├── .gitignore ├── CONTRIBUTING.md ├── LICENSE.txt ├── README.md ├── RELEASE-NOTES.md ├── SECURITY.md ├── SPEC.md ├── cross-connect-groups.tf ├── cross-connects.tf ├── customer-premises-equipments.tf ├── data_sources.tf ├── default_dhcp_options.tf ├── default_route_tables.tf ├── default_security_lists.tf ├── dhcp_options.tf ├── dns.tf ├── drg_attachments.tf ├── drg_attachments_management.tf ├── drg_route_distributions.tf ├── drg_route_distributions_statements.tf ├── drg_route_tables.tf ├── drg_route_tables_route_rules.tf ├── dynamic_routing_gateways.tf ├── examples ├── .gitignore ├── TransitRouting-DRGHub-NFW │ ├── README.md │ ├── diagrams │ │ └── network_transit_detailed_layout_2021.png │ ├── input-configs-standards-options │ │ ├── network_configuration.auto.tfvars │ │ ├── network_configuration.json │ │ ├── network_configuration.yaml │ │ └── network_configuration_no_nfw.yaml │ ├── main.tf │ ├── network_configuration.auto.tfvars │ ├── network_configuration.auto.tfvars.json │ ├── outputs.tf │ ├── provider.tf │ ├── terraform.tfvars.template │ └── variables.tf ├── dns-view-injection │ ├── README.md │ ├── main.tf │ ├── provider.tf │ ├── terraform.tfvars.template │ └── variables.tf ├── dns │ ├── README.md │ ├── main.tf │ ├── network_configuration.auto.tfvars.template │ ├── outputs.tf │ ├── provider.tf │ ├── terraform.tfvars.template │ └── variables.tf ├── edge-connectivity │ ├── fast-connect-examples │ │ └── generic-oci-fastconnect-partner │ │ │ ├── README.md │ │ │ ├── diagrams │ │ │ ├── network_fc_choices_partner.svg │ │ │ └── oci-aws-equinix.png │ │ │ ├── fc_partner_network_configuration.auto.tfvars │ │ │ ├── input-configs-standards-options │ │ │ ├── network_configuration.auto.tfvars │ │ │ ├── network_configuration.tfvars.json │ │ │ ├── oci_network_configuration.auto.tfvars │ │ │ ├── oci_network_configuration.json │ │ │ └── oci_network_configuration.yml │ │ │ ├── main.tf │ │ │ ├── oci_network_configuration.auto.tfvars │ │ │ ├── outputs.tf │ │ │ ├── provider.tf │ │ │ ├── terraform.tfvars.template │ │ │ └── variables.tf │ └── ipsec-examples │ │ └── generic-OCI-ipsec-bgp-vpn │ │ ├── README.md │ │ ├── diagrams │ │ ├── OCI-AWS-IpSec-VPN.png │ │ └── network_vpn_example_static.svg │ │ ├── input-configs-standards-options │ │ ├── oci_network_configuration.auto.tfvars │ │ ├── oci_network_configuration.json │ │ └── oci_network_configuration.yml │ │ ├── main.tf │ │ ├── oci_network_configuration.auto.tfvars │ │ ├── outputs.tf │ │ ├── provider.tf │ │ ├── terraform.tfvars.template │ │ └── variables.tf ├── external-dependency │ ├── .gitignore │ ├── README.md │ ├── dependencies │ │ ├── vision-compartments.json │ │ ├── vision-network.json │ │ └── vision-nlbs.json │ ├── input.auto.tfvars.template │ ├── main.tf │ ├── outputs.tf │ ├── providers.tf │ └── variables.tf ├── local-peering-gateways │ ├── README.md │ ├── lpg-acceptor │ │ ├── input.auto.tfvars.template │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── provider.tf │ │ └── variables.tf │ └── lpg-requestor │ │ ├── input.auto.tfvars.template │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── provider.tf │ │ └── variables.tf ├── multi-cloud │ └── oci-fastconnect-partner │ │ ├── README.md │ │ ├── diagrams │ │ └── oci-aws-equinix.png │ │ ├── equinix_network_configuration.auto.tfvars │ │ ├── input-configs-standards-options │ │ ├── oci_network_configuration.auto.json │ │ ├── oci_network_configuration.auto.tfvars │ │ └── oci_network_configuration.yml │ │ ├── main.tf │ │ ├── oci_network_configuration.auto.tfvars │ │ ├── outputs.tf │ │ ├── provider.tf │ │ ├── terraform.tfvars.template │ │ └── variables.tf ├── oci-network-firewall │ ├── README.md │ ├── main.tf │ ├── outputs.tf │ ├── provider.tf │ ├── terraform.tfvars.template │ └── variables.tf ├── oke-examples │ ├── flannel │ │ ├── .gitignore │ │ ├── README.md │ │ ├── diagrams │ │ │ ├── oke-flannel-network.drawio.png │ │ │ └── oke-flannel-network.drawio.svg │ │ ├── input.auto.tfvars.template │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── provider.tf │ │ └── variables.tf │ └── native │ │ ├── README.md │ │ ├── input.auto.tfvars.template │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── provider.tf │ │ └── variables.tf ├── remote-peering-connections │ ├── README.md │ ├── rpc-acceptor │ │ ├── input.auto.tfvars.template │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── provider.tf │ │ └── variables.tf │ └── rpc-requestor │ │ ├── input.auto.tfvars.template │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── provider.tf │ │ └── variables.tf ├── simple-example │ ├── README.md │ ├── diagrams │ │ └── SimpleNetworkingExample.png │ ├── input-configs-standards-options │ │ ├── network_configuration.auto.tfvars │ │ ├── network_configuration.tfvars.json │ │ └── network_configuration.yml │ ├── main.tf │ ├── network_configuration.auto.tfvars │ ├── outputs.tf │ ├── provider.tf │ ├── terraform.tfvars.template │ └── variables.tf ├── simple-no_vcn-oci-native-l7-lbaas-example │ ├── README.md │ ├── diagrams │ │ └── public-lb.png │ ├── input-configs-standards-options │ │ ├── network_configuration.auto.tfvars │ │ ├── network_configuration.json │ │ └── network_configuration.yml │ ├── main.tf │ ├── network_configuration.auto.tfvars │ ├── outputs.tf │ ├── provider.tf │ ├── terraform.tfvars.template │ └── variables.tf ├── standard-vcn-oci-native-l7-lbaas-example │ ├── README.md │ ├── diagrams │ │ └── public-lb.png │ ├── input-configs-standards-options │ │ ├── network_configuration.auto.tfvars │ │ ├── network_configuration.json │ │ └── network_configuration.yml │ ├── main.tf │ ├── network_configuration.auto.tfvars │ ├── outputs.tf │ ├── provider.tf │ ├── terraform.tfvars.template │ └── variables.tf └── vision │ ├── .gitignore │ ├── README.md │ ├── input.auto.tfvars.template │ ├── main.tf │ ├── outputs.tf │ ├── providers.tf │ └── variables.tf ├── fast_connect_virtual_circuits.tf ├── images ├── DeployToOCI.svg ├── RouteTables-CycleGraph-Fix-Algorithm.png ├── RouteTables-CycleGraph-Fix-Algorithm.svg ├── RouteTables-TF-GraphCycle-Issue.png ├── RouteTables-TF-GraphCycle-Issue.svg └── landing_zone_300.png ├── internet_gateways.tf ├── ipsecs-tunnels-management.tf ├── ipsecs.tf ├── l7_load_balancers.tf ├── local_peering_gateways.tf ├── metadata.tf ├── modules ├── l7_load_balancers │ ├── CONTRIBUTING.md │ ├── LICENSE │ ├── README.md │ ├── RELEASE-NOTES.md │ ├── SPEC.md │ ├── examples │ │ └── simple-lbaas-on-existing-vcn │ │ │ ├── LICENSE │ │ │ ├── README.md │ │ │ ├── diagrams │ │ │ └── public-lb.png │ │ │ ├── l7_load_balancers.tf │ │ │ ├── lbaas_configuration.auto.tfvars │ │ │ ├── outputs.tf │ │ │ ├── provider.tf │ │ │ ├── terraform.tfvars.template │ │ │ └── variables.tf │ ├── images │ │ └── l7_load_balancer_diagram.jpeg │ ├── l7_lb_back_end_sets.tf │ ├── l7_lb_back_ends.tf │ ├── l7_lb_certificates.tf │ ├── l7_lb_cipher_suites.tf │ ├── l7_lb_host_names.tf │ ├── l7_lb_listeners.tf │ ├── l7_lb_path_route_sets.tf │ ├── l7_lb_routing_policies.tf │ ├── l7_lb_rule_sets.tf │ ├── l7_load_balancers.tf │ ├── metadata.tf │ ├── outputs.tf │ ├── providers.tf │ └── variables.tf ├── nlb │ ├── .gitignore │ ├── SPEC.md │ ├── examples │ │ └── vision │ │ │ ├── input.auto.tfvars.template │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── providers.tf │ │ │ └── variables.tf │ ├── main.tf │ ├── metadata.tf │ ├── outputs.tf │ ├── providers.tf │ └── variables.tf ├── vtap │ ├── SPEC.md │ ├── examples │ │ └── input.auto.tfvars.template │ ├── main.tf │ ├── providers.tf │ └── variables.tf ├── waa │ ├── SPEC.md │ ├── examples │ │ ├── input.auto.tfvars.template │ │ ├── main.tf │ │ ├── provider.tf │ │ └── variables.tf │ ├── main.tf │ ├── provider.tf │ └── variables.tf └── waf │ ├── SPEC.md │ ├── examples │ ├── input.auto.tfvars.template │ ├── main.tf │ ├── provider.tf │ └── variables.tf │ ├── main.tf │ ├── provider.tf │ └── variables.tf ├── nat_gateways.tf ├── network_firewall_policies.tf ├── network_firewalls.tf ├── nsgs.tf ├── orm-facade ├── main.tf ├── outputs.tf ├── provider.tf ├── read_input_data_from_url_file.tf ├── schema.yml └── variables.tf ├── outputs.tf ├── providers.tf ├── public_ips.tf ├── public_ips_pools.tf ├── release.txt ├── remote_peering_connections.tf ├── route-tables-graph-cycle-fix.md ├── route_tables.tf ├── security_lists.tf ├── service_gateways.tf ├── shared_locals.tf ├── subnets.tf ├── variables.tf └── vcns.tf /.gitignore: -------------------------------------------------------------------------------- 1 | # Local .terraform directories 2 | **/.terraform/* 3 | 4 | # .tfstate files 5 | *.tfstate 6 | *.tfstate.* 7 | *.zip* 8 | terraform.tfvars 9 | *.tfvars.json 10 | *.auto.tfvars 11 | 12 | # log files 13 | *.log 14 | *.out 15 | 16 | # Local .terraform lock files 17 | *.lock.* 18 | 19 | # General 20 | .DS_Store 21 | .AppleDouble 22 | .LSOverride 23 | 24 | # Icon must end with two \r 25 | Icon 26 | 27 | #Certificates 28 | *.crt 29 | *.csr 30 | *.key 31 | *.srl 32 | **/certs/* 33 | 34 | # Thumbnails 35 | ._* 36 | 37 | # Files that might appear in the root of a volume 38 | .DocumentRevisions-V100 39 | .fseventsd 40 | .Spotlight-V100 41 | .TemporaryItems 42 | .Trashes 43 | .VolumeIcon.icns 44 | .com.apple.timemachine.donotpresent 45 | 46 | # Directories potentially created on remote AFP share 47 | .AppleDB 48 | .AppleDesktop 49 | Network Trash Folder 50 | Temporary Items 51 | .apdisk 52 | .idea/* 53 | 54 | # Test 55 | sdf-oci-terraform-test/ 56 | test-environment.sh 57 | creds/ -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing to this repository 2 | 3 | We welcome your contributions! There are multiple ways to contribute. 4 | 5 | ## Opening issues 6 | 7 | For bugs or enhancement requests, please file a GitHub issue unless it's 8 | security related. When filing a bug remember that the better written the bug is, 9 | the more likely it is to be fixed. If you think you've found a security 10 | vulnerability, do not raise a GitHub issue and follow the instructions in our 11 | [security policy](./SECURITY.md). 12 | 13 | ## Contributing code 14 | 15 | We welcome your code contributions. Before submitting code via a pull request, 16 | you will need to have signed the [Oracle Contributor Agreement][OCA] (OCA) and 17 | your commits need to include the following line using the name and e-mail 18 | address you used to sign the OCA: 19 | 20 | ```text 21 | Signed-off-by: Your Name 22 | ``` 23 | 24 | This can be automatically added to pull requests by committing with `--sign-off` 25 | or `-s`, e.g. 26 | 27 | ```text 28 | git commit --signoff 29 | ``` 30 | 31 | Only pull requests from committers that can be verified as having signed the OCA 32 | can be accepted. 33 | 34 | ## Pull request process 35 | 36 | 1. Ensure there is an issue created to track and discuss the fix or enhancement 37 | you intend to submit. 38 | 1. Fork this repository. 39 | 1. Create a branch in your fork to implement the changes. We recommend using 40 | the issue number as part of your branch name, e.g. `1234-fixes`. 41 | 1. Ensure that any documentation is updated with the changes that are required 42 | by your change. 43 | 1. Ensure that any samples are updated if the base image has been changed. 44 | 1. Submit the pull request. *Do not leave the pull request blank*. Explain exactly 45 | what your changes are meant to do and provide simple steps on how to validate. 46 | your changes. Ensure that you reference the issue you created as well. 47 | 1. We will assign the pull request to 2-3 people for review before it is merged. 48 | 49 | ## Code of conduct 50 | 51 | Follow the [Golden Rule](https://en.wikipedia.org/wiki/Golden_Rule). If you'd 52 | like more specific guidelines, see the [Contributor Covenant Code of Conduct][COC]. 53 | 54 | [OCA]: https://oca.opensource.oracle.com 55 | [COC]: https://www.contributor-covenant.org/version/1/4/code-of-conduct/ 56 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 2023 Oracle and/or its affiliates. 2 | 3 | The Universal Permissive License (UPL), Version 1.0 4 | 5 | Subject to the condition set forth below, permission is hereby granted to any 6 | person obtaining a copy of this software, associated documentation and/or data 7 | (collectively the "Software"), free of charge and under any and all copyright 8 | rights in the Software, and any and all patent rights owned or freely 9 | licensable by each licensor hereunder covering either (i) the unmodified 10 | Software as contributed to or provided by such licensor, or (ii) the Larger 11 | Works (as defined below), to deal in both 12 | 13 | (a) the Software, and 14 | (b) any piece of software and/or hardware listed in the lrgrwrks.txt file if 15 | one is included with the Software (each a "Larger Work" to which the Software 16 | is contributed by such licensors), 17 | 18 | without restriction, including without limitation the rights to copy, create 19 | derivative works of, display, perform, and distribute the Software and make, 20 | use, sell, offer for sale, import, export, have made, and have sold the 21 | Software and the Larger Work(s), and to sublicense the foregoing rights on 22 | either these or other terms. 23 | 24 | This license is subject to the following condition: 25 | The above copyright notice and either this complete permission notice or at 26 | a minimum a reference to the UPL must be included in all copies or 27 | substantial portions of the Software. 28 | 29 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 30 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 31 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 32 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 33 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 34 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 35 | SOFTWARE. 36 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Reporting security vulnerabilities 2 | 3 | Oracle values the independent security research community and believes that 4 | responsible disclosure of security vulnerabilities helps us ensure the security 5 | and privacy of all our users. 6 | 7 | Please do NOT raise a GitHub Issue to report a security vulnerability. If you 8 | believe you have found a security vulnerability, please submit a report to 9 | [secalert_us@oracle.com][1] preferably with a proof of concept. Please review 10 | some additional information on [how to report security vulnerabilities to Oracle][2]. 11 | We encourage people who contact Oracle Security to use email encryption using 12 | [our encryption key][3]. 13 | 14 | We ask that you do not use other channels or contact the project maintainers 15 | directly. 16 | 17 | Non-vulnerability related security issues including ideas for new or improved 18 | security features are welcome on GitHub Issues. 