Yandex Cloud
Search
Contact UsGet started
  • Blog
  • Pricing
  • Documentation
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • ML & AI
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Customer Stories
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
    • Yandex Cloud Partner program
  • Blog
  • Pricing
  • Documentation
© 2025 Direct Cursus Technology L.L.C.
Tutorials
    • All tutorials
    • Basic internet service architecture and protection
    • Cost analysis by resource using Object Storage
      • Getting started with Terraform
      • Terraform data sources
      • Uploading Terraform states to Object Storage
      • Getting started with Packer
      • Building a VM image with infrastructure tools using Packer
      • Locking Terraform states using Managed Service for YDB
      • Using Yandex Cloud modules in Terraform
      • Creating a VM and an instance group with a Container Optimized Image using Terraform
      • Transferring logs through Unified Agent HTTP input to Cloud Logging

In this article:

  • Prepare your cloud
  • Install and configure Terraform
  • Install Terraform
  • Get the authentication credentials
  • Create a Terraform configuration file
  • Configure your provider
  • Describe a data source
  • Check the result
  • See also
  1. Basic infrastructure
  2. Tools
  3. Terraform data sources

Terraform data sources

Written by
Yandex Cloud
Updated at May 7, 2025
  • Prepare your cloud
  • Install and configure Terraform
    • Install Terraform
    • Get the authentication credentials
    • Create a Terraform configuration file
    • Configure your provider
  • Describe a data source
  • Check the result
  • See also

Terraform data sources allow you to get up-to-date information about the existing cloud resources and use this data in your infrastructure configuration.

With the Yandex Cloud Terraform provider, you can get information about various cloud resources, including VMs, disks, cloud networks, etc.

Data sources are available as read only, which prevents any changes to external resources.

Let's use Terraform data sources to get an Ubuntu 22.04 LTS image ID from Cloud Marketplace.

To get an Ubuntu 22.04 LTS image ID using Terraform:

  1. Prepare your cloud.
  2. Install and configure Terraform.
  3. Describe the data source.
  4. Check the result.

Prepare your cloudPrepare your cloud

Sign up in Yandex Cloud and create a billing account:

  1. Navigate to the management console and log in to Yandex Cloud or register a new account.
  2. On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one and link a cloud to it.

If you have an active billing account, you can navigate to the cloud page to create or select a folder for your infrastructure to operate in.

Learn more about clouds and folders.

Install and configure TerraformInstall and configure Terraform

Install TerraformInstall Terraform

Windows
Linux
macOS

Use one of the following methods:

  • Download the Terraform distribution and follow this guide to install it.

  • Install Terraform using the Chocolatey package manager and the command below:

    choco install terraform
    

Download the Terraform distribution and follow this guide to install it.

Use one of the following methods:

  • Download the Terraform distribution and follow this guide to install it.

  • Install Terraform using the Homebrew package manager and the command below:

    brew install terraform
    

Get the authentication credentialsGet the authentication credentials

Use a service account to manage the Yandex Cloud infrastructure using Terraform. It will help you flexibly configure access permissions to resources.

You can also use Terraform under your Yandex account or a federated account, but this method is less secure. For more information, see the end of this section.

  1. If you do not have the Yandex Cloud CLI yet, install it.

  2. Set up the CLI profile to perform operations under the service account:

    CLI
    1. Create an authorized key for your service account and save the file:

      yc iam key create \
        --service-account-id <service_account_ID> \
        --folder-name <service_account_folder_name> \
        --output key.json
      

      Where:

      • service-account-id: Service account ID.
      • folder-name: Name of the folder in which the service account was created.
      • output: Name of the file with the authorized key.

      Result:

      id: aje8nn871qo4********
      service_account_id: ajehr0to1g8b********
      created_at: "2022-09-14T09:11:43.479156798Z"
      key_algorithm: RSA_2048
      
    2. Create a CLI profile to run operations on behalf of the service account. Name the profile:

      yc config profile create <profile_name>
      

      Result:

      Profile 'sa-terraform' created and activated
      
    3. Set the profile configuration:

      yc config set service-account-key key.json
      yc config set cloud-id <cloud_ID>
      yc config set folder-id <folder_ID>
      

      Where:

      • service-account-key: File with the service account authorized key.
      • cloud-id: Cloud ID.
      • folder-id: Folder ID.
  3. Add the credentials to the environment variables:

    Bash
    PowerShell
    export YC_TOKEN=$(yc iam create-token)
    export YC_CLOUD_ID=$(yc config get cloud-id)
    export YC_FOLDER_ID=$(yc config get folder-id)
    

    Where:

    • YC_TOKEN: IAM token.
    • YC_CLOUD_ID: Cloud ID.
    • YC_FOLDER_ID: Folder ID.
    $Env:YC_TOKEN=$(yc iam create-token)
    $Env:YC_CLOUD_ID=$(yc config get cloud-id)
    $Env:YC_FOLDER_ID=$(yc config get folder-id)
    

    Where:

    • YC_TOKEN: IAM token.
    • YC_CLOUD_ID: Cloud ID.
    • YC_FOLDER_ID: Folder ID.

    Note

    The IAM token lifetime does not exceed 12 hours; however, we recommend requesting it more often, such as once per hour.

Managing resources on behalf of a Yandex account or a federated account

Warning

Managing resources under a user's Yandex account or federated account is less secure than under a service account.

If you do not have the Yandex Cloud CLI yet, install and initialize it.

The folder specified when creating the CLI profile is used by default. To change the default folder, use the yc config set folder-id <folder_ID> command. You can specify a different folder using the --folder-name or --folder-id parameter.

If you use a federated account, authenticate with the CLI on behalf of the federated user.

