├── .github └── workflows │ ├── destroy-integration-env.yml │ └── oci-lz-tests.yml ├── .gitignore ├── .gitlab-ci.yml ├── CONTRIBUTING.md ├── LICENSE.txt ├── Official_Documentation ├── OELZ_Access_Governance_Deployment │ └── IMPLEMENTATION.md ├── OELZ_Baseline_Deployment │ ├── Architecture_Guide.md │ ├── CONFIGURATION.md │ └── IMPLEMENTATION.md ├── OELZ_DR_MR_Deployment │ └── IMPLEMENTATION.md ├── OELZ_Network_Firewall_Deployment │ └── IMPLEMENTATION.md └── OELZ_Workload_Deployment │ ├── CONFIGURATION.md │ └── IMPLEMENTATION.md ├── README.md ├── RELEASE.md ├── SECURITY.md ├── examples └── README.md ├── images ├── Compartment.png ├── LZ-v2.0.png ├── Monitoring.png ├── OCI-NFW.jpg ├── Sec-LZ.png ├── enterprise-landing-zone-v2.svg ├── h&s-vpn-fc.png ├── h&s-vpn.png ├── oelz_create_stack.png ├── oelz_stack_rms.png ├── oelz_stack_zip.png ├── p1.png └── p2.png ├── modules ├── README.md ├── access-governance │ ├── ag_si_creation_response.txt │ ├── ag_si_deletion_response.txt │ ├── agcs-resources-scripts │ │ ├── auth_util_ip.py │ │ ├── connected_system.py │ │ ├── create-ag-service-instance.py │ │ ├── delete-ag-service-instance.py │ │ ├── read_instance_file.py │ │ ├── requirements.txt │ │ └── setup.py │ ├── data-source.tf │ ├── examples │ │ └── tfvars │ │ │ ├── all_variables.tfvarexample │ │ │ ├── local_existing_agcs_user.tfvarexample │ │ │ └── local_new_agcs_user.tfvarexample │ ├── identity-domain-user-resources.tf │ ├── locals.tf │ ├── main.tf │ ├── outputs.tf │ ├── provider.tf │ ├── readme.md │ ├── schema.yml │ └── variable.tf ├── alarms │ ├── README.md │ ├── main.tf │ └── variables.tf ├── announcement-subscription │ ├── README.md │ ├── main.tf │ └── variables.tf ├── authentication-policy │ ├── README.md │ ├── main.tf │ └── variables.tf ├── bastion │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── break_glass_user │ ├── README.md │ ├── datasources.tf │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── bucket │ ├── README.md │ ├── datasources.tf │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── budget │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── cloud-guard │ ├── README.md │ ├── datasources.tf │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── compartment │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── drg-attachment │ ├── README.md │ ├── main.tf │ └── variables.tf ├── drg │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── dynamic-group │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── fastconnect │ ├── README.md │ ├── datasources.tf │ ├── main.tf │ └── variables.tf ├── identity-domain-group │ ├── README.md │ ├── main.tf │ ├── scripts │ │ ├── manage_identity_domain.py │ │ └── requirements.txt │ └── variables.tf ├── identity-domain │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── scripts │ │ ├── manage_identity_domain.py │ │ └── requirements.txt │ └── variables.tf ├── internet-gateway │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── ipsec │ ├── README.md │ ├── datasources.tf │ ├── main.tf │ └── variables.tf ├── key │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── log-analytics-namespace │ ├── README.md │ ├── datasources.tf │ ├── main.tf │ └── variables.tf ├── log-analytics │ ├── README.md │ ├── datasources.tf │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── log-group │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── nat-gateway │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── network-firewall │ ├── README.md │ ├── datasources.tf │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── non-default-domain-group │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── notification-topic │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── policies │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── route-table │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── security-list │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── service-connector │ ├── README.md │ ├── datasources.tf │ ├── main.tf │ └── variables.tf ├── service-gateway │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── service-log-map │ ├── main.tf │ └── variables.tf ├── service-log-nfw │ ├── README.md │ ├── main.tf │ └── variables.tf ├── service-log-no-map │ ├── main.tf │ └── variables.tf ├── service-log │ ├── README.md │ ├── main.tf │ └── variables.tf ├── stream │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── subnet │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── tag │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── vault │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── vcn-gateway │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── vcn │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ └── variables.tf └── vss │ ├── README.md │ ├── main.tf │ └── variables.tf ├── templates ├── README.md ├── elz-access-governance │ ├── agcs-module.tf │ ├── examples │ │ ├── existing_agcs_user.tfvarexample │ │ └── new_agcs_user.tfvarexample │ ├── outputs.tf │ ├── provider.tf │ ├── readme.md │ ├── schema.yml │ └── variable.tf ├── elz-backup │ ├── elz-backup-environment │ │ ├── Single_DR_Deployment.tfvars │ │ ├── logging-variables.tf │ │ ├── logging.tf │ │ ├── monitoring-variables.tf │ │ ├── monitoring.tf │ │ ├── network-extension-variables.tf │ │ ├── network-extension.tf │ │ ├── network-variables.tf │ │ ├── network.tf │ │ ├── providers.standalone │ │ ├── providers.tf │ │ ├── schema.yaml │ │ ├── security-variables.tf │ │ └── security.tf │ ├── elz-backup-hub │ │ ├── datasources.tf │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── provider.tf │ │ └── variables.tf │ ├── elz-backup-logging │ │ ├── datasources.tf │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── provider.tf │ │ └── variables.tf │ ├── elz-backup-monitoring │ │ ├── datasources.tf │ │ ├── main.tf │ │ ├── provider.tf │ │ └── variables.tf │ ├── elz-backup-network-extension │ │ ├── datasources.tf │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── provider.tf │ │ └── variables.tf │ ├── elz-backup-network │ │ ├── datasources.tf │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── provider.tf │ │ └── variables.tf │ ├── elz-backup-security │ │ ├── datasources.tf │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── provider.tf │ │ └── variables.tf │ └── elz-backup-spoke │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── provider.tf │ │ └── variables.tf ├── elz-budget │ ├── README.md │ ├── datasources.tf │ ├── main.tf │ ├── outputs.tf │ ├── provider.tf │ ├── tagging.tf │ └── variables.tf ├── elz-compartment │ ├── README.md │ ├── compartment.tf │ ├── datasources.tf │ ├── outputs.tf │ ├── provider.tf │ ├── tagging.tf │ └── variables.tf ├── elz-environment │ ├── CONFIGURATION.md │ ├── README.md │ ├── access-governance-module-outputs.tf │ ├── access-governance-module-variables.tf │ ├── access-governance-module.tf │ ├── datasources.tf │ ├── logging-variables.tf │ ├── logging.tf │ ├── main.tf │ ├── network-extension-variables.tf │ ├── network-extension.tf │ ├── network-firewall-variables.tf │ ├── outputs.tf │ ├── provider.tf │ ├── tagging.tf │ ├── variables.tf │ └── workload.tf ├── elz-exadata-spoke │ ├── README.md │ ├── datasources.tf │ ├── main.tf │ ├── outputs.tf │ ├── provider.tf │ ├── tagging.tf │ └── variables.tf ├── elz-exadata-workload │ ├── README.md │ ├── USER-GUIDE.md │ ├── datasources.tf │ ├── iam.tf │ ├── integration.tfvars │ ├── logging.tf │ ├── monitoring.tf │ ├── network.tf │ ├── outputs.tf │ ├── providers.tf │ ├── security.tf │ ├── tagging.tf │ └── variables.tf ├── elz-hub │ ├── README.md │ ├── datasources.tf │ ├── main.tf │ ├── outputs.tf │ ├── provider.tf │ ├── tagging.tf │ └── variables.tf ├── elz-identity │ ├── README.md │ ├── datasources.tf │ ├── iam.tf │ ├── outputs.tf │ ├── provider.tf │ ├── tagging.tf │ └── variables.tf ├── elz-logging │ ├── README.md │ ├── datasources.tf │ ├── main.tf │ ├── outputs.tf │ ├── providers.tf │ ├── tagging.tf │ └── variables.tf ├── elz-monitoring │ ├── README.md │ ├── datasources.tf │ ├── main.tf │ ├── provider.tf │ ├── tagging.tf │ └── variables.tf ├── elz-network-extension │ ├── README.md │ ├── datasources.tf │ ├── main.tf │ ├── outputs.tf │ ├── provider.tf │ ├── tagging.tf │ └── variables.tf ├── elz-network │ ├── README.md │ ├── datasources.tf │ ├── main.tf │ ├── outputs.tf │ ├── provider.tf │ ├── tagging.tf │ └── variables.tf ├── elz-security │ ├── README.md │ ├── datasources.tf │ ├── main.tf │ ├── outputs.tf │ ├── provider.tf │ ├── tagging.tf │ └── variables.tf ├── elz-spoke │ ├── README.md │ ├── datasources.tf │ ├── main.tf │ ├── outputs.tf │ ├── provider.tf │ ├── tagging.tf │ └── variables.tf ├── elz-tagging │ ├── README.md │ ├── datasources.tf │ ├── main.tf │ ├── provider.tf │ ├── tagging.tf │ └── variables.tf ├── elz-workload │ ├── BackEnd.sh │ ├── README.md │ ├── add_workload.sh │ ├── backend.tf │ ├── datasources.tf │ ├── iam.tf │ ├── integration.tfvars │ ├── monitoring.tf │ ├── network.tf │ ├── outputs.tf │ ├── providers.standalone │ ├── providers.tf │ ├── read_base_vars.py │ ├── schema.yaml │ ├── security.tf │ ├── tagging.tf │ ├── variables.tf │ ├── workload_extension-variables.tf │ └── workload_extension.tfvars ├── enterprise-landing-zone │ ├── .module-tf-docs.yml │ ├── BackEnd.sh │ ├── README.md │ ├── access-governance-variables.tf │ ├── backend.tf │ ├── backup-main.tf │ ├── backup-variables.tf │ ├── backup.tfvars │ ├── datasources.tf │ ├── destroy_lz.py │ ├── environment.tf │ ├── example.tfvars │ ├── iam.tf │ ├── images │ │ ├── CIS1.2Level1.xlsx │ │ ├── Compartment.png │ │ ├── Monitoring.png │ │ └── enterprise-landing-zone-v2.svg │ ├── logging-variables.tf │ ├── logging.tf │ ├── monitoring.tf │ ├── network-extension-variables.tf │ ├── network-firewall-variables.tf │ ├── outputs.tf │ ├── provider.tf │ ├── read_workload_vars.py │ ├── regenerate_docs.sh │ ├── schema.yaml │ ├── security.tf │ ├── tagging.tf │ └── variables.tf └── freetrial-landing-zone │ ├── .module-tf-docs.yml │ ├── .terraform-docs.yml │ ├── Architecture_Guide.md │ ├── BackEnd.sh │ ├── CONFIGURATION.md │ ├── IMPLEMENTATION.md │ ├── README.md │ ├── backend.tf │ ├── datasources.tf │ ├── destroy_lz.py │ ├── environment.tf │ ├── example.tfvars │ ├── iam.tf │ ├── images │ ├── CIS1.2Level1.xlsx │ ├── Compartment.png │ ├── Monitoring.png │ ├── enterprise-landing-zone-v2.svg │ ├── mushop-service.png │ ├── mushop-topology.png │ ├── terraform_apply_1.png │ ├── terraform_apply_2.png │ ├── terraform_apply_3.png │ ├── terraform_destroy_1.png │ ├── terraform_destroy_2.png │ ├── terraform_init.png │ ├── terraform_plan_1.png │ ├── terraform_plan_2.png │ └── terraform_validate.png │ ├── livelab.tfvars │ ├── logging-variables.tf │ ├── logging.tf │ ├── monitoring.tf │ ├── network-extension-variables.tf │ ├── outputs.tf │ ├── provider.tf │ ├── regenerate_docs.sh │ ├── schema.yaml │ ├── security.tf │ ├── tagging.tf │ └── variables.tf └── test ├── README.md ├── conftest.py ├── identityModuleTest.py ├── provider.tf ├── pytest.ini ├── requirements.txt ├── terraform ├── budget │ ├── main.tf │ └── variables.tf ├── compartment │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── network │ ├── compartment │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── datasources.tf │ ├── main.tf │ ├── outputs.tf │ ├── terraform.tfvars.example │ ├── test_instance │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ └── variables.tf ├── security_bastion │ ├── compartment │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── security_cloudguard │ ├── compartment │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ ├── main.tf │ ├── outputs.tf │ ├── policies │ │ ├── main.tf │ │ ├── outputs.tf │ │ └── variables.tf │ └── variables.tf └── security_vault │ ├── compartment │ ├── main.tf │ ├── outputs.tf │ └── variables.tf │ ├── main.tf │ ├── outputs.tf │ └── variables.tf ├── test_budget.py ├── test_compartment.py ├── test_helpers ├── __init__.py ├── network │ ├── __init__.py │ ├── nettest.py │ └── proxssh.py └── oci.py ├── test_network.py ├── test_osms.py ├── test_security_bastion.py ├── test_security_cloudguard.py ├── test_security_vault.py └── test_vars.example /.gitignore: -------------------------------------------------------------------------------- 1 | *.exe 2 | .DS_Store 3 | 4 | *.log 5 | *.bak 6 | *.backup 7 | *~ 8 | .*.swp 9 | 10 | bin/ 11 | modules-dev/ 12 | pkg/ 13 | vendor/ 14 | __pycache__/ 15 | 16 | .idea 17 | .vscode 18 | 19 | .env 20 | ./*.tfstate 21 | .terraform 22 | terraform.tfplan 23 | terraform.tfstate 24 | terraform.tfvars 25 | .terraform.tfstate.lock.info 26 | 27 | test/terraform/*/provider.tf 28 | 29 | .tfcache 30 | **/.terraform.lock.hcl 31 | **/tf_resources.json 32 | **/var.tfvars 33 | -------------------------------------------------------------------------------- /examples/README.md: -------------------------------------------------------------------------------- 1 | # Sample configs 2 | 3 | 4 | # License 5 | 6 | Copyright (c) 2022,2023 Oracle and/or its affiliates. 7 | 8 | Licensed under the Universal Permissive License (UPL), Version 1.0. 9 | 10 | See [LICENSE](../LICENSE) for more details. 11 | -------------------------------------------------------------------------------- /images/Compartment.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/images/Compartment.png -------------------------------------------------------------------------------- /images/LZ-v2.0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/images/LZ-v2.0.png -------------------------------------------------------------------------------- /images/Monitoring.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/images/Monitoring.png -------------------------------------------------------------------------------- /images/OCI-NFW.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/images/OCI-NFW.jpg -------------------------------------------------------------------------------- /images/Sec-LZ.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/images/Sec-LZ.png -------------------------------------------------------------------------------- /images/h&s-vpn-fc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/images/h&s-vpn-fc.png -------------------------------------------------------------------------------- /images/h&s-vpn.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/images/h&s-vpn.png -------------------------------------------------------------------------------- /images/oelz_create_stack.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/images/oelz_create_stack.png -------------------------------------------------------------------------------- /images/oelz_stack_rms.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/images/oelz_stack_rms.png -------------------------------------------------------------------------------- /images/oelz_stack_zip.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/images/oelz_stack_zip.png -------------------------------------------------------------------------------- /images/p1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/images/p1.png -------------------------------------------------------------------------------- /images/p2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/images/p2.png -------------------------------------------------------------------------------- /modules/README.md: -------------------------------------------------------------------------------- 1 | # Terraform Modules 2 | 3 | This modules directory holds the reusable modules for Oracle Enterprise Landing Zones. 4 | These modules contain the very basics of our specific OCI Services configure in an 5 | Oracle Enterprise Landing Zone specific way. By storing them in modules we can reuse them in 6 | our [templates](../templates/README.md). 7 | 8 | # License 9 | 10 | Copyright (c) 2022,2023 Oracle and/or its affiliates. 11 | 12 | Licensed under the Universal Permissive License (UPL), Version 1.0. 13 | 14 | See [LICENSE](../LICENSE) for more details. -------------------------------------------------------------------------------- /modules/access-governance/ag_si_creation_response.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/modules/access-governance/ag_si_creation_response.txt -------------------------------------------------------------------------------- /modules/access-governance/ag_si_deletion_response.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/modules/access-governance/ag_si_deletion_response.txt -------------------------------------------------------------------------------- /modules/access-governance/agcs-resources-scripts/read_instance_file.py: -------------------------------------------------------------------------------- 1 | import json 2 | import base64 3 | import os 4 | 5 | if __name__ == '__main__': 6 | output = "{\"output\": \"NO_DATA\"}" 7 | filePath = "./ag_si_creation_response.txt" 8 | if os.stat(filePath).st_size != 0: 9 | file = open(filePath) 10 | line = file.readline() 11 | service_instance_data = base64.b64decode(line) 12 | json_data = json.loads(json.loads(service_instance_data)) 13 | si_ocid = json_data["id"] 14 | if not si_ocid: 15 | si_ocid = "dummy" 16 | output = "{\"output\": \"" + si_ocid + "\"}" 17 | print(output) 18 | -------------------------------------------------------------------------------- /modules/access-governance/agcs-resources-scripts/requirements.txt: -------------------------------------------------------------------------------- 1 | oci 2 | requests -------------------------------------------------------------------------------- /modules/access-governance/agcs-resources-scripts/setup.py: -------------------------------------------------------------------------------- 1 | import subprocess 2 | import sys 3 | 4 | 5 | def install(): 6 | subprocess.check_call([sys.executable, "-m", "pip3", "install -r", "requirements.txt"]) 7 | 8 | 9 | if __name__ == '__main__': 10 | install() -------------------------------------------------------------------------------- /modules/access-governance/data-source.tf: -------------------------------------------------------------------------------- 1 | data "oci_identity_domains" "admin_domain_data" { 2 | compartment_id = var.admin_domain_compartment_ocid 3 | display_name = var.admin_domain_name 4 | } 5 | 6 | data "oci_identity_domains" "ag_user_domain_data" { 7 | count = var.use_existing_agcs_user ? 