19 | 20 | ## Security updates, alerts and bulletins 21 | 22 | Security updates will be released on a regular cadence. Many of our projects 23 | will typically release security fixes in conjunction with the 24 | Oracle Critical Patch Update program. Additional 25 | information, including past advisories, is available on our [security alerts][4] 26 | page. 27 | 28 | ## Security-related information 29 | 30 | We will provide security related information such as a threat model, considerations 31 | for secure use, or any known security issues in our documentation. Please note 32 | that labs and sample code are intended to demonstrate a concept and may not be 33 | sufficiently hardened for production use. 34 | 35 | [1]: mailto:secalert_us@oracle.com 36 | [2]: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html 37 | [3]: https://www.oracle.com/security-alerts/encryptionkey.html 38 | [4]: https://www.oracle.com/security-alerts/ 39 | -------------------------------------------------------------------------------- /cross-connect-groups.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | locals { 11 | one_dimension_cross_connect_groups = local.one_dimension_processed_non_vcn_specific_gateways != null ? { 12 | for flat_ccg in flatten([ 13 | for vcn_non_specific_gw_key, vcn_non_specific_gw_value in local.one_dimension_processed_non_vcn_specific_gateways : 14 | vcn_non_specific_gw_value.cross_connect_groups != null ? length(vcn_non_specific_gw_value.cross_connect_groups) > 0 ? [ 15 | for ccg_key, ccg_value in vcn_non_specific_gw_value.cross_connect_groups : { 16 | compartment_id = ccg_value.compartment_id != null ? ccg_value.compartment_id : vcn_non_specific_gw_value.category_compartment_id != null ? vcn_non_specific_gw_value.category_compartment_id : vcn_non_specific_gw_value.default_compartment_id != null ? vcn_non_specific_gw_value.default_compartment_id : null 17 | category_compartment_id = vcn_non_specific_gw_value.category_compartment_id 18 | default_compartment_id = vcn_non_specific_gw_value.default_compartment_id 19 | defined_tags = merge(ccg_value.defined_tags, vcn_non_specific_gw_value.category_defined_tags, vcn_non_specific_gw_value.default_defined_tags) 20 | category_defined_tags = vcn_non_specific_gw_value.category_defined_tags 21 | default_defined_tags = vcn_non_specific_gw_value.default_defined_tags 22 | freeform_tags = merge(ccg_value.freeform_tags, vcn_non_specific_gw_value.category_freeform_tags, vcn_non_specific_gw_value.default_freeform_tags) 23 | category_freeform_tags = vcn_non_specific_gw_value.category_freeform_tags 24 | default_freeform_tags = vcn_non_specific_gw_value.default_freeform_tags 25 | customer_reference_name = ccg_value.customer_reference_name 26 | display_name = ccg_value.display_name 27 | cross_connects = ccg_value.cross_connects 28 | network_configuration_category = vcn_non_specific_gw_value.network_configuration_category 29 | ccg_key = ccg_key 30 | } 31 | ] : [] : [] 32 | ]) : flat_ccg.ccg_key => flat_ccg 33 | } : null 34 | } 35 | 36 | 37 | resource "oci_core_cross_connect_group" "these" { 38 | 39 | for_each = local.one_dimension_cross_connect_groups 40 | 41 | #Required 42 | compartment_id = each.value.compartment_id != null ? (length(regexall("^ocid1.*$", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartments_dependency[each.value.compartment_id].id) : null 43 | 44 | #Optional 45 | customer_reference_name = each.value.customer_reference_name 46 | defined_tags = each.value.defined_tags 47 | display_name = each.value.display_name 48 | freeform_tags = merge(local.cislz_module_tag, each.value.freeform_tags) 49 | } -------------------------------------------------------------------------------- /data_sources.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | data "oci_core_vcn" "existing_vcns" { 11 | for_each = local.aux_one_dimension_processed_existing_vcns 12 | #Required 13 | vcn_id = each.value.vcn_id 14 | } -------------------------------------------------------------------------------- /examples/.gitignore: -------------------------------------------------------------------------------- 1 | **/*.rem 2 | **/*.nopub 3 | **/*.tfvars 4 | **/flannel_external/* 5 | **/flannel_operator/* 6 | **/native_external/* 7 | **/native_operator/* 8 | **/clean-setup/* -------------------------------------------------------------------------------- /examples/TransitRouting-DRGHub-NFW/diagrams/network_transit_detailed_layout_2021.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/terraform-oci-modules-networking/e61364faa87075b3294bd2973bc0e68963fe4c7f/examples/TransitRouting-DRGHub-NFW/diagrams/network_transit_detailed_layout_2021.png -------------------------------------------------------------------------------- /examples/TransitRouting-DRGHub-NFW/main.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | module "terraform_oci_networking" { 11 | source = "../../" 12 | network_configuration = var.network_configuration 13 | } 14 | 15 | -------------------------------------------------------------------------------- /examples/TransitRouting-DRGHub-NFW/outputs.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | 11 | output "provisioned_networking_resources" { 12 | description = "Provisioned networking resources" 13 | value = module.terraform_oci_networking.provisioned_networking_resources 14 | } -------------------------------------------------------------------------------- /examples/TransitRouting-DRGHub-NFW/provider.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | provider "oci" { 11 | region = var.region 12 | tenancy_ocid = var.tenancy_ocid 13 | user_ocid = var.user_ocid 14 | fingerprint = var.fingerprint 15 | private_key_path = var.private_key_path 16 | private_key_password = var.private_key_password 17 | } 18 | 19 | terraform { 20 | required_version = ">= 1.3.0" 21 | 22 | required_providers { 23 | oci = { 24 | source = "oracle/oci" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /examples/TransitRouting-DRGHub-NFW/terraform.tfvars.template: -------------------------------------------------------------------------------- 1 | # GETTING STARTED 2 | # 3 | # 1. Download and install TerraForm (https://www.terraform.io/downloads.html) 4 | # 2. Download and install the OCI TerraForm provider (https://github.com/oracle/terraform-provider-oci/) 5 | # 3. Make sure that you have an OCI API key setup 6 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm for directions on creating an API signing key 7 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/Identity/Tasks/managingcredentials.htm on how to manage API keys in the OCI UI or API 8 | # 4. Copy your tenancy OCID below (bottom part of OCI screen, after Tenancy OCID: heading) 9 | # 5. Copy your OCI user account OCID (login to OCI > Identity > Users) 10 | # 6. Copy the required API key fingerprint and private key path (below) 11 | # 7. Fill-in the full path to the SSH public and private keys (this can be used when creating new instances) 12 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/GSG/Tasks/creatingkeys.htm for directions on how to create this key pair 13 | # 14 | # HELPFUL URLs 15 | # * https://github.com/oracle/terraform-provider-oci/blob/master/docs/Table%20of%20Contents.md 16 | # 17 | 18 | # RUNNING TerraForm 19 | # 20 | # Once you've gone through the steps mentioned above, you need to populate your environment variables, by sourcing this file... steps are below: 21 | # 1. Modify this file (so it reflects your OCIDs, etc.) 22 | # 2. $ terraform init 23 | # You only have to do this once after installing or upgrading your TerraForm plugins 24 | # 3. $ terraform plan 25 | # This will show you what TerraForm might do if you applied it 26 | # 4. $ terraform apply 27 | 28 | # Get this from the bottom of the OCI screen (after logging in, after Tenancy ID: heading) 29 | tenancy_ocid=" Identity > Users (for your user account) 31 | user_ocid="" 32 | 33 | # the fingerprint can be gathered from your user account (OCI > Identity > Users > click your username > API Keys fingerprint (select it, copy it and paste it below)) 34 | fingerprint="" 35 | # this is the full path on your local system to the private key used for the API key pair 36 | private_key_path="" 37 | 38 | # region (us-phoenix-1, ca-toronto-1, etc) 39 | region="" 40 | -------------------------------------------------------------------------------- /examples/TransitRouting-DRGHub-NFW/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | 5 | # tenancy details 6 | variable "tenancy_ocid" {} 7 | variable "user_ocid" {} 8 | variable "fingerprint" {} 9 | variable "private_key_path" {} 10 | variable "private_key_password" {} 11 | variable "region" {} 12 | 13 | variable "network_configuration" { 14 | type = any 15 | } 16 | 17 | -------------------------------------------------------------------------------- /examples/dns-view-injection/README.md: -------------------------------------------------------------------------------- 1 | # OCI Private DNS View Injection Example 2 | 3 | ## Description 4 | 5 | This example shows how to inject na existing private DNS view to a DNS resolver managed by the [terraform-oci-landing-zones-networking](../..) module. 6 | 7 | It directly injects the existing private DNS view OCID into the *attached_view*'s *existing_view_id* attribute. 8 | 9 | Optionally, it could also inject a key within *dns_private_views* attribute of *network_dependency* variable. 10 | 11 | ## Using this example 12 | 1. Rename *terraform.tfvars.template* to *terraform.tfvars*. 13 | 14 | 2. Within *terraform.tfvars*, provide tenancy connectivity information and adjust the input variables, by making the appropriate substitutions: 15 | - Replace \ placeholder with appropriate value. 16 | 17 | Refer to [Networking module README.md](../../README.md) for overall attributes usage. 18 | 19 | 3. In this folder, run the typical Terraform workflow: 20 | ``` 21 | terraform init 22 | terraform plan -out plan.out 23 | terraform apply plan.out 24 | ``` -------------------------------------------------------------------------------- /examples/dns-view-injection/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | module "dns_view_injection" { 5 | source = "../../" 6 | network_configuration = var.network_configuration 7 | network_dependency = var.network_dependency 8 | } 9 | 10 | -------------------------------------------------------------------------------- /examples/dns-view-injection/provider.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | provider "oci" { 5 | region = var.region 6 | tenancy_ocid = var.tenancy_ocid 7 | user_ocid = var.user_ocid 8 | fingerprint = var.fingerprint 9 | private_key_path = var.private_key_path 10 | private_key_password = var.private_key_password 11 | } 12 | 13 | terraform { 14 | required_version = ">= 1.3.0" 15 | 16 | required_providers { 17 | oci = { 18 | source = "oracle/oci" 19 | } 20 | } 21 | } -------------------------------------------------------------------------------- /examples/dns-view-injection/terraform.tfvars.template: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | tenancy_ocid = "" 5 | user_ocid = "" 6 | fingerprint = "" 7 | private_key_path = "" 8 | private_key_password = "" 9 | region = "" 10 | 11 | 12 | network_configuration = { 13 | default_compartment_id = "" 14 | network_configuration_categories = { 15 | DNS-VIEW-INJECTION = { 16 | 17 | vcns = { 18 | MY-VCN = { 19 | display_name = "dns-view-injection-vcn" 20 | is_ipv6enabled = false 21 | is_oracle_gua_allocation_enabled = false 22 | cidr_blocks = ["10.0.0.0/24"], 23 | dns_label = "dnsvcn" 24 | is_create_igw = false 25 | is_attach_drg = false 26 | block_nat_traffic = false 27 | 28 | subnets = { 29 | MY-SUBNET = { 30 | cidr_block = "10.0.0.0/24" 31 | display_name = "dns-view-injection-subnet" 32 | dns_label = "dnssubnet" 33 | prohibit_internet_ingress = true 34 | } 35 | } 36 | 37 | dns_resolver = { 38 | display_name = "custom-dns-resolver" 39 | attached_views = { 40 | DNS-VIEW-1 = { 41 | existing_view_id = "" # This is the injected DNS view. It can be either an OCID or a key within 'dns_private_views' attribute of 'network_dependency' variable (see commented out snippet down below). 42 | } 43 | } 44 | rules = [ 45 | { 46 | action = "FORWARD" 47 | destination_address = ["10.0.2.128"] 48 | source_endpoint_name = "CUSTOM-RESOLVER-ENDPOINT" 49 | qname_cover_conditions = ["internal.example.com"] 50 | 51 | }, 52 | { 53 | action = "FORWARD" 54 | client_address_conditions = ["192.168.1.0/24"] 55 | destination_address = ["10.0.2.128"] 56 | source_endpoint_name = "CUSTOM-RESOLVER-ENDPOINT" 57 | 58 | } 59 | ] 60 | resolver_endpoints = { 61 | CUSTOM-RESOLVER-ENDPOINT = { 62 | enpoint_type = "VNIC" 63 | is_forwarding = "true" 64 | is_listening = "false" 65 | forwarding_address = "10.0.0.32" 66 | name = "custom_resolver_endpoint" 67 | subnet = "MY-SUBNET" 68 | } 69 | } 70 | tsig_keys = { 71 | MY-TSIG = { 72 | algorithm = "hmac-sha1" 73 | name = "my-tsig" 74 | secret = "welcome1" 75 | } 76 | } 77 | } 78 | } 79 | } 80 | } 81 | } 82 | } 83 | 84 | /* 85 | network_dependency = { 86 | dns_private_views = { 87 | EXTERNALLY-MANAGED-VIEW = { 88 | id = "ocid1.dnsview.oc1.....snhq" 89 | } 90 | } 91 | } 92 | */ -------------------------------------------------------------------------------- /examples/dns-view-injection/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | # tenancy details 5 | variable "tenancy_ocid" {} 6 | variable "user_ocid" {} 7 | variable "fingerprint" {} 8 | variable "private_key_path" {} 9 | variable "private_key_password" {} 10 | variable "region" {} 11 | 12 | variable "network_configuration" { 13 | type = any 14 | } 15 | 16 | variable "network_dependency" { 17 | description = "An object containing the externally managed network resources this module may depend on. Supported resources are 'vcns', 'dynamic_routing_gateways', 'drg_attachments', 'local_peering_gateways', 'remote_peering_connections', and 'dns_private_views', represented as map of objects. Each object, when defined, must have an 'id' attribute of string type set with the VCN, DRG OCID, DRG Attachment OCID, Local Peering Gateway OCID or Remote Peering Connection OCID. 'remote_peering_connections' must also pass the peer region name in the region_name attribute. See External Dependencies section in README.md (https://github.com/oci-landing-zones/terraform-oci-modules-networking#ext-dep) for details." 18 | type = any 19 | default = null 20 | } 21 | 22 | 23 | -------------------------------------------------------------------------------- /examples/dns/main.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | module "terraform_oci_networking" { 11 | source = "../../" 12 | 13 | network_configuration = var.network_configuration 14 | } 15 | 16 | -------------------------------------------------------------------------------- /examples/dns/outputs.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | 11 | output "provisioned_networking_resources" { 12 | description = "Provisioned networking resources" 13 | value = module.terraform_oci_networking.provisioned_networking_resources 14 | } 15 | 16 | -------------------------------------------------------------------------------- /examples/dns/provider.