Resource Orchestration Service (ROS) provides Terraform as a managed service, supporting multiple Terraform versions, ROS features, API operations, and resources from Alibaba Cloud, AWS, and Azure.
ROS version support
The following table lists the Terraform and provider versions supported by ROS.
|
Terraform version |
Provider version |
|
0.12.28 |
|
|
0.15.3 |
|
|
1.0.11 |
|
|
1.1.9 |
|
|
1.2.9 |
|
|
1.3.10 |
|
|
1.4.7 |
|
|
1.5.7 |
|
|
1.6.3 |
|
|
1.7.5 |
|
|
1.8.5 |
|
ROS regularly updates supported versions. Call GetFeatureDetails to query the latest supported Terraform versions.
Supported ROS features
|
Feature |
Supported |
Unsupported |
|
Stack |
|
Rollback on failure, stack policies, controlled replacements, drift correction, signal notifications, and more. |
|
Stack group |
|
None. |
|
Template |
|
None. |
|
Resource scenario |
|
None. |
|
Others |
|
Managing resource types |
Supported ROS API operations
|
Feature |
API operation |
|
Stack |
PreviewStack, CreateStack, ContinueCreateStack, UpdateStack, DeleteStack, GetStack, ListStacks, ListStackResources, GetStackResource, ListStackEvents, SetDeletionProtection, ListStackOperationRisks, CancelUpdateStack, and CancelStackOperation Note
If you set the StackType parameter to Terraform when you call the GetStack or ListStacks operation, Terraform stacks are queried. |
|
Change set and resource import |
CreateChangeSet, ExecuteChangeSet, DeleteChangeSet, GetChangeSet, and ListChangeSets |
|
Drift detection |
DetectStackDrift, DetectStackGroupDrift, GetStackDriftDetectionStatus, and ListStackResourceDrifts Note
You cannot call the DetectStackResourceDrift operation to detect drift on multiple resources at the same time. |
|
Stack group |
CreateStackGroup, UpdateStackGroup, DeleteStackGroup, GetStackGroup, ListStackGroups, CreateStackInstances, UpdateStackInstances, DeleteStackInstances, GetStackInstance, ListStackInstances, StopStackGroupOperation, GetStackGroupOperation, ListStackGroupOperations, and ListStackGroupOperationResults |
|
Template |
CreateTemplate, UpdateTemplate, DeleteTemplate, GetTemplate, ListTemplates, ListTemplateVersions, SetTemplatePermission, ValidateTemplate, GetTemplateEstimateCost, GetTemplateSummary, GetTemplateParameterConstraints, and GenerateTemplatePolicy |
|
Resource scenario |
CreateTemplateScratch, DeleteTemplateScratch, UpdateTemplateScratch, ListTemplateScratches, GetTemplateScratch, and GenerateTemplateByScratch |
|
Tag |
TagResources, UntagResources, ListTagKeys, ListTagValues, and ListTagResources |
|
Resource group |
MoveResourceGroup |
|
Others |
GetServiceProvisions and GetFeatureDetails |
Supported resources
Terraform in ROS supports resources from the following cloud service providers:
-
Alibaba Cloud resources, documented in the Alibaba Cloud Provider reference.
Note-
You can use the Terraform online debugging tool.
-
ROS provides a default provider that uses the temporary AccessKey pair or STS credential of your account and the region ID of your stack.
The following section lists resources that support price inquiries, system tags, custom tag propagation, resource group propagation, and risk detection.
NoteCall GetFeatureDetails to query which resource types support price inquiries, system tags, custom tag propagation, resource group propagation, and risk detection.