0 : 1 8 | compartment_id = local.agcs_tenancy 9 | display_name = var.agcs_user_domain_name 10 | } 11 | 12 | #data "external" "created_instance" { 13 | # depends_on = [null_resource.si_creation_response] 14 | # program = ["python3", "${path.module}/agcs-resources-scripts/read_instance_file.py"] 15 | #} 16 | 17 | data "local_file" "si_creation_response_file" { 18 | depends_on = [null_resource.si_creation_response] 19 | filename = "${path.module}/ag_si_creation_response.txt" 20 | } 21 | 22 | data "local_file" "si_deletion_response_file" { 23 | depends_on = [null_resource.si_deletion_response] 24 | filename = "${path.module}/ag_si_deletion_response.txt" 25 | } -------------------------------------------------------------------------------- /modules/access-governance/examples/tfvars/local_existing_agcs_user.tfvarexample: -------------------------------------------------------------------------------- 1 | #ADMINISTRATOR 2 | private_key_path = "" 3 | user_ocid = "" 4 | fingerprint = "" 5 | tenancy_ocid = "" 6 | region = "us-ashburn-1" 7 | 8 | 9 | # ACCESS GOVERNANCE SERVICE INSTANCE DETAILS, Optional Fields: admin_domain_name 10 | admin_domain_name = "" 11 | ag_license_type = "Access Governance for Oracle Cloud Infrastructure" 12 | service_instance_display_name = "" 13 | service_instance_description = "" 14 | service_instance_compartment_ocid = "" 15 | 16 | # ACCESS GOVERNANCE USER COMMON DETAILS 17 | use_existing_agcs_user = true 18 | 19 | # ACCESS GOVERNANCE EXISTING USER 20 | agcs_user_private_key_path = "" 21 | agcs_user_ocid_oci_system = "ocid1.user.oc1..xyz" 22 | agcs_user_fingerprint_oci_system = "" 23 | 24 | # OCI Connected System 25 | oci_system_name = "" 26 | oci_system_description = "" -------------------------------------------------------------------------------- /modules/access-governance/examples/tfvars/local_new_agcs_user.tfvarexample: -------------------------------------------------------------------------------- 1 | #ADMINISTRATOR 2 | private_key_path = "" 3 | user_ocid = "" 4 | fingerprint = "" 5 | tenancy_ocid = "" 6 | region = "us-ashburn-1" 7 | 8 | 9 | # ACCESS GOVERNANCE SERVICE INSTANCE DETAILS, Optional Fields: admin_domain_name 10 | admin_domain_name = "" 11 | ag_license_type = "Access Governance for Oracle Cloud Infrastructure" 12 | service_instance_display_name = "" 13 | service_instance_description = "" 14 | service_instance_compartment_ocid = "" 15 | 16 | # ACCESS GOVERNANCE USER COMMON DETAILS 17 | use_existing_agcs_user = false 18 | 19 | # NEW ACCESS GOVERNANCE USER 20 | agcs_user_group_display_name = "agcs_group" 21 | agcs_user_name = "agcs_user" 22 | agcs_user_email = "something@example.com" 23 | 24 | # OCI Connected System 25 | oci_system_name = "" 26 | oci_system_description = "" -------------------------------------------------------------------------------- /modules/access-governance/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | is_windows = substr(pathexpand("~"), 0, 1) == "/" ? false : true 3 | agcs_tenancy = length(var.agcs_user_tenancy_ocid_oci_system) > 0 ? var.agcs_user_tenancy_ocid_oci_system : var.tenancy_ocid 4 | } -------------------------------------------------------------------------------- /modules/access-governance/outputs.tf: -------------------------------------------------------------------------------- 1 | output "si_creation" { 2 | depends_on = [null_resource.si_creation_response] 3 | value = data.local_file.si_creation_response_file.content != "" ? jsondecode(base64decode(data.local_file.si_creation_response_file.content)) : base64decode(data.local_file.si_creation_response_file.content) 4 | } 5 | # 6 | #output "si_deletion" { 7 | # depends_on = [null_resource.si_deletion_response] 8 | # value = data.local_file.si_deletion_response_file.content != "" ? jsondecode(base64decode(data.local_file.si_deletion_response_file.content)) : base64decode(data.local_file.si_deletion_response_file.content) 9 | #} 10 | 11 | output "ag_user_domain" { 12 | depends_on = [data.oci_identity_domains.ag_user_domain_data] 13 | value = data.oci_identity_domains.ag_user_domain_data[*].domains[0] 14 | } 15 | 16 | output "admin_domain" { 17 | depends_on = [data.oci_identity_domains.admin_domain_data] 18 | value = data.oci_identity_domains.admin_domain_data.domains[0] 19 | } 20 | 21 | output "oci_identity_group" { 22 | value = oci_identity_group.agcs_group[*] 23 | } -------------------------------------------------------------------------------- /modules/access-governance/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | oci = { 4 | source = "oracle/oci" 5 | } 6 | } 7 | } 8 | # Enable/uncomment below lines to run access-governance module as root for terraform CLI 9 | #provider "oci" { 10 | # private_key_path = var.api_private_key_path 11 | # user_ocid = var.current_user_ocid 12 | # fingerprint = var.api_fingerprint 13 | # region = var.region 14 | # tenancy_ocid = var.tenancy_ocid 15 | #} -------------------------------------------------------------------------------- /modules/alarms/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_providers { 8 | oci = { 9 | source = "oracle/oci" 10 | } 11 | } 12 | } 13 | 14 | resource "oci_monitoring_alarm" "monitoring_alarm" { 15 | for_each = var.alarm_map 16 | compartment_id = var.compartment_id 17 | destinations = [var.notification_topic_id] 18 | display_name = each.value.display_name 19 | is_enabled = var.is_enabled 20 | metric_compartment_id = each.value.metric_compartment_id 21 | namespace = each.value.namespace 22 | query = each.value.query 23 | severity = each.value.severity 24 | 25 | message_format = var.message_format 26 | pending_duration = var.pending_duration 27 | metric_compartment_id_in_subtree = var.metric_compartment_id_in_subtree 28 | } 29 | -------------------------------------------------------------------------------- /modules/announcement-subscription/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_providers { 8 | oci = { 9 | source = "oracle/oci" 10 | } 11 | } 12 | } 13 | 14 | resource "oci_announcements_service_announcement_subscription" "announcement_subscription" { 15 | compartment_id = var.compartment_id 16 | display_name = var.subscription_display_name 17 | ons_topic_id = var.notification_topic_id 18 | } 19 | 20 | resource "oci_announcements_service_announcement_subscriptions_filter_group" "announcement_subscriptions_filter_group" { 21 | for_each = var.filter_groups 22 | announcement_subscription_id = oci_announcements_service_announcement_subscription.announcement_subscription.id 23 | name = each.key 24 | dynamic "filters" { 25 | for_each = toset(each.value.filters_value) 26 | content { 27 | type = each.value.filters_type 28 | value = filters.key 29 | } 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /modules/announcement-subscription/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "compartment_id" { 7 | type = string 8 | description = "The OCID of the compartment where you want to create the announcement subscription" 9 | } 10 | 11 | variable "subscription_display_name" { 12 | type = string 13 | description = "The display name of the subscription" 14 | } 15 | 16 | variable "notification_topic_id" { 17 | type = string 18 | description = "The OCID of the Notifications service topic" 19 | } 20 | 21 | variable "filter_groups" { 22 | type = map(any) 23 | description = "A list of filter groups for the announcement subscription. " 24 | } 25 | -------------------------------------------------------------------------------- /modules/authentication-policy/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_providers { 8 | oci = { 9 | source = "oracle/oci" 10 | } 11 | } 12 | } 13 | 14 | resource "oci_identity_authentication_policy" "authentication_policy" { 15 | compartment_id = var.tenancy_ocid 16 | 17 | password_policy { 18 | 19 | is_lowercase_characters_required = var.authentication_policy_password_policy_is_lowercase_characters_required 20 | is_numeric_characters_required = var.authentication_policy_password_policy_is_numeric_characters_required 21 | is_special_characters_required = var.authentication_policy_password_policy_is_special_characters_required 22 | is_uppercase_characters_required = var.authentication_policy_password_policy_is_uppercase_characters_required 23 | is_username_containment_allowed = var.authentication_policy_password_policy_is_username_containment_allowed 24 | minimum_password_length = var.authentication_policy_password_policy_minimum_password_length 25 | } 26 | } -------------------------------------------------------------------------------- /modules/authentication-policy/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "tenancy_ocid" {} 7 | 8 | variable "authentication_policy_password_policy_is_lowercase_characters_required" {} 9 | 10 | variable "authentication_policy_password_policy_is_numeric_characters_required" {} 11 | 12 | variable "authentication_policy_password_policy_is_special_characters_required" {} 13 | 14 | variable "authentication_policy_password_policy_is_uppercase_characters_required" {} 15 | 16 | variable "authentication_policy_password_policy_is_username_containment_allowed" {} 17 | 18 | variable "authentication_policy_password_policy_minimum_password_length" {} -------------------------------------------------------------------------------- /modules/bastion/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_providers { 8 | oci = { 9 | source = "oracle/oci" 10 | } 11 | } 12 | } 13 | 14 | resource "oci_bastion_bastion" "bastion" { 15 | #Required 16 | bastion_type = "STANDARD" 17 | compartment_id = var.compartment_id 18 | target_subnet_id = var.target_subnet_id 19 | 20 | #Optional 21 | client_cidr_block_allow_list = var.bastion_client_cidr_block_allow_list 22 | name = var.bastion_name 23 | } -------------------------------------------------------------------------------- /modules/bastion/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "bastion_ocid" { 7 | value = oci_bastion_bastion.bastion.id 8 | description = "The OCID of the bastion created " 9 | } -------------------------------------------------------------------------------- /modules/bastion/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "compartment_id" { 7 | type = string 8 | description = "The OCID of the compartment where the bastion is located" 9 | } 10 | 11 | variable "target_subnet_id" { 12 | type = string 13 | description = "The OCID of the subnet that the bastion connects to" 14 | } 15 | 16 | variable "bastion_client_cidr_block_allow_list" { 17 | type = list(string) 18 | description = "A list of address ranges in CIDR notation that you want to allow to connect to sessions hosted by this bastion." 19 | } 20 | 21 | variable "bastion_name" { 22 | type = string 23 | description = "The name of the bastion, which can't be changed after creation." 24 | } 25 | -------------------------------------------------------------------------------- /modules/break_glass_user/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | data "oci_identity_groups" "administrator_group" { 7 | compartment_id = var.tenancy_ocid 8 | name = var.administrator_group_name 9 | } 10 | -------------------------------------------------------------------------------- /modules/break_glass_user/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_providers { 8 | oci = { 9 | source = "oracle/oci" 10 | } 11 | } 12 | } 13 | 14 | resource "random_id" "user" { 15 | byte_length = 4 16 | } 17 | 18 | resource "oci_identity_user" "break_glass_user" { 19 | compartment_id = var.tenancy_ocid 20 | description = "Break glass user ${var.break_glass_user_index}" 21 | name = "Break_Glass_User_${var.break_glass_user_index}_${random_id.user.hex}" 22 | email = var.break_glass_user_email 23 | } 24 | 25 | # --------------------------------------------------------------------------------------------------------------------- 26 | # Break Glass User Admin Group Membership 27 | # --------------------------------------------------------------------------------------------------------------------- 28 | resource "oci_identity_user_group_membership" "administrator_group_membership" { 29 | group_id = data.oci_identity_groups.administrator_group.groups[0].id 30 | user_id = oci_identity_user.break_glass_user.id 31 | } -------------------------------------------------------------------------------- /modules/break_glass_user/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "break_glass_user_list" { 7 | value = oci_identity_user.break_glass_user 8 | } -------------------------------------------------------------------------------- /modules/break_glass_user/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "tenancy_ocid" { 7 | type = string 8 | description = "The OCID of tenancy" 9 | } 10 | 11 | variable "break_glass_user_index" { 12 | type = string 13 | description = "the index of the break glass user" 14 | } 15 | 16 | variable "break_glass_user_email" { 17 | type = string 18 | description = "The email address of the break glass user" 19 | } 20 | 21 | variable "administrator_group_name" { 22 | type = string 23 | description = "The name for the administrator group" 24 | default = "Administrators" 25 | } 26 | 27 | -------------------------------------------------------------------------------- /modules/bucket/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | data "oci_objectstorage_namespace" "ns" { 7 | compartment_id = var.tenancy_ocid 8 | } 9 | -------------------------------------------------------------------------------- /modules/bucket/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_providers { 8 | oci = { 9 | source = "oracle/oci" 10 | } 11 | } 12 | } 13 | 14 | resource "oci_objectstorage_bucket" "bucket" { 15 | compartment_id = var.compartment_id 16 | name = var.name 17 | namespace = var.namespace 18 | access_type = "NoPublicAccess" 19 | kms_key_id = var.kms_key_id 20 | storage_tier = var.storage_tier 21 | 22 | retention_rules { 23 | display_name = var.retention_rule_display_name 24 | 25 | duration { 26 | time_amount = var.retention_policy_duration_amount 27 | time_unit = var.retention_policy_duration_time_unit 28 | } 29 | } 30 | lifecycle { 31 | ignore_changes = all 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /modules/bucket/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "bucket" { 7 | value = oci_objectstorage_bucket.bucket 8 | } -------------------------------------------------------------------------------- /modules/budget/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_providers { 8 | oci = { 9 | source = "oracle/oci" 10 | configuration_aliases = [oci] 11 | } 12 | } 13 | } 14 | 15 | resource "oci_budget_budget" "oci_budget" { 16 | compartment_id = var.compartment_id 17 | amount = var.budget_amount 18 | reset_period = var.budget_reset_period 19 | 20 | description = var.budget_description 21 | display_name = var.budget_display_name 22 | target_type = var.budget_target_type 23 | targets = [ var.budget_target ] 24 | } 25 | 26 | resource "oci_budget_alert_rule" "oci_budget_rule" { 27 | budget_id = oci_budget_budget.oci_budget.id 28 | threshold = var.budget_alert_rule_threshold 29 | threshold_type = var.budget_alert_rule_threshold_type 30 | type = var.budget_alert_rule_type 31 | 32 | display_name = var.budget_alert_rule_display_name 33 | message = var.budget_alert_rule_message 34 | recipients = var.budget_alert_rule_recipients 35 | } 36 | -------------------------------------------------------------------------------- /modules/budget/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | # ----------------------------------------------------------------------------- 7 | # Budget Output 8 | # ----------------------------------------------------------------------------- 9 | output "budget" { 10 | value = oci_budget_budget.oci_budget 11 | } 12 | 13 | output "budget_alert_rule" { 14 | value = oci_budget_alert_rule.oci_budget_rule 15 | } 16 | 17 | output "budget_id" { 18 | value = oci_budget_alert_rule.oci_budget_rule.budget_id 19 | } 20 | 21 | output "budget_target_name" { 22 | value = oci_budget_budget.oci_budget.display_name 23 | } 24 | 25 | output "budget_amount" { 26 | value = oci_budget_budget.oci_budget.amount 27 | } 28 | 29 | output "budget_alert_rule_threshold" { 30 | value = oci_budget_alert_rule.oci_budget_rule.threshold 31 | } 32 | 33 | output "budget_alert_rule_recipients" { 34 | value = oci_budget_alert_rule.oci_budget_rule.recipients 35 | } 36 | -------------------------------------------------------------------------------- /modules/cloud-guard/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | data "oci_cloud_guard_detector_recipes" "configuration_detector_recipe" { 7 | provider = oci.home_region 8 | compartment_id = var.tenancy_ocid 9 | display_name = var.configuration_detector_recipe_display_name 10 | } 11 | 12 | data "oci_cloud_guard_detector_recipes" "activity_detector_recipe" { 13 | provider = oci.home_region 14 | compartment_id = var.tenancy_ocid 15 | display_name = var.activity_detector_recipe_display_name 16 | } 17 | 18 | data "oci_cloud_guard_detector_recipes" "threat_detector_recipe" { 19 | provider = oci.home_region 20 | compartment_id = var.tenancy_ocid 21 | display_name = var.threat_detector_recipe_display_name 22 | } 23 | 24 | data "oci_cloud_guard_responder_recipes" "responder_recipe" { 25 | provider = oci.home_region 26 | compartment_id = var.tenancy_ocid 27 | display_name = var.responder_recipe_display_name 28 | } -------------------------------------------------------------------------------- /modules/cloud-guard/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | -------------------------------------------------------------------------------- /modules/compartment/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_version = ">= 1.0.0" 8 | 9 | required_providers { 10 | oci = { 11 | source = "oracle/oci" 12 | } 13 | } 14 | } 15 | 16 | resource "oci_identity_compartment" "compartment" { 17 | compartment_id = var.compartment_parent_id 18 | description = var.compartment_description 19 | name = var.compartment_name 20 | enable_delete = var.enable_compartment_delete 21 | } 22 | 23 | resource "time_sleep" "compartment_replication_delay" { 24 | depends_on = [oci_identity_compartment.compartment] 25 | create_duration = "90s" 26 | } 27 | -------------------------------------------------------------------------------- /modules/compartment/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "compartment" { 7 | value = oci_identity_compartment.compartment 8 | description = "The full compartment resource including all attributes" 9 | } 10 | 11 | output "compartment_id" { 12 | value = oci_identity_compartment.compartment.id 13 | description = "The OCID of the compartment created" 14 | } 15 | 16 | output "compartment_name" { 17 | value = oci_identity_compartment.compartment.name 18 | description = "The name of the compartment created" 19 | } 20 | -------------------------------------------------------------------------------- /modules/compartment/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "compartment_parent_id" { 7 | type = string 8 | description = "OCID of the parent compartment." 9 | } 10 | 11 | variable "compartment_name" { 12 | type = string 13 | description = "Name of the compartment to create." 14 | } 15 | 16 | variable "compartment_description" { 17 | type = string 18 | description = "Description of the compartment to create." 19 | } 20 | 21 | variable "enable_compartment_delete" { 22 | type = bool 23 | description = "Allows the compartment to delete on terraform destroy." 24 | } 25 | -------------------------------------------------------------------------------- /modules/drg-attachment/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Requirements 3 | 4 | No requirements. 5 | 6 | ## Providers 7 | 8 | | Name | Version | 9 | |------|---------| 10 | | [oci](#provider\_oci) | n/a | 11 | 12 | ## Modules 13 | 14 | No modules. 15 | 16 | ## Resources 17 | 18 | | Name | Type | 19 | |------|------| 20 | | [oci_core_drg_attachment.drg_attachment](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_drg_attachment) | resource | 21 | 22 | ## Inputs 23 | 24 | | Name | Description | Type | Default | Required | 25 | |------|-------------|------|---------|:--------:| 26 | | [drg\_attachment\_type](#input\_drg\_attachment\_type) | DRG Attacment Network Type | `string` | n/a | yes | 27 | | [drg\_attachment\_vcn\_route\_type](#input\_drg\_attachment\_vcn\_route\_type) | DRG Attacment Network VCN Route Type | `string` | n/a | yes | 28 | | [drg\_id](#input\_drg\_id) | DRG OCID Value. | `string` | n/a | yes | 29 | | [vcn\_id](#input\_vcn\_id) | VCN OCID Value | `string` | n/a | yes | 30 | 31 | ## Outputs 32 | 33 | No outputs. 34 | 35 | 36 | # License 37 | 38 | Copyright (c) 2022,2023 Oracle and/or its affiliates. 39 | 40 | Licensed under the Universal Permissive License (UPL), Version 1.0. 41 | 42 | See [LICENSE](../../LICENSE) for more details. -------------------------------------------------------------------------------- /modules/drg-attachment/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_providers { 8 | oci = { 9 | source = "oracle/oci" 10 | } 11 | } 12 | } 13 | 14 | # ----------------------------------------------------------------------------- 15 | # DRG VCN ATTACHMENT 16 | # ----------------------------------------------------------------------------- 17 | 18 | resource "oci_core_drg_attachment" "drg_attachment" { 19 | drg_id = var.drg_id 20 | network_details { 21 | id = var.vcn_id 22 | type = var.drg_attachment_type 23 | vcn_route_type = var.drg_attachment_vcn_route_type 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /modules/drg-attachment/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "drg_id" { 7 | type = string 8 | description = "DRG OCID Value." 9 | } 10 | 11 | variable "vcn_id" { 12 | type = string 13 | description = "VCN OCID Value" 14 | } 15 | 16 | variable "drg_attachment_type" { 17 | type = string 18 | description = "DRG Attacment Network Type" 19 | } 20 | 21 | variable "drg_attachment_vcn_route_type" { 22 | type = string 23 | description = "DRG Attacment Network VCN Route Type" 24 | } 25 | -------------------------------------------------------------------------------- /modules/drg/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "drg_id" { 7 | description = "id of drg if it is created" 8 | value = oci_core_drg.drg.id 9 | } 10 | 11 | output "drg_attachment_all_attributes" { 12 | description = "all attributes related to drg attachment" 13 | value = { for k, v in oci_core_drg_attachment.drg_vcn_attachment : k => v } 14 | } 15 | 16 | output "drg_route_tables" { 17 | value = { for k, v in oci_core_drg_route_table.route_table: k => v } 18 | } -------------------------------------------------------------------------------- /modules/drg/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "compartment_id" { 7 | description = "compartment id where to create all resources" 8 | type = string 9 | } 10 | 11 | variable "drg_display_name" { 12 | description = "(Updatable) Name of Dynamic Routing Gateway. Does not have to be unique." 