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | provider "oci" { 11 | region = var.region 12 | tenancy_ocid = var.tenancy_ocid 13 | user_ocid = var.user_ocid 14 | fingerprint = var.fingerprint 15 | private_key_path = var.private_key_path 16 | private_key_password = var.private_key_password 17 | } 18 | 19 | terraform { 20 | required_version = ">= 1.3.0" 21 | 22 | required_providers { 23 | oci = { 24 | source = "oracle/oci" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /examples/dns/terraform.tfvars.template: -------------------------------------------------------------------------------- 1 | # GETTING STARTED 2 | # 3 | # 1. Download and install TerraForm (https://www.terraform.io/downloads.html) 4 | # 2. Download and install the OCI TerraForm provider (https://github.com/oracle/terraform-provider-oci/) 5 | # 3. Make sure that you have an OCI API key setup 6 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm for directions on creating an API signing key 7 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/Identity/Tasks/managingcredentials.htm on how to manage API keys in the OCI UI or API 8 | # 4. Copy your tenancy OCID below (bottom part of OCI screen, after Tenancy OCID: heading) 9 | # 5. Copy your OCI user account OCID (login to OCI > Identity > Users) 10 | # 6. Copy the required API key fingerprint and private key path (below) 11 | # 7. Fill-in the full path to the SSH public and private keys (this can be used when creating new instances) 12 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/GSG/Tasks/creatingkeys.htm for directions on how to create this key pair 13 | # 14 | # HELPFUL URLs 15 | # * https://github.com/oracle/terraform-provider-oci/blob/master/docs/Table%20of%20Contents.md 16 | # 17 | 18 | # RUNNING TerraForm 19 | # 20 | # Once you've gone through the steps mentioned above, you need to populate your environment variables, by sourcing this file... steps are below: 21 | # 1. Modify this file (so it reflects your OCIDs, etc.) 22 | # 2. $ terraform init 23 | # You only have to do this once after installing or upgrading your TerraForm plugins 24 | # 3. $ terraform plan 25 | # This will show you what TerraForm might do if you applied it 26 | # 4. $ terraform apply 27 | 28 | # Get this from the bottom of the OCI screen (after logging in, after Tenancy ID: heading) 29 | tenancy_ocid=" Identity > Users (for your user account) 31 | user_ocid="" 32 | 33 | # the fingerprint can be gathered from your user account (OCI > Identity > Users > click your username > API Keys fingerprint (select it, copy it and paste it below)) 34 | fingerprint="" 35 | # this is the full path on your local system to the private key used for the API key pair 36 | private_key_path="" 37 | 38 | # region (us-phoenix-1, ca-toronto-1, etc) 39 | region="" 40 | -------------------------------------------------------------------------------- /examples/edge-connectivity/fast-connect-examples/generic-oci-fastconnect-partner/diagrams/oci-aws-equinix.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/terraform-oci-modules-networking/e61364faa87075b3294bd2973bc0e68963fe4c7f/examples/edge-connectivity/fast-connect-examples/generic-oci-fastconnect-partner/diagrams/oci-aws-equinix.png -------------------------------------------------------------------------------- /examples/edge-connectivity/fast-connect-examples/generic-oci-fastconnect-partner/fc_partner_network_configuration.auto.tfvars: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/terraform-oci-modules-networking/e61364faa87075b3294bd2973bc0e68963fe4c7f/examples/edge-connectivity/fast-connect-examples/generic-oci-fastconnect-partner/fc_partner_network_configuration.auto.tfvars -------------------------------------------------------------------------------- /examples/edge-connectivity/fast-connect-examples/generic-oci-fastconnect-partner/input-configs-standards-options/oci_network_configuration.yml: -------------------------------------------------------------------------------- 1 | --- 2 | network_configuration: 3 | default_enable_cis_checks: false 4 | default_freeform_tags: 5 | vision-environment: vision 6 | network_configuration_categories: 7 | demo: 8 | category_freeform_tags: 9 | vision-oci-aws-ipsec: demo 10 | non_vcn_specific_gateways: 11 | dynamic_routing_gateways: 12 | DRG-VISION-KEY: 13 | display_name: drg-vision 14 | drg_attachments: 15 | DRG-VCN-ATTACH-VISION-KEY: 16 | display_name: drg-vcn-attach-vision 17 | network_details: 18 | attached_resource_key: VISION-GENERIC-FC-VCN-KEY 19 | type: VCN 20 | fast_connect_virtual_circuits: 21 | VISON-FC-VC-1-KEY: 22 | bandwidth_shape_name: 1 Gbps 23 | cross_connect_mappings: 24 | MAPPING-1-KEY: 25 | customer_bgp_peering_ip: 192.168.3.1/30 26 | oracle_bgp_peering_ip: 192.168.3.2/30 27 | customer_asn: '65000' 28 | display_name: vision_fc_vc_01 29 | gateway_key: DRG-VISION-KEY 30 | provider_service_key: VISION-FC-VC-01-EQUINIX-FABRIC-KEY 31 | provision_fc_virtual_circuit: true 32 | show_available_fc_virtual_circuit_providers: false 33 | type: PRIVATE 34 | vcns: 35 | VISION-GENERIC-FC-VCN-KEY: 36 | block_nat_traffic: false 37 | cidr_blocks: 38 | - 172.16.0.0/24 39 | display_name: vision-generic-fc-vcn 40 | dns_label: visionvcn 41 | is_attach_drg: false 42 | is_create_igw: false 43 | is_ipv6enabled: false 44 | is_oracle_gua_allocation_enabled: false 45 | route_tables: 46 | RT-01-KEY: 47 | display_name: rt-01 48 | route_rules: 49 | drg_route: 50 | description: Route for on-premises over IPSEC VPN 51 | destination: 10.0.0.0/16 52 | destination_type: CIDR_BLOCK 53 | network_entity_key: DRG-VISION-KEY 54 | security_lists: 55 | SECLIST-01-KEY: 56 | display_name: prv-subnet 57 | egress_rules: 58 | - description: egress to 10.0.0.0/16 over all TCP ports 59 | dst: 10.0.0.0/16 60 | dst_type: CIDR_BLOCK 61 | protocol: TCP 62 | stateless: false 63 | ingress_rules: 64 | - description: ingress from 10.0.0.0/16 over TCP:22 65 | dst_port_max: 22 66 | dst_port_min: 22 67 | protocol: TCP 68 | src: 10.0.0.0/16 69 | src_type: CIDR_BLOCK 70 | stateless: false 71 | - description: ingress from 10.0.0.0/16 over ICMP:all 72 | protocol: ICMP 73 | src: 10.0.0.0/16 74 | src_type: CIDR_BLOCK 75 | stateless: false 76 | subnets: 77 | PRIVATE-REGIONAL-SUBNET-KEY: 78 | cidr_block: 172.16.0.0/24 79 | dhcp_options_key: default_dhcp_options 80 | display_name: private-regional-sub 81 | dns_label: prv 82 | ipv6cidr_blocks: [] 83 | prohibit_internet_ingress: true 84 | prohibit_public_ip_on_vnic: true 85 | route_table_key: RT-01-KEY 86 | security_list_keys: 87 | - SECLIST-01-KEY -------------------------------------------------------------------------------- /examples/edge-connectivity/fast-connect-examples/generic-oci-fastconnect-partner/main.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | module "terraform_oci_networking" { 11 | source = "../../../../" 12 | 13 | network_configuration = var.network_configuration 14 | } 15 | 16 | -------------------------------------------------------------------------------- /examples/edge-connectivity/fast-connect-examples/generic-oci-fastconnect-partner/outputs.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | 11 | output "provisioned_networking_resources" { 12 | description = "Provisioned networking resources" 13 | value = module.terraform_oci_networking.provisioned_networking_resources 14 | } -------------------------------------------------------------------------------- /examples/edge-connectivity/fast-connect-examples/generic-oci-fastconnect-partner/provider.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | provider "oci" { 11 | region = var.region 12 | tenancy_ocid = var.tenancy_ocid 13 | user_ocid = var.user_ocid 14 | fingerprint = var.fingerprint 15 | private_key_path = var.private_key_path 16 | private_key_password = var.private_key_password 17 | } 18 | 19 | terraform { 20 | required_version ">= 1.3.0" 21 | 22 | required_providers { 23 | oci = { 24 | source = "oracle/oci" 25 | version = "<= 5.16.0" 26 | configuration_aliases = [oci] 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /examples/edge-connectivity/fast-connect-examples/generic-oci-fastconnect-partner/terraform.tfvars.template: -------------------------------------------------------------------------------- 1 | # GETTING STARTED 2 | # 3 | # 1. Download and install TerraForm (https://www.terraform.io/downloads.html) 4 | # 2. Download and install the OCI TerraForm provider (https://github.com/oracle/terraform-provider-oci/) 5 | # 3. Make sure that you have an OCI API key setup 6 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm for directions on creating an API signing key 7 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/Identity/Tasks/managingcredentials.htm on how to manage API keys in the OCI UI or API 8 | # 4. Copy your tenancy OCID below (bottom part of OCI screen, after Tenancy OCID: heading) 9 | # 5. Copy your OCI user account OCID (login to OCI > Identity > Users) 10 | # 6. Copy the required API key fingerprint and private key path (below) 11 | # 7. Fill-in the full path to the SSH public and private keys (this can be used when creating new instances) 12 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/GSG/Tasks/creatingkeys.htm for directions on how to create this key pair 13 | # 14 | # HELPFUL URLs 15 | # * https://github.com/oracle/terraform-provider-oci/blob/master/docs/Table%20of%20Contents.md 16 | # 17 | 18 | # RUNNING TerraForm 19 | # 20 | # Once you've gone through the steps mentioned above, you need to populate your environment variables, by sourcing this file... steps are below: 21 | # 1. Modify this file (so it reflects your OCIDs, etc.) 22 | # 2. $ terraform init 23 | # You only have to do this once after installing or upgrading your TerraForm plugins 24 | # 3. $ terraform plan 25 | # This will show you what TerraForm might do if you applied it 26 | # 4. $ terraform apply 27 | 28 | # Get this from the bottom of the OCI screen (after logging in, after Tenancy ID: heading) 29 | tenancy_ocid=" Identity > Users (for your user account) 31 | user_ocid="" 32 | 33 | # the fingerprint can be gathered from your user account (OCI > Identity > Users > click your username > API Keys fingerprint (select it, copy it and paste it below)) 34 | fingerprint="" 35 | # this is the full path on your local system to the private key used for the API key pair 36 | private_key_path="" 37 | 38 | # region (us-phoenix-1, ca-toronto-1, etc) 39 | region="" 40 | -------------------------------------------------------------------------------- /examples/edge-connectivity/ipsec-examples/generic-OCI-ipsec-bgp-vpn/diagrams/OCI-AWS-IpSec-VPN.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/terraform-oci-modules-networking/e61364faa87075b3294bd2973bc0e68963fe4c7f/examples/edge-connectivity/ipsec-examples/generic-OCI-ipsec-bgp-vpn/diagrams/OCI-AWS-IpSec-VPN.png -------------------------------------------------------------------------------- /examples/edge-connectivity/ipsec-examples/generic-OCI-ipsec-bgp-vpn/input-configs-standards-options/oci_network_configuration.yml: -------------------------------------------------------------------------------- 1 | --- 2 | network_configuration: 3 | default_enable_cis_checks: false 4 | default_freeform_tags: 5 | vision-environment: vision 6 | network_configuration_categories: 7 | demo: 8 | category_freeform_tags: 9 | vision-oci-aws-ipsec: demo 10 | non_vcn_specific_gateways: 11 | customer_premises_equipments: 12 | CPE-VISION-KEY: 13 | cpe_device_shape_vendor_name: Fortinet 14 | display_name: cpe-vision 15 | ip_address: 142.34.145.37 16 | dynamic_routing_gateways: 17 | DRG-VISION-KEY: 18 | display_name: drg-vision 19 | drg_attachments: 20 | DRG-VCN-ATTACH-VISION-KEY: 21 | display_name: drg-vcn-attach-vision 22 | network_details: 23 | attached_resource_key: VISION-GENERIC-VPN-VCN-KEY 24 | type: VCN 25 | ipsecs: 26 | VISION-OCI-AWS-IPSEC-VPN-KEY: 27 | cpe_key: CPE-VISION-KEY 28 | display_name: vision-oci-aws-ipsec-vpn 29 | drg_key: DRG-VISION-KEY 30 | static_routes: 31 | - 0.0.0.0/0 32 | tunnels_management: 33 | tunnel_1: 34 | bgp_session_info: 35 | customer_bgp_asn: '12345' 36 | customer_interface_ip: 10.0.0.16/31 37 | oracle_interface_ip: 10.0.0.17/31 38 | ike_version: V1 39 | routing: BGP 40 | shared_secret: test1 41 | tunnel_2: 42 | bgp_session_info: 43 | customer_bgp_asn: '12345' 44 | customer_interface_ip: 10.0.0.18/31 45 | oracle_interface_ip: 10.0.0.19/31 46 | ike_version: V2 47 | routing: BGP 48 | shared_secret: test2 49 | vcns: 50 | VISION-GENERIC-VPN-VCN-KEY: 51 | block_nat_traffic: false 52 | cidr_blocks: 53 | - 172.16.0.0/24 54 | display_name: vision-generic-vpn-vcn 55 | dns_label: visionvcn 56 | is_attach_drg: false 57 | is_create_igw: false 58 | is_ipv6enabled: false 59 | is_oracle_gua_allocation_enabled: false 60 | route_tables: 61 | RT-01-KEY: 62 | display_name: rt-01 63 | route_rules: 64 | drg_route: 65 | description: Route for on-premises over IPSEC VPN 66 | destination: 10.0.0.0/16 67 | destination_type: CIDR_BLOCK 68 | network_entity_key: DRG-VISION-KEY 69 | security_lists: 70 | SECLIST-01-KEY: 71 | display_name: prv-subnet 72 | egress_rules: 73 | - description: egress to 10.0.0.0/16 over all TCP ports 74 | dst: 10.0.0.0/16 75 | dst_type: CIDR_BLOCK 76 | protocol: TCP 77 | stateless: false 78 | ingress_rules: 79 | - description: ingress from 10.0.0.0/16 over TCP:22 80 | dst_port_max: 22 81 | dst_port_min: 22 82 | protocol: TCP 83 | src: 10.0.0.0/16 84 | src_type: CIDR_BLOCK 85 | stateless: false 86 | - description: ingress from 10.0.0.0/16 over ICMP:all 87 | protocol: ICMP 88 | src: 10.0.0.0/16 89 | src_type: CIDR_BLOCK 90 | stateless: false 91 | subnets: 92 | PRIVATE-REGIONAL-SUBNET-KEY: 93 | cidr_block: 172.16.0.0/24 94 | dhcp_options_key: default_dhcp_options 95 | display_name: private-regional-sub 96 | dns_label: prv 97 | ipv6cidr_blocks: [] 98 | prohibit_internet_ingress: true 99 | prohibit_public_ip_on_vnic: true 100 | route_table_key: RT-01-KEY 101 | security_list_keys: 102 | - SECLIST-01-KEY -------------------------------------------------------------------------------- /examples/edge-connectivity/ipsec-examples/generic-OCI-ipsec-bgp-vpn/main.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | module "terraform_oci_networking" { 11 | source = "../../../../" 12 | 13 | network_configuration = var.network_configuration 14 | } 15 | 16 | -------------------------------------------------------------------------------- /examples/edge-connectivity/ipsec-examples/generic-OCI-ipsec-bgp-vpn/outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2020 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | 5 | output "provisioned_networking_resources" { 6 | description = "Provisioned networking resources" 7 | value = module.terraform_oci_networking.provisioned_networking_resources 8 | sensitive = true 9 | } -------------------------------------------------------------------------------- /examples/edge-connectivity/ipsec-examples/generic-OCI-ipsec-bgp-vpn/provider.