yandex-cloud/yandex"
    }
  }
  required_version = ">= 0.13"
}

provider "yandex" {
  zone = "<default_availability_zone>"
}

    Where:

    • source: Provider's global source address.
    • required_version: Minimum Terraform version the provider is compatible with.
    • provider: Provider name.
    • zone: Default availability zone for all your cloud resources.

  4. Run the terraform init command in the folder with the .tf configuration file. This command initializes the providers specified in the configuration files and allows you to work with the provider resources and data sources.

If the provider installation failed, create a support request indicating the provider name and version.

If you used the .terraform.lock.hcl file, run the terraform providers lock command prior to the initialization specifying the URL of the mirror to upload the provider from and the platforms the configuration will run on:

terraform providers lock -net-mirror=https://terraform-mirror.yandexcloud.net -platform=<platform_name_1> -platform=<platform_name_2> yandex-cloud/yandex

Where:

  • -net-mirror: Address of the mirror to upload the provider from.
  • -platform: Platforms to use the configuration on. The possible values are:
    • windows_amd64: Windows 64-bit.
    • linux_amd64: Linux 64-bit.
    • darwin_arm64: macOS 64-bit.

If you used the Terraform modules, first run terraform init, then delete the lock file. After that, run the terraform providers lock command.

For more information about the terraform providers lock command, see this Terraform article.

Describe a data source

Tip

In the Terraform code, data sources are defined using the data block.

  1. In the configuration file, paste this code after the provider settings:

    data "yandex_compute_image" "my_image" {
  family = "ubuntu-2204-lts"
}

output "my_image_id" {
  value = data.yandex_compute_image.my_image.id
}

    Where:

    • data "yandex_compute_image": Disk image description as a data source:
    • output "resource_active": Output variable with information about the current image ID for the specified family:
      • value: Return value.

    For more information about the yandex_compute_image data source parameters, see the relevant provider documentation.

  2. Create the resources:

    1. In the terminal, navigate to the configuration file directory.

    2. Make sure the configuration is correct using this command:

      terraform validate

      If the configuration is valid, you will get this message:

      Success! The configuration is valid.

    3. Run this command:

      terraform plan

      You will see a list of resources and their properties. No changes will be made at this step. Terraform will show any errors in the configuration.

    4. Apply the configuration changes:

      terraform apply

    5. Type yes and press Enter to confirm the changes.

    Terraform will create the required resources and display their output variables.

Check the result

To check the results, run this command:

terraform output

Result:

my_image_id = "fd8li2lvvfc6bdj4c787"

Then you can use this ID to create a VM, e.g.:

resource "yandex_compute_disk" "boot-disk" {
  name     = "<disk_name>"
  type     = "<disk_type>"
  zone     = "<availability_zone>"
  size     = "<disk_size>"
  image_id = data.yandex_compute_image.my_image.id
}

...

See also

Previous
Getting started with Terraform
Next
Uploading Terraform states to Object Storage