13 | type = string 14 | validation { 15 | condition = length(var.drg_display_name) > 0 16 | error_message = "The drg_display_name value cannot be an empty string." 17 | } 18 | } 19 | 20 | # @TODO add type definitions for maps/objects 21 | variable "drg_vcn_attachments" { 22 | description = "The network resource attached to the DRG" 23 | type = map(any) 24 | default = null 25 | } 26 | 27 | variable "route_distribution_map" { 28 | type = map(any) 29 | default = null 30 | description = "The route table used by the DRG attachment." 31 | } 32 | 33 | variable "drg_route_table_map" { 34 | type = map(any) 35 | default = null 36 | description = "The route table used by the DRG attachment." 37 | } 38 | -------------------------------------------------------------------------------- /modules/dynamic-group/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_providers { 8 | oci = { 9 | source = "oracle/oci" 10 | } 11 | } 12 | } 13 | 14 | resource "oci_identity_dynamic_group" "dynamic_group" { 15 | compartment_id = var.tenancy_ocid 16 | description = var.description 17 | matching_rule = var.matching_rule 18 | name = var.name 19 | } 20 | -------------------------------------------------------------------------------- /modules/dynamic-group/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "id" { 7 | value = oci_identity_dynamic_group.dynamic_group.id 8 | description = "The OCID of dynamic group created" 9 | } 10 | 11 | output "name" { 12 | value = oci_identity_dynamic_group.dynamic_group.name 13 | description = "The name of dynamic group created" 14 | } -------------------------------------------------------------------------------- /modules/dynamic-group/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "tenancy_ocid" { 7 | type = string 8 | description = "The OCID of the tenancy." 9 | } 10 | 11 | variable "name" { 12 | type = string 13 | description = "The name you assign to the group during creation. The name must be unique across all compartments in the tenancy. " 14 | } 15 | 16 | variable "description" { 17 | type = string 18 | description = "The description you assign to the Group. Does not have to be unique, and it's changeable. " 19 | } 20 | 21 | variable "matching_rule" { 22 | type = string 23 | description = "Define a matching rule or a set of matching rules to define the group members." 24 | } -------------------------------------------------------------------------------- /modules/fastconnect/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | data "oci_core_fast_connect_provider_services" "fast_connect_provider_services" { 7 | compartment_id = var.compartment_ocid 8 | } 9 | 10 | data "oci_core_fast_connect_provider_service" "fast_connect_provider_service" { 11 | provider_service_id = lookup(element(data.oci_core_fast_connect_provider_services.fast_connect_provider_services.fast_connect_provider_services, index(data.oci_core_fast_connect_provider_services.fast_connect_provider_services.fast_connect_provider_services.*.provider_name, var.fastconnect_provider)), "id") 12 | } 13 | -------------------------------------------------------------------------------- /modules/identity-domain-group/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Requirements 3 | 4 | No requirements. 5 | 6 | ## Providers 7 | 8 | | Name | Version | 9 | |------|---------| 10 | | [null](#provider\_null) | n/a | 11 | 12 | ## Modules 13 | 14 | No modules. 15 | 16 | ## Resources 17 | 18 | | Name | Type | 19 | |------|------| 20 | | [null_resource.groups](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource | 21 | 22 | ## Inputs 23 | 24 | | Name | Description | Type | Default | Required | 25 | |------|-------------|------|---------|:--------:| 26 | | [group\_names](#input\_group\_names) | The list of user group names. | `list(string)` | n/a | yes | 27 | | [identity\_domain\_id](#input\_identity\_domain\_id) | the OCID of identity domain | `string` | n/a | yes | 28 | 29 | ## Outputs 30 | 31 | No outputs. 32 | 33 | 34 | # License 35 | 36 | Copyright (c) 2022,2023 Oracle and/or its affiliates. 37 | 38 | Licensed under the Universal Permissive License (UPL), Version 1.0. 39 | 40 | See [LICENSE](../../LICENSE) for more details. -------------------------------------------------------------------------------- /modules/identity-domain-group/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | resource "null_resource" "groups" { 7 | count = length(var.group_names) != 0 ? 1 : 0 8 | 9 | triggers = { 10 | domain_id = var.identity_domain_id 11 | group_names = "${join(",", var.group_names)}" 12 | } 13 | 14 | provisioner "local-exec" { 15 | working_dir = path.module 16 | command = "pip3 install -r scripts/requirements.txt" 17 | on_failure = continue 18 | } 19 | 20 | provisioner "local-exec" { 21 | working_dir = path.module 22 | command = "python3 scripts/manage_identity_domain.py -d ${var.identity_domain_id} -g ${join(" ", var.group_names)}" 23 | on_failure = continue 24 | } 25 | } -------------------------------------------------------------------------------- /modules/identity-domain-group/scripts/requirements.txt: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | oci 7 | requests -------------------------------------------------------------------------------- /modules/identity-domain-group/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "group_names" { 7 | type = list(string) 8 | description = "The list of user group names." 9 | } 10 | 11 | variable "identity_domain_id" { 12 | type = string 13 | description = "the OCID of identity domain" 14 | } -------------------------------------------------------------------------------- /modules/identity-domain/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "domain" { 7 | value = oci_identity_domain.domain 8 | } 9 | output "url" { 10 | value = oci_identity_domain.domain.url 11 | } -------------------------------------------------------------------------------- /modules/identity-domain/scripts/requirements.txt: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | oci 7 | requests -------------------------------------------------------------------------------- /modules/internet-gateway/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_providers { 8 | oci = { 9 | source = "oracle/oci" 10 | } 11 | } 12 | } 13 | 14 | # ----------------------------------------------------------------------------- 15 | # Create Internet Gateway 16 | # ----------------------------------------------------------------------------- 17 | resource "oci_core_internet_gateway" "OCI-ELZ-IGW-P-HUB" { 18 | compartment_id = var.network_compartment_id 19 | vcn_id = var.vcn_id 20 | display_name = var.internet_gateway_display_name 21 | } 22 | 23 | -------------------------------------------------------------------------------- /modules/internet-gateway/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "internet_gw_id" { 7 | value = oci_core_internet_gateway.OCI-ELZ-IGW-P-HUB.id 8 | description = "Internet Gateway Display Name." 9 | } 10 | -------------------------------------------------------------------------------- /modules/internet-gateway/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "network_compartment_id" { 7 | type = string 8 | description = "The OCID of the compartment to contain the VCN." 9 | } 10 | 11 | variable "vcn_id" { 12 | type = string 13 | description = "The VCN OCID Value" 14 | } 15 | 16 | variable "internet_gateway_display_name" { 17 | type = string 18 | description = "Internet Gateway Display Name." 19 | } -------------------------------------------------------------------------------- /modules/ipsec/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "compartment_ocid" { 7 | type = string 8 | description = "" 9 | } 10 | 11 | variable "cpe_ip_address" { 12 | type = string 13 | description = "Customer Premises Equipment IP address" 14 | } 15 | 16 | variable "cpe_display_name" { 17 | type = string 18 | description = "Customer Premises Equipment IP address" 19 | } 20 | 21 | variable "ipsec_display_name" { 22 | type = string 23 | description = "" 24 | } 25 | 26 | variable "drg_id" { 27 | type = string 28 | description = "" 29 | } 30 | 31 | variable "static_routes" { 32 | type = list(string) 33 | } 34 | 35 | variable "cpe_vendor" { 36 | type = number 37 | } 38 | 39 | variable "routing" { 40 | type = string 41 | description = "" 42 | } 43 | 44 | variable "tunnel_a_display_name" {} 45 | 46 | variable "customer_bgp_asn" {} 47 | 48 | variable "bgp_cust_tunnela_ip" {} 49 | 50 | variable "bgp_oci_tunnela_ip" {} 51 | 52 | variable "shared_secret" {} 53 | 54 | variable "tunnel_b_display_name" {} -------------------------------------------------------------------------------- /modules/key/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_providers { 8 | oci = { 9 | source = "oracle/oci" 10 | } 11 | } 12 | } 13 | 14 | resource "oci_kms_key" "key" { 15 | compartment_id = var.compartment_ocid 16 | display_name = var.display_name 17 | 18 | key_shape { 19 | algorithm = var.shape_algorithm 20 | length = var.shape_length 21 | } 22 | management_endpoint = var.management_endpoint 23 | protection_mode = var.protection_mode 24 | } 25 | -------------------------------------------------------------------------------- /modules/key/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "key_ocid" { 7 | value = oci_kms_key.key.id 8 | description = "The OCID of the key created" 9 | } -------------------------------------------------------------------------------- /modules/key/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "compartment_ocid" { 7 | type = string 8 | description = "The OCID of the compartment where you want to create the master encryption key." 9 | } 10 | 11 | variable "display_name" { 12 | type = string 13 | description = "The display name of key" 14 | } 15 | 16 | variable "shape_algorithm" { 17 | type = string 18 | description = "The algorithm used by a key's key versions to encrypt or decrypt." 19 | } 20 | 21 | variable "shape_length" { 22 | type = number 23 | description = "The length of the key in bytes, expressed as an integer." 24 | } 25 | 26 | variable "management_endpoint" { 27 | type = string 28 | description = "The service endpoint to perform management operations against." 29 | } 30 | 31 | variable "protection_mode" { 32 | type = string 33 | description = "he key's protection mode indicates how the key persists and where cryptographic operations that use the key are performed." 34 | } -------------------------------------------------------------------------------- /modules/log-analytics-namespace/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | data "oci_log_analytics_namespaces" "logging_analytics_namespaces" { 7 | compartment_id = var.tenancy_ocid 8 | } -------------------------------------------------------------------------------- /modules/log-analytics-namespace/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "tenancy_ocid" { 7 | type = string 8 | description = "The OCID of tenancy" 9 | } 10 | 11 | variable "compartment_id" { 12 | type = string 13 | description = "The OCID of the root compartment." 14 | } 15 | 16 | variable "is_onboarded" { 17 | type = bool 18 | description = "Use true if tenancy is to be onboarded to logging analytics and false if tenancy is to be offboarded." 19 | } 20 | 21 | variable "resource_label" { 22 | type = string 23 | } 24 | -------------------------------------------------------------------------------- /modules/log-analytics/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | data "oci_log_analytics_namespaces" "logging_analytics_namespaces" { 7 | compartment_id = var.tenancy_ocid 8 | } -------------------------------------------------------------------------------- /modules/log-analytics/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "service_connector_id" { 7 | value = oci_sch_service_connector.service_connector.id 8 | } 9 | 10 | output "log_group_id" { 11 | value = oci_log_analytics_log_analytics_log_group.log_analytics_log_group.id 12 | description = "The OCID of log group created" 13 | } -------------------------------------------------------------------------------- /modules/log-group/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_providers { 8 | oci = { 9 | source = "oracle/oci" 10 | } 11 | } 12 | } 13 | 14 | resource "oci_logging_log_group" "log_group" { 15 | compartment_id = var.compartment_id 16 | display_name = var.display_name 17 | description = var.description 18 | } 19 | -------------------------------------------------------------------------------- /modules/log-group/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "log_group_id" { 7 | value = oci_logging_log_group.log_group.id 8 | description = "The OCID of the log group created" 9 | } 10 | -------------------------------------------------------------------------------- /modules/log-group/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "compartment_id" { 7 | type = string 8 | description = " The OCID of the compartment that the resource belongs to." 9 | } 10 | 11 | variable "display_name" { 12 | type = string 13 | description = "The display name of log group" 14 | } 15 | 16 | variable "description" { 17 | type = string 18 | description = "Description for log group" 19 | } -------------------------------------------------------------------------------- /modules/nat-gateway/README.md: -------------------------------------------------------------------------------- 1 | 2 | ## Requirements 3 | 4 | No requirements. 5 | 6 | ## Providers 7 | 8 | | Name | Version | 9 | |------|---------| 10 | | [oci](#provider\_oci) | n/a | 11 | 12 | ## Modules 13 | 14 | No modules. 15 | 16 | ## Resources 17 | 18 | | Name | Type | 19 | |------|------| 20 | | [oci_core_nat_gateway.OCI-ELZ-NGW-P-HUB](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_nat_gateway) | resource | 21 | 22 | ## Inputs 23 | 24 | | Name | Description | Type | Default | Required | 25 | |------|-------------|------|---------|:--------:| 26 | | [nat\_gateway\_display\_name](#input\_nat\_gateway\_display\_name) | NAT Gateway Display Name. | `string` | n/a | yes | 27 | | [network\_compartment\_id](#input\_network\_compartment\_id) | The OCID of the compartment to contain the VCN. | `string` | n/a | yes | 28 | | [vcn\_id](#input\_vcn\_id) | The VCN OCID Value | `string` | n/a | yes | 29 | 30 | ## Outputs 31 | 32 | | Name | Description | 33 | |------|-------------| 34 | | [nat\_gw\_id](#output\_nat\_gw\_id) | NAT Gateway OCID. | 35 | 36 | 37 | # License 38 | 39 | Copyright (c) 2022,2023 Oracle and/or its affiliates. 40 | 41 | Licensed under the Universal Permissive License (UPL), Version 1.0. 42 | 43 | See [LICENSE](../../LICENSE) for more details. -------------------------------------------------------------------------------- /modules/nat-gateway/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_providers { 8 | oci = { 9 | source = "oracle/oci" 10 | } 11 | } 12 | } 13 | 14 | # ----------------------------------------------------------------------------- 15 | # Create NAT Gateway 16 | # ----------------------------------------------------------------------------- 17 | resource "oci_core_nat_gateway" "OCI-ELZ-NGW-P-HUB" { 18 | compartment_id = var.network_compartment_id 19 | vcn_id = var.vcn_id 20 | display_name = var.nat_gateway_display_name 21 | } 22 | 23 | -------------------------------------------------------------------------------- /modules/nat-gateway/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "nat_gw_id" { 7 | value = oci_core_nat_gateway.OCI-ELZ-NGW-P-HUB.id 8 | description = "NAT Gateway OCID." 9 | } 10 | -------------------------------------------------------------------------------- /modules/nat-gateway/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "network_compartment_id" { 7 | type = string 8 | description = "The OCID of the compartment to contain the VCN." 9 | } 10 | 11 | variable "vcn_id" { 12 | type = string 13 | description = "The VCN OCID Value" 14 | } 15 | 16 | variable "nat_gateway_display_name" { 17 | type = string 18 | description = "NAT Gateway Display Name." 19 | } -------------------------------------------------------------------------------- /modules/network-firewall/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | data "oci_core_private_ips" "firewall_subnet_private_ip" { 7 | subnet_id = var.network_firewall_subnet_id 8 | depends_on = [ 9 | time_sleep.network_firewall_ip_delay 10 | ] 11 | 12 | filter { 13 | name = "display_name" 14 | values = [var.network_firewall_name] 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /modules/network-firewall/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "firewall_id" { 7 | value = oci_network_firewall_network_firewall.network_firewall.id 8 | description = "The OCID of network firewall" 9 | } 10 | 11 | output "firewall_ip_id" { 12 | value = data.oci_core_private_ips.firewall_subnet_private_ip.private_ips[0].id 13 | description = "The OCID of network firewall ip" 14 | } 15 | 16 | output "firewall_ip" { 17 | value = oci_network_firewall_network_firewall.network_firewall.ipv4address 18 | description = "The IP address network firewall" 19 | } -------------------------------------------------------------------------------- /modules/network-firewall/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "network_compartment_ocid" { 7 | type = string 8 | description = "The OCID of the compartment containing the Network Firewall." 9 | } 10 | 11 | variable "network_firewall_name" { 12 | type = string 13 | description = "OCI Network Firewall Name." 14 | } 15 | 16 | variable "network_firewall_subnet_id" { 17 | type = string 18 | description = "The OCID of the subnet associated with the Network Firewall." 19 | } 20 | 21 | variable "network_firewall_policy_name" { 22 | type = string 23 | description = "The name of network firewall policy." 24 | } 25 | 26 | variable "network_firewall_policy_action" { 27 | type = string 28 | description = "Network Firewall Policy Action." 29 | } 30 | variable "ip_address_lists" { 31 | type = map(any) 32 | description = "The list of ip address." 33 | } 34 | variable "security_rules" { 35 | type = map(any) 36 | description = "The list of security rules." 37 | } 38 | -------------------------------------------------------------------------------- /modules/non-default-domain-group/README.md: -------------------------------------------------------------------------------- 1 | ## Summary 2 | Terraform module for OCI Identity Domain. 3 | A container for managing users and roles, federating and provisioning 4 | of users, secure application integration through Oracle Single Sign-On (SSO) 5 | configuration, and SAML/OAuth based Identity Provider administration. 6 | 7 | 8 | ## Requirements 9 | 10 | No requirements. 11 | 12 | ## Providers 13 | 14 | | Name | Version | 15 | |------|---------| 16 | | [oci](#provider\_oci) | n/a | 17 | 18 | ## Modules 19 | 20 | No modules. 21 | 22 | ## Resources 23 | 24 | | Name | Type | 25 | |------|------| 26 | | [oci_identity_domains_group.test_group](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/identity_domains_group) | resource | 27 | 28 | ## Inputs 29 | 30 | | Name | Description | Type | Default | Required | 31 | |------|-------------|------|---------|:--------:| 32 | | [group\_display\_name](#input\_group\_display\_name) | Identity Group Display Name. | `string` | n/a | yes | 33 | | [idcs\_endpoint](#input\_idcs\_endpoint) | The basic endpoint for the identity domain. | `string` | n/a | yes | 34 | 35 | ## Outputs 36 | 37 | No outputs. 38 | 39 | 40 | # License 41 | 42 | Copyright (c) 2022,2023 Oracle and/or its affiliates. 43 | 44 | Licensed under the Universal Permissive License (UPL), Version 1.0. 45 | 46 | See [LICENSE](../../LICENSE) for more details. -------------------------------------------------------------------------------- /modules/non-default-domain-group/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_providers { 8 | oci = { 9 | source = "oracle/oci" 10 | } 11 | } 12 | } 13 | 14 | resource "oci_identity_domains_group" "test_group" { 15 | 16 | display_name = var.group_display_name 17 | idcs_endpoint = var.idcs_endpoint 18 | schemas = ["urn:ietf:params:scim:schemas:core:2.0:Group"] 19 | 20 | lifecycle { 21 | ignore_changes = [ idcs_endpoint 22 | ] 23 | } 24 | } 25 | 26 | -------------------------------------------------------------------------------- /modules/non-default-domain-group/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | -------------------------------------------------------------------------------- /modules/non-default-domain-group/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "group_display_name" { 7 | type = string 8 | description = "Identity Group Display Name." 9 | } 10 | 11 | variable "idcs_endpoint" { 12 | type = string 13 | description = "The basic endpoint for the identity domain." 