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | 11 | provider "oci" { 12 | region = var.region 13 | tenancy_ocid = var.tenancy_ocid 14 | user_ocid = var.user_ocid 15 | fingerprint = var.fingerprint 16 | private_key_path = var.private_key_path 17 | private_key_password = var.private_key_password 18 | } 19 | 20 | terraform { 21 | required_version = ">= 1.3.0" 22 | 23 | required_providers { 24 | oci = { 25 | source = "oracle/oci" 26 | version = "<= 5.16.0" 27 | configuration_aliases = [oci] 28 | } 29 | } 30 | } -------------------------------------------------------------------------------- /examples/edge-connectivity/ipsec-examples/generic-OCI-ipsec-bgp-vpn/terraform.tfvars.template: -------------------------------------------------------------------------------- 1 | # GETTING STARTED 2 | # 3 | # 1. Download and install TerraForm (https://www.terraform.io/downloads.html) 4 | # 2. Download and install the OCI TerraForm provider (https://github.com/oracle/terraform-provider-oci/) 5 | # 3. Make sure that you have an OCI API key setup 6 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm for directions on creating an API signing key 7 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/Identity/Tasks/managingcredentials.htm on how to manage API keys in the OCI UI or API 8 | # 4. Copy your tenancy OCID below (bottom part of OCI screen, after Tenancy OCID: heading) 9 | # 5. Copy your OCI user account OCID (login to OCI > Identity > Users) 10 | # 6. Copy the required API key fingerprint and private key path (below) 11 | # 7. Fill-in the full path to the SSH public and private keys (this can be used when creating new instances) 12 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/GSG/Tasks/creatingkeys.htm for directions on how to create this key pair 13 | # 14 | # HELPFUL URLs 15 | # * https://github.com/oracle/terraform-provider-oci/blob/master/docs/Table%20of%20Contents.md 16 | # 17 | 18 | # RUNNING TerraForm 19 | # 20 | # Once you've gone through the steps mentioned above, you need to populate your environment variables, by sourcing this file... steps are below: 21 | # 1. Modify this file (so it reflects your OCIDs, etc.) 22 | # 2. $ terraform init 23 | # You only have to do this once after installing or upgrading your TerraForm plugins 24 | # 3. $ terraform plan 25 | # This will show you what TerraForm might do if you applied it 26 | # 4. $ terraform apply 27 | 28 | # Get this from the bottom of the OCI screen (after logging in, after Tenancy ID: heading) 29 | tenancy_ocid=" Identity > Users (for your user account) 31 | user_ocid="" 32 | 33 | # the fingerprint can be gathered from your user account (OCI > Identity > Users > click your username > API Keys fingerprint (select it, copy it and paste it below)) 34 | fingerprint="" 35 | # this is the full path on your local system to the private key used for the API key pair 36 | private_key_path="" 37 | 38 | # region (us-phoenix-1, ca-toronto-1, etc) 39 | region="" 40 | -------------------------------------------------------------------------------- /examples/external-dependency/.gitignore: -------------------------------------------------------------------------------- 1 | **/*.rem 2 | **/*.nopub 3 | **/*.tfvars -------------------------------------------------------------------------------- /examples/external-dependency/README.md: -------------------------------------------------------------------------------- 1 | # Networking Vision Example - External Dependency 2 | 3 | ## Introduction 4 | 5 | This example shows how to use the [OCI Landing Zone Networking module](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking) with external dependencies, which are resources managed by another Terraform configuration that this configuration depends on. It does so by injecting one subnet and one security list in the VCN managed by the [vision example](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking/blob/main/examples/vision/README.md) 6 | 7 | The example depends on two *.json* files in the [./dependencies](./dependencies/) folder: 8 | - *vision-compartments.json*: with references to compartments OCIDs. This example requires a valid OCID referred by "NETWORK-CMP" key. This file is typically generated by a client of the IAM Compartments module, like the [Compartments vision example](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-iam/tree/main/compartments/examples/vision). 9 | - *vision-network.json*: with references to VCN OCIDs. This example requires a valid OCI referred by "VISION-VCN" key. This file is typically generated by a client of the Networking module, like the [Networking vision example](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking/blob/main/examples/vision). 10 | 11 | **Note**: for quick testing, you can simply paste valid OCIDs in the two files, although this defeats the purpose of automated external dependencies. 12 | 13 | See [input.auto.tfvars.template](./input.auto.tfvars.template) for the network configuration. 14 | 15 | See [module's README.md](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking/blob/main/README.md) for overall attributes usage. 16 | 17 | 18 | ## Using this example 19 | 20 | 1. Rename *input.auto.tfvars.template* to *\.auto.tfvars*, where *\* is any name of your choice. 21 | 22 | 2. Within *\.auto.tfvars*, provide tenancy connectivity information and adjust the input variables, by making the appropriate substitutions: 23 | - Make sure *./dependencies/vision-compartments.json* has the *NETWORK-CMP* key defined with the id attribute set with a valid compartment OCID. 24 | - Make sure *./dependencies/vision-network.json* has the *VISION-VCN* key defined with the id attribute set with a valid VCN OCID. 25 | 26 | 3. In this folder, run the typical Terraform workflow: 27 | ``` 28 | terraform init 29 | terraform plan -out plan.out 30 | terraform apply plan.out 31 | ``` -------------------------------------------------------------------------------- /examples/external-dependency/dependencies/vision-compartments.json: -------------------------------------------------------------------------------- 1 | { 2 | "APP-CMP": { 3 | "id": "ocid1.compartment.oc1..aaaaaaaaa...w2q" 4 | }, 5 | "DB-CMP": { 6 | "id": "ocid1.compartment.oc1..aaaaaaaa...2nq" 7 | }, 8 | "EXACS-CMP": { 9 | "id": "ocid1.compartment.oc1..aaaaaaaa...2va" 10 | }, 11 | "NETWORK-CMP": { 12 | "id": "ocid1.compartment.oc1..aaaaaaaa...sga" 13 | }, 14 | "SECURITY-CMP": { 15 | "id": "ocid1.compartment.oc1..aaaaaaaa...qfa" 16 | }, 17 | "TOP-CMP": { 18 | "id": "ocid1.compartment.oc1..aaaaaaaas...zvq" 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /examples/external-dependency/dependencies/vision-network.json: -------------------------------------------------------------------------------- 1 | { 2 | "dynamic_routing_gateways": {}, 3 | "network_security_groups": { 4 | "APP-NSG": { 5 | "id": "ocid1.networksecuritygroup.oc1.phx.aaaaaaaa...oua" 6 | }, 7 | "BASTION-NSG": { 8 | "id": "ocid1.networksecuritygroup.oc1.phx.aaaaaaaa...4ha" 9 | }, 10 | "DB-NSG": { 11 | "id": "ocid1.networksecuritygroup.oc1.phx.aaaaaaaae...p3q" 12 | }, 13 | "LBR-NSG": { 14 | "id": "ocid1.networksecuritygroup.oc1.phx.aaaaaaaa...4qq" 15 | } 16 | }, 17 | "subnets": { 18 | "APP-SUBNET": { 19 | "id": "ocid1.subnet.oc1.phx.aaaaaaaa...jcq" 20 | }, 21 | "DB-SUBNET": { 22 | "id": "ocid1.subnet.oc1.phx.aaaaaaaa...mja" 23 | }, 24 | "WEB-SUBNET": { 25 | "id": "ocid1.subnet.oc1.phx.aaaaaaaa...iuq" 26 | } 27 | }, 28 | "vcns": { 29 | "VISION-VCN": { 30 | "id": "ocid1.vcn.oc1.phx.amaaaaaa...npq" 31 | } 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /examples/external-dependency/dependencies/vision-nlbs.json: -------------------------------------------------------------------------------- 1 | { 2 | "VISION-NLB": { 3 | "id": "ocid1.privateip.oc1.phx.abyhqlj...uiq" 4 | } 5 | } -------------------------------------------------------------------------------- /examples/external-dependency/input.auto.tfvars.template: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | #------------------------------------------------------------------------------------------------------------------------------------------------- 5 | # 1. Rename this file to .auto.tfvars, where is a name of your choice. 6 | # 2. Provide values for "Tenancy Connectivity Variables". 7 | # 3. Make sure ./dependencies/vision-compartments.json has the NETWORK-CMP key defined with the id attribute set with a valid compartment OCID. 8 | # 4. Make sure ./dependencies/vision-network.json has the VISION-VCN key defined with the id attribute set with a valid VCN OCID. 9 | #------------------------------------------------------------------------------------------------------------------------------------------------- 10 | 11 | #--------------------------------------- 12 | # Tenancy Connectivity Variables 13 | #--------------------------------------- 14 | 15 | # tenancy_ocid = "" # Get this from OCI Console (after logging in, go to top-right-most menu item and click option "Tenancy: "). 16 | # user_ocid = "" # Get this from OCI Console (after logging in, go to top-right-most menu item and click option "My profile"). 17 | # fingerprint = "" # The fingerprint can be gathered from your user account. In the "My profile page, click "API keys" on the menu in left hand side. 18 | # private_key_path = "" # This is the full path on your local system to the API signing private key. 19 | # private_key_password = "" # This is the password that protects the private key, if any. 20 | # region = "" # The region name. 21 | 22 | #--------------------------------------- 23 | # Input variable 24 | #--------------------------------------- 25 | 26 | network_configuration = { 27 | default_compartment_id = "NETWORK-CMP" # This key is defined in ./dependencies/vision-compartments.json 28 | network_configuration_categories = { 29 | production = { 30 | inject_into_existing_vcns = { 31 | VISION-VCN-INJECTED = { 32 | vcn_id = "VISION-VCN" # This key is defined in ./dependencies/vision-network.json 33 | subnets = { 34 | SUPPLEMENT-SUBNET = { 35 | display_name = "supplement-subnet" 36 | cidr_block = "10.0.0.96/27" 37 | security_list_keys = ["SUPPLEMENT-SECURITY-LIST"] 38 | } 39 | } 40 | security_lists = { 41 | SUPPLEMENT-SECURITY-LIST = { 42 | display_name = "supplement-security-list" 43 | ingress_rules = [ 44 | { 45 | description = "Ingress on UDP type 3 code 4." 46 | stateless = false 47 | protocol = "UDP" 48 | src = "0.0.0.0/0" 49 | src_type = "CIDR_BLOCK" 50 | icmp_type = 3 51 | icmp_code = 4 52 | } 53 | ] 54 | egress_rules = [ 55 | { 56 | description = "Egress to Oracle Services Network." 57 | stateless = false 58 | protocol = "TCP" 59 | dst = "all-services" 60 | dst_type = "SERVICE_CIDR_BLOCK" 61 | dst_port_min = 443 62 | dst_port_max = 443 63 | } 64 | ] 65 | } 66 | } 67 | } 68 | } 69 | } 70 | } 71 | } -------------------------------------------------------------------------------- /examples/external-dependency/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | module "vision_network" { 5 | #source = "github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking?ref=release-0..6.5" 6 | source = "../../" 7 | network_configuration = var.network_configuration 8 | compartments_dependency = jsondecode(file("./dependencies/vision-compartments.json")) 9 | network_dependency = jsondecode(file("./dependencies/vision-network.json")) 10 | private_ips_dependency = jsondecode(file("./dependencies/vision-nlbs.json")) 11 | } -------------------------------------------------------------------------------- /examples/external-dependency/outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | output "vision_network" { 5 | value = module.vision_network.provisioned_networking_resources 6 | } -------------------------------------------------------------------------------- /examples/external-dependency/providers.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | provider "oci" { 5 | region = var.region 6 | tenancy_ocid = var.tenancy_ocid 7 | user_ocid = var.user_ocid 8 | fingerprint = var.fingerprint 9 | private_key_path = var.private_key_path 10 | private_key_password = var.private_key_password 11 | ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"] 12 | } 13 | 14 | terraform { 15 | required_version = ">= 1.3.0" 16 | required_providers { 17 | oci = { 18 | source = "oracle/oci" 19 | } 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /examples/external-dependency/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | variable "tenancy_ocid" {} 5 | variable "region" {description = "Your tenancy home region"} 6 | variable "user_ocid" {default = ""} 7 | variable "fingerprint" {default = ""} 8 | variable "private_key_path" {default = ""} 9 | variable "private_key_password" {default = ""} 10 | 11 | variable "network_configuration" { 12 | type = any 13 | } 14 | -------------------------------------------------------------------------------- /examples/local-peering-gateways/README.md: -------------------------------------------------------------------------------- 1 | # Local Peering Gateways 2 | 3 | The enclosed pair of examples shows how to create and peer Local Peering Gateways (LPGs) within a region using the [OCI Landing Zone Core Networking module](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking). 4 | 5 | It creates two VCNs. Within each VCN a Local Peering Gateway (LPG) is created. The LPGs are then peered. 6 | 7 | ## How to Run the Examples 8 | 9 | ### Run the Acceptor 10 | 1. Replace the placeholders marked with \<\> with appropriate values in ./lpg_acceptor/input.auto.tfvars.template. Rename the file to ./lpg_acceptor/input.auto.tfvars. 11 | 2. Execute terraform init/plan/apply in ./lpg-acceptor folder. 12 | 13 | ### Run the Requestor 14 | 3. Replace the placeholders marked with \<\> with appropriate values in ./lpg_requestor/input.auto.tfvars.template. Rename the file to ./lpg_requestor/input.auto.tfvars. 15 | 4. Execute terraform init/plan/apply in ./lpg-requestor folder. -------------------------------------------------------------------------------- /examples/local-peering-gateways/lpg-acceptor/input.auto.tfvars.template: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | tenancy_ocid = "" 5 | user_ocid = "" 6 | fingerprint = "" 7 | private_key_path = "" 8 | private_key_password = "" 9 | region = "" 10 | 11 | network_configuration = { 12 | default_compartment_id = "" 13 | network_configuration_categories = { 14 | production = { 15 | vcns = { 16 | VISION-LPG-ACCEPTOR-VCN = { 17 | display_name = "vision-lpg-acceptor-vcn" 18 | cidr_blocks = ["192.168.0.0/27"] 19 | vcn_specific_gateways = { 20 | local_peering_gateways = { 21 | ACCEPTOR-LPG = { 22 | display_name = "acceptor-lpg" 23 | } 24 | } 25 | } 26 | } 27 | } 28 | } 29 | } 30 | } -------------------------------------------------------------------------------- /examples/local-peering-gateways/lpg-acceptor/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | module "lpg_acceptor" { 5 | source = "../../../" 6 | network_configuration = var.network_configuration 7 | } 8 | 9 | -------------------------------------------------------------------------------- /examples/local-peering-gateways/lpg-acceptor/outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | output "networking_resources" { 5 | description = "Networking resources" 6 | value = module.lpg_acceptor.provisioned_networking_resources 7 | } 8 | 9 | # This resource writes a file with select output as JSON content. This file can be used as a network dependency by another network configuration example that depends on RPCs managed by this example. 