Prepare to Provision the Infrastructure Resources

Install Terraform and generate the required keys to create the infrastructure resources in Oracle Cloud.

Install Terraform

Terraform is a third-party tool that you can use to efficiently provision and manage resources in Oracle Cloud Infrastructure.

On UNIX-like or Linux systems, including Oracle Linux, you can install Terraform by downloading and extracting the Terraform package for your operating system.

Install Terraform version 0.12.16+ on a local computer.

  1. Go to
  2. Click the required version, and download the appropriate package depending on your operating system.
  3. Extract the package to the path /usr/local/bin/.
    You can extract Terraform to any other directory on your local host. Ensure that the directory is included in the PATH variable.
    Terraform is installed and ready to use.
  4. Verify the installation.
    terraform -v

    The Terraform version is displayed.

Generate an API Signing Key

To enable Terraform to authenticate with Oracle Cloud Infrastructure, you must provide an RSA key in the privacy-enhanced mail (PEM) format. This key is not the same as the SSH key that you use to access your compute instances.

  1. Create a hidden subdirectory in your home directory, to store the PEM key.
    mkdir ~/.oci
  2. Generate a private key (size: 2048 bits or higher).
    openssl genrsa -out ~/.oci/oci_api_key.pem 2048
  3. Change the permissions of the private key file to ensure that only you can read the key.
    chmod go-rwx ~/.oci/oci_api_key.pem
  4. Generate the public key for the private key.
    openssl rsa -pubout -in ~/.oci/oci_api_key.pem -out ~/.oci/oci_api_key_public.pem
You can store the keys in any directory of your choice.

Make a note of the location.

Upload the API Signing Key

After you generate an API signing key, upload the public key for the appropriate user in Oracle Cloud Infrastructure.

  1. Sign in to the Oracle Cloud Infrastructure web console.
  2. From the services menu, select Identity, and then select Users.
  3. On the Users page, click the user that you plan to specify in the Terraform configuration.
  4. On the user details page, click Add Public Key.
  5. Copy the public key value from the oci_api_key_public.pem file that you created earlier, and paste it in the PUBLIC KEY field.
  6. Click Add.
    The key is uploaded, and its fingerprint is displayed.
  7. Copy the fingerprint. You need it later.

Generate an SSH Key Pair for the Bastion Host

An SSH key pair is used to enable secure access to instances. You generate an key pair on your local host. The Terraform modules then add the public key to the bastion host. When you connect to the bastion host, you provide the private key to authenticate access.

  • Use the ssh-keygen utility and generate an SSH key pair. Don’t set a passphrase for the key pair.
    ssh-keygen -t rsa -N "" -b 2048 -C "key_name" -f path/root_name
    • -t rsa: Specifies that the key pair should be generated using the RSA algorithm

    • -N "": Specifies the passphrase that you want to associate with this key pair. Don’t enter anything between the quotation marks. Create the key pair without a passphrase.

    • -b 2048: Specifies that you want to generate a 2048-bit key. This value is the default (and the minimum recommended) value.

    • -C "key_name": Specifies the name of the key pair.

    • -f path/root_name: Specifies the directory where the key pair is saved and the root name for the public and private key. The public key has .pub appended to the root name.

The SSH key pair is generated and saved in the directory that you specified. Make a note of the full path and name of the key files.