14 | } -------------------------------------------------------------------------------- /modules/notification-topic/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "topic_id" { 7 | value = oci_ons_notification_topic.topic_service.id 8 | description = "The OCID of the topic created" 9 | } 10 | 11 | output "subscription_id" { 12 | description = "The subscriptions, indexed by ID." 13 | value = { for sub in oci_ons_subscription.subscription_service : sub.id => sub } 14 | } 15 | -------------------------------------------------------------------------------- /modules/notification-topic/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "compartment_id" { 7 | type = string 8 | description = "The OCID of the compartment to create the topic in." 9 | } 10 | 11 | variable "topic_name" { 12 | type = string 13 | description = "The name of the topic being created." 14 | } 15 | 16 | variable "topic_description" { 17 | type = string 18 | description = "The description of the topic being created" 19 | } 20 | 21 | variable "subscription_endpoint" { 22 | type = list(string) 23 | description = "A locator that corresponds to the subscription protocol." 24 | } 25 | 26 | variable "subscription_protocol" { 27 | type = string 28 | description = "Valid values: CUSTOM_HTTPS, EMAIL, ORACLE_FUNCTIONS, PAGERDUTY, SLACK, SMS" 29 | } 30 | 31 | variable "event_rules" { 32 | type = map(any) 33 | default = {} 34 | description = "" 35 | } 36 | -------------------------------------------------------------------------------- /modules/policies/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_providers { 8 | oci = { 9 | source = "oracle/oci" 10 | } 11 | } 12 | } 13 | 14 | resource "oci_identity_policy" "policy" { 15 | compartment_id = var.compartment_ocid 16 | description = var.description 17 | name = var.policy_name 18 | statements = var.statements 19 | } 20 | 21 | resource "time_sleep" "policy_propagation_delay" { 22 | depends_on = [oci_identity_policy.policy] 23 | create_duration = "90s" 24 | } 25 | -------------------------------------------------------------------------------- /modules/policies/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "policy" { 7 | value = oci_identity_policy.policy 8 | } 9 | -------------------------------------------------------------------------------- /modules/policies/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "compartment_ocid" { 7 | type = string 8 | description = "The OCID of the compartment containing the policy." 9 | } 10 | 11 | variable "description" { 12 | type = string 13 | description = "The description of policy" 14 | } 15 | 16 | variable "policy_name" { 17 | type = string 18 | description = "The name of policy." 19 | } 20 | 21 | variable "statements" { 22 | type = list(string) 23 | description = "An array of policy statements written in the policy language." 24 | } -------------------------------------------------------------------------------- /modules/route-table/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_providers { 8 | oci = { 9 | source = "oracle/oci" 10 | } 11 | } 12 | } 13 | 14 | ###################################################################### 15 | # Create Route Table # 16 | ###################################################################### 17 | resource "oci_core_route_table" "route_table" { 18 | compartment_id = var.compartment_id 19 | vcn_id = var.vcn_id 20 | display_name = var.route_table_display_name 21 | dynamic "route_rules" { 22 | for_each = var.route_rules 23 | content { 24 | description = route_rules.key 25 | network_entity_id = route_rules.value.network_entity_id 26 | destination = route_rules.value.destination 27 | destination_type = route_rules.value.destination_type 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /modules/route-table/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "route_table_id" { 7 | value = oci_core_route_table.route_table.id 8 | description = "The OCID of the route table" 9 | } 10 | -------------------------------------------------------------------------------- /modules/route-table/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "compartment_id" { 7 | type = string 8 | description = "The OCID of the compartment to contain the route table." 9 | } 10 | 11 | variable "vcn_id" { 12 | type = string 13 | description = "The OCID of the VCN the route table belongs to." 14 | } 15 | 16 | variable "route_table_display_name" { 17 | type = string 18 | description = "The display name of route table" 19 | } 20 | 21 | variable "route_rules" { 22 | type = map(any) 23 | description = "The collection of rules for routing destination IPs to network devices." 24 | } 25 | -------------------------------------------------------------------------------- /modules/security-list/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "security_list_id" { 7 | value = oci_core_security_list.security_list_spoke.id 8 | description = "The OCID of the Security List" 9 | } 10 | -------------------------------------------------------------------------------- /modules/service-connector/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | data "oci_objectstorage_namespace" "ns" { 7 | compartment_id = var.tenancy_ocid 8 | } -------------------------------------------------------------------------------- /modules/service-connector/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_providers { 8 | oci = { 9 | source = "oracle/oci" 10 | } 11 | } 12 | } 13 | 14 | resource "oci_sch_service_connector" "service_connector" { 15 | compartment_id = var.compartment_id 16 | display_name = var.display_name 17 | source { 18 | kind = var.source_kind 19 | 20 | log_sources { 21 | compartment_id = var.source_compartment_id 22 | log_group_id = var.log_group_id 23 | } 24 | cursor { 25 | kind = var.cursor_kind 26 | } 27 | 28 | stream_id = var.stream_id 29 | 30 | } 31 | target { 32 | kind = var.target_kind 33 | bucket = var.target_bucket 34 | namespace = data.oci_objectstorage_namespace.ns.namespace 35 | } 36 | lifecycle { 37 | ignore_changes = [ 38 | source[0], 39 | target[0] 40 | ] 41 | } 42 | } -------------------------------------------------------------------------------- /modules/service-gateway/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_providers { 8 | oci = { 9 | source = "oracle/oci" 10 | } 11 | } 12 | } 13 | 14 | # ----------------------------------------------------------------------------- 15 | # Create Service Gateway 16 | # ----------------------------------------------------------------------------- 17 | 18 | data "oci_core_services" "service_gateway_all_oci_services" { 19 | filter { 20 | name = "name" 21 | values = ["All .* Services In Oracle Services Network"] 22 | regex = true 23 | } 24 | } 25 | 26 | 27 | resource "oci_core_service_gateway" "service_gateway_all_svcs" { 28 | compartment_id = var.network_compartment_id 29 | vcn_id = var.vcn_id 30 | services { 31 | service_id = lookup(data.oci_core_services.service_gateway_all_oci_services.services[0], "id") 32 | } 33 | display_name = var.service_gateway_display_name 34 | } 35 | 36 | -------------------------------------------------------------------------------- /modules/service-gateway/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "service_gw_id" { 7 | value = oci_core_service_gateway.service_gateway_all_svcs.id 8 | description = "Service Gateway OCID." 9 | } 10 | -------------------------------------------------------------------------------- /modules/service-gateway/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "network_compartment_id" { 7 | type = string 8 | description = "The OCID of the compartment to contain the VCN." 9 | } 10 | 11 | variable "vcn_id" { 12 | type = string 13 | description = "The VCN OCID Value" 14 | } 15 | 16 | variable "service_gateway_display_name" { 17 | type = string 18 | description = "Service Gateway Display Name." 19 | } -------------------------------------------------------------------------------- /modules/service-log-map/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_providers { 8 | oci = { 9 | source = "oracle/oci" 10 | } 11 | } 12 | } 13 | 14 | resource "oci_logging_log" "service_log" { 15 | for_each = var.service_log_map 16 | display_name = "${var.log_display_name}-${each.key}" 17 | log_group_id = var.log_group_id 18 | log_type = var.log_type 19 | 20 | configuration { 21 | source { 22 | category = var.log_source_category 23 | resource = each.value 24 | service = var.log_source_service 25 | source_type = var.log_source_type 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /modules/service-log-map/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "service_log_map" { 7 | type = map(string) 8 | description = "" 9 | } 10 | 11 | variable "log_display_name" { 12 | type = string 13 | description = "The display name of service log" 14 | } 15 | 16 | variable "log_type" { 17 | type = string 18 | description = "The logType that the log object is for, whether custom or service." 19 | } 20 | 21 | variable "log_group_id" { 22 | type = string 23 | description = "The OCID of a log group to work with." 24 | } 25 | 26 | variable "log_source_category" { 27 | type = string 28 | description = "Log object category." 29 | } 30 | 31 | variable "log_source_service" { 32 | type = string 33 | description = "Service generating log." 34 | } 35 | 36 | variable "log_source_type" { 37 | type = string 38 | description = "The log source type." 39 | } 40 | -------------------------------------------------------------------------------- /modules/service-log-nfw/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_providers { 8 | oci = { 9 | source = "oracle/oci" 10 | } 11 | } 12 | } 13 | 14 | resource "oci_logging_log" "service_log_nfw" { 15 | display_name = var.log_display_name 16 | log_group_id = var.log_group_id 17 | log_type = var.log_type 18 | 19 | configuration { 20 | source { 21 | category = var.log_source_category 22 | resource = var.log_source_resource 23 | service = var.log_source_service 24 | source_type = var.log_source_type 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /modules/service-log-nfw/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "log_display_name" { 7 | type = string 8 | description = "The display name of service log" 9 | } 10 | 11 | variable "log_type" { 12 | type = string 13 | description = "The logType that the log object is for, whether custom or service." 14 | } 15 | 16 | variable "log_group_id" { 17 | type = string 18 | description = "The OCID of a log group to work with." 19 | } 20 | 21 | variable "log_source_category" { 22 | type = string 23 | description = "Log object category." 24 | } 25 | 26 | variable "log_source_service" { 27 | type = string 28 | description = "Service generating log." 29 | } 30 | 31 | variable "log_source_type" { 32 | type = string 33 | description = "The log source type." 34 | } 35 | 36 | variable "log_source_resource" { 37 | type = string 38 | description = "The log resource type." 39 | } -------------------------------------------------------------------------------- /modules/service-log-no-map/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_providers { 8 | oci = { 9 | source = "oracle/oci" 10 | } 11 | } 12 | } 13 | 14 | resource "oci_logging_log" "service_log" { 15 | display_name = var.log_display_name 16 | log_group_id = var.log_group_id 17 | log_type = var.log_type 18 | 19 | configuration { 20 | source { 21 | category = var.log_source_category 22 | resource = var.log_source_resource 23 | service = var.log_source_service 24 | source_type = var.log_source_type 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /modules/service-log-no-map/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "log_display_name" { 7 | type = string 8 | description = "The display name of service log" 9 | } 10 | 11 | variable "log_type" { 12 | type = string 13 | description = "The logType that the log object is for, whether custom or service." 14 | } 15 | 16 | variable "log_group_id" { 17 | type = string 18 | description = "The OCID of a log group to work with." 19 | } 20 | 21 | variable "log_source_category" { 22 | type = string 23 | description = "Log object category." 24 | } 25 | 26 | variable "log_source_resource" { 27 | type = string 28 | description = "The unique identifier of the resource emitting the log." 29 | } 30 | 31 | variable "log_source_service" { 32 | type = string 33 | description = "Service generating log." 34 | } 35 | 36 | variable "log_source_type" { 37 | type = string 38 | description = "The log source type." 39 | } 40 | -------------------------------------------------------------------------------- /modules/service-log/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_providers { 8 | oci = { 9 | source = "oracle/oci" 10 | } 11 | } 12 | } 13 | 14 | resource "oci_logging_log" "service_log" { 15 | display_name = var.log_display_name 16 | log_group_id = var.log_group_id 17 | log_type = var.log_type 18 | 19 | configuration { 20 | source { 21 | category = var.log_source_category 22 | resource = var.log_source_resource 23 | service = var.log_source_service 24 | source_type = var.log_source_type 25 | } 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /modules/service-log/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "log_display_name" { 7 | type = string 8 | description = "The display name of service log" 9 | } 10 | 11 | variable "log_type" { 12 | type = string 13 | description = "The logType that the log object is for, whether custom or service." 14 | } 15 | 16 | variable "log_group_id" { 17 | type = string 18 | description = "The OCID of a log group to work with." 19 | } 20 | 21 | variable "log_source_category" { 22 | type = string 23 | description = "Log object category." 24 | } 25 | 26 | variable "log_source_service" { 27 | type = string 28 | description = "Service generating log." 29 | } 30 | 31 | variable "log_source_type" { 32 | type = string 33 | description = "The log source type." 34 | } 35 | variable "log_source_resource" { 36 | type = string 37 | description = "The unique identifier of the resource emitting the log." 38 | } -------------------------------------------------------------------------------- /modules/stream/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_providers { 8 | oci = { 9 | source = "oracle/oci" 10 | } 11 | } 12 | } 13 | 14 | resource "oci_streaming_stream_pool" "stream_pool" { 15 | compartment_id = var.compartment_id 16 | name = var.stream_pool_name 17 | 18 | # custom_encryption_key { 19 | # kms_key_id = var.kms_key_id 20 | # } 21 | } 22 | 23 | resource "oci_streaming_stream" "stream" { 24 | name = var.stream_name 25 | partitions = var.stream_partitions 26 | stream_pool_id = oci_streaming_stream_pool.stream_pool.id 27 | } 28 | 29 | resource "oci_events_rule" "rule" { 30 | actions { 31 | actions { 32 | action_type = var.rule_action_type 33 | is_enabled = var.rule_action_is_enabled 34 | 35 | stream_id = oci_streaming_stream.stream.id 36 | } 37 | } 38 | compartment_id = var.compartment_id 39 | condition = var.rule_condition 40 | display_name = var.rule_display_name 41 | is_enabled = var.rule_is_enabled 42 | } 43 | -------------------------------------------------------------------------------- /modules/stream/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "stream_id" { 7 | value = oci_streaming_stream.stream.id 8 | description = "The OCID of the stream created" 9 | } -------------------------------------------------------------------------------- /modules/subnet/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_providers { 8 | oci = { 9 | source = "oracle/oci" 10 | } 11 | } 12 | } 13 | ###################################################################### 14 | # Create Subnet # 15 | ###################################################################### 16 | resource "oci_core_subnet" "subnet" { 17 | for_each = var.subnet_map 18 | cidr_block = each.value.cidr_block 19 | display_name = each.value.name 20 | dns_label = each.value.dns_label 21 | compartment_id = var.compartment_id 22 | prohibit_public_ip_on_vnic = each.value.prohibit_public_ip_on_vnic 23 | vcn_id = var.vcn_id 24 | route_table_id = var.subnet_route_table_id 25 | security_list_ids = var.subnet_security_list_id 26 | } 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /modules/subnet/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "subnets" { 7 | value = { for subnet in oci_core_subnet.subnet : 8 | subnet.display_name => subnet.id 9 | } 10 | description = "The subnet OCID" 11 | } 12 | -------------------------------------------------------------------------------- /modules/tag/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "namespace_id" { 7 | value = oci_identity_tag_namespace.tag_namespace.id 8 | description = "Tag NameSpace OCID" 9 | } 10 | 11 | output "tag" { 12 | value = oci_identity_tag.tag 13 | description = "Tag Values" 14 | } 15 | 16 | output "tag_default" { 17 | value = oci_identity_tag_default.tag_default 18 | description = "Tag Default Values" 19 | } 20 | -------------------------------------------------------------------------------- /modules/tag/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "compartment_id" { 7 | type = string 8 | description = "The OCID of the compartment." 9 | } 10 | 11 | variable "tag_namespace_description" { 12 | type = string 13 | description = "The description of the tag namespace." 14 | } 15 | 16 | variable "tag_namespace_name" { 17 | type = string 18 | description = "The name of the tag namespace" 19 | } 20 | 21 | variable "is_namespace_retired" { 22 | type = bool 23 | default = false 24 | description = "Whether the tag namespace is retired." 25 | } 26 | 27 | variable "tag_map" { 28 | 29 | } 30 | 31 | variable "tag_default_map" { 32 | 33 | } 34 | -------------------------------------------------------------------------------- /modules/vault/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_providers { 8 | oci = { 9 | source = "oracle/oci" 10 | } 11 | } 12 | } 13 | 14 | resource "oci_kms_vault" "vault" { 15 | compartment_id = var.compartment_id 16 | display_name = var.display_name 17 | vault_type = var.vault_type 18 | } 19 | 20 | resource "oci_kms_vault_replication" "replication" { 21 | count = var.enable_replication ? 1 : 0 22 | vault_id = oci_kms_vault.vault.id 23 | replica_region = var.replica_region 24 | } 25 | -------------------------------------------------------------------------------- /modules/vault/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "management_endpoint" { 7 | value = oci_kms_vault.vault.management_endpoint 8 | description = "The endpoint OCID of the valut" 9 | } -------------------------------------------------------------------------------- /modules/vault/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "compartment_id" { 7 | type = string 8 | description = "The OCID of the compartment where you want to create this vault." 9 | } 10 | 11 | variable "display_name" { 12 | type = string 13 | description = "The display name of the vault" 14 | } 15 | 16 | variable "vault_type" { 17 | type = string 18 | description = "The type of vault to create. " 19 | } 20 | 21 | variable "replica_region" { 22 | type = string 23 | description = "the region to be created replica to." 24 | } 25 | 26 | variable "enable_replication" { 27 | type = bool 28 | description = "Option to enable vault replication" 29 | } 30 | -------------------------------------------------------------------------------- /modules/vcn-gateway/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "internet_gw_id" { 7 | value = join(",", oci_core_internet_gateway.internet_gw[*].id) 8 | description = "Internet Gateway OCID Value." 9 | } 10 | output "nat_gw_id" { 11 | value = join(",", oci_core_nat_gateway.nat_gw[*].id) 12 | description = "NAT Gateway OCID Value." 13 | } 14 | output "service_gw_id" { 15 | value = join(",", oci_core_service_gateway.service_gw[*].id) 16 | description = "Service Gateway OCID Value." 