10 | resource "local_file" "network_output" { 11 | content = module.lpg_acceptor.provisioned_networking_resources != null ? jsonencode({ 12 | "local_peering_gateways" : {for k, v in module.lpg_acceptor.provisioned_networking_resources.local_peering_gateways : k => {"id" : v.id}} 13 | }) : null 14 | filename = "./vision-network.json" 15 | } -------------------------------------------------------------------------------- /examples/local-peering-gateways/lpg-acceptor/provider.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | provider "oci" { 5 | region = var.region 6 | tenancy_ocid = var.tenancy_ocid 7 | user_ocid = var.user_ocid 8 | fingerprint = var.fingerprint 9 | private_key_path = var.private_key_path 10 | private_key_password = var.private_key_password 11 | } 12 | 13 | terraform { 14 | required_version = ">= 1.3.0" 15 | 16 | required_providers { 17 | oci = { 18 | source = "oracle/oci" 19 | } 20 | } 21 | } -------------------------------------------------------------------------------- /examples/local-peering-gateways/lpg-acceptor/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | # tenancy details 5 | variable "tenancy_ocid" {} 6 | variable "user_ocid" {} 7 | variable "fingerprint" {} 8 | variable "private_key_path" {} 9 | variable "private_key_password" {} 10 | variable "region" {} 11 | 12 | variable "network_configuration" { 13 | type = any 14 | default = null 15 | } 16 | 17 | -------------------------------------------------------------------------------- /examples/local-peering-gateways/lpg-requestor/input.auto.tfvars.template: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | tenancy_ocid = "" 5 | user_ocid = "" 6 | fingerprint = "" 7 | private_key_path = "" 8 | private_key_password = "" 9 | region = "" 10 | 11 | network_configuration = { 12 | default_compartment_id = "" 13 | network_configuration_categories = { 14 | production = { 15 | vcns = { 16 | VISION-LPG-REQUESTOR-VCN = { 17 | display_name = "vision-lpg-requestor-vcn" 18 | cidr_blocks = ["10.0.0.0/27"] 19 | vcn_specific_gateways = { 20 | local_peering_gateways = { 21 | REQUESTOR-LPG = { 22 | display_name = "requestor-lpg" 23 | peer_key = "ACCEPTOR-LPG" 24 | } 25 | } 26 | } 27 | } 28 | } 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /examples/local-peering-gateways/lpg-requestor/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | module "lpg_requestor" { 5 | source = "../../../" 6 | network_configuration = var.network_configuration 7 | network_dependency = jsondecode(file("../lpg-acceptor/vision-network.json")) 8 | } 9 | 10 | -------------------------------------------------------------------------------- /examples/local-peering-gateways/lpg-requestor/outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | output "networking_resources" { 5 | description = "Networking resources" 6 | value = module.lpg_requestor.provisioned_networking_resources 7 | } -------------------------------------------------------------------------------- /examples/local-peering-gateways/lpg-requestor/provider.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | provider "oci" { 5 | region = var.region 6 | tenancy_ocid = var.tenancy_ocid 7 | user_ocid = var.user_ocid 8 | fingerprint = var.fingerprint 9 | private_key_path = var.private_key_path 10 | private_key_password = var.private_key_password 11 | } 12 | 13 | terraform { 14 | required_version = ">= 1.3.0" 15 | 16 | required_providers { 17 | oci = { 18 | source = "oracle/oci" 19 | } 20 | } 21 | } -------------------------------------------------------------------------------- /examples/local-peering-gateways/lpg-requestor/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | # tenancy details 5 | variable "tenancy_ocid" {} 6 | variable "user_ocid" {} 7 | variable "fingerprint" {} 8 | variable "private_key_path" {} 9 | variable "private_key_password" {} 10 | variable "region" {} 11 | 12 | variable "network_configuration" { 13 | type = any 14 | default = null 15 | } 16 | 17 | -------------------------------------------------------------------------------- /examples/multi-cloud/oci-fastconnect-partner/README.md: -------------------------------------------------------------------------------- 1 | 2 | # Multicloud connectivity - FastConnect Partner 3 | 4 | ## Description 5 | 6 | This is an example for a private Multicloud connection using OCI FastConnect and a FastConnect Partner. 7 | This scenario will use simple/basic instantiation of the ```terraform-oci-landing-zones-networking``` networking core module. 8 | 9 | For detailed description of the ```terraform-oci-landing-zones-networking``` networking core module please refer to the core module specific [README.md](../../README.md) and [SPEC.md](../../SPEC.md). 10 | 11 | This example is leveraging the fully dynamic characteristics of the complex networking module input to describe the following networking topology: 12 | 13 | - networking construct provisioned on a single compartment 14 | - single networking category defined 15 | - the CIDR range proposed for the secondary Cloud is 172.16.0.0/16 16 | - the category will contain one single VCN (10.0.0.0/18) 17 | - the VCN will contain the following: 18 | - A security list ```sl-db``` allowing ingress from the db subnet CIDR over TCP(jdbc):1521, ssh:22 and ICMP. 19 | - A route tables ```rt-02``` with the following routes: 20 | - route to the DRG for reaching the Secondary Cloud and the Multicloud Router 21 | - route to the DRG for reaching the Multicloud Router 22 | - A db subnets: 23 | - ```db-subnet``` (10.0.1.0/24) for the database tier. This subnet will be using the ```rt-02``` route table, default VCN DHCP options and the db security list. 24 | 25 | __NOTE 1:__ Please note that the specific partner configuration will not be mantained in this repo. The specific partner tf file will provide the public path to the code. 26 | 27 | __NOTE 2:__ Please note that the entire configuration is a single complex input parameter and you're able to edit it and change the resources names and any of their configuration (like VCN and subnet CIDR blocks, dns labels...) and, also, you're able to change the input configuration topology/structure like adding more categories, more VCNs inside a category, more subnets inside a VCN or inject new resources into existing VCNs and this will reflect into the topology that terraform will provision. 28 | 29 | ## Diagram of a Multicloud connectivity - FastConnect Partner scenario 30 | 31 | ![](diagrams/oci-aws-equinix.png) 32 | 33 | ## Instantiation 34 | 35 | For clarity and proper separation and isolation we've separated the input parameters into 2 files by leveraging terraform ```*.auto.tfvars``` feature: 36 | 37 | - [terraform.tfvars](./terraform.tfvars.template) 38 | 39 | - [oci_network_configuration.auto.tfvars](./oci_network_configuration.auto.tfvars) 40 | 41 | ### Using the Module with ORM** 42 | 43 | For an ad-hoc use where you can select your resources, follow these guidelines: 44 | 1. [![Deploy_To_OCI](../../../images/DeployToOCI.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking/archive/refs/heads/main.zip&zipUrlVariables={"input_config_file_url":"https://raw.githubusercontent.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking/main/examples/multi-cloud/oci-fastconnect-partner/input-configs-standards-options/oci_network_configuration.auto.json"}) 45 | 2. Accept terms, wait for the configuration to load. 46 | 3. Set the working directory to “orm-facade”. 47 | 4. Set the stack name you prefer. 48 | 5. Set the terraform version to 1.2.x. Click Next. 49 | 6. Add your json/yaml configuration files. Click Next. 50 | 8. Un-check run apply. Click Create. 51 | 52 | 53 | ## Output Example: 54 | 55 | ``` 56 | provisioned_fc_vc_id = "ocid1.virtualcircuit.oc1.eu-frankfurt-1.........." 57 | ``` 58 | 59 | This is the ocid of the virtual circuit that must be provided to the connectivity partner 60 | -------------------------------------------------------------------------------- /examples/multi-cloud/oci-fastconnect-partner/diagrams/oci-aws-equinix.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/terraform-oci-modules-networking/e61364faa87075b3294bd2973bc0e68963fe4c7f/examples/multi-cloud/oci-fastconnect-partner/diagrams/oci-aws-equinix.png -------------------------------------------------------------------------------- /examples/multi-cloud/oci-fastconnect-partner/equinix_network_configuration.auto.tfvars: -------------------------------------------------------------------------------- 1 | /* 2 | The equinix and AWS code is hosted in the following repo: 3 | 4 | https://github.com/equinix-labs/multi-cloud-networking 5 | 6 | */ -------------------------------------------------------------------------------- /examples/multi-cloud/oci-fastconnect-partner/input-configs-standards-options/oci_network_configuration.yml: -------------------------------------------------------------------------------- 1 | --- 2 | network_configuration: 3 | default_enable_cis_checks: false 4 | default_freeform_tags: 5 | vision-environment: vision 6 | network_configuration_categories: 7 | demo: 8 | category_freeform_tags: 9 | vision-oci-fastconnect: demo 10 | non_vcn_specific_gateways: 11 | dynamic_routing_gateways: 12 | DRG-VISION-KEY: 13 | display_name: drg-vision 14 | drg_attachments: 15 | DRG-VCN-ATTACH-VISION-KEY: 16 | display_name: drg-vcn-attach-vision 17 | network_details: 18 | attached_resource_key: VISION-VCN-KEY 19 | type: VCN 20 | fast_connect_virtual_circuits: 21 | FC-FRA-VC1-1-KEY: 22 | bandwidth_shape_name: 1 Gbps 23 | cross_connect_mappings: 24 | MAPPING-1-KEY: 25 | customer_bgp_peering_ip: 192.168.3.1/30 26 | oracle_bgp_peering_ip: 192.168.3.2/30 27 | customer_asn: '65000' 28 | display_name: VISION_VC_1 29 | gateway_key: DRG-VISION-KEY 30 | provider_service_id: ocid1.providerservice.oc1.eu-frankfurt-1.......... 31 | provision_fc_virtual_circuit: true 32 | show_available_fc_virtual_circuit_providers: false 33 | type: PRIVATE 34 | vcns: 35 | VISION-VCN-KEY: 36 | block_nat_traffic: false 37 | cidr_blocks: 38 | - 10.0.0.0/18 39 | display_name: vision-vcn 40 | dns_label: visionvcn 41 | is_attach_drg: false 42 | is_create_igw: false 43 | is_ipv6enabled: false 44 | is_oracle_gua_allocation_enabled: false 45 | route_tables: 46 | RT-02-KEY: 47 | display_name: rt-02 48 | route_rules: 49 | drg-route-multicloud: 50 | description: Route for Secondary Cloud via DRG 51 | destination: 172.16.0.0/16 52 | destination_type: CIDR_BLOCK 53 | network_entity_key: DRG-VISION-KEY 54 | drg-route-partner: 55 | description: Multicloud Router 56 | destination: 192.168.3.0/30 57 | destination_type: CIDR_BLOCK 58 | network_entity_key: DRG-VISION-KEY 59 | security_lists: 60 | SECLIST-DB-KEY: 61 | display_name: sl-db 62 | egress_rules: 63 | - description: egress to 0.0.0.0/0 over TCP 64 | dst: 0.0.0.0/0 65 | dst_type: CIDR_BLOCK 66 | protocol: TCP 67 | stateless: false 68 | ingress_rules: 69 | - description: ingress from Secondary Cloud over TCP1521 70 | dst_port_max: 1521 71 | dst_port_min: 1521 72 | protocol: TCP 73 | src: 172.16.0.0/16 74 | src_type: CIDR_BLOCK 75 | stateless: false 76 | - description: ingress from Secondary Cloud over TCP22 SSH 77 | dst_port_max: 22 78 | dst_port_min: 22 79 | protocol: TCP 80 | src: 172.16.0.0/16 81 | src_type: CIDR_BLOCK 82 | stateless: false 83 | - description: Ping from Secondary Cloud 84 | protocol: ICMP 85 | src: 172.16.0.0/16 86 | src_type: CIDR_BLOCK 87 | stateless: false 88 | - description: Ping from Multicloud Router 89 | protocol: ICMP 90 | src: 192.168.3.0/30 91 | src_type: CIDR_BLOCK 92 | stateless: false 93 | subnets: 94 | PRIVATE-DB-SUBNET-KEY: 95 | cidr_block: 10.0.1.0/24 96 | dhcp_options_key: default_dhcp_options 97 | display_name: sub-private-db 98 | dns_label: privatedb 99 | ipv6cidr_blocks: [] 100 | prohibit_internet_ingress: true 101 | prohibit_public_ip_on_vnic: true 102 | route_table_id: 103 | route_table_key: RT-02-KEY 104 | security_list_keys: 105 | - SECLIST-DB-KEY -------------------------------------------------------------------------------- /examples/multi-cloud/oci-fastconnect-partner/main.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | module "terraform_oci_networking" { 11 | source = "../../../" 12 | 13 | network_configuration = var.network_configuration 14 | } 15 | 16 | -------------------------------------------------------------------------------- /examples/multi-cloud/oci-fastconnect-partner/outputs.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | 11 | output "provisioned_networking_resources" { 12 | description = "Provisioned networking resources" 13 | value = module.terraform_oci_networking.provisioned_networking_resources 14 | } 15 | 16 | /* 17 | output "provisioned_fc_vc_id" { 18 | description = "Provisioned networking resources" 19 | value = module.terraform_oci_networking.provisioned_networking_resources.fast_connect_virtual_circuits.fast_connect_virtual_circuits["FC-FRA-VC1-1-KEY"].id 20 | } 21 | */ -------------------------------------------------------------------------------- /examples/multi-cloud/oci-fastconnect-partner/provider.