-
Resources that support price inquiries
-
Elastic Compute Service (ECS): alicloud_instance, alicloud_ecs_disk, alicloud_disk, alicloud_ecs_dedicated_host, and alicloud_ecs_instance_set
-
Virtual Private Cloud (VPC): alicloud_eip_address, alicloud_eip, alicloud_common_bandwidth_package, alicloud_nat_gateway, alicloud_vpn_gateway, alicloud_eipanycast_anycast_eip_address, alicloud_vpc_ipv6_gateway, and alicloud_router_interface
-
Server Load Balancer (SLB): alicloud_slb_load_balancer and alicloud_slb
-
ApsaraDB RDS: alicloud_db_instance and alicloud_db_readonly_instance
-
Tair (Redis OSS-compatible): alicloud_kvstore_instance
-
PolarDB: alicloud_polardb_cluster
-
ApsaraDB for MongoDB: alicloud_mongodb_instance, alicloud_mongodb_serverless_instance, and alicloud_mongodb_sharding_instance
-
Cloud Enterprise Network (CEN): alicloud_cen_bandwidth_package
-
Alibaba Cloud Marketplace: alicloud_market_order
-
PolarDB-X 1.0: alicloud_drds_instance
-
Elastic Container Instance: alicloud_eci_container_group and alicloud_eci_image_cache
-
E-MapReduce (EMR): alicloud_emr_cluster
-
Elasticsearch: alicloud_elasticsearch_instance
-
Serverless App Engine (SAE): alicloud_sae_application
-
AnalyticDB for PostgreSQL: alicloud_gpdb_elastic_instance and alicloud_gpdb_instance
-
Global Accelerator (GA): alicloud_ga_accelerator
-
AnalyticDB for MySQL: alicloud_adb_cluster, alicloud_adb_db_cluster, and alicloud_adb_db_cluster_lake_version
-
File Storage NAS (NAS): alicloud_nas_file_system
-
ApsaraMQ for Kafka: alicloud_alikafka_instance
-
Microservices Engine (MSE): alicloud_mse_cluster
-
Application Load Balancer (ALB): alicloud_alb_load_balancer
-
Data Transmission Service (DTS): alicloud_dts_migration_instance and alicloud_dts_synchronization_instance
-
Elastic Desktop Service (EDS): alicloud_ecd_desktop
-
ROS: alicloud_ros_stack
-
Container Service for Kubernetes (ACK): alicloud_cs_kubernetes, alicloud_cs_edge_kubernetes, alicloud_cs_managed_kubernetes, and alicloud_cs_serverless_kubernetes
-
Time Series Database (TSDB): alicloud_tsdb_instance
-
Elastic High Performance Computing (E-HPC): alicloud_ehpc_cluster
-
ApsaraDB for ClickHouse: alicloud_click_house_db_cluster
-
Web Application Firewall (WAF): alicloud_waf_instance
-
CDDC: alicloud_cddc_dedicated_host.
-
PolarDB-X: alicloud_drds_instance.
-
AMQP: alicloud_amqp_instance.
-
ApiGateway: alicloud_api_gateway_instance.
-
-
Resources that support system tags
-
ECS: alicloud_instance, alicloud_ecs_disk, alicloud_disk, alicloud_ecs_dedicated_host, alicloud_security_group, alicloud_key_pair, alicloud_ecs_launch_template, alicloud_ecs_network_interface, alicloud_image_copy, alicloud_image, alicloud_ecs_snapshot, alicloud_launch_template, alicloud_snapshot, alicloud_snapshot_policy, alicloud_network_interface, alicloud_ecs_instance_set, alicloud_ecs_auto_snapshot_policy, alicloud_ecs_dedicated_host_cluster, alicloud_ecs_key_pair, alicloud_ecs_activation, alicloud_ecs_capacity_reservation, alicloud_ecs_command, alicloud_ecs_elasticity_assurance, alicloud_ecs_image_component, alicloud_ecs_image_pipeline, alicloud_ecs_invocation, alicloud_ecs_snapshot_group, and alicloud_ecs_storage_capacity_unit
-
VPC: alicloud_eip_address, alicloud_eip, alicloud_common_bandwidth_package, alicloud_nat_gateway, alicloud_vpn_gateway, alicloud_vpc, alicloud_vswitch, alicloud_route_table, and alicloud_vpc_ipv6_gateway
-
SLB: alicloud_slb_load_balancer, alicloud_slb, alicloud_slb_acl, and alicloud_slb_server_certificate
-
ApsaraDB RDS: alicloud_db_instance, alicloud_db_readonly_instance, alicloud_rds_clone_db_instance, and alicloud_rds_upgrade_db_instance
-
The resource type for Redis is alicloud_kvstore_instance.