17 | } 18 | 19 | -------------------------------------------------------------------------------- /modules/vcn-gateway/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "create_nat_gateway" { 7 | type = bool 8 | } 9 | variable "create_service_gateway" { 10 | type = bool 11 | } 12 | variable "nat_network_compartment_id" { 13 | type = string 14 | } 15 | variable "nat_vcn_id" { 16 | type = string 17 | } 18 | variable "nat_gateway_display_name" { 19 | type = string 20 | } 21 | variable "sgw_network_compartment_id" { 22 | type = string 23 | } 24 | variable "sgw_vcn_id" { 25 | type = string 26 | } 27 | variable "service_gateway_display_name" { 28 | type = string 29 | } 30 | 31 | -------------------------------------------------------------------------------- /modules/vcn/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_providers { 8 | oci = { 9 | source = "oracle/oci" 10 | } 11 | } 12 | } 13 | 14 | ###################################################################### 15 | # Create VCN # 16 | ###################################################################### 17 | resource "oci_core_vcn" "vcn" { 18 | cidr_blocks = var.vcn_cidrs[*] 19 | compartment_id = var.compartment_ocid_id 20 | display_name = var.vcn_display_name 21 | dns_label = var.vcn_dns_label 22 | is_ipv6enabled = var.enable_ipv6 23 | } 24 | 25 | resource "oci_core_default_security_list" "spoke_default_security_list_locked_down" { 26 | manage_default_resource_id = oci_core_vcn.vcn.default_security_list_id 27 | } 28 | -------------------------------------------------------------------------------- /modules/vcn/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "vcn_id" { 7 | value = oci_core_vcn.vcn.id 8 | description = "The OCID of the VCN created" 9 | } 10 | 11 | output "vcn" { 12 | value = oci_core_vcn.vcn 13 | } 14 | 15 | -------------------------------------------------------------------------------- /modules/vcn/variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | #variable "compartment_id" { 7 | # type = string 8 | # description = "The OCID of the compartment to contain the VCN." 9 | #} 10 | 11 | variable "vcn_cidrs" { 12 | type = list(string) 13 | description = "The CIDR block of VCN" 14 | } 15 | 16 | variable "vcn_display_name" { 17 | type = string 18 | description = "The display name of VCN" 19 | } 20 | 21 | variable "vcn_dns_label" { 22 | type = string 23 | description = "The DNS label of VCN" 24 | } 25 | 26 | variable "enable_ipv6" { 27 | type = bool 28 | default = false 29 | description = "Compartment : Option to enable ipv6" 30 | } 31 | variable "compartment_ocid_id" { 32 | type = string 33 | description = "the OCID of the compartment where the environment will be created." 34 | } 35 | 36 | -------------------------------------------------------------------------------- /templates/README.md: -------------------------------------------------------------------------------- 1 | # Templates for each Landing Zone 2 | 3 | This templates directory holds the base composition modules(templates) for our 4 | Enterprise Landing Zone. These templates consist of individual definitions of our 5 | intended OELZ configuration. As they are individual entries they can be combined or 6 | iterated over to allow for creation of multiple infrastructure pieces. The [enterprise-landing-zone](./enterprise-landing-zone/) directory 7 | contains the template for Oracle Enterprise Landing Zone v2. 8 | 9 | # License 10 | 11 | Copyright (c) 2022,2023 Oracle and/or its affiliates. 12 | 13 | Licensed under the Universal Permissive License (UPL), Version 1.0. 14 | 15 | See [LICENSE](../LICENSE) for more details. -------------------------------------------------------------------------------- /templates/elz-access-governance/examples/existing_agcs_user.tfvarexample: -------------------------------------------------------------------------------- 1 | #ADMINISTRATOR 2 | private_key_path = "" 3 | user_ocid = "" 4 | fingerprint = "" 5 | tenancy_ocid = "" 6 | region = "us-ashburn-1" 7 | 8 | 9 | # ACCESS GOVERNANCE SERVICE INSTANCE DETAILS, Optional Fields: admin_domain_name 10 | admin_domain_name = "Default" 11 | ag_license_type = "Access Governance for Oracle Cloud Infrastructure" 12 | service_instance_display_name = "" 13 | service_instance_description = "" 14 | service_instance_compartment_ocid = "" 15 | 16 | # ACCESS GOVERNANCE USER COMMON DETAILS 17 | use_existing_agcs_user = true 18 | 19 | # ACCESS GOVERNANCE EXISTING USER 20 | agcs_user_private_key_path = "" 21 | agcs_user_ocid_oci_system = "ocid1.user.oc1..xyz" 22 | agcs_user_fingerprint_oci_system = "" 23 | 24 | # OCI Connected System 25 | oci_system_name = "" 26 | oci_system_description = "" -------------------------------------------------------------------------------- /templates/elz-access-governance/examples/new_agcs_user.tfvarexample: -------------------------------------------------------------------------------- 1 | #ADMINISTRATOR 2 | private_key_path = "" 3 | user_ocid = "" 4 | fingerprint = "" 5 | tenancy_ocid = "" 6 | region = "us-ashburn-1" 7 | 8 | 9 | # ACCESS GOVERNANCE SERVICE INSTANCE DETAILS, Optional Fields: admin_domain_name 10 | admin_domain_name = "Default" 11 | ag_license_type = "Access Governance for Oracle Cloud Infrastructure" 12 | service_instance_display_name = "" 13 | service_instance_description = "" 14 | service_instance_compartment_ocid = "" 15 | 16 | # ACCESS GOVERNANCE USER COMMON DETAILS 17 | use_existing_agcs_user = false 18 | 19 | # NEW ACCESS GOVERNANCE USER 20 | agcs_user_group_display_name = "agcs_group" 21 | agcs_user_name = "agcs_user" 22 | agcs_user_email = "something@example.com" 23 | 24 | # OCI Connected System 25 | oci_system_name = "" 26 | oci_system_description = "" -------------------------------------------------------------------------------- /templates/elz-access-governance/outputs.tf: -------------------------------------------------------------------------------- 1 | output "service_instance" { 2 | value = module.agcs-module.si_creation 3 | } -------------------------------------------------------------------------------- /templates/elz-backup/elz-backup-environment/logging-variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "retention_policy_duration_amount" { 7 | type = string 8 | description = "The timeAmount is interpreted in units defined by the timeUnit parameter, and is calculated in relation to each object's Last-Modified timestamp." 9 | default = "1" 10 | } 11 | 12 | variable "retention_policy_duration_time_unit" { 13 | type = string 14 | description = "The unit that should be used to interpret timeAmount." 15 | default = "DAYS" 16 | } 17 | 18 | variable "logging_compartment_id" { 19 | type = string 20 | description = "the ocid of logging compartment" 21 | } 22 | variable "home_compartment_name" { 23 | type = string 24 | description = "The name of the Landing Zone home compartment." 25 | } 26 | -------------------------------------------------------------------------------- /templates/elz-backup/elz-backup-environment/monitoring.tf: -------------------------------------------------------------------------------- 1 | module "monitoring" { 2 | source = "../elz-backup-monitoring" 3 | tenancy_ocid = var.tenancy_ocid 4 | backup_region = var.backup_region 5 | environment_prefix = var.environment_prefix 6 | resource_label = var.resource_label 7 | home_compartment_id = var.home_compartment_id 8 | is_baseline_deploy = var.is_baseline_deploy 9 | 10 | environment_compartment_id = var.environment_compartment_id 11 | security_compartment_id = var.security_compartment_id 12 | network_compartment_id = var.network_compartment_id 13 | workload_compartment_id = var.workload_compartment_id 14 | 15 | is_create_alarms = var.is_create_alarms 16 | network_topic_endpoints = var.network_topic_endpoints 17 | secops_topic_endpoints = var.secops_topic_endpoints 18 | platform_topic_endpoints = var.platform_topic_endpoints 19 | identity_topic_endpoints = var.identity_topic_endpoints 20 | default_log_group_id = module.logging.log_group_id 21 | 22 | workload_topic_endpoints = var.workload_topic_endpoints 23 | 24 | enable_security_monitoring_alarms = var.enable_security_monitoring_alarms 25 | enable_network_monitoring_alarms = var.enable_network_monitoring_alarms 26 | enable_workload_monitoring_alarms = var.enable_workload_monitoring_alarms 27 | 28 | providers = { 29 | oci = oci 30 | oci.backup_region = oci.backup_region 31 | } 32 | } -------------------------------------------------------------------------------- /templates/elz-backup/elz-backup-environment/providers.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | terraform { 6 | required_version = ">= 1.0.0" 7 | 8 | required_providers { 9 | oci = { 10 | source = "oracle/oci" 11 | version = "5.9.0" 12 | configuration_aliases = [oci, oci.backup_region] 13 | } 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /templates/elz-backup/elz-backup-hub/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "drg_id" { 7 | value = module.drg_backup.drg_id 8 | description = "DRG OCID." 9 | } 10 | 11 | output "vcn_id" { 12 | value = oci_core_vcn.vcn_hub_network_backup.id 13 | description = "Hub VCN OCID." 14 | } 15 | 16 | output "subnets" { 17 | value = { 18 | (var.hub_public_subnet_display_name) = oci_core_subnet.hub_public_subnet_backup.id 19 | (var.hub_private_subnet_display_name) = oci_core_subnet.hub_private_subnet_backup.id 20 | } 21 | description = "The Hub Subnet OCIDs" 22 | } 23 | 24 | output "oci_network_firewall_ip_address" { 25 | value = try(data.oci_core_private_ips.firewall_subnet_private_ip.private_ips[0].id,null) 26 | description = "Network Firewall IP OCID." 27 | } 28 | 29 | output "service_gateway_value" { 30 | value = data.oci_core_services.service-gateway 31 | } -------------------------------------------------------------------------------- /templates/elz-backup/elz-backup-hub/provider.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_version = ">= 1.0.0" 8 | 9 | required_providers { 10 | oci = { 11 | source = "oracle/oci" 12 | version = "5.9.0" 13 | configuration_aliases = [oci, oci.backup_region] 14 | } 15 | } 16 | } -------------------------------------------------------------------------------- /templates/elz-backup/elz-backup-logging/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | # ----------------------------------------------------------------------------- 7 | # Support for multi-region deployments 8 | # ----------------------------------------------------------------------------- 9 | locals { 10 | region_subscriptions = data.oci_identity_region_subscriptions.regions.region_subscriptions 11 | home_region = [for region in local.region_subscriptions : region.region_name if region.is_home_region == true] 12 | region_key = [for region in local.region_subscriptions : region.region_key if region.region_name == var.backup_region] 13 | } 14 | 15 | data "oci_identity_region_subscriptions" "regions" { 16 | tenancy_id = var.tenancy_ocid 17 | } 18 | 19 | data "oci_objectstorage_namespace" "ns" { 20 | compartment_id = var.tenancy_ocid 21 | } 22 | 23 | data "oci_events_rules" "security_event_rules" { 24 | compartment_id = var.security_compartment_id 25 | provider = oci.backup_region 26 | } -------------------------------------------------------------------------------- /templates/elz-backup/elz-backup-logging/outputs.tf: -------------------------------------------------------------------------------- 1 | output "log_group_id" { 2 | value = module.default_log_group_backup.log_group_id 3 | } 4 | -------------------------------------------------------------------------------- /templates/elz-backup/elz-backup-logging/provider.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_version = ">= 1.0.0" 8 | 9 | required_providers { 10 | oci = { 11 | source = "oracle/oci" 12 | version = "5.9.0" 13 | configuration_aliases = [oci, oci.backup_region] 14 | } 15 | } 16 | } -------------------------------------------------------------------------------- /templates/elz-backup/elz-backup-monitoring/datasources.tf: -------------------------------------------------------------------------------- 1 | # ----------------------------------------------------------------------------- 2 | # Support for multi-region deployments 3 | # ----------------------------------------------------------------------------- 4 | locals { 5 | region_subscriptions = data.oci_identity_region_subscriptions.regions.region_subscriptions 6 | home_region = [for region in local.region_subscriptions : region.region_name if region.is_home_region == true] 7 | region_key = [for region in local.region_subscriptions : region.region_key if region.region_name == var.backup_region] 8 | } 9 | 10 | data "oci_identity_region_subscriptions" "regions" { 11 | tenancy_id = var.tenancy_ocid 12 | } 13 | -------------------------------------------------------------------------------- /templates/elz-backup/elz-backup-monitoring/provider.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | oci = { 6 | source = "oracle/oci" 7 | version = "5.9.0" 8 | configuration_aliases = [oci, oci.backup_region] 9 | } 10 | } 11 | } -------------------------------------------------------------------------------- /templates/elz-backup/elz-backup-network-extension/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | # ----------------------------------------------------------------------------- 7 | # Support for multi-region deployments 8 | # ----------------------------------------------------------------------------- 9 | locals { 10 | region_subscriptions = data.oci_identity_region_subscriptions.regions.region_subscriptions 11 | home_region = [for region in local.region_subscriptions : region.region_name if region.is_home_region == true] 12 | region_key = [for region in local.region_subscriptions : region.region_key if region.region_name == var.backup_region] 13 | } 14 | 15 | data "oci_identity_region_subscriptions" "regions" { 16 | tenancy_id = var.tenancy_ocid 17 | } 18 | -------------------------------------------------------------------------------- /templates/elz-backup/elz-backup-network-extension/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "rpc_id" { 7 | value = var.enable_vpn_or_fastconnect == "FASTCONNECT" ? oci_core_remote_peering_connection.remote_peering_connection_backup[0].id : null 8 | } -------------------------------------------------------------------------------- /templates/elz-backup/elz-backup-network-extension/provider.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_version = ">= 1.0.0" 8 | 9 | required_providers { 10 | oci = { 11 | source = "oracle/oci" 12 | version = "5.9.0" 13 | configuration_aliases = [oci, oci.backup_region] 14 | } 15 | } 16 | } -------------------------------------------------------------------------------- /templates/elz-backup/elz-backup-network/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | locals { 7 | region_subscriptions = data.oci_identity_region_subscriptions.regions.region_subscriptions 8 | region_key = [for region in local.region_subscriptions : region.region_key if region.region_name == var.backup_region] 9 | } 10 | 11 | data "oci_identity_region_subscriptions" "regions" { 12 | tenancy_id = var.tenancy_ocid 13 | } -------------------------------------------------------------------------------- /templates/elz-backup/elz-backup-network/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "spoke_web_subnet_ocid" { 7 | value = module.spoke.spoke_web_subnet_ocid 8 | description = "Spoke Web Subnet OCID." 9 | } 10 | output "subnets" { 11 | value = merge(module.hub_backup.subnets, module.spoke.subnets) 12 | description = "Hub & Spoke Subnet." 13 | } 14 | output "drg_id" { 15 | value = module.hub_backup.drg_id 16 | description = "DRG OCID." 17 | } 18 | 19 | output "service_gateway_value" { 20 | value = module.hub_backup.service_gateway_value 21 | } -------------------------------------------------------------------------------- /templates/elz-backup/elz-backup-network/provider.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_version = ">= 1.0.0" 8 | 9 | required_providers { 10 | oci = { 11 | source = "oracle/oci" 12 | version = "5.9.0" 13 | configuration_aliases = [oci, oci.backup_region] 14 | } 15 | } 16 | } -------------------------------------------------------------------------------- /templates/elz-backup/elz-backup-security/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | locals { 7 | region_subscriptions = data.oci_identity_region_subscriptions.regions.region_subscriptions 8 | region_key = [for region in local.region_subscriptions : region.region_key if region.region_name == var.backup_region] 9 | } 10 | 11 | data "oci_identity_region_subscriptions" "regions" { 12 | tenancy_id = var.tenancy_ocid 13 | } -------------------------------------------------------------------------------- /templates/elz-backup/elz-backup-security/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "key_id" { 7 | value = local.create_key ? module.key[0].key_ocid : null 8 | } -------------------------------------------------------------------------------- /templates/elz-backup/elz-backup-security/provider.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_version = ">= 1.0.0" 8 | 9 | required_providers { 10 | oci = { 11 | source = "oracle/oci" 12 | version = "5.9.0" 13 | configuration_aliases = [oci, oci.backup_region] 14 | } 15 | } 16 | } -------------------------------------------------------------------------------- /templates/elz-backup/elz-backup-spoke/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "spoke_web_subnet_ocid" { 7 | value = module.backup_workload_spoke_subnet.subnets[var.workload_private_spoke_subnet_web_display_name] 8 | description = "Spoke Web Subnet OCID." 9 | } 10 | 11 | output "subnets" { 12 | value = { 13 | (var.workload_private_spoke_subnet_db_display_name) = module.backup_workload_spoke_subnet.subnets[var.workload_private_spoke_subnet_db_display_name] 14 | (var.workload_private_spoke_subnet_app_display_name) = module.backup_workload_spoke_subnet.subnets[var.workload_private_spoke_subnet_app_display_name] 15 | (var.workload_private_spoke_subnet_web_display_name) = module.backup_workload_spoke_subnet.subnets[var.workload_private_spoke_subnet_web_display_name] 16 | } 17 | description = "The Spoke Subnet OCID" 18 | } -------------------------------------------------------------------------------- /templates/elz-backup/elz-backup-spoke/provider.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | terraform { 7 | required_version = ">= 1.0.0" 8 | 9 | required_providers { 10 | oci = { 11 | source = "oracle/oci" 12 | version = "5.9.0" 13 | configuration_aliases = [oci, oci.backup_region] 14 | } 15 | } 16 | } -------------------------------------------------------------------------------- /templates/elz-budget/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | # ----------------------------------------------------------------------------- 7 | # Support for multi-region deployments 8 | # ----------------------------------------------------------------------------- 9 | locals { 10 | region_subscriptions = data.oci_identity_region_subscriptions.regions.region_subscriptions 11 | home_region = [for region in local.region_subscriptions : region.region_name if region.is_home_region == true] 12 | region_key = [for region in local.region_subscriptions : region.region_key if region.region_name == var.region] 13 | } 14 | 15 | data "oci_identity_region_subscriptions" "regions" { 16 | tenancy_id = var.tenancy_ocid 17 | } 18 | -------------------------------------------------------------------------------- /templates/elz-budget/main.