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | provider "oci" { 11 | region = var.region 12 | tenancy_ocid = var.tenancy_ocid 13 | user_ocid = var.user_ocid 14 | fingerprint = var.fingerprint 15 | private_key_path = var.private_key_path 16 | private_key_password = var.private_key_password 17 | } 18 | 19 | terraform { 20 | required_version = ">= 1.3.0" 21 | 22 | required_providers { 23 | oci = { 24 | source = "oracle/oci" 25 | version = "<= 5.16.0" 26 | configuration_aliases = [oci] 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /examples/multi-cloud/oci-fastconnect-partner/terraform.tfvars.template: -------------------------------------------------------------------------------- 1 | # GETTING STARTED 2 | # 3 | # 1. Download and install TerraForm (https://www.terraform.io/downloads.html) 4 | # 2. Download and install the OCI TerraForm provider (https://github.com/oracle/terraform-provider-oci/) 5 | # 3. Make sure that you have an OCI API key setup 6 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm for directions on creating an API signing key 7 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/Identity/Tasks/managingcredentials.htm on how to manage API keys in the OCI UI or API 8 | # 4. Copy your tenancy OCID below (bottom part of OCI screen, after Tenancy OCID: heading) 9 | # 5. Copy your OCI user account OCID (login to OCI > Identity > Users) 10 | # 6. Copy the required API key fingerprint and private key path (below) 11 | # 7. Fill-in the full path to the SSH public and private keys (this can be used when creating new instances) 12 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/GSG/Tasks/creatingkeys.htm for directions on how to create this key pair 13 | # 14 | # HELPFUL URLs 15 | # * https://github.com/oracle/terraform-provider-oci/blob/master/docs/Table%20of%20Contents.md 16 | # 17 | 18 | # RUNNING TerraForm 19 | # 20 | # Once you've gone through the steps mentioned above, you need to populate your environment variables, by sourcing this file... steps are below: 21 | # 1. Modify this file (so it reflects your OCIDs, etc.) 22 | # 2. $ terraform init 23 | # You only have to do this once after installing or upgrading your TerraForm plugins 24 | # 3. $ terraform plan 25 | # This will show you what TerraForm might do if you applied it 26 | # 4. $ terraform apply 27 | 28 | # Get this from the bottom of the OCI screen (after logging in, after Tenancy ID: heading) 29 | tenancy_ocid=" Identity > Users (for your user account) 31 | user_ocid="" 32 | 33 | # the fingerprint can be gathered from your user account (OCI > Identity > Users > click your username > API Keys fingerprint (select it, copy it and paste it below)) 34 | fingerprint="" 35 | # this is the full path on your local system to the private key used for the API key pair 36 | private_key_path="" 37 | 38 | # region (us-phoenix-1, ca-toronto-1, etc) 39 | region="" 40 | -------------------------------------------------------------------------------- /examples/oci-network-firewall/README.md: -------------------------------------------------------------------------------- 1 | # OCI Network Firewall Example 2 | 3 | ## Description 4 | 5 | This example implements the network firewall policy in the use case described in https://www.ateam-oracle.com/post/oci-network-firewall---concepts-and-deployment. The complete routing scenario is not implemented. 6 | 7 | Note that the IP addresses for the Internet hosts are fictitious, so please update them appropriately. 8 | 9 | For detailed description of the ```terraform-oci-landing-zones-networking``` networking core module please refer to the core module specific [README.md](../../README.md) and [SPEC.md](../../SPEC.md). 10 | 11 | ## Using this example 12 | 1. Rename *terraform.tfvars.template* to *terraform.tfvars*. 13 | 14 | 2. Within *terraform.tfvars*, provide tenancy connectivity information and adjust the input variables, by making the appropriate substitutions: 15 | - Replace \ placeholder with appropriate value. 16 | 17 | Refer to [Networking module README.md](https://github.com/oci-landing-zones/terraform-oci-modules-networking/blob/main/README.md) for overall attributes usage. 18 | 19 | 3. In this folder, run the typical Terraform workflow: 20 | ``` 21 | terraform init 22 | terraform plan -out plan.out 23 | terraform apply plan.out 24 | ``` 25 | -------------------------------------------------------------------------------- /examples/oci-network-firewall/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | module "terraform_oci_networking" { 5 | source = "../../" 6 | network_configuration = var.network_configuration 7 | } 8 | 9 | -------------------------------------------------------------------------------- /examples/oci-network-firewall/outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | output "provisioned_networking_resources" { 5 | description = "Provisioned networking resources" 6 | value = module.terraform_oci_networking.provisioned_networking_resources 7 | } -------------------------------------------------------------------------------- /examples/oci-network-firewall/provider.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | provider "oci" { 5 | region = var.region 6 | tenancy_ocid = var.tenancy_ocid 7 | user_ocid = var.user_ocid 8 | fingerprint = var.fingerprint 9 | private_key_path = var.private_key_path 10 | private_key_password = var.private_key_password 11 | } 12 | 13 | terraform { 14 | required_version = ">= 1.3.0" 15 | 16 | required_providers { 17 | oci = { 18 | source = "oracle/oci" 19 | } 20 | } 21 | } -------------------------------------------------------------------------------- /examples/oci-network-firewall/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | # tenancy details 5 | variable "tenancy_ocid" {} 6 | variable "user_ocid" {} 7 | variable "fingerprint" {} 8 | variable "private_key_path" {} 9 | variable "private_key_password" {} 10 | variable "region" {} 11 | 12 | variable "network_configuration" { 13 | type = any 14 | } 15 | 16 | -------------------------------------------------------------------------------- /examples/oke-examples/flannel/.gitignore: -------------------------------------------------------------------------------- 1 | *.auto.tfvars -------------------------------------------------------------------------------- /examples/oke-examples/flannel/diagrams/oke-flannel-network.drawio.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/terraform-oci-modules-networking/e61364faa87075b3294bd2973bc0e68963fe4c7f/examples/oke-examples/flannel/diagrams/oke-flannel-network.drawio.png -------------------------------------------------------------------------------- /examples/oke-examples/flannel/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2020 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | module "terraform_oci_networking" { 5 | source = "../../../" 6 | network_configuration = var.network_configuration 7 | } 8 | 9 | -------------------------------------------------------------------------------- /examples/oke-examples/flannel/outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2020 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | 5 | output "provisioned_networking_resources" { 6 | description = "Provisioned networking resources" 7 | value = module.terraform_oci_networking.provisioned_networking_resources 8 | } 9 | 10 | -------------------------------------------------------------------------------- /examples/oke-examples/flannel/provider.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | provider "oci" { 5 | region = var.region 6 | tenancy_ocid = var.tenancy_ocid 7 | user_ocid = var.user_ocid 8 | fingerprint = var.fingerprint 9 | private_key_path = var.private_key_path 10 | private_key_password = var.private_key_password 11 | ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"] 12 | } 13 | 14 | terraform { 15 | required_version = ">= 1.3.0" 16 | required_providers { 17 | oci = { 18 | source = "oracle/oci" 19 | } 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /examples/oke-examples/flannel/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | # tenancy details 5 | variable "tenancy_ocid" {} 6 | variable "user_ocid" {} 7 | variable "fingerprint" {} 8 | variable "private_key_path" {} 9 | variable "private_key_password" {} 10 | variable "region" {} 11 | 12 | variable "network_configuration" { 13 | type = any 14 | } 15 | 16 | -------------------------------------------------------------------------------- /examples/oke-examples/native/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2020 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | module "terraform_oci_networking" { 5 | source = "../../../" 6 | network_configuration = var.network_configuration 7 | } 8 | 9 | -------------------------------------------------------------------------------- /examples/oke-examples/native/outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2020 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | 5 | output "provisioned_networking_resources" { 6 | description = "Provisioned networking resources" 7 | value = module.terraform_oci_networking.provisioned_networking_resources 8 | } 9 | 10 | -------------------------------------------------------------------------------- /examples/oke-examples/native/provider.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | provider "oci" { 5 | region = var.region 6 | tenancy_ocid = var.tenancy_ocid 7 | user_ocid = var.user_ocid 8 | fingerprint = var.fingerprint 9 | private_key_path = var.private_key_path 10 | private_key_password = var.private_key_password 11 | } 12 | terraform { 13 | required_version = ">= 1.3.0" 14 | required_providers { 15 | oci = { 16 | source = "oracle/oci" 17 | } 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /examples/oke-examples/native/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2022, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | 5 | # tenancy details 6 | variable "tenancy_ocid" {} 7 | variable "user_ocid" {} 8 | variable "fingerprint" {} 9 | variable "private_key_path" {} 10 | variable "private_key_password" {} 11 | variable "region" {} 12 | 13 | variable "network_configuration" { 14 | type = any 15 | } 16 | -------------------------------------------------------------------------------- /examples/remote-peering-connections/README.md: -------------------------------------------------------------------------------- 1 | # Remote Peering Connections 2 | 3 | The enclosed pair of examples shows how to create Remote Peering connections (RPCs) across regions using the [OCI Landing Zone Core Networking module](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking). 4 | 5 | It creates two DRGs, one in the region specified in [./rpc_acceptor/input.auto.tfvars.template](./rpc_acceptor/input.auto.tfvars.template) and another in the region specified in [./rpc_requestor/input.auto.tfvars.template](./rpc_requestor/input.auto.tfvars.template). Each DRG is attached an RPC (Remote Peering Connection). The RPCs are then peered. 6 | 7 | ## How to Run the Examples 8 | 9 | ### Run the Acceptor 10 | 1. Replace the placeholders marked with \<\> with appropriate values in ./rpc_acceptor/input.auto.tfvars.template. Rename the file to ./rpc_acceptor/input.auto.tfvars. 11 | 2. Execute terraform init/plan/apply in ./rpc-acceptor folder. 12 | 13 | ### Run the Requestor 14 | 3. Replace the placeholders marked with \<\> with appropriate values in ./rpc_requestor/input.auto.tfvars.template. Rename the file to ./rpc_requestor/input.auto.tfvars. 15 | 4. Execute terraform init/plan/apply in ./rpc-requestor folder. -------------------------------------------------------------------------------- /examples/remote-peering-connections/rpc-acceptor/input.auto.tfvars.template: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | tenancy_ocid = "" 5 | user_ocid = "" 6 | fingerprint = "" 7 | private_key_path = "" 8 | private_key_password = "" 9 | region = "" 10 | 11 | network_configuration = { 12 | default_compartment_id = "" 13 | network_configuration_categories = { 14 | production = { 15 | non_vcn_specific_gateways = { 16 | dynamic_routing_gateways = { 17 | VISION-DRG = { 18 | display_name = "vision-drg" 19 | remote_peering_connections = { 20 | ACCEPTOR-RPC = { 21 | display_name = "acceptor-rpc" 22 | } 23 | } 24 | } 25 | } 26 | } 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /examples/remote-peering-connections/rpc-acceptor/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | module "rpc_acceptor" { 5 | source = "../../../" 6 | network_configuration = var.network_configuration 7 | } 8 | 9 | -------------------------------------------------------------------------------- /examples/remote-peering-connections/rpc-acceptor/outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | output "networking_resources" { 5 | description = "Networking resources" 6 | value = module.rpc_acceptor.provisioned_networking_resources 7 | } 8 | 9 | # This resource writes a file with select output as JSON content. This file can be used as a network dependency by another network configuration example that depends on RPCs managed by this example. 10 | resource "local_file" "network_output" { 11 | content = module.rpc_acceptor.provisioned_networking_resources != null ? jsonencode({ 12 | "remote_peering_connections" : {for k, v in module.rpc_acceptor.provisioned_networking_resources.remote_peering_connections : k => {"id" : v.id, "region_name" : var.region}} 13 | }) : null 14 | filename = "./vision-network.json" 15 | } -------------------------------------------------------------------------------- /examples/remote-peering-connections/rpc-acceptor/provider.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | provider "oci" { 5 | region = var.region 6 | tenancy_ocid = var.tenancy_ocid 7 | user_ocid = var.user_ocid 8 | fingerprint = var.fingerprint 9 | private_key_path = var.private_key_path 10 | private_key_password = var.private_key_password 11 | } 12 | 13 | terraform { 14 | required_version = ">= 1.3.0" 15 | 16 | required_providers { 17 | oci = { 18 | source = "oracle/oci" 19 | } 20 | } 21 | } -------------------------------------------------------------------------------- /examples/remote-peering-connections/rpc-acceptor/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | # tenancy details 5 | variable "tenancy_ocid" {} 6 | variable "user_ocid" {} 7 | variable "fingerprint" {} 8 | variable "private_key_path" {} 9 | variable "private_key_password" {} 10 | variable "region" {} 11 | 12 | variable "network_configuration" { 13 | type = any 14 | default = null 15 | } 16 | 17 | -------------------------------------------------------------------------------- /examples/remote-peering-connections/rpc-requestor/input.auto.tfvars.template: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | tenancy_ocid = "" 5 | user_ocid = "" 6 | fingerprint = "" 7 | private_key_path = "" 8 | private_key_password = "" 9 | region = "" 10 | 11 | network_configuration = { 12 | default_compartment_id = "" 13 | network_configuration_categories = { 14 | production = { 15 | non_vcn_specific_gateways = { 16 | dynamic_routing_gateways = { 17 | VISION-DRG = { 18 | display_name = "vision-drg" 19 | remote_peering_connections = { 20 | REQUESTOR-RPC = { 21 | display_name = "requestor-rpc" 22 | peer_key = "ACCEPTOR-RPC" 23 | } 24 | } 25 | } 26 | } 27 | } 28 | } 29 | } 30 | } -------------------------------------------------------------------------------- /examples/remote-peering-connections/rpc-requestor/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | module "rpc_requestor" { 5 | source = "../../../" 6 | network_configuration = var.network_configuration 7 | network_dependency = jsondecode(file("../rpc-acceptor/vision-network.json")) 8 | } 9 | 10 | -------------------------------------------------------------------------------- /examples/remote-peering-connections/rpc-requestor/outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | output "networking_resources" { 5 | description = "Networking resources" 6 | value = module.rpc_requestor.provisioned_networking_resources 7 | } -------------------------------------------------------------------------------- /examples/remote-peering-connections/rpc-requestor/provider.