-
PolarDB: alicloud_polardb_cluster
-
ApsaraDB for MongoDB: alicloud_mongodb_instance, alicloud_mongodb_serverless_instance, and alicloud_mongodb_sharding_instance
-
CEN: alicloud_cen_flowlog, alicloud_cen_instance, alicloud_cen_transit_router_ecr_attachment, alicloud_cen_transit_router_multicast_domain, alicloud_cen_transit_router_peer_attachment, alicloud_cen_transit_router_route_table, alicloud_cen_transit_router_vbr_attachment, alicloud_cen_transit_router_vpc_attachment, alicloud_cen_transit_router_vpn_attachment, alicloud_cen_transit_router, and alicloud_cen_bandwidth_package.
-
Elasticsearch: alicloud_elasticsearch_instance
-
AnalyticDB for PostgreSQL: alicloud_gpdb_elastic_instance and alicloud_gpdb_instance
-
Certificate Management Service: alicloud_cas_certificate and alicloud_ssl_certificates_service_certificate
-
Object Storage Service (OSS): alicloud_oss_bucket
-
Alibaba Cloud DNS PrivateZone: alicloud_pvtz_zone
-
Anti-DDoS: alicloud_ddosbgp_instance and alicloud_ddoscoo_instance
-
Bastionhost (BH): alicloud_bastionhost_instance
-
Auto Scaling: alicloud_ess_scaling_group
-
ROS: alicloud_ros_template, alicloud_ros_stack, and alicloud_ros_stack_group
-
ApsaraMQ for Kafka: alicloud_alikafka_instance, alicloud_alikafka_consumer_group, and alicloud_alikafka_topic
-
Alibaba Cloud DNS: alicloud_alidns_domain
-
DTS: alicloud_dts_migration_instance and alicloud_dts_synchronization_instance
-
ACK: alicloud_cs_managed_kubernetes, alicloud_cs_serverless_kubernetes, alicloud_cs_edge_kubernetes, and alicloud_cs_kubernetes
-
ALB: alicloud_alb_security_policy, alicloud_alb_server_group, alicloud_alb_acl, alicloud_alb_load_balancer, alicloud_alb_health_check_template, alicloud_alb_listener, and alicloud_alb_rule
-
ApsaraMQ for RocketMQ: alicloud_ons_instance
-
NAS: alicloud_nas_file_system
-
ApsaraDB for MyBase: alicloud_cddc_dedicated_host
-
YunDun: alicloud_yundun_dbaudit_instance.
-
Function Compute: alicloud_fc_service
-
AnalyticDB for MySQL: alicloud_adb_cluster and alicloud_adb_db_cluster_lake_version
-
Alibaba Cloud CDN (CDN): alicloud_cdn_domain_new
-
ApsaraDB for HBase: alicloud_hbase_instance
-
E-HPC: alicloud_ehpc_cluster
-
Application Real-Time Monitoring Service (ARMS): alicloud_arms_grafana_workspace and alicloud_arms_prometheus
-
BP Studio: alicloud_bp_studio_application.
-
Compute Nest: alicloud_compute_nest_service_instance
-
Elastic Accelerated Computing Instances (EAIS): alicloud_eais_instance
-
OOS: alicloud_oos_template and alicloud_oos_execution.
-
PolarDB-X: alicloud_drds_instance.
-
ApiGateway: alicloud_api_gateway_group and alicloud_api_gateway_instance.
-
VOD: alicloud_vod_domain.
-
HBR: alicloud_hbr_ecs_backup_client.
-
EBS: alicloud_ebs_solution_instance and alicloud_ebs_disk_replica_pair
-
EFLO: alicloud_eflo_vpd.
-
SAE: alicloud_sae_application.