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | locals { 7 | budget = { 8 | budget_alert_rule_display_name = "${var.budget_display_name}_rule" 9 | } 10 | } 11 | 12 | module "budget" { 13 | source = "../../modules/budget" 14 | 15 | compartment_id = var.budget_compartment_id 16 | budget_amount = var.budget_amount 17 | budget_display_name = var.budget_display_name 18 | budget_description = var.budget_description 19 | budget_target = var.budget_target 20 | 21 | budget_alert_rule_display_name = local.budget.budget_alert_rule_display_name 22 | budget_alert_rule_threshold = var.budget_alert_rule_threshold 23 | budget_alert_rule_message = var.budget_alert_rule_message 24 | budget_alert_rule_recipients = var.budget_alert_rule_recipients 25 | 26 | providers = { 27 | oci = oci 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /templates/elz-budget/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "budget" { 7 | value = module.budget.budget 8 | } 9 | 10 | output "budget_alert_rule" { 11 | value = module.budget.budget_alert_rule 12 | } 13 | -------------------------------------------------------------------------------- /templates/elz-compartment/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | # ----------------------------------------------------------------------------- 7 | # Support for multi-region deployments 8 | # ----------------------------------------------------------------------------- 9 | locals { 10 | region_subscriptions = data.oci_identity_region_subscriptions.regions.region_subscriptions 11 | home_region = [for region in local.region_subscriptions : region.region_name if region.is_home_region == true] 12 | region_key = [for region in local.region_subscriptions : region.region_key if region.region_name == var.region] 13 | } 14 | 15 | data "oci_identity_region_subscriptions" "regions" { 16 | tenancy_id = var.tenancy_ocid 17 | } 18 | -------------------------------------------------------------------------------- /templates/elz-compartment/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | locals { 7 | compartments_map = merge({ 8 | "environment" : module.environment_compartment.compartment, 9 | "shared" : module.shared_infra_compartment.compartment, 10 | "network" : module.network_compartment.compartment, 11 | "security" : module.security_compartment.compartment, 12 | }, 13 | var.enable_logging == true ? { "logging" : module.logging_compartment[0].compartment } : {}, 14 | var.enable_tf_state_backup == true ? { "backup" : module.backup_compartment[0].compartment } : {}, 15 | ) 16 | } 17 | 18 | output "compartments" { 19 | value = local.compartments_map 20 | } -------------------------------------------------------------------------------- /templates/elz-environment/CONFIGURATION.md: -------------------------------------------------------------------------------- 1 | ## Configuration Guide (DO NOT UPDATE) 2 | 3 | ### Compartment 4 | For the Environment stack, we have the below compartment architecture: 5 | * Environment Compartment 6 | * Shared Infrastructure 7 | * Network 8 | * Security 9 | * Logging 10 | * Backup 11 | 12 | To configure the compartment the required user inputs are: 13 | * **environment_compartment_name**: the name of the top level environment compartment 14 | * **environment_prefix**: the 1 character string representing the environment eg. P (prod), N (non-prod), D, T, U 15 | * **home_compartment_id**: the OCID of the compartment that the environment compartment build on. 16 | 17 | Note that: 18 | * The default value of **enable_logging** and **enable_tf_state_backup** which control the creation of 19 | the Logging Compartment and the Backup Compartment are set to false. Those two variables need to be true 20 | to create the Logging Compartment and the Backup Compartment. 21 | 22 | # License 23 | 24 | Copyright (c) 2022,2023 Oracle and/or its affiliates. 25 | 26 | Licensed under the Universal Permissive License (UPL), Version 1.0. 27 | 28 | See [LICENSE](../../LICENSE) for more details. -------------------------------------------------------------------------------- /templates/elz-environment/access-governance-module-outputs.tf: -------------------------------------------------------------------------------- 1 | output "access_governance_service_instance" { 2 | value = module.elz-access-governance[*].service_instance 3 | } -------------------------------------------------------------------------------- /templates/elz-environment/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | # ----------------------------------------------------------------------------- 7 | # Support for multi-region deployments 8 | # ----------------------------------------------------------------------------- 9 | locals { 10 | region_subscriptions = data.oci_identity_region_subscriptions.regions.region_subscriptions 11 | home_region = [for region in local.region_subscriptions : region.region_name if region.is_home_region == true] 12 | region_key = [for region in local.region_subscriptions : region.region_key if region.region_name == var.region] 13 | } 14 | 15 | data "oci_identity_region_subscriptions" "regions" { 16 | tenancy_id = var.tenancy_ocid 17 | } 18 | -------------------------------------------------------------------------------- /templates/elz-environment/logging-variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "retention_policy_duration_amount" { 7 | type = string 8 | description = "The timeAmount is interpreted in units defined by the timeUnit parameter, and is calculated in relation to each object's Last-Modified timestamp." 9 | } 10 | 11 | variable "retention_policy_duration_time_unit" { 12 | type = string 13 | description = "The unit that should be used to interpret timeAmount." 14 | } 15 | 16 | variable "is_service_connector_limit" { 17 | type = bool 18 | description = "Restrict Number of Service Connector Deployment" 19 | } -------------------------------------------------------------------------------- /templates/elz-environment/network-firewall-variables.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | variable "enable_network_firewall" { 7 | type = bool 8 | description = "Enable Network Firewall in Enviornment." 9 | } 10 | variable "enable_traffic_threat_log" { 11 | type = bool 12 | description = "Enable Network Firewall Threat and Traffic Logs in Enviornment." 13 | } 14 | variable "nfw_subnet_type" { 15 | type = string 16 | description = "Network Firewall Subnet Type." 17 | } 18 | variable "nfw_instance_name" { 19 | type = string 20 | description = "Network Firewall Instance Name." 21 | } 22 | variable "nfw_instance_policy" { 23 | type = string 24 | description = "Network Firewall Instance Policy Name." 25 | } 26 | variable "nfw_use_existing_network" { 27 | type = bool 28 | description = "Use Existing VCN in place Network Firewall." 29 | } -------------------------------------------------------------------------------- /templates/elz-exadata-spoke/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | # ----------------------------------------------------------------------------- 7 | # Support for multi-region deployments 8 | # ----------------------------------------------------------------------------- 9 | locals { 10 | region_subscriptions = data.oci_identity_region_subscriptions.regions.region_subscriptions 11 | home_region = [for region in local.region_subscriptions : region.region_name if region.is_home_region == true] 12 | region_key = [for region in local.region_subscriptions : region.region_key if region.region_name == var.region] 13 | } 14 | 15 | data "oci_identity_region_subscriptions" "regions" { 16 | tenancy_id = var.tenancy_ocid 17 | } 18 | -------------------------------------------------------------------------------- /templates/elz-exadata-workload/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | # ----------------------------------------------------------------------------- 7 | # Support for multi-region deployments 8 | # ----------------------------------------------------------------------------- 9 | locals { 10 | region_subscriptions = data.oci_identity_region_subscriptions.regions.region_subscriptions 11 | home_region = [for region in local.region_subscriptions : region.region_name if region.is_home_region == true] 12 | region_key = [for region in local.region_subscriptions : region.region_key if region.region_name == var.region] 13 | } 14 | 15 | data "oci_identity_region_subscriptions" "regions" { 16 | tenancy_id = var.tenancy_ocid 17 | } 18 | -------------------------------------------------------------------------------- /templates/elz-hub/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "drg_id" { 7 | value = module.drg.drg_id 8 | description = "DRG OCID." 9 | } 10 | 11 | output "vcn_id" { 12 | value = oci_core_vcn.vcn_hub_network.id 13 | description = "Hub VCN OCID." 14 | } 15 | 16 | output "subnets" { 17 | value = { 18 | (var.hub_public_subnet_display_name) = oci_core_subnet.hub_public_subnet.id 19 | (var.hub_private_subnet_display_name) = oci_core_subnet.hub_private_subnet.id 20 | } 21 | description = "The Hub Subnet OCIDs" 22 | } 23 | 24 | output "oci_network_firewall_ip_address" { 25 | value = try(data.oci_core_private_ips.firewall_subnet_private_ip.private_ips[0].id,null) 26 | description = "Network Firewall IP OCID." 27 | } 28 | -------------------------------------------------------------------------------- /templates/elz-identity/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | # ----------------------------------------------------------------------------- 7 | # Support for multi-region deployments 8 | # ----------------------------------------------------------------------------- 9 | locals { 10 | region_subscriptions = data.oci_identity_region_subscriptions.regions.region_subscriptions 11 | home_region = [for region in local.region_subscriptions : region.region_name if region.is_home_region == true] 12 | region_key = [for region in local.region_subscriptions : region.region_key if region.region_name == var.region] 13 | } 14 | 15 | data "oci_identity_region_subscriptions" "regions" { 16 | tenancy_id = var.tenancy_ocid 17 | } 18 | -------------------------------------------------------------------------------- /templates/elz-identity/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "domain" { 7 | value = module.identity_domain.domain 8 | } 9 | output "idcs_endpoint" { 10 | value = module.identity_domain.domain.url 11 | } -------------------------------------------------------------------------------- /templates/elz-logging/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | # ----------------------------------------------------------------------------- 7 | # Support for multi-region deployments 8 | # ----------------------------------------------------------------------------- 9 | locals { 10 | region_subscriptions = data.oci_identity_region_subscriptions.regions.region_subscriptions 11 | home_region = [for region in local.region_subscriptions : region.region_name if region.is_home_region == true] 12 | region_key = [for region in local.region_subscriptions : region.region_key if region.region_name == var.region] 13 | } 14 | 15 | data "oci_identity_region_subscriptions" "regions" { 16 | tenancy_id = var.tenancy_ocid 17 | } 18 | 19 | data "oci_events_rules" "security_event_rules" { 20 | compartment_id = var.security_compartment_id 21 | 22 | depends_on = [ module.default_log_group, module.service_event_stream ] 23 | } 24 | 25 | data "oci_objectstorage_namespace" "ns" { 26 | compartment_id = var.tenancy_ocid 27 | } 28 | 29 | -------------------------------------------------------------------------------- /templates/elz-logging/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "log_group_id" { 7 | value = module.default_log_group.log_group_id 8 | } 9 | 10 | output "stream_id" { 11 | value = module.service_event_stream.stream_id 12 | } 13 | 14 | locals { 15 | standard_buckets_map = { 16 | "audit" : module.audit_log_bucket 17 | "default": module.default_log_bucket 18 | "service_event": module.service_event_log_bucket 19 | } 20 | } 21 | 22 | output "bucket" { 23 | value = local.standard_buckets_map 24 | } 25 | -------------------------------------------------------------------------------- /templates/elz-monitoring/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | # ----------------------------------------------------------------------------- 7 | # Support for multi-region deployments 8 | # ----------------------------------------------------------------------------- 9 | locals { 10 | region_subscriptions = data.oci_identity_region_subscriptions.regions.region_subscriptions 11 | home_region = [for region in local.region_subscriptions : region.region_name if region.is_home_region == true] 12 | region_key = [for region in local.region_subscriptions : region.region_key if region.region_name == var.region] 13 | } 14 | 15 | data "oci_identity_region_subscriptions" "regions" { 16 | tenancy_id = var.tenancy_ocid 17 | } 18 | -------------------------------------------------------------------------------- /templates/elz-network-extension/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | # ----------------------------------------------------------------------------- 7 | # Support for multi-region deployments 8 | # ----------------------------------------------------------------------------- 9 | locals { 10 | region_subscriptions = data.oci_identity_region_subscriptions.regions.region_subscriptions 11 | home_region = [for region in local.region_subscriptions : region.region_name if region.is_home_region == true] 12 | region_key = [for region in local.region_subscriptions : region.region_key if region.region_name == var.region] 13 | } 14 | 15 | data "oci_identity_region_subscriptions" "regions" { 16 | tenancy_id = var.tenancy_ocid 17 | } 18 | -------------------------------------------------------------------------------- /templates/elz-network-extension/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "rpc_id" { 7 | value = var.enable_vpn_or_fastconnect == "FASTCONNECT" ? oci_core_remote_peering_connection.remote_peering_connection[0].id : null 8 | } -------------------------------------------------------------------------------- /templates/elz-network/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | # ----------------------------------------------------------------------------- 7 | # Support for multi-region deployments 8 | # ----------------------------------------------------------------------------- 9 | locals { 10 | region_subscriptions = data.oci_identity_region_subscriptions.regions.region_subscriptions 11 | home_region = [for region in local.region_subscriptions : region.region_name if region.is_home_region == true] 12 | region_key = [for region in local.region_subscriptions : region.region_key if region.region_name == var.region] 13 | } 14 | 15 | data "oci_identity_region_subscriptions" "regions" { 16 | tenancy_id = var.tenancy_ocid 17 | } 18 | -------------------------------------------------------------------------------- /templates/elz-network/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "vcn" { 7 | value = module.hub.vcn_id 8 | description = "Hub VCN OCID ID." 9 | } 10 | 11 | output "drg_id" { 12 | value = module.hub.drg_id 13 | description = "DRG OCID ID." 14 | } 15 | 16 | output "subnets" { 17 | value = merge(module.hub.subnets, module.spoke.subnets) 18 | description = "Hub & Spoke Subnet." 19 | } 20 | 21 | output "spoke_web_subnet_ocid" { 22 | value = module.spoke.spoke_web_subnet_ocid 23 | description = "Spoke Web Subnet OCID." 24 | } 25 | 26 | output "spoke_app_subnet_ocid" { 27 | value = module.spoke.spoke_app_subnet_ocid 28 | description = "Spoke App Subnet OCID." 29 | } 30 | 31 | output "spoke_db_subnet_ocid" { 32 | value = module.spoke.spoke_db_subnet_ocid 33 | description = "Spoke DB Subnet OCID." 34 | } 35 | 36 | 37 | -------------------------------------------------------------------------------- /templates/elz-security/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | # ----------------------------------------------------------------------------- 7 | # Support for multi-region deployments 8 | # ----------------------------------------------------------------------------- 9 | locals { 10 | region_subscriptions = data.oci_identity_region_subscriptions.regions.region_subscriptions 11 | home_region = [for region in local.region_subscriptions : region.region_name if region.is_home_region == true] 12 | region_key = [for region in local.region_subscriptions : region.region_key if region.region_name == var.region] 13 | } 14 | 15 | data "oci_identity_region_subscriptions" "regions" { 16 | tenancy_id = var.tenancy_ocid 17 | } 18 | -------------------------------------------------------------------------------- /templates/elz-security/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "key_id" { 7 | value = local.create_key ? module.key[0].key_ocid : null 8 | } 9 | 10 | output "vault_id" { 11 | value = var.vault_type != "NONE" ? module.vault[0].management_endpoint : null 12 | } -------------------------------------------------------------------------------- /templates/elz-spoke/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | # ----------------------------------------------------------------------------- 7 | # Support for multi-region deployments 8 | # ----------------------------------------------------------------------------- 9 | locals { 10 | region_subscriptions = data.oci_identity_region_subscriptions.regions.region_subscriptions 11 | home_region = [for region in local.region_subscriptions : region.region_name if region.is_home_region == true] 12 | region_key = [for region in local.region_subscriptions : region.region_key if region.region_name == var.region] 13 | } 14 | 15 | data "oci_identity_region_subscriptions" "regions" { 16 | tenancy_id = var.tenancy_ocid 17 | } 18 | -------------------------------------------------------------------------------- /templates/elz-tagging/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | # ----------------------------------------------------------------------------- 7 | # Support for multi-region deployments 8 | # ----------------------------------------------------------------------------- 9 | locals { 10 | region_subscriptions = data.oci_identity_region_subscriptions.regions.region_subscriptions 11 | home_region = [for region in local.region_subscriptions : region.region_name if region.is_home_region == true] 12 | region_key = [for region in local.region_subscriptions : region.region_key if region.region_name == var.region] 13 | } 14 | 15 | data "oci_identity_region_subscriptions" "regions" { 16 | tenancy_id = var.tenancy_ocid 17 | } 18 | -------------------------------------------------------------------------------- /templates/elz-workload/BackEnd.sh: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | #! /bin/bash 7 | 8 | cat <> backend.tf 9 | terraform { 10 | backend "http" {} 11 | } 12 | EOT -------------------------------------------------------------------------------- /templates/elz-workload/add_workload.sh: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | #!/bin/bash 7 | 8 | if [ -z "$1" ] 9 | then 10 | echo "Workload name must be supplied." 11 | exit 1 12 | fi 13 | 14 | if [ -z "$2" ] 15 | then 16 | echo "Environment (N or P) must be supplied." 17 | exit 1 18 | fi 19 | 20 | WORKLOAD_STACK="elz-workload-$2-$1" 21 | 22 | echo "Creating $WORKLOAD_STACK" 23 | 24 | rm -rf $WORKLOAD_STACK 25 | cp -a "elz-workload" $WORKLOAD_STACK 26 | 27 | rm -f $WORKLOAD_STACK/providers.tf 28 | cp $WORKLOAD_STACK/providers.standalone $WORKLOAD_STACK/providers.tf 29 | 30 | -------------------------------------------------------------------------------- /templates/elz-workload/backend.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | -------------------------------------------------------------------------------- /templates/elz-workload/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | # ----------------------------------------------------------------------------- 7 | # Support for multi-region deployments 8 | # ----------------------------------------------------------------------------- 9 | locals { 10 | region_subscriptions = data.oci_identity_region_subscriptions.regions.region_subscriptions 11 | home_region = [for region in local.region_subscriptions : region.region_name if region.is_home_region == true] 12 | region_key = [for region in local.region_subscriptions : region.region_key if region.region_name == var.region] 13 | } 14 | 15 | data "oci_identity_region_subscriptions" "regions" { 16 | tenancy_id = var.tenancy_ocid 17 | } 18 | -------------------------------------------------------------------------------- /templates/elz-workload/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "compartment_id" { 7 | value = module.workload_compartment.compartment_id 8 | description = "Workload Compartment OCID." 9 | } 10 | output "compartment_name" { 11 | value = module.workload_compartment.compartment_name 12 | description = "Workload Compartment Name." 13 | } 14 | 15 | output "subnet_cidr_blocks" { 16 | value = [var.workload_private_spoke_subnet_app_cidr_block, 17 | var.workload_private_spoke_subnet_db_cidr_block, 18 | var.workload_private_spoke_subnet_web_cidr_block, 19 | ] 20 | description = "Workload Subnet OCID Information." 21 | } -------------------------------------------------------------------------------- /templates/enterprise-landing-zone/.module-tf-docs.yml: -------------------------------------------------------------------------------- 1 | formatter: "markdown table" 2 | 3 | recursive: 4 | enabled: true 5 | path: ../../modules 6 | 7 | output: 8 | file: "README.md" 9 | mode: insert 10 | template: |- 11 | 12 | {{ .Content }} 13 | 14 | -------------------------------------------------------------------------------- /templates/enterprise-landing-zone/BackEnd.sh: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | #! /bin/bash 7 | 8 | cat <> backend.tf 9 | terraform { 10 | backend "http" {} 11 | } 12 | EOT -------------------------------------------------------------------------------- /templates/enterprise-landing-zone/backend.