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | provider "oci" { 5 | region = var.region 6 | tenancy_ocid = var.tenancy_ocid 7 | user_ocid = var.user_ocid 8 | fingerprint = var.fingerprint 9 | private_key_path = var.private_key_path 10 | private_key_password = var.private_key_password 11 | } 12 | 13 | terraform { 14 | required_version = ">= 1.3.0" 15 | 16 | required_providers { 17 | oci = { 18 | source = "oracle/oci" 19 | } 20 | } 21 | } -------------------------------------------------------------------------------- /examples/remote-peering-connections/rpc-requestor/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | # tenancy details 5 | variable "tenancy_ocid" {} 6 | variable "user_ocid" {} 7 | variable "fingerprint" {} 8 | variable "private_key_path" {} 9 | variable "private_key_password" {} 10 | variable "region" {} 11 | 12 | variable "network_configuration" { 13 | type = any 14 | default = null 15 | } 16 | 17 | -------------------------------------------------------------------------------- /examples/simple-example/diagrams/SimpleNetworkingExample.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/terraform-oci-modules-networking/e61364faa87075b3294bd2973bc0e68963fe4c7f/examples/simple-example/diagrams/SimpleNetworkingExample.png -------------------------------------------------------------------------------- /examples/simple-example/main.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | module "terraform_oci_networking" { 11 | source = "../../" 12 | 13 | network_configuration = var.network_configuration 14 | } 15 | 16 | -------------------------------------------------------------------------------- /examples/simple-example/outputs.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Tue Dec 12 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | 11 | output "provisioned_networking_resources" { 12 | description = "Provisioned networking resources" 13 | value = module.terraform_oci_networking.provisioned_networking_resources 14 | } -------------------------------------------------------------------------------- /examples/simple-example/provider.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | provider "oci" { 11 | region = var.region 12 | tenancy_ocid = var.tenancy_ocid 13 | user_ocid = var.user_ocid 14 | fingerprint = var.fingerprint 15 | private_key_path = var.private_key_path 16 | private_key_password = var.private_key_password 17 | } 18 | 19 | terraform { 20 | required_version = ">= 1.3.0" 21 | 22 | required_providers { 23 | oci = { 24 | source = "oracle/oci" 25 | version = "<= 5.16.0" 26 | configuration_aliases = [oci] 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /examples/simple-example/terraform.tfvars.template: -------------------------------------------------------------------------------- 1 | # GETTING STARTED 2 | # 3 | # 1. Download and install TerraForm (https://www.terraform.io/downloads.html) 4 | # 2. Download and install the OCI TerraForm provider (https://github.com/oracle/terraform-provider-oci/) 5 | # 3. Make sure that you have an OCI API key setup 6 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm for directions on creating an API signing key 7 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/Identity/Tasks/managingcredentials.htm on how to manage API keys in the OCI UI or API 8 | # 4. Copy your tenancy OCID below (bottom part of OCI screen, after Tenancy OCID: heading) 9 | # 5. Copy your OCI user account OCID (login to OCI > Identity > Users) 10 | # 6. Copy the required API key fingerprint and private key path (below) 11 | # 7. Fill-in the full path to the SSH public and private keys (this can be used when creating new instances) 12 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/GSG/Tasks/creatingkeys.htm for directions on how to create this key pair 13 | # 14 | # HELPFUL URLs 15 | # * https://github.com/oracle/terraform-provider-oci/blob/master/docs/Table%20of%20Contents.md 16 | # 17 | 18 | # RUNNING TerraForm 19 | # 20 | # Once you've gone through the steps mentioned above, you need to populate your environment variables, by sourcing this file... steps are below: 21 | # 1. Modify this file (so it reflects your OCIDs, etc.) 22 | # 2. $ terraform init 23 | # You only have to do this once after installing or upgrading your TerraForm plugins 24 | # 3. $ terraform plan 25 | # This will show you what TerraForm might do if you applied it 26 | # 4. $ terraform apply 27 | 28 | # Get this from the bottom of the OCI screen (after logging in, after Tenancy ID: heading) 29 | tenancy_ocid=" Identity > Users (for your user account) 31 | user_ocid="" 32 | 33 | # the fingerprint can be gathered from your user account (OCI > Identity > Users > click your username > API Keys fingerprint (select it, copy it and paste it below)) 34 | fingerprint="" 35 | # this is the full path on your local system to the private key used for the API key pair 36 | private_key_path="" 37 | 38 | # region (us-phoenix-1, ca-toronto-1, etc) 39 | region="" 40 | -------------------------------------------------------------------------------- /examples/simple-no_vcn-oci-native-l7-lbaas-example/diagrams/public-lb.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/terraform-oci-modules-networking/e61364faa87075b3294bd2973bc0e68963fe4c7f/examples/simple-no_vcn-oci-native-l7-lbaas-example/diagrams/public-lb.png -------------------------------------------------------------------------------- /examples/simple-no_vcn-oci-native-l7-lbaas-example/main.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | module "terraform_oci_networking" { 11 | source = "../../" 12 | 13 | network_configuration = var.network_configuration 14 | } 15 | 16 | -------------------------------------------------------------------------------- /examples/simple-no_vcn-oci-native-l7-lbaas-example/outputs.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | 11 | output "provisioned_networking_resources" { 12 | description = "Provisioned networking resources" 13 | value = module.terraform_oci_networking.provisioned_networking_resources 14 | } -------------------------------------------------------------------------------- /examples/simple-no_vcn-oci-native-l7-lbaas-example/provider.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | provider "oci" { 11 | region = var.region 12 | tenancy_ocid = var.tenancy_ocid 13 | user_ocid = var.user_ocid 14 | fingerprint = var.fingerprint 15 | private_key_path = var.private_key_path 16 | private_key_password = var.private_key_password 17 | } 18 | 19 | terraform { 20 | required_version = ">= 1.3.0" 21 | 22 | required_providers { 23 | oci = { 24 | source = "oracle/oci" 25 | version = "<= 5.16.0" 26 | configuration_aliases = [oci] 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /examples/simple-no_vcn-oci-native-l7-lbaas-example/terraform.tfvars.template: -------------------------------------------------------------------------------- 1 | # GETTING STARTED 2 | # 3 | # 1. Download and install TerraForm (https://www.terraform.io/downloads.html) 4 | # 2. Download and install the OCI TerraForm provider (https://github.com/oracle/terraform-provider-oci/) 5 | # 3. Make sure that you have an OCI API key setup 6 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm for directions on creating an API signing key 7 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/Identity/Tasks/managingcredentials.htm on how to manage API keys in the OCI UI or API 8 | # 4. Copy your tenancy OCID below (bottom part of OCI screen, after Tenancy OCID: heading) 9 | # 5. Copy your OCI user account OCID (login to OCI > Identity > Users) 10 | # 6. Copy the required API key fingerprint and private key path (below) 11 | # 7. Fill-in the full path to the SSH public and private keys (this can be used when creating new instances) 12 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/GSG/Tasks/creatingkeys.htm for directions on how to create this key pair 13 | # 14 | # HELPFUL URLs 15 | # * https://github.com/oracle/terraform-provider-oci/blob/master/docs/Table%20of%20Contents.md 16 | # 17 | 18 | # RUNNING TerraForm 19 | # 20 | # Once you've gone through the steps mentioned above, you need to populate your environment variables, by sourcing this file... steps are below: 21 | # 1. Modify this file (so it reflects your OCIDs, etc.) 22 | # 2. $ terraform init 23 | # You only have to do this once after installing or upgrading your TerraForm plugins 24 | # 3. $ terraform plan 25 | # This will show you what TerraForm might do if you applied it 26 | # 4. $ terraform apply 27 | 28 | # Get this from the bottom of the OCI screen (after logging in, after Tenancy ID: heading) 29 | tenancy_ocid=" Identity > Users (for your user account) 31 | user_ocid="" 32 | 33 | # the fingerprint can be gathered from your user account (OCI > Identity > Users > click your username > API Keys fingerprint (select it, copy it and paste it below)) 34 | fingerprint="" 35 | # this is the full path on your local system to the private key used for the API key pair 36 | private_key_path="" 37 | 38 | # region (us-phoenix-1, ca-toronto-1, etc) 39 | region="" 40 | -------------------------------------------------------------------------------- /examples/standard-vcn-oci-native-l7-lbaas-example/diagrams/public-lb.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/terraform-oci-modules-networking/e61364faa87075b3294bd2973bc0e68963fe4c7f/examples/standard-vcn-oci-native-l7-lbaas-example/diagrams/public-lb.png -------------------------------------------------------------------------------- /examples/standard-vcn-oci-native-l7-lbaas-example/main.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | module "terraform_oci_networking" { 11 | source = "../../" 12 | 13 | network_configuration = var.network_configuration 14 | } 15 | 16 | -------------------------------------------------------------------------------- /examples/standard-vcn-oci-native-l7-lbaas-example/outputs.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | 11 | output "provisioned_networking_resources" { 12 | description = "Provisioned networking resources" 13 | value = module.terraform_oci_networking.provisioned_networking_resources 14 | } -------------------------------------------------------------------------------- /examples/standard-vcn-oci-native-l7-lbaas-example/provider.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | provider "oci" { 5 | region = var.region 6 | tenancy_ocid = var.tenancy_ocid 7 | user_ocid = var.user_ocid 8 | fingerprint = var.fingerprint 9 | private_key_path = var.private_key_path 10 | private_key_password = var.private_key_password 11 | } 12 | 13 | terraform { 14 | required_version = ">= 1.3.0" 15 | 16 | required_providers { 17 | oci = { 18 | source = "oracle/oci" 19 | version = "<= 5.16.0" 20 | configuration_aliases = [oci] 21 | } 22 | } 23 | } -------------------------------------------------------------------------------- /examples/standard-vcn-oci-native-l7-lbaas-example/terraform.tfvars.template: -------------------------------------------------------------------------------- 1 | # GETTING STARTED 2 | # 3 | # 1. Download and install TerraForm (https://www.terraform.io/downloads.html) 4 | # 2. Download and install the OCI TerraForm provider (https://github.com/oracle/terraform-provider-oci/) 5 | # 3. Make sure that you have an OCI API key setup 6 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm for directions on creating an API signing key 7 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/Identity/Tasks/managingcredentials.htm on how to manage API keys in the OCI UI or API 8 | # 4. Copy your tenancy OCID below (bottom part of OCI screen, after Tenancy OCID: heading) 9 | # 5. Copy your OCI user account OCID (login to OCI > Identity > Users) 10 | # 6. Copy the required API key fingerprint and private key path (below) 11 | # 7. Fill-in the full path to the SSH public and private keys (this can be used when creating new instances) 12 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/GSG/Tasks/creatingkeys.htm for directions on how to create this key pair 13 | # 14 | # HELPFUL URLs 15 | # * https://github.com/oracle/terraform-provider-oci/blob/master/docs/Table%20of%20Contents.md 16 | # 17 | 18 | # RUNNING TerraForm 19 | # 20 | # Once you've gone through the steps mentioned above, you need to populate your environment variables, by sourcing this file... steps are below: 21 | # 1. Modify this file (so it reflects your OCIDs, etc.) 22 | # 2. $ terraform init 23 | # You only have to do this once after installing or upgrading your TerraForm plugins 24 | # 3. $ terraform plan 25 | # This will show you what TerraForm might do if you applied it 26 | # 4. $ terraform apply 27 | 28 | # Get this from the bottom of the OCI screen (after logging in, after Tenancy ID: heading) 29 | tenancy_ocid=" Identity > Users (for your user account) 31 | user_ocid="" 32 | 33 | # the fingerprint can be gathered from your user account (OCI > Identity > Users > click your username > API Keys fingerprint (select it, copy it and paste it below)) 34 | fingerprint="" 35 | # this is the full path on your local system to the private key used for the API key pair 36 | private_key_path="" 37 | 38 | # region (us-phoenix-1, ca-toronto-1, etc) 39 | region="" 40 | -------------------------------------------------------------------------------- /examples/vision/.gitignore: -------------------------------------------------------------------------------- 1 | **/*.rem 2 | **/*.nopub 3 | **/*.tfvars 4 | **/*.json -------------------------------------------------------------------------------- /examples/vision/README.md: -------------------------------------------------------------------------------- 1 | # Networking Vision Example 2 | 3 | ## Introduction 4 | 5 | This example shows how to deploy core VCN resources in OCI using the [OCI Landing Zone Networking module](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking). 6 | 7 | It deploys one basic three-tier VCN with the following resources: 8 | 9 | - three subnets: public LBR, private app, and private database; 10 | - three route tables, one to each subnet; 11 | - four network security groups, including a Bastion network security group to allow SSH connections to private subnets; 12 | - one Internet Gateway; 13 | - one NAT Gateway; 14 | - one Service Gateway. 15 | 16 | The example outputs a file named *vision-network.json*, with select resources (VCNs) that can be further used as a dependency in another network configuration example that requires resources managed by this configuration example. 17 | See [external-dependency](../external-dependency/) example. 18 | 19 | See [input.auto.tfvars.template](./input.auto.tfvars.template) for the network configuration. 20 | 21 | See [module's README.md](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking/blob/main/README.md) for overall attributes usage. 