The Watsonx.ai SaaS with Assistant and Governance Deployable Architecture is designed to automate the deployment and configuration of the IBM watsonx platform in an IBM Cloud account. The IBM watsonx platform is made of several services working together to offer AI capabilities to end users, who can explore them using IBM watsonx projects.
In addition, this deployable architecture configures a starter project for an IBM Cloud user.
The solution supports the following:
- Creating a new resource group, or using an existing one.
- Provisioning the following services:
- Watson Machine Learning
- Watson Studio
- Cloud Object Storage.
- Configuring the IBM watsonx profile and creating a starter IBM watsonx project.
for an IBM Cloud user, who becomes the
admin
of theIBM watsonx project
.
As result the IBM watsonx admin can log into IBM watsonx in the target account and start experimenting with the starter project.
Optionally, the solution supports:
- Enabling the storage delegation for the provisioned Cloud Object Storage instance using your own encryption keys with Key Protect.
- Provisioning of one or more of the services, with a selectable
service plan:
- watsonx.data
- watsonx Orchestrate
- watsonx.governance
- watsonx Assistant
- Watson Discovery.
The following permissions are required to deploy this solution.
- Administrator role on All Account Management services to create a new resource group, and to enable storage delegation for the Cloud Object Storage instance.
- Manager service role on the Key Protect instance used for storage delegation.
- Editor platform role on Watson Machine Learning to create and delete the service.
- Editor platform role on Watson Studio to create or delete the service.
- Editor platform role on Cloud Object Storage to create and delete the service.
- Editor platform role on watsonx.data if you must provision.
- Editor platform role on watsonx Orchestrate if you must provision.
- Editor platform role on watsonx.governance if you must provision.
- Editor platform role on watsonx Assistant if you must provision.
- Editor platform role on Watson Discovery if you must provision.
The IBM watsonx administrator needs the following permissions:
- Administrator role on All Account Management services.
- Administrator role on All Identity and Access enabled services.
- Manager service role on Cloud Object Storage to create service credentials. That is not needed if you configure storage delegation.
You can use the IBM provided IAM Access Group Terraform Module
to configure deployers
and watsonx admins
access groups and add members to them.
Name | Version |
---|---|
terraform | >= 1.5.0 |
ibm | 1.71.3 |
restapi | 1.20.0 |
Name | Source | Version |
---|---|---|
configure_project | ./configure_project | n/a |
configure_user | ./configure_user | n/a |
cos | terraform-ibm-modules/cos/ibm//modules/fscloud | 8.15.6 |
resource_group | terraform-ibm-modules/resource-group/ibm | 1.1.6 |
storage_delegation | ./storage_delegation | n/a |
Name | Type |
---|---|
ibm_resource_instance.assistant_instance | resource |
ibm_resource_instance.data_instance | resource |
ibm_resource_instance.discovery_instance | resource |
ibm_resource_instance.governance_instance | resource |
ibm_resource_instance.machine_learning_instance | resource |
ibm_resource_instance.orchestrate_instance | resource |
ibm_resource_instance.studio_instance | resource |
ibm_iam_auth_token.restapi | data source |
ibm_resource_instance.existing_assistant_instance | data source |
ibm_resource_instance.existing_data_instance | data source |
ibm_resource_instance.existing_discovery_instance | data source |
ibm_resource_instance.existing_governance_instance | data source |
ibm_resource_instance.existing_machine_learning_instance | data source |
ibm_resource_instance.existing_orchestrate_instance | data source |
ibm_resource_instance.existing_studio_instance | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
cos_kms_crn | Key Protect service instance CRN used to encrypt the COS buckets used by the watsonx projects. Required if enable_cos_kms_encryption is true. |
string |
null |
no |
cos_kms_key_crn | Key Protect key CRN used to encrypt the COS buckets used by the watsonx projects. If not set, then the cos_kms_new_key_name must be specified. | string |
null |
no |
cos_kms_new_key_name | Name of the Key Protect key to create for encrypting the COS buckets used by the watsonx projects. | string |
"" |
no |
cos_kms_ring_id | The identifier of the Key Protect ring to create the cos_kms_new_key_name into. If it is not set, then the new key will be created in the default ring. | string |
null |
no |
cos_plan | The plan that's used to provision the Cloud Object Storage instance. | string |
"standard" |
no |
enable_cos_kms_encryption | Flag to enable COS KMS encryption. If set to true, a value must be passed for cos_kms_crn . |
bool |
true |
no |
existing_assistant_instance | CRN of the an existing watsonx Assistance instance. | string |
null |
no |
existing_data_instance | CRN of the an existing watsonx.data instance. | string |
null |
no |
existing_discovery_instance | CRN of the an existing Watson Discovery instance. | string |
null |
no |
existing_governance_instance | CRN of the an existing watsonx.governance instance. | string |
null |
no |
existing_machine_learning_instance | CRN of the an existing Watson Machine Learning instance. | string |
null |
no |
existing_orchestrate_instance | CRN of the an existing watsonx Orchestrate instance. | string |
null |
no |
existing_studio_instance | CRN of the an existing Watson Studio instance. | string |
null |
no |
ibmcloud_api_key | The API key that's used with the IBM Cloud Terraform IBM provider. | string |
n/a | yes |
location | The location that's used with the IBM Cloud Terraform IBM provider. It's also used during resource creation. | string |
"us-south" |
no |
provider_visibility | Set the visibility value for the IBM terraform provider. Supported values are public , private , public-and-private . Learn more. |
string |
"private" |
no |