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | -------------------------------------------------------------------------------- /templates/enterprise-landing-zone/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | # ----------------------------------------------------------------------------- 7 | # Support for multi-region deployments 8 | # ----------------------------------------------------------------------------- 9 | 10 | locals { 11 | region_subscriptions = data.oci_identity_region_subscriptions.regions.region_subscriptions 12 | home_region = [for region in local.region_subscriptions : region.region_name if region.is_home_region == true] 13 | region_key = [for region in local.region_subscriptions : region.region_key if region.region_name == var.region] 14 | } 15 | 16 | data "oci_identity_region_subscriptions" "regions" { 17 | tenancy_id = var.tenancy_ocid 18 | } 19 | 20 | data "oci_objectstorage_namespace" "ns" { 21 | compartment_id = var.tenancy_ocid 22 | } 23 | 24 | -------------------------------------------------------------------------------- /templates/enterprise-landing-zone/images/CIS1.2Level1.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/templates/enterprise-landing-zone/images/CIS1.2Level1.xlsx -------------------------------------------------------------------------------- /templates/enterprise-landing-zone/images/Compartment.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/templates/enterprise-landing-zone/images/Compartment.png -------------------------------------------------------------------------------- /templates/enterprise-landing-zone/images/Monitoring.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/templates/enterprise-landing-zone/images/Monitoring.png -------------------------------------------------------------------------------- /templates/enterprise-landing-zone/monitoring.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | locals { 7 | logging_analytics = { 8 | is_onboarded = true 9 | } 10 | } 11 | 12 | module "logging_analytics_namespace" { 13 | count = var.onboard_log_analytics ? 1 : 0 14 | source = "../../modules/log-analytics-namespace" 15 | compartment_id = var.tenancy_ocid 16 | is_onboarded = local.logging_analytics.is_onboarded 17 | tenancy_ocid = var.tenancy_ocid 18 | resource_label = var.resource_label 19 | } 20 | -------------------------------------------------------------------------------- /templates/enterprise-landing-zone/regenerate_docs.sh: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | #!/bin/bash 7 | 8 | ########################################################### 9 | ## This will update all our autogenerated README.md files. 10 | ## 11 | ## The autogenerated content is placed between: 12 | ## 13 | ## ... and ... 14 | ## 15 | ## tags in the README.md files. DO NOT edit those sections 16 | ## manually! Any changes there will be lost! 17 | ## 18 | ## Note: this script actually generates the main 19 | ## enterprise-landing-zone/README.md twice, 20 | ## which is unavoidable due to our directory layout. 21 | ## We may need to revisit this if ve decide to use 22 | ## different documentation parameters in modules/ 23 | ## and templates/ folders. 24 | ########################################################### 25 | 26 | terraform-docs . 27 | terraform-docs -c .module-tf-docs.yml . 28 | 29 | -------------------------------------------------------------------------------- /templates/freetrial-landing-zone/.module-tf-docs.yml: -------------------------------------------------------------------------------- 1 | formatter: "markdown table" 2 | 3 | recursive: 4 | enabled: true 5 | path: ../../modules 6 | 7 | output: 8 | file: "README.md" 9 | mode: insert 10 | template: |- 11 | 12 | {{ .Content }} 13 | 14 | -------------------------------------------------------------------------------- /templates/freetrial-landing-zone/.terraform-docs.yml: -------------------------------------------------------------------------------- 1 | formatter: "markdown table" 2 | 3 | recursive: 4 | enabled: true 5 | path: ../ 6 | 7 | output: 8 | file: "README.md" 9 | mode: insert 10 | template: |- 11 | 12 | {{ .Content }} 13 | 14 | -------------------------------------------------------------------------------- /templates/freetrial-landing-zone/BackEnd.sh: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | #! /bin/bash 7 | 8 | cat <> backend.tf 9 | terraform { 10 | backend "http" {} 11 | } 12 | EOT -------------------------------------------------------------------------------- /templates/freetrial-landing-zone/backend.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | -------------------------------------------------------------------------------- /templates/freetrial-landing-zone/datasources.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | # ----------------------------------------------------------------------------- 7 | # Support for multi-region deployments 8 | # ----------------------------------------------------------------------------- 9 | 10 | locals { 11 | region_subscriptions = data.oci_identity_region_subscriptions.regions.region_subscriptions 12 | home_region = [for region in local.region_subscriptions : region.region_name if region.is_home_region == true] 13 | region_key = [for region in local.region_subscriptions : region.region_key if region.region_name == var.region] 14 | } 15 | 16 | data "oci_identity_region_subscriptions" "regions" { 17 | tenancy_id = var.tenancy_ocid 18 | } 19 | 20 | data "oci_objectstorage_namespace" "ns" { 21 | compartment_id = var.tenancy_ocid 22 | } 23 | 24 | -------------------------------------------------------------------------------- /templates/freetrial-landing-zone/images/CIS1.2Level1.xlsx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/templates/freetrial-landing-zone/images/CIS1.2Level1.xlsx -------------------------------------------------------------------------------- /templates/freetrial-landing-zone/images/Compartment.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/templates/freetrial-landing-zone/images/Compartment.png -------------------------------------------------------------------------------- /templates/freetrial-landing-zone/images/Monitoring.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/templates/freetrial-landing-zone/images/Monitoring.png -------------------------------------------------------------------------------- /templates/freetrial-landing-zone/images/mushop-service.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/templates/freetrial-landing-zone/images/mushop-service.png -------------------------------------------------------------------------------- /templates/freetrial-landing-zone/images/mushop-topology.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/templates/freetrial-landing-zone/images/mushop-topology.png -------------------------------------------------------------------------------- /templates/freetrial-landing-zone/images/terraform_apply_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/templates/freetrial-landing-zone/images/terraform_apply_1.png -------------------------------------------------------------------------------- /templates/freetrial-landing-zone/images/terraform_apply_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/templates/freetrial-landing-zone/images/terraform_apply_2.png -------------------------------------------------------------------------------- /templates/freetrial-landing-zone/images/terraform_apply_3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/templates/freetrial-landing-zone/images/terraform_apply_3.png -------------------------------------------------------------------------------- /templates/freetrial-landing-zone/images/terraform_destroy_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/templates/freetrial-landing-zone/images/terraform_destroy_1.png -------------------------------------------------------------------------------- /templates/freetrial-landing-zone/images/terraform_destroy_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/templates/freetrial-landing-zone/images/terraform_destroy_2.png -------------------------------------------------------------------------------- /templates/freetrial-landing-zone/images/terraform_init.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/templates/freetrial-landing-zone/images/terraform_init.png -------------------------------------------------------------------------------- /templates/freetrial-landing-zone/images/terraform_plan_1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/templates/freetrial-landing-zone/images/terraform_plan_1.png -------------------------------------------------------------------------------- /templates/freetrial-landing-zone/images/terraform_plan_2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/templates/freetrial-landing-zone/images/terraform_plan_2.png -------------------------------------------------------------------------------- /templates/freetrial-landing-zone/images/terraform_validate.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/templates/freetrial-landing-zone/images/terraform_validate.png -------------------------------------------------------------------------------- /templates/freetrial-landing-zone/monitoring.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | locals { 7 | logging_analytics = { 8 | is_onboarded = true 9 | } 10 | } 11 | 12 | module "logging_analytics_namespace" { 13 | count = var.onboard_log_analytics ? 1 : 0 14 | source = "../../modules/log-analytics-namespace" 15 | compartment_id = var.tenancy_ocid 16 | is_onboarded = local.logging_analytics.is_onboarded 17 | tenancy_ocid = var.tenancy_ocid 18 | resource_label = var.resource_label 19 | } 20 | -------------------------------------------------------------------------------- /templates/freetrial-landing-zone/outputs.tf: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | output "subnets" { 7 | value = module.prod_environment.subnets 8 | description = "The subnet OCID" 9 | } 10 | 11 | output "vcn" { 12 | value = module.prod_environment.vcn 13 | } 14 | 15 | output "dynamic_group_detail" { 16 | value = module.osms_dynamic_group 17 | } 18 | 19 | output "workload_compartment_id" { 20 | value = module.prod_environment.workload_compartment_id 21 | } -------------------------------------------------------------------------------- /templates/freetrial-landing-zone/regenerate_docs.sh: -------------------------------------------------------------------------------- 1 | ########################################################################################################## 2 | # Copyright (c) 2022,2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | ########################################################################################################## 5 | 6 | #!/bin/bash 7 | 8 | ########################################################### 9 | ## This will update all our autogenerated README.md files. 10 | ## 11 | ## The autogenerated content is placed between: 12 | ## 13 | ## ... and ... 14 | ## 15 | ## tags in the README.md files. DO NOT edit those sections 16 | ## manually! Any changes there will be lost! 17 | ## 18 | ## Note: this script actually generates the main 19 | ## enterprise-landing-zone/README.md twice, 20 | ## which is unavoidable due to our directory layout. 21 | ## We may need to revisit this if ve decide to use 22 | ## different documentation parameters in modules/ 23 | ## and templates/ folders. 24 | ########################################################### 25 | 26 | terraform-docs . 27 | terraform-docs -c .module-tf-docs.yml . 28 | 29 | -------------------------------------------------------------------------------- /test/README.md: -------------------------------------------------------------------------------- 1 | # Testing Code 2 | 3 | Unit and functional test code goes here. 4 | 5 | ## Testing Locally 6 | install the dependencies in a virtual environment 7 | ```bash 8 | python -m venv lz-venv 9 | . lz-venv/bin/activate 10 | pip install -r test/requirements.txt 11 | ``` 12 | 13 | Edit and source the test_vars.example file 14 | ``` 15 | source test_vars 16 | ``` 17 | 18 | Run the tests 19 | ``` 20 | pytest test 21 | ``` 22 | 23 | Run a specific test script 24 | ``` 25 | pytest --tf-mod-dir=test/terraform/budget test/test_budget.py 26 | ``` 27 | 28 | Run all unit tests 29 | ``` 30 | pytest -m unit test 31 | ``` 32 | 33 | To see the output of Terraform as it runs (for debugging), 34 | you can use the `--capture=tee-sys` flag like so: 35 | 36 | ``` 37 | pytest --capture=tee-sys --tf-mod-dir=test/terraform/budget test/test_budget.py 38 | ``` 39 | You can also add the `--pdb` flag to pytest to drop into the python debugger within a failed test. 40 | 41 | # License 42 | 43 | Copyright (c) 2022,2023 Oracle and/or its affiliates. 44 | 45 | Licensed under the Universal Permissive License (UPL), Version 1.0. 46 | 47 | See [LICENSE](./LICENSE) for more details. 48 | -------------------------------------------------------------------------------- /test/conftest.py: -------------------------------------------------------------------------------- 1 | from glob import glob 2 | import os 3 | import pytest 4 | import shutil 5 | 6 | @pytest.fixture(scope='session', autouse=True) 7 | def session_setup_teardown(): 8 | # setup code goes here if needed 9 | # copy common files to ./terraform/ subfolders then cleanup common files 10 | cwd = os.path.abspath(os.path.dirname(__file__)) 11 | src = cwd + "/provider.tf" 12 | dsts = glob(cwd + "/terraform/*/") 13 | 14 | for dst in dsts: 15 | shutil.copy(src, dst) 16 | 17 | yield 18 | 19 | for dst in dsts: 20 | os.remove(dst + "provider.tf") 21 | -------------------------------------------------------------------------------- /test/pytest.ini: -------------------------------------------------------------------------------- 1 | [pytest] 2 | addopts = --strict-markers -ra -v 3 | markers = 4 | unit: unit tests 5 | integration: integration tests 6 | tf: terraform 7 | slow: slow tests 8 | expensive: Tests using expensive or difficult to clean up resources 9 | -------------------------------------------------------------------------------- /test/requirements.txt: -------------------------------------------------------------------------------- 1 | pytest 2 | pytest_terraform 3 | python-hcl2 4 | paramiko 5 | oci 6 | tqdm 7 | 8 | -------------------------------------------------------------------------------- /test/terraform/budget/main.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | budget = { 3 | budget_description = "Budget targeting ${var.environment_prefix} enviroment compartment" 4 | budget_display_name = "OCI-ELZ-BGT-${var.environment_prefix}" 5 | } 6 | } 7 | 8 | module "budget" { 9 | count = var.enable_budget ? 1 : 0 10 | source = "../../../templates/elz-budget" #MODIFIED 11 | tenancy_ocid = var.tenancy_ocid 12 | region = var.region 13 | environment_prefix = var.environment_prefix 14 | 15 | budget_compartment_id = var.tenancy_ocid 16 | budget_description = local.budget.budget_description 17 | budget_display_name = local.budget.budget_display_name 18 | budget_target = var.tenancy_ocid #MODIFIED 19 | budget_amount = var.budget_amount 20 | budget_alert_rule_threshold = var.budget_alert_rule_threshold 21 | budget_alert_rule_message = var.budget_alert_rule_message 22 | budget_alert_rule_recipients = var.budget_alert_rule_recipients 23 | 24 | providers = { 25 | oci = oci 26 | oci.home_region = oci.home_region 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /test/terraform/budget/variables.tf: -------------------------------------------------------------------------------- 1 | variable "environment_prefix" { 2 | type = string 3 | description = "the 1 character string representing the environment eg. P (prod), N (non-prod), D, T, U" 4 | default = "T" 5 | } 6 | 7 | variable "enable_budget" { 8 | type = bool 9 | default = true 10 | } 11 | 12 | variable "budget_amount" { 13 | description = "The amount of the budget expressed as a whole number in the currency of the customer's rate card." 14 | type = string 15 | default = "100000" 16 | } 17 | 18 | variable "budget_alert_rule_threshold" { 19 | description = "The threshold for the budget alert." 20 | type = string 21 | default = "100" 22 | } 23 | 24 | variable "budget_alert_rule_message" { 25 | description = "The alert message for budget alerts." 26 | type = string 27 | default = "testing prod" 28 | } 29 | 30 | variable "budget_alert_rule_recipients" { 31 | description = "The delimited list of email addresses to receive the alert when it triggers. Delimiter characters can be a comma, space, TAB, or semicolon" 32 | type = string 33 | default = "example@example.com" 34 | } 35 | -------------------------------------------------------------------------------- /test/terraform/compartment/main.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | home_compartment = { 3 | description = "Enterprise Landing Zone Home Compartment" 4 | } 5 | } 6 | 7 | module "home_compartment" { 8 | source = "../../../modules/compartment" 9 | 10 | compartment_parent_id = var.tenancy_ocid 11 | compartment_name = var.home_compartment_name 12 | compartment_description = local.home_compartment.description 13 | enable_compartment_delete = var.enable_compartment_delete 14 | 15 | providers = { 16 | oci = oci.home_region 17 | } 18 | } 19 | 20 | module "compartment" { 21 | source = "../../../templates/elz-compartment" 22 | tenancy_ocid = var.tenancy_ocid 23 | region = var.region 24 | environment_prefix = var.environment_prefix 25 | enable_compartment_delete = var.enable_compartment_delete 26 | home_compartment_id = module.home_compartment.compartment_id # changed 27 | environment_compartment_name = var.environment_compartment_name 28 | enable_tf_state_backup = var.enable_tf_state_backup 29 | enable_logging = var.enable_logging 30 | 31 | providers = { 32 | oci = oci 33 | oci.home_region = oci.home_region 34 | } 35 | } 36 | -------------------------------------------------------------------------------- /test/terraform/compartment/outputs.tf: -------------------------------------------------------------------------------- 1 | output "compartment" { 2 | value = module.compartment.compartments 3 | } 4 | 5 | output "home_compartment_id" { 6 | value = module.home_compartment.compartment_id 7 | } -------------------------------------------------------------------------------- /test/terraform/compartment/variables.tf: -------------------------------------------------------------------------------- 1 | variable "home_compartment_name" { 2 | type = string 3 | default = "OCI-ELZ-CMP-HOME-TEST" 4 | description = "The name of the Landing Zone home compartment." 5 | } 6 | 7 | variable "enable_compartment_delete" { 8 | type = bool 9 | description = "Set to true to allow the compartments to delete on terraform destroy." 10 | default = true 11 | } 12 | 13 | # 14 | variable "environment_prefix" { 15 | type = string 16 | description = "the 1 character string representing the environment eg. P (prod), N (non-prod), D, T, U" 17 | default = "T" 18 | } 19 | 20 | # 21 | variable "environment_compartment_name" { 22 | type = string 23 | description = "The name of the compartment that acts as the main compartment for the environment. Resources related to this environment will be created under this compartment. " 24 | default = "" 25 | } 26 | 27 | variable "enable_tf_state_backup" { 28 | type = bool 29 | description = "Set to true to enable logging compartment which contains the bucket for the log files." 30 | default = false 31 | } 32 | 33 | variable "enable_logging" { 34 | type = bool 35 | description = "Set to true to enable logging compartment which stores the configuration information that landing zones is setting up for the customer." 36 | default = true 37 | # default = false 38 | } 39 | -------------------------------------------------------------------------------- /test/terraform/network/compartment/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | oci = { 6 | source = "oracle/oci" 7 | } 8 | } 9 | } 10 | 11 | resource "oci_identity_compartment" "compartment" { 12 | compartment_id = var.compartment_parent_id 13 | description = var.compartment_description 14 | name = var.compartment_name 15 | enable_delete = var.enable_compartment_delete 16 | } 17 | 18 | resource "time_sleep" "compartment_replication_delay" { 19 | depends_on = [oci_identity_compartment.compartment] 20 | create_duration = var.compartment_replication_delay 21 | } 22 | -------------------------------------------------------------------------------- /test/terraform/network/compartment/outputs.tf: -------------------------------------------------------------------------------- 1 | output "compartment_id" { 2 | value = oci_identity_compartment.compartment.id 3 | description = "The OCID of the compartment created" 4 | depends_on = [ 5 | time_sleep.compartment_replication_delay 6 | ] 7 | } 8 | 9 | -------------------------------------------------------------------------------- /test/terraform/network/compartment/variables.tf: -------------------------------------------------------------------------------- 1 | variable "compartment_parent_id" { 2 | type = string 3 | description = "OCID of the parent compartment." 