-
-
Resources that support propagation of custom stack tags
-
ECS: alicloud_instance, alicloud_ecs_disk, alicloud_disk, alicloud_ecs_dedicated_host, alicloud_security_group, alicloud_key_pair, alicloud_ecs_launch_template, alicloud_ecs_network_interface, alicloud_image_copy, alicloud_image, alicloud_ecs_snapshot, alicloud_launch_template, alicloud_snapshot, alicloud_network_interface, alicloud_ecs_key_pair, alicloud_ecs_instance_set, alicloud_ecs_auto_snapshot_policy, alicloud_snapshot_policy, alicloud_ecs_dedicated_host_cluster, alicloud_ecs_activation, alicloud_ecs_capacity_reservation, alicloud_ecs_command, alicloud_ecs_elasticity_assurance, alicloud_ecs_image_component, alicloud_ecs_image_pipeline, alicloud_ecs_invocation, alicloud_ecs_snapshot_group, and alicloud_ecs_storage_capacity_unit
-
VPC: alicloud_eip_address, alicloud_eip, alicloud_common_bandwidth_package, alicloud_nat_gateway, alicloud_vpn_gateway, alicloud_vpc, alicloud_vswitch, alicloud_vpc_ipv6_gateway, and alicloud_route_table
-
SLB: alicloud_slb_load_balancer, alicloud_slb, alicloud_slb_server_certificate, and alicloud_slb_acl
-
ApsaraDB RDS: alicloud_db_instance, alicloud_db_readonly_instance, alicloud_rds_clone_db_instance, and alicloud_rds_upgrade_db_instance
-
The resource type for Redis is alicloud_kvstore_instance.
-
PolarDB: alicloud_polardb_cluster
-
ApsaraDB for MongoDB: alicloud_mongodb_instance, alicloud_mongodb_serverless_instance, and alicloud_mongodb_sharding_instance
-
CEN: alicloud_cen_bandwidth_package, alicloud_cen_flowlog, alicloud_cen_instance, alicloud_cen_transit_router_ecr_attachment, alicloud_cen_transit_router_multicast_domain, alicloud_cen_transit_router_peer_attachment, alicloud_cen_transit_router_route_table, alicloud_cen_transit_router_vbr_attachment, alicloud_cen_transit_router_vpc_attachment, alicloud_cen_transit_router_vpn_attachment, and alicloud_cen_transit_router
-
PolarDB-X 1.0: alicloud_drds_instance
-
EMR: alicloud_emr_cluster
-
Elasticsearch: alicloud_elasticsearch_instance
-
AnalyticDB for PostgreSQL: alicloud_gpdb_elastic_instance and alicloud_gpdb_instance
-
AnalyticDB for MySQL: alicloud_adb_db_cluster, alicloud_adb_cluster, and alicloud_adb_db_cluster_lake_version
-
ALB: alicloud_alb_acl, alicloud_alb_server_group, alicloud_alb_load_balancer, alicloud_alb_security_policy, alicloud_alb_health_check_template, alicloud_alb_listener, and alicloud_alb_rule
-
Alibaba Cloud DNS: alicloud_alidns_domain, alicloud_dns_domain, and alicloud_dns
-
BastionHost: alicloud_bastionhost_instance.
-
Certificate Management Service: alicloud_cas_certificate and alicloud_ssl_certificates_service_certificate
-
CDDC: alicloud_cddc_dedicated_host.
-
CDN: alicloud_cdn_domain_new
-
ACK: alicloud_cs_kubernetes, alicloud_cs_edge_kubernetes, alicloud_cs_managed_kubernetes, and alicloud_cs_serverless_kubernetes
-
Edge Security Acceleration (ESA): alicloud_dcdn_domain and alicloud_dcdn_ipa_domain
-
Anti-DDoS: alicloud_ddosbgp_instance and alicloud_ddoscoo_instance
-
DTS: alicloud_dts_synchronization_instance and alicloud_dts_migration_instance
-
Cloud Backup: alicloud_hbr_replication_vault, alicloud_hbr_vault, alicloud_hbr_hana_instance, and alicloud_hbr_ecs_backup_client
-
ApsaraDB for HBase: alicloud_hbase_instance
-
ApsaraMQ for Kafka: alicloud_alikafka_instance, alicloud_alikafka_topic, and alicloud_alikafka_consumer_group
-
NAS: alicloud_nas_file_system
-
CloudOps Orchestration Service (OOS): alicloud_oos_template and alicloud_oos_execution
-
Alibaba Cloud DNS PrivateZone: alicloud_pvtz_zone
-
ROS: alicloud_ros_template and alicloud_ros_stack
-
SAE: alicloud_sae_application
-
Database Audit: alicloud_yundun_dbaudit_instance.