Add the credentials to the environment variables:

Bash
PowerShell
export YC_TOKEN=$(yc iam create-token)
export YC_CLOUD_ID=$(yc config get cloud-id)
export YC_FOLDER_ID=$(yc config get folder-id)

Where:

  • YC_TOKEN: IAM token.
  • YC_CLOUD_ID: Cloud ID.
  • YC_FOLDER_ID: Folder ID.
$Env:YC_TOKEN=$(yc iam create-token)
$Env:YC_CLOUD_ID=$(yc config get cloud-id)
$Env:YC_FOLDER_ID=$(yc config get folder-id)

Where:

  • YC_TOKEN: IAM token.
  • YC_CLOUD_ID: Cloud ID.
  • YC_FOLDER_ID: Folder ID.

Note

The IAM token lifetime does not exceed 12 hours; however, we recommend requesting it more often, such as once per hour.

Create a Terraform configuration fileCreate a Terraform configuration file

  1. Create a directory with any name, for example, cloud-terraform. It will store the Terraform configuration files.
  2. Create a configuration file with the .tf extension in this directory, for example, example.tf.

Configure your providerConfigure your provider

Note

These settings apply to Terraform 0.13 and higher. We recommend using the latest stable version of Terraform.

  1. If you previously configured a provider from the HashiCorp registry, save its settings:

    Linux/macOS
    Windows
    mv ~/.terraformrc ~/.terraformrc.old
    
    mv $env:APPDATA/terraform.rc $env:APPDATA/terraform.rc.old
    
  2. Specify the source the provider will be installed from.

    Linux/macOS
    Windows

    Open the Terraform CLI configuration file:

    nano ~/.terraformrc
    

    Note

    The .terraformrc file must be in the user's home root folder, e.g., /home/user/ or /User/user/.

    Open the Terraform CLI configuration file named terraform.rc in your user's %APPDATA% folder.

    To find out the absolute path to the %APPDATA% folder, run the echo %APPDATA% command for cmd or the $env:APPDATA command for PowerShell.

    Add the following section to the file:

    provider_installation {
      network_mirror {
        url = "https://terraform-mirror.yandexcloud.net/"
        include = ["registry.terraform.io/*/*"]
      }
      direct {
        exclude = ["registry.terraform.io/*/*"]
      }
    }
    

    For more information about setting up mirrors, see the documentation.

  3. Add the following sections at the top of the .tf configuration file:

    terraform {
      required_providers {
        yandex = {
          source = "yandex-cloud/yandex"
        }
      }
      required_version = ">= 0.13"
    }
    
    provider "yandex" {
      zone = "<default_availability_zone>"
    }
    

    Where:

    • source: Provider's global source address.
    • required_version: Minimum Terraform version the provider is compatible with.
    • provider: Provider name.
    • zone: Availability zone where all cloud resources will be created by default.
  4. Run the terraform init command in the folder containing the .tf configuration file. This command initializes the providers specified in the configuration files and allows you to work with the provider resources and data sources.

If the provider installation failed, create a support request stating provider name and version.

If you used the .terraform.lock.hcl file, prior to the initialization, run the terraform providers lock command specifying the URL of the mirror to upload the provider from and the platforms the configuration will run on:

terraform providers lock -net-mirror=https://terraform-mirror.yandexcloud.net -platform=<platform_1_name> -platform=<platform_2_name> yandex-cloud/yandex

Where:

  • -net-mirror: Address of the mirror to upload the provider from.
  • -platform: Platforms to use the configuration on. The possible values include:
    • windows_amd64: 64-bit Windows
    • linux_amd64: 64-bit Linux
    • darwin_arm64: 64-bit macOS

If you used the Terraform modules, first run terraform init, then delete the lock file. After that, run the terraform providers lock command.

For more information about the terraform providers lock command, see the Terraform documentation.

Describe a data sourceDescribe a data source

Tip

In the Terraform code, data sources are defined using the data block.

  1. In the configuration file, paste this code after the provider settings:

    data "yandex_compute_image" "my_image" {
      family = "ubuntu-2204-lts"
    }
    
    output "my_image_id" {
      value = data.yandex_compute_image.my_image.id
    }
    

    Where:

    • data "yandex_compute_image": Disk image description as a data source:
      • family: Image family.
    • output "resource_active": Output variable with information about the current image ID for the specified family:
      • value: Returned value.

    For more information about the yandex_compute_image data source parameters, see the provider documentation.

  2. Create resources:

    1. In the terminal, change to the folder where you edited the configuration file.

    2. Make sure the configuration file is correct using the command:

      terraform validate
      

      If the configuration is correct, the following message is returned:

      Success! The configuration is valid.
      
    3. Run the command:

      terraform plan
      

      The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.

    4. Apply the configuration changes:

      terraform apply
      
    5. Confirm the changes: type yes in the terminal and press Enter.

    Terraform will create the required resources and display the output variable values in the terminal.

Check the resultCheck the result

To check the results, run:

terraform output

Result:

my_image_id = "fd8li2lvvfc6bdj4c787"

Then you can use this ID to create a VM, e.g.:

resource "yandex_compute_disk" "boot-disk" {
  name     = "<disk_name>"
  type     = "<disk_type>"
  zone     = "<availability_zone>"
  size     = "<disk_size>"
  image_id = data.yandex_compute_image.my_image.id
}

...

See alsoSee also

  • Getting started with Terraform.
  • Uploading Terraform states to Object Storage.
  • Locking Terraform states using Managed Service for YDB.
  • Using Yandex Cloud modules in Terraform.

Was the article helpful?

Previous
Getting started with Terraform
Next
Uploading Terraform states to Object Storage
© 2025 Direct Cursus Technology L.L.C.