4 | } 5 | 6 | variable "compartment_name" { 7 | type = string 8 | description = "Name of the compartment to create." 9 | } 10 | 11 | variable "compartment_description" { 12 | type = string 13 | description = "Description of the compartment to create." 14 | } 15 | 16 | variable "enable_compartment_delete" { 17 | type = bool 18 | description = "Allows the compartment to delete on terraform destroy." 19 | default = false 20 | } 21 | 22 | variable "compartment_replication_delay" { 23 | type = string 24 | description = "delay to allow compartments to replicate" 25 | default = "90s" 26 | } -------------------------------------------------------------------------------- /test/terraform/network/datasources.tf: -------------------------------------------------------------------------------- 1 | # --------------------------------------------------------------------------------------------------------------------- 2 | # Get the image id of Oracle Linux 3 | # --------------------------------------------------------------------------------------------------------------------- 4 | data "oci_core_images" "ol_images" { 5 | compartment_id = var.tenancy_ocid 6 | 7 | operating_system = "Oracle Linux" 8 | operating_system_version = "8" 9 | shape = var.test_instance_shape 10 | sort_by = "TIMECREATED" 11 | sort_order = "DESC" 12 | } 13 | 14 | data "oci_identity_availability_domains" "ad" { 15 | compartment_id = var.tenancy_ocid 16 | } 17 | -------------------------------------------------------------------------------- /test/terraform/network/outputs.tf: -------------------------------------------------------------------------------- 1 | output "bastion_ip" { 2 | value = module.bastion.public_ip 3 | } 4 | 5 | output "private_test_node_ips" { 6 | value = module.test_nodes[*].private_ip 7 | } 8 | 9 | # used in subnet names. 10 | output "region_key" { 11 | value = local.region_key[0] 12 | } 13 | 14 | # used in subnet names. 15 | output "environmant_prefix"{ 16 | value = var.environment_prefix 17 | } -------------------------------------------------------------------------------- /test/terraform/network/terraform.tfvars.example: -------------------------------------------------------------------------------- 1 | # ======= Network test values. 2 | 3 | # compartment_ocid = "comapartment OCID here..." # defaults to tenancy root 4 | # test_instance_shape = "VM.Standard.E4.Flex" 5 | 6 | # environment_prefix = "P" 7 | # vcn_cidr_block = "10.0.0.0/16" 8 | # public_subnet_cidr_block = "10.0.0.0/24" 9 | # private_subnet_cidr_block = "10.0.1.0/24" -------------------------------------------------------------------------------- /test/terraform/network/test_instance/outputs.tf: -------------------------------------------------------------------------------- 1 | # --------------------------------------------------------------------------------------------------------------------- 2 | # Return the public IP address 3 | # --------------------------------------------------------------------------------------------------------------------- 4 | output "public_ip" { 5 | value = oci_core_instance.test_instance.public_ip 6 | } 7 | 8 | output "private_ip" { 9 | value = oci_core_instance.test_instance.private_ip 10 | } -------------------------------------------------------------------------------- /test/terraform/security_bastion/compartment/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | oci = { 6 | source = "oracle/oci" 7 | } 8 | } 9 | } 10 | 11 | resource "oci_identity_compartment" "compartment" { 12 | compartment_id = var.compartment_parent_id 13 | description = var.compartment_description 14 | name = var.compartment_name 15 | enable_delete = var.enable_compartment_delete 16 | } 17 | 18 | resource "time_sleep" "compartment_replication_delay" { 19 | depends_on = [oci_identity_compartment.compartment] 20 | create_duration = var.compartment_replication_delay 21 | } 22 | -------------------------------------------------------------------------------- /test/terraform/security_bastion/compartment/outputs.tf: -------------------------------------------------------------------------------- 1 | output "compartment_id" { 2 | value = oci_identity_compartment.compartment.id 3 | description = "The OCID of the compartment created" 4 | depends_on = [ 5 | time_sleep.compartment_replication_delay 6 | ] 7 | } 8 | 9 | -------------------------------------------------------------------------------- /test/terraform/security_bastion/compartment/variables.tf: -------------------------------------------------------------------------------- 1 | variable "compartment_parent_id" { 2 | type = string 3 | description = "OCID of the parent compartment." 4 | } 5 | 6 | variable "compartment_name" { 7 | type = string 8 | description = "Name of the compartment to create." 9 | } 10 | 11 | variable "compartment_description" { 12 | type = string 13 | description = "Description of the compartment to create." 14 | } 15 | 16 | variable "enable_compartment_delete" { 17 | type = bool 18 | description = "Allows the compartment to delete on terraform destroy." 19 | default = false 20 | } 21 | 22 | variable "compartment_replication_delay" { 23 | type = string 24 | description = "delay to allow compartments to replicate" 25 | default = "90s" 26 | } -------------------------------------------------------------------------------- /test/terraform/security_bastion/outputs.tf: -------------------------------------------------------------------------------- 1 | output "environment_compartment_id" { 2 | value = module.environment_compartment.compartment_id 3 | description = "The OCID of the test environment compartment" 4 | } 5 | 6 | output "security_compartment_id" { 7 | value = module.security_compartment.compartment_id 8 | description = "The OCID of the test security compartment" 9 | } 10 | 11 | output "test_subnet_id" { 12 | value = oci_core_subnet.test_subnet.id 13 | description = "OCID of test subnet" 14 | } 15 | 16 | output "bastion_id" { 17 | value = module.security.bastion_id 18 | description = "OCID of the created bastion" 19 | } -------------------------------------------------------------------------------- /test/terraform/security_bastion/variables.tf: -------------------------------------------------------------------------------- 1 | variable "compartment_replication_delay" { 2 | type = string 3 | description = "delay to allow compartments to replicate" 4 | default = "90s" 5 | } 6 | 7 | variable "compartment_ocid" { 8 | type = string 9 | description = "the ocid of the compartment instances will live in. Defaults to tenancy root." 10 | default = "" 11 | } 12 | variable "environment_prefix" { 13 | type = string 14 | description = "1 char env prefix" 15 | default = "P" 16 | } 17 | 18 | variable "resource_label" { 19 | type = string 20 | description = "Prefix used to avoid naming conflict" 21 | default = "TSTBAST" 22 | } 23 | 24 | variable "vcn_cidr_block" { 25 | type = string 26 | description = "Test VCN CIDR" 27 | default = "10.0.0.0/16" 28 | } 29 | 30 | variable "test_subnet_cidr_block" { 31 | type = string 32 | description = "Hub public subnet CIDR" 33 | default = "10.0.0.0/24" 34 | } -------------------------------------------------------------------------------- /test/terraform/security_cloudguard/compartment/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | oci = { 6 | source = "oracle/oci" 7 | } 8 | } 9 | } 10 | 11 | resource "oci_identity_compartment" "compartment" { 12 | compartment_id = var.compartment_parent_id 13 | description = var.compartment_description 14 | name = var.compartment_name 15 | enable_delete = var.enable_compartment_delete 16 | } 17 | 18 | resource "time_sleep" "compartment_replication_delay" { 19 | depends_on = [oci_identity_compartment.compartment] 20 | create_duration = var.compartment_replication_delay 21 | } 22 | -------------------------------------------------------------------------------- /test/terraform/security_cloudguard/compartment/outputs.tf: -------------------------------------------------------------------------------- 1 | output "compartment_id" { 2 | value = oci_identity_compartment.compartment.id 3 | description = "The OCID of the compartment created" 4 | depends_on = [ 5 | time_sleep.compartment_replication_delay 6 | ] 7 | } 8 | 9 | -------------------------------------------------------------------------------- /test/terraform/security_cloudguard/compartment/variables.tf: -------------------------------------------------------------------------------- 1 | variable "compartment_parent_id" { 2 | type = string 3 | description = "OCID of the parent compartment." 4 | } 5 | 6 | variable "compartment_name" { 7 | type = string 8 | description = "Name of the compartment to create." 9 | } 10 | 11 | variable "compartment_description" { 12 | type = string 13 | description = "Description of the compartment to create." 14 | } 15 | 16 | variable "enable_compartment_delete" { 17 | type = bool 18 | description = "Allows the compartment to delete on terraform destroy." 19 | default = false 20 | } 21 | 22 | variable "compartment_replication_delay" { 23 | type = string 24 | description = "delay to allow compartments to replicate" 25 | default = "90s" 26 | } -------------------------------------------------------------------------------- /test/terraform/security_cloudguard/outputs.tf: -------------------------------------------------------------------------------- 1 | output "environment_compartment_id" { 2 | value = module.environment_compartment.compartment_id 3 | description = "The OCID of the test environment compartment" 4 | } 5 | 6 | output "security_compartment_id" { 7 | value = module.security_compartment.compartment_id 8 | description = "The OCID of the test security compartment" 9 | } 10 | -------------------------------------------------------------------------------- /test/terraform/security_cloudguard/policies/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | oci = { 4 | source = "oracle/oci" 5 | } 6 | } 7 | } 8 | 9 | resource "oci_identity_policy" "policy" { 10 | compartment_id = var.compartment_ocid 11 | description = var.description 12 | name = var.policy_name 13 | statements = var.statements 14 | } 15 | 16 | resource "time_sleep" "policy_propagation_delay" { 17 | depends_on = [oci_identity_policy.policy] 18 | create_duration = "90s" 19 | } 20 | -------------------------------------------------------------------------------- /test/terraform/security_cloudguard/policies/outputs.tf: -------------------------------------------------------------------------------- 1 | output "policy" { 2 | value = oci_identity_policy.policy 3 | } 4 | -------------------------------------------------------------------------------- /test/terraform/security_cloudguard/policies/variables.tf: -------------------------------------------------------------------------------- 1 | variable "compartment_ocid" { 2 | type = string 3 | description = "The OCID of the compartment containing the policy." 4 | } 5 | 6 | variable "description" { 7 | type = string 8 | description = "The description of policy" 9 | } 10 | 11 | variable "policy_name" { 12 | type = string 13 | description = "The name of policy." 14 | } 15 | 16 | variable "statements" { 17 | type = list(string) 18 | description = "An array of policy statements written in the policy language." 19 | } -------------------------------------------------------------------------------- /test/terraform/security_cloudguard/variables.tf: -------------------------------------------------------------------------------- 1 | variable "compartment_replication_delay" { 2 | type = string 3 | description = "delay to allow compartments to replicate" 4 | default = "90s" 5 | } 6 | 7 | variable "compartment_ocid" { 8 | type = string 9 | description = "the ocid of the compartment test resources will live in. Defaults to tenancy root." 10 | default = "" 11 | } 12 | 13 | variable "environment_prefix" { 14 | type = string 15 | description = "1 char env prefix" 16 | default = "P" 17 | } 18 | 19 | variable "resource_label" { 20 | type = string 21 | description = "Prefix used to avoid naming conflict" 22 | default = "TSTCG" 23 | } 24 | -------------------------------------------------------------------------------- /test/terraform/security_vault/compartment/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0.0" 3 | 4 | required_providers { 5 | oci = { 6 | source = "oracle/oci" 7 | } 8 | } 9 | } 10 | 11 | resource "oci_identity_compartment" "compartment" { 12 | compartment_id = var.compartment_parent_id 13 | description = var.compartment_description 14 | name = var.compartment_name 15 | enable_delete = var.enable_compartment_delete 16 | } 17 | 18 | resource "time_sleep" "compartment_replication_delay" { 19 | depends_on = [oci_identity_compartment.compartment] 20 | create_duration = var.compartment_replication_delay 21 | } 22 | -------------------------------------------------------------------------------- /test/terraform/security_vault/compartment/outputs.tf: -------------------------------------------------------------------------------- 1 | output "compartment_id" { 2 | value = oci_identity_compartment.compartment.id 3 | description = "The OCID of the compartment created" 4 | depends_on = [ 5 | time_sleep.compartment_replication_delay 6 | ] 7 | } 8 | 9 | -------------------------------------------------------------------------------- /test/terraform/security_vault/compartment/variables.tf: -------------------------------------------------------------------------------- 1 | variable "compartment_parent_id" { 2 | type = string 3 | description = "OCID of the parent compartment." 4 | } 5 | 6 | variable "compartment_name" { 7 | type = string 8 | description = "Name of the compartment to create." 9 | } 10 | 11 | variable "compartment_description" { 12 | type = string 13 | description = "Description of the compartment to create." 14 | } 15 | 16 | variable "enable_compartment_delete" { 17 | type = bool 18 | description = "Allows the compartment to delete on terraform destroy." 19 | default = false 20 | } 21 | 22 | variable "compartment_replication_delay" { 23 | type = string 24 | description = "delay to allow compartments to replicate" 25 | default = "90s" 26 | } -------------------------------------------------------------------------------- /test/terraform/security_vault/outputs.tf: -------------------------------------------------------------------------------- 1 | output "environment_compartment_id" { 2 | value = module.environment_compartment.compartment_id 3 | description = "The OCID of the test environment compartment" 4 | } 5 | 6 | output "security_compartment_id" { 7 | value = module.security_compartment.compartment_id 8 | description = "The OCID of the test security compartment" 9 | } 10 | 11 | output "key_id" { 12 | value = module.security.key_id 13 | description = "OCID of Master Encryption Key." 14 | } -------------------------------------------------------------------------------- /test/terraform/security_vault/variables.tf: -------------------------------------------------------------------------------- 1 | variable "compartment_replication_delay" { 2 | type = string 3 | description = "delay to allow compartments to replicate" 4 | default = "90s" 5 | } 6 | 7 | variable "compartment_ocid" { 8 | type = string 9 | description = "the ocid of the compartment test resources will live in. Defaults to tenancy root." 10 | default = "" 11 | } 12 | 13 | variable "environment_prefix" { 14 | type = string 15 | description = "1 char env prefix" 16 | default = "P" 17 | } 18 | 19 | variable "resource_label" { 20 | type = string 21 | description = "Prefix used to avoid naming conflict" 22 | default = "TSTCG" 23 | } 24 | -------------------------------------------------------------------------------- /test/test_budget.py: -------------------------------------------------------------------------------- 1 | from pytest_terraform import terraform 2 | import pytest 3 | 4 | # unit tests for budget module 5 | @pytest.mark.unit 6 | @terraform("budget", scope="session") 7 | def test_oci_budget_target_name(budget): 8 | print(budget) 9 | actual_budget_target_name = budget["oci_budget_budget.oci_budget.display_name"] 10 | expected_budget_target_name = "OCI-ELZ-BGT-T" 11 | assert actual_budget_target_name == expected_budget_target_name 12 | 13 | 14 | @pytest.mark.unit 15 | @terraform("budget", scope="session") 16 | def test_oci_budget_amount(budget): 17 | actual_budget_amount = budget["oci_budget_budget.oci_budget.amount"] 18 | expected_budget_amount = 100000 19 | assert actual_budget_amount == expected_budget_amount 20 | 21 | 22 | @pytest.mark.unit 23 | @terraform("budget", scope="session") 24 | def test_oci_budget_alert_rule_threshold(budget): 25 | actual_budget_alert_rule_threshold = budget["oci_budget_alert_rule.oci_budget_rule.threshold"] 26 | expected_budget_alert_rule_threshold = 100 27 | assert actual_budget_alert_rule_threshold == expected_budget_alert_rule_threshold 28 | 29 | 30 | @pytest.mark.unit 31 | @terraform("budget", scope="session") 32 | def test_oci_budget_alert_rule_recipients(budget): 33 | actual_budget_alert_rule_recipients = budget["oci_budget_alert_rule.oci_budget_rule.recipients"] 34 | expected_budget_alert_rule_recipients = "example@example.com" 35 | assert actual_budget_alert_rule_recipients == expected_budget_alert_rule_recipients 36 | -------------------------------------------------------------------------------- /test/test_helpers/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/test/test_helpers/__init__.py -------------------------------------------------------------------------------- /test/test_helpers/network/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/oracle-enterprise-landingzone/5af48e4083e6ac5ed6e57b785aef1f7604515d7e/test/test_helpers/network/__init__.py -------------------------------------------------------------------------------- /test/test_helpers/oci.py: -------------------------------------------------------------------------------- 1 | import oci 2 | import os 3 | 4 | 5 | def get_test_config(): 6 | conf = { 7 | "user" : os.environ["TF_VAR_current_user_ocid"], 8 | "tenancy" : os.environ["TF_VAR_tenancy_ocid"], 9 | "fingerprint" : os.environ["TF_VAR_api_fingerprint"], 10 | "key_file" : os.environ["TF_VAR_api_private_key_path"], 11 | "region" : os.environ["TF_VAR_region"], 12 | } 13 | oci.config.validate_config(conf) 14 | return conf 15 | 16 | -------------------------------------------------------------------------------- /test/test_security_vault.py: -------------------------------------------------------------------------------- 1 | from pytest_terraform import terraform 2 | import pytest 3 | import oci 4 | 5 | 6 | from test_helpers.oci import get_test_config 7 | 8 | #unit tests for vault/key portion of the security module 9 | @pytest.mark.skip(reason="Skipped until we can better deal with vault cleanup. ") 10 | @pytest.mark.unit 11 | @pytest.mark.expensive 12 | @terraform("security_vault", scope="session") 13 | def test_master_encryption_key_created(security_vault): 14 | conf = get_test_config() 15 | #oci.key_management.KmsVaultClient(conf) 16 | 17 | vault = security_vault["oci_kms_vault.vault"] 18 | mgmt_url = vault["management_endpoint"] 19 | 20 | assert key_id is not None 21 | 22 | key_client = oci.key_management.KmsManagementClient(conf, mgmt_url) 23 | key_id = security_vault.outputs["key_id"] 24 | k = key_client.get_key(key_id).data 25 | kv = key_client.get_key_version(key_id, k["current_key_version"]).data 26 | 27 | assert kv['lifecycle_state'] == "ACTIVE" 28 | 29 | -------------------------------------------------------------------------------- /test/test_vars.example: -------------------------------------------------------------------------------- 1 | 2 | # To run tests manually, you should edit and _source_ this file. 3 | 4 | # Change if using different region. 5 | export TF_VAR_region="us-ashburn-1" 6 | 7 | export TF_VAR_tenancy_ocid="... your tenancy OCID ..." 8 | export TF_VAR_current_user_ocid="... your user OCID ... " 9 | export TF_VAR_api_fingerprint="... your OCI API key fingerprint ... " 10 | export TF_VAR_api_private_key_path="... location of your OCI API key file ... " 11 | 12 | # Change if your ssh pubkey has a different filenane. 13 | export TF_VAR_ssh_public_key_list="[\"$(cat ~/.ssh/id_rsa.pub)\"]" 14 | --------------------------------------------------------------------------------