-
API Gateway: alicloud_api_gateway_group, alicloud_api_gateway_api, alicloud_api_gateway_app, alicloud_api_gateway_instance, and alicloud_api_gateway_plugin
-
Function Compute: alicloud_fc_service
-
Auto Scaling: alicloud_ess_scaling_group
-
OSS: alicloud_oss_bucket
-
ApsaraVideo VOD (VOD): alicloud_vod_domain
-
ApsaraMQ for RocketMQ: alicloud_ons_instance
-
IoT Platform: alicloud_amqp_instance.
-
ARMS: alicloud_arms_grafana_workspace and alicloud_arms_prometheus
-
CADT: alicloud_bp_studio_application
-
Compute Nest: alicloud_compute_nest_service_instance
-
EAIS: alicloud_eais_instance
-
Elastic Block Storage (EBS): alicloud_ebs_dedicated_block_storage_cluster, alicloud_ebs_disk_replica_group, alicloud_ebs_disk_replica_pair, alicloud_ebs_enterprise_snapshot_policy, and alicloud_ebs_solution_instance
-
EFLO: alicloud_eflo_subnet and alicloud_eflo_vpd.
-
ROS: alicloud_ros_stack_group and alicloud_ros_stack.
-
ECI: alicloud_eci_container_group and alicloud_eci_image_cache.
-
EDAS: alicloud_edas_application.
To propagate custom stack tags to resources owned by a RAM user or RAM role, attach the
AliyunTagAdministratorAccesssystem policy and allow theoss:GetBucketTaggingaction. Sample custom RAM policy:{ "Version": "1", "Statement": [ { "Action": [ "tag:*", "*:ListTagResources", "*:TagResources", "*:UntagResources", "*:UnTagResources", "vod:TagVodResources", "vod:UnTagVodResources", "dcdn:TagDcdnResources", "dcdn:UntagDcdnResources", "ecs:DescribeResourceByTags", "*:DescribeTags", "*:DescribeTagKeys", "*:ListTagKeys", "*:ListTagValues", "ecs:AddTags", "ecs:RemoveTags", "slb:AddTags", "slb:RemoveTags", "rds:AddTagsToResource", "rds:DescribeDBInstanceByTags", "rds:RemoveTagsFromResource", "oss:PutBucketTagging", "oss:GetBucketTagging", "oss:DeleteBucketTagging", "oss:GetBucketTagging", "live:TagLiveResources", "live:ListLiveTagResources", "live:UnTagLiveResources" ], "Resource": "*", "Effect": "Allow" } ] } -
-
Resources that support propagation of stack resource groups
NoteTo propagate stack resource groups to resources owned by a RAM user or RAM role, grant the required permissions. Supported services are listed in Services that work with Resource Group.