resource_group_name | The name of a new or an existing resource group where the resources are created. | string |
n/a | yes |
resource_prefix | The name to be used on all Watson resources as a prefix. | string |
"watsonx-poc" |
no |
use_existing_resource_group | Determines whether to use an existing resource group. | bool |
false |
no |
watson_discovery_plan | The plan that's used to provision the Watson Discovery instance. | string |
"do not install" |
no |
watson_discovery_service_endpoints | The type of service endpoints. Possible values: 'public', 'private', 'public-and-private'. | string |
"public" |
no |
watson_machine_learning_plan | The plan that's used to provision the Watson Machine Learning instance. | string |
"v2-standard" |
no |
watson_machine_learning_service_endpoints | The type of service endpoints. Possible values: 'public', 'private', 'public-and-private'. | string |
"public" |
no |
watson_studio_plan | The plan that's used to provision the Watson Studio instance. The plan you choose for Watson Studio affects the features and capabilities that you can use. | string |
"professional-v1" |
no |
watsonx_admin_api_key | The API key of the IBM watsonx administrator in the target account. The API key is used to configure the user and the project. | string |
null |
no |
watsonx_assistant_plan | The plan that's used to provision the watsonx Assistance instance. | string |
"do not install" |
no |
watsonx_assistant_service_endpoints | The type of service endpoints. Possible values: 'public', 'private', 'public-and-private'. | string |
"public" |
no |
watsonx_data_plan | The plan that's used to provision the watsonx.data instance. | string |
"do not install" |
no |
watsonx_governance_plan | The plan used to provision the watsonx.governance instance. The available plans depend on the region where you are provisioning the service from the IBM Cloud catalog. | string |
"do not install" |
no |
watsonx_mark_as_sensitive | Set to true to allow the WatsonX project to be created with 'Mark as sensitive' flag. | bool |
false |
no |
watsonx_orchestrate_plan | The plan that's used to provision the watsonx Orchestrate instance. | string |
"do not install" |
no |
watsonx_project_description | A description of the watson project that's created by the WatsonX.ai SaaS Deployable Architecture. | string |
"Watson project created by the watsonx-ai SaaS deployable architecture." |
no |
watsonx_project_name | The name of the watson project. | string |
"demo" |
no |
watsonx_project_tags | A list of tags associated with the watsonx project. Each tag consists of a single string containing up to 255 characters. These tags can include spaces, letters, numbers, underscores, dashes, as well as the symbols # and @. | list(string) |
[ |
no |
Name | Description |
---|---|
resource_group_id | The resource group ID that's used to provision the resources. |
watson_discovery_crn | The CRN of the Watson Discovery instance. |
watson_discovery_dashboard_url | The dashboard URL of the Watson Discovery instance. |
watson_discovery_guid | The GUID of the Watson Discovery instance. |
watson_discovery_name | The name of the Watson Discovery instance. |
watson_discovery_plan_id | The plan ID of the Watson Discovery instance. |
watson_machine_learning_crn | The CRN of the Watson Machine Learning instance. |
watson_machine_learning_dashboard_url | The dashboard URL of the Watson Machine Learning instance. |
watson_machine_learning_guid | The GUID of the Watson Machine Learning instance. |
watson_machine_learning_name | The name of the Watson Machine Learning instance. |
watson_machine_learning_plan_id | The plan ID of the Watson Machine Learning instance. |
watson_studio_crn | The CRN of the Watson Studio instance. |
watson_studio_dashboard_url | The dashboard URL of the Watson Studio instance. |
watson_studio_guid | The GUID of the Watson Studio instance. |
watson_studio_name | The name of the Watson Studio instance. |
watson_studio_plan_id | The plan ID of the Watson Studio instance. |
watsonx_assistant_crn | The CRN of the watsonx Assistant instance. |
watsonx_assistant_dashboard_url | The dashboard URL of the watsonx Assistant instance. |
watsonx_assistant_guid | The GUID of the watsonx Assistant instance. |
watsonx_assistant_name | The name of the watsonx Assistant instance. |
watsonx_assistant_plan_id | The plan ID of the watsonx Assistant instance. |
watsonx_data_crn | The CRN of the watsonx.data instance. |
watsonx_data_dashboard_url | The dashboard URL of the watsonx.data instance. |
watsonx_data_guid | The GUID of the watsonx.data instance. |
watsonx_data_name | The name of the watsonx.data instance. |
watsonx_data_plan_id | The plan ID of the watsonx.data instance. |
watsonx_governance_crn | The CRN of the watsonx.governance instance. |
watsonx_governance_dashboard_url | The dashboard URL of the watsonx.governance instance. |
watsonx_governance_guid | The GUID of the watsonx.governance instance. |
watsonx_governance_name | The name of the watsonx.governance instance. |
watsonx_governance_plan_id | The plan ID of the watsonx.governance instance. |
watsonx_orchestrate_crn | The CRN of the watsonx Orchestrate instance. |
watsonx_orchestrate_dashboard_url | The dashboard URL of the watsonx Orchestrate instance. |
watsonx_orchestrate_guid | The GUID of the watsonx Orchestrate instance. |
watsonx_orchestrate_name | The name of the watsonx Orchestrate instance. |
watsonx_orchestrate_plan_id | The plan ID of the watsonx Orchestrate instance. |
watsonx_platform_endpoint | The endpoint of the watsonx platform. |
watsonx_project_bucket_name | The name of the COS bucket created by the watsonx project. |
watsonx_project_id | The ID watsonx project that's created. |
watsonx_project_location | The location watsonx project that's created. |
watsonx_project_url | The URL of the watsonx project that's created. |
You can report issues and request features for this module in GitHub issues in the module repo. See Report an issue or request a feature.
To set up your local development environment, see Local development setup in the project documentation.