Getting started with the Terraform provider by Nebius AI Cloud

​

Prepare your environment

​

Install required tools

1. Install Terraform.
2. Install jq:
   Ubuntu

   macOS

   sudo apt-get install jq
   
3. Install and configure the Nebius AI Cloud CLI. The CLI and jq are only required for the example below.

​

Configure access and credentials

1. Create a service account and save its ID to an environment variable:
   export NB_SA_ID=$(nebius iam service-account create \
     --name terraform-sa --format json \
     | jq -r '.metadata.id')
   
2. Grant edit access to the service account:
   1. Get the tenant ID.
   2. Get the ID of the default editors group:
      If you need to manage the Nebius AI Cloud resources by using the service account, use the admins group instead of editors. Specify --name admins in the command below.
      export NB_EDITORS_GROUP_ID=$(nebius iam group get-by-name \
        --name editors --parent-id <tenant_id> --format json \
        | jq -r '.metadata.id')
      
   3. Add the service account to the group:
      nebius iam group-membership create \
        --parent-id $NB_EDITORS_GROUP_ID \
        --member-id $NB_SA_ID
      
3. Create an authorized key:
   1. Generate a key pair:
      mkdir -p ~/.nebius/authkey
      export NB_AUTHKEY_PRIVATE_PATH=~/.nebius/authkey/private.pem
      export NB_AUTHKEY_PUBLIC_PATH=~/.nebius/authkey/public.pem
      openssl genrsa -out $NB_AUTHKEY_PRIVATE_PATH 4096
      openssl rsa -in $NB_AUTHKEY_PRIVATE_PATH \
        -outform PEM -pubout -out $NB_AUTHKEY_PUBLIC_PATH
      
   2. Upload a public key to create the authorized key and save its ID to an environment variable:
      export NB_AUTHKEY_PUBLIC_ID=$(nebius iam auth-public-key create \
        --account-service-account-id $NB_SA_ID \
        --data "$(cat $NB_AUTHKEY_PUBLIC_PATH)" \
        --format json | jq -r '.metadata.id')
      

​

Initialize a working directory

1. Create the working directory:
   mkdir nebius-terraform-quickstart
   cd nebius-terraform-quickstart
   
2. Inside the directory, create files that contain settings related to Terraform and its providers:
   • terraform.tf lists the providers required for your configuration — in this case, the Nebius AI Cloud provider.
     terraform {
       required_providers {
         nebius = {
           source  = "terraform-provider.storage.eu-north1.nebius.cloud/nebius/nebius"
           version = ">= 0.5.55"
         }
       }
     }
     
   • providers.tf contains settings for the provider. service_account lists the environment variables that contain the credentials from the previous section.
     provider "nebius" {
       service_account = {
         private_key_file_env = "NB_AUTHKEY_PRIVATE_PATH"
         public_key_id_env    = "NB_AUTHKEY_PUBLIC_ID"
         account_id_env       = "NB_SA_ID"
       }
     }
     
     For more information, see authentication in the provider.
3. Run the initialization command in the directory:
   terraform init
   

​

Create resources

1. Inside the working directory, create configuration files. For example, create the following main.tf file that sets up a registry in the Container Registry service:
   resource "nebius_registry_v1_registry" "my-registry" {
     name        = "my-registry"
     parent_id   = "<project_ID>"
     description = "My registry"
   }
   
   parent_id: Project ID.
2. Validate the configuration:
   terraform validate
   
   If Terraform finds errors, the details are described in the output.
3. If the configuration is valid, apply it:
   terraform apply
   

​

See also

• How to install the Terraform provider by Nebius AI Cloud
• Authentication in the Nebius AI Cloud provider for Terraform