-
ECS: alicloud_instance, alicloud_ecs_disk, alicloud_disk, alicloud_ecs_dedicated_host, alicloud_security_group, alicloud_key_pair, alicloud_ecs_launch_template, alicloud_ecs_network_interface, alicloud_image_copy, alicloud_image, alicloud_snapshot, alicloud_ecs_key_pair, alicloud_launch_template, alicloud_ecs_instance_set, alicloud_snapshot_policy, alicloud_network_interface, alicloud_ecs_auto_snapshot_policy, alicloud_ecs_snapshot, and alicloud_ecs_invocation
-
VPC: alicloud_vpc, alicloud_common_bandwidth_package, alicloud_eip_address, and alicloud_eip
-
SLB: alicloud_slb_load_balancer, alicloud_slb_server_certificate, alicloud_slb_acl, and alicloud_slb
-
ApsaraDB RDS: alicloud_db_instance, alicloud_db_readonly_instance, alicloud_rds_upgrade_db_instance, and alicloud_rds_clone_db_instance
-
Tair (Redis OSS-compatible): alicloud_kvstore_instance
-
PolarDB: alicloud_polardb_cluster
-
ApsaraDB for MongoDB: alicloud_mongodb_instance, alicloud_mongodb_serverless_instance, and alicloud_mongodb_sharding_instance
-
Elastic Container Instance: alicloud_eci_container_group and alicloud_eci_image_cache
-
PolarDB-X 1.0: alicloud_drds_instance
-
EMR: alicloud_emr_cluster
-
Elasticsearch: alicloud_elasticsearch_instance
-
Certificate Management Service: alicloud_cas_certificate and alicloud_ssl_certificates_service_certificate
-
ROS: alicloud_ros_stack, alicloud_ros_stack_group, and alicloud_ros_template
-
Alibaba Cloud DNS PrivateZone: alicloud_pvtz_zone
-
ACK: alicloud_cs_kubernetes, alicloud_cs_edge_kubernetes, alicloud_cs_managed_kubernetes, and alicloud_cs_serverless_kubernetes
-
ApsaraDB for HBase: alicloud_hbase_instance
-
ALB: alicloud_alb_acl, alicloud_alb_security_policy, alicloud_alb_load_balancer, alicloud_alb_server_group, and alicloud_alb_health_check_template
-
OOS: alicloud_oos_state_configuration, alicloud_oos_template, alicloud_oos_secret_parameter, and alicloud_oos_parameter
-
DNS: alicloud_dns_domain, alicloud_dns, alicloud_alidns_gtm_instance, and alicloud_alidns_domain
-
Anti-DDoS: alicloud_ddoscoo_instance and alicloud_ddosbgp_instance
-
BH: alicloud_bastionhost_instance
-
Enterprise Distributed Application Service (EDAS): alicloud_edas_k8s_application, alicloud_edas_cluster, alicloud_edas_k8s_cluster, and alicloud_edas_application
-
CDN: alicloud_cdn_domain_new
-
WAF: alicloud_waf_domain
-
ApsaraDB for Cassandra: alicloud_cassandra_cluster
-
ESA: alicloud_dcdn_domain and alicloud_dcdn_ipa_domain
-
OpenSearch: alicloud_open_search_app_group
-
DataBase Audit: alicloud_yundun_dbaudit_instance
-
Cloud Backup: alicloud_hbr_vault and alicloud_hbr_replication_vault
-
CEN: alicloud_cen_bandwidth_package and alicloud_cen_instance
-
AnalyticDB for MySQL: alicloud_adb_cluster, alicloud_adb_db_cluster, and alicloud_adb_db_cluster_lake_version
-
ApsaraMQ for Kafka: alicloud_alikafka_instance
-
Lindorm: alicloud_lindorm_instance
-
ARMS: alicloud_arms_grafana_workspace and alicloud_arms_prometheus
-
BP Studio: alicloud_bp_studio_application.
-
Compute Nest: alicloud_compute_nest_service_instance
-
EAIS: alicloud_eais_instance
-
EBS: alicloud_ebs_dedicated_block_storage_cluster, alicloud_ebs_disk_replica_group, alicloud_ebs_disk_replica_pair, alicloud_ebs_enterprise_snapshot_policy, and alicloud_ebs_solution_instance
-
EFLO corresponds to alicloud_eflo_vpd.
-
-
Resources that support risk detection
-
ECS: alicloud_instance, alicloud_ecs_instance_set, alicloud_ecs_disk, alicloud_ecs_dedicated_host, alicloud_security_group, and alicloud_security_group_rule
-
VPC: alicloud_eip, alicloud_eip_address, alicloud_vpn_gateway, alicloud_snat_entry, and alicloud_nat_gateway
-
SLB: alicloud_slb_load_balancer and alicloud_slb
-
ApsaraDB RDS: alicloud_db_instance
-
Tair (Redis OSS-compatible): alicloud_kvstore_instance
-
ApsaraDB for MongoDB: alicloud_mongodb_instance and alicloud_mongodb_sharding_instance
-
RAM: alicloud_ram_role
-
-
-
Amazon Web Services (AWS) resources, documented in the AWS Provider reference.
-
Microsoft Azure resources, documented in the Azure Provider reference.