22 | 23 | ## Using this example 24 | 1. Rename *input.auto.tfvars.template* to *\.auto.tfvars*, where *\* is any name of your choice. 25 | 26 | 2. Within *\.auto.tfvars*, provide tenancy connectivity information and adjust the input variables, by making the appropriate substitutions: 27 | - Replace *\* placeholder with the network compartment OCID where the VCN is created. 28 | - Replace *\* placeholder with the CIDR range allowed to SSH into the Bastion Network Security Group. 29 | 30 | 3. In this folder, run the typical Terraform workflow: 31 | ``` 32 | terraform init 33 | terraform plan -out plan.out 34 | terraform apply plan.out 35 | ``` -------------------------------------------------------------------------------- /examples/vision/main.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | module "vision_network" { 5 | #source = "github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking?ref=release-0.6.5" 6 | source = "../../" 7 | network_configuration = var.network_configuration 8 | tenancy_ocid = var.tenancy_ocid 9 | } -------------------------------------------------------------------------------- /examples/vision/outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | output "vision_network" { 5 | value = module.vision_network.provisioned_networking_resources 6 | } 7 | 8 | # This resource writes a file with select output as JSON content. This file can be used as a network dependency by another network configuration example that depends on VCNs or DRGs managed by this example. 9 | resource "local_file" "network_output" { 10 | content = module.vision_network.provisioned_networking_resources != null ? jsonencode({ 11 | "vcns" : {for k, v in module.vision_network.provisioned_networking_resources.vcns : k => {"id" : v.id}}, 12 | "dynamic_routing_gateways" : {for k, v in module.vision_network.provisioned_networking_resources.dynamic_routing_gateways : k => {"id" : v.id}}, 13 | "subnets" : {for k, v in module.vision_network.provisioned_networking_resources.subnets : k => {"id" : v.id}} 14 | "network_security_groups" : {for k, v in module.vision_network.provisioned_networking_resources.network_security_groups : k => {"id" : v.id}} 15 | }) : null 16 | filename = "./vision-network.json" 17 | } 18 | -------------------------------------------------------------------------------- /examples/vision/providers.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | provider "oci" { 5 | region = var.region 6 | tenancy_ocid = var.tenancy_ocid 7 | user_ocid = var.user_ocid 8 | fingerprint = var.fingerprint 9 | private_key_path = var.private_key_path 10 | private_key_password = var.private_key_password 11 | ignore_defined_tags = ["Oracle-Tags.CreatedBy", "Oracle-Tags.CreatedOn"] 12 | } 13 | 14 | terraform { 15 | required_version = ">= 1.3.0" 16 | required_providers { 17 | oci = { 18 | source = "oracle/oci" 19 | } 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /examples/vision/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | variable "tenancy_ocid" {} 5 | variable "region" {description = "Your tenancy home region"} 6 | variable "user_ocid" {default = ""} 7 | variable "fingerprint" {default = ""} 8 | variable "private_key_path" {default = ""} 9 | variable "private_key_password" {default = ""} 10 | 11 | variable "network_configuration" { 12 | type = any 13 | } 14 | -------------------------------------------------------------------------------- /images/RouteTables-CycleGraph-Fix-Algorithm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/terraform-oci-modules-networking/e61364faa87075b3294bd2973bc0e68963fe4c7f/images/RouteTables-CycleGraph-Fix-Algorithm.png -------------------------------------------------------------------------------- /images/RouteTables-TF-GraphCycle-Issue.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/terraform-oci-modules-networking/e61364faa87075b3294bd2973bc0e68963fe4c7f/images/RouteTables-TF-GraphCycle-Issue.png -------------------------------------------------------------------------------- /images/landing_zone_300.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/terraform-oci-modules-networking/e61364faa87075b3294bd2973bc0e68963fe4c7f/images/landing_zone_300.png -------------------------------------------------------------------------------- /metadata.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | #-- Used to inform module and release number. 5 | locals { 6 | cislz_module_tag = {"ocilz-terraform-module" : fileexists("${path.module}/release.txt") ? "${var.module_name}/${file("${path.module}/release.txt")}" : "${var.module_name}"} 7 | } -------------------------------------------------------------------------------- /modules/l7_load_balancers/CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing to the Oracle Cloud Infrastructure Modules for Terraform 2 | 3 | _Copyright (c) 2020, Oracle and/or its affiliates._ 4 | 5 | _Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl._ 6 | 7 | Pull requests can be made under [The Oracle Contributor Agreement](https://www.oracle.com/technetwork/community/oca-486395.html) (OCA). 8 | 9 | For pull requests to be accepted, the bottom of your commit message must have the following line using your name and e-mail address as it appears in the OCA Signatories list. 10 | 11 | ``` 12 | Signed-off-by: Your Name 13 | ``` 14 | 15 | This can be automatically added to pull requests by committing with: 16 | 17 | ```sh 18 | git commit --signoff 19 | ``` 20 | 21 | Only pull requests from committers that can be verified as having signed the OCA can be accepted. -------------------------------------------------------------------------------- /modules/l7_load_balancers/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2020 Oracle and/or its affiliates. 2 | 3 | The Universal Permissive License (UPL), Version 1.0 4 | 5 | Subject to the condition set forth below, permission is hereby granted to any 6 | person obtaining a copy of this software, associated documentation and/or data 7 | (collectively the "Software"), free of charge and under any and all copyright 8 | rights in the Software, and any and all patent rights owned or freely 9 | licensable by each licensor hereunder covering either (i) the unmodified 10 | Software as contributed to or provided by such licensor, or (ii) the Larger 11 | Works (as defined below), to deal in both 12 | 13 | (a) the Software, and 14 | (b) any piece of software and/or hardware listed in the lrgrwrks.txt file if 15 | one is included with the Software (each a "Larger Work" to which the Software 16 | is contributed by such licensors), 17 | 18 | without restriction, including without limitation the rights to copy, create 19 | derivative works of, display, perform, and distribute the Software and make, 20 | use, sell, offer for sale, import, export, have made, and have sold the 21 | Software and the Larger Work(s), and to sublicense the foregoing rights on 22 | either these or other terms. 23 | 24 | This license is subject to the following condition: 25 | 26 | The above copyright notice and either this complete permission notice or at a 27 | minimum a reference to the UPL must be included in all copies or substantial 28 | portions of the Software. 29 | 30 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 31 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 32 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 33 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 34 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 35 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 36 | SOFTWARE. -------------------------------------------------------------------------------- /modules/l7_load_balancers/RELEASE-NOTES.md: -------------------------------------------------------------------------------- 1 | # June 23, 2023 Release Notes - 0.5.3 2 | ## Added 3 | 1. Add the L7 LBaaS Module 4 | 5 | # March 21, 2023 Release Notes - 0.1.0 6 | ## Added 7 | 1. [Initial Release](#0-1-0-initial) 8 | ### Initial Release 9 | Module for networking. -------------------------------------------------------------------------------- /modules/l7_load_balancers/examples/simple-lbaas-on-existing-vcn/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2020 Oracle and/or its affiliates. 2 | 3 | The Universal Permissive License (UPL), Version 1.0 4 | 5 | Subject to the condition set forth below, permission is hereby granted to any 6 | person obtaining a copy of this software, associated documentation and/or data 7 | (collectively the "Software"), free of charge and under any and all copyright 8 | rights in the Software, and any and all patent rights owned or freely 9 | licensable by each licensor hereunder covering either (i) the unmodified 10 | Software as contributed to or provided by such licensor, or (ii) the Larger 11 | Works (as defined below), to deal in both 12 | 13 | (a) the Software, and 14 | (b) any piece of software and/or hardware listed in the lrgrwrks.txt file if 15 | one is included with the Software (each a "Larger Work" to which the Software 16 | is contributed by such licensors), 17 | 18 | without restriction, including without limitation the rights to copy, create 19 | derivative works of, display, perform, and distribute the Software and make, 20 | use, sell, offer for sale, import, export, have made, and have sold the 21 | Software and the Larger Work(s), and to sublicense the foregoing rights on 22 | either these or other terms. 23 | 24 | This license is subject to the following condition: 25 | 26 | The above copyright notice and either this complete permission notice or at a 27 | minimum a reference to the UPL must be included in all copies or substantial 28 | portions of the Software. 29 | 30 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 31 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 32 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 33 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 34 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 35 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 36 | SOFTWARE. -------------------------------------------------------------------------------- /modules/l7_load_balancers/examples/simple-lbaas-on-existing-vcn/diagrams/public-lb.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/terraform-oci-modules-networking/e61364faa87075b3294bd2973bc0e68963fe4c7f/modules/l7_load_balancers/examples/simple-lbaas-on-existing-vcn/diagrams/public-lb.png -------------------------------------------------------------------------------- /modules/l7_load_balancers/examples/simple-lbaas-on-existing-vcn/outputs.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | 11 | output "provisioned_l7_load_balancers" { 12 | description = "Provisioned L7 Application Load Balancers" 13 | value = module.l7_load_balancers.provisioned_l7_load_balancers 14 | } -------------------------------------------------------------------------------- /modules/l7_load_balancers/examples/simple-lbaas-on-existing-vcn/provider.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | provider "oci" { 11 | region = var.region 12 | tenancy_ocid = var.tenancy_ocid 13 | user_ocid = var.user_ocid 14 | fingerprint = var.fingerprint 15 | private_key_path = var.private_key_path 16 | } 17 | 18 | terraform { 19 | required_version = ">= 1.3.0" 20 | 21 | required_providers { 22 | oci = { 23 | source = "oracle/oci" 24 | version = "<= 5.16.0" 25 | configuration_aliases = [oci] 26 | } 27 | } 28 | } -------------------------------------------------------------------------------- /modules/l7_load_balancers/examples/simple-lbaas-on-existing-vcn/terraform.tfvars.template: -------------------------------------------------------------------------------- 1 | # GETTING STARTED 2 | # 3 | # 1. Download and install TerraForm (https://www.terraform.io/downloads.html) 4 | # 2. Download and install the OCI TerraForm provider (https://github.com/oracle/terraform-provider-oci/) 5 | # 3. Make sure that you have an OCI API key setup 6 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/API/Concepts/apisigningkey.htm for directions on creating an API signing key 7 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/Identity/Tasks/managingcredentials.htm on how to manage API keys in the OCI UI or API 8 | # 4. Copy your tenancy OCID below (bottom part of OCI screen, after Tenancy OCID: heading) 9 | # 5. Copy your OCI user account OCID (login to OCI > Identity > Users) 10 | # 6. Copy the required API key fingerprint and private key path (below) 11 | # 7. Fill-in the full path to the SSH public and private keys (this can be used when creating new instances) 12 | # See https://docs.us-phoenix-1.oraclecloud.com/Content/GSG/Tasks/creatingkeys.htm for directions on how to create this key pair 13 | # 14 | # HELPFUL URLs 15 | # * https://github.com/oracle/terraform-provider-oci/blob/master/docs/Table%20of%20Contents.md 16 | # 17 | 18 | # RUNNING TerraForm 19 | # 20 | # Once you've gone through the steps mentioned above, you need to populate your environment variables, by sourcing this file... steps are below: 21 | # 1. Modify this file (so it reflects your OCIDs, etc.) 22 | # 2. $ terraform init 23 | # You only have to do this once after installing or upgrading your TerraForm plugins 24 | # 3. $ terraform plan 25 | # This will show you what TerraForm might do if you applied it 26 | # 4. $ terraform apply 27 | 28 | # Get this from the bottom of the OCI screen (after logging in, after Tenancy ID: heading) 29 | tenancy_ocid=" Identity > Users (for your user account) 31 | user_ocid="" 32 | 33 | # the fingerprint can be gathered from your user account (OCI > Identity > Users > click your username > API Keys fingerprint (select it, copy it and paste it below)) 34 | fingerprint="" 35 | # this is the full path on your local system to the private key used for the API key pair 36 | private_key_path="" 37 | 38 | # region (us-phoenix-1, ca-toronto-1, etc) 39 | region="" 40 | -------------------------------------------------------------------------------- /modules/l7_load_balancers/images/l7_load_balancer_diagram.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/oci-landing-zones/terraform-oci-modules-networking/e61364faa87075b3294bd2973bc0e68963fe4c7f/modules/l7_load_balancers/images/l7_load_balancer_diagram.jpeg -------------------------------------------------------------------------------- /modules/l7_load_balancers/l7_lb_back_ends.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | locals { 11 | one_dimension_processed_l7_lb_backends = local.one_dimension_processed_l7_lb_backend_sets != null ? length(local.one_dimension_processed_l7_lb_backend_sets) > 0 ? { 12 | for flat_backend in flatten([ 13 | for l7lb_bes_key, l7lb_bes_value in local.one_dimension_processed_l7_lb_backend_sets : l7lb_bes_value.backends != null ? length(l7lb_bes_value.backends) > 0 ? [ 14 | for l7lb_be_key, l7lb_be_value in l7lb_bes_value.backends : { 15 | backendset_name = local.provisioned_l7_lbs_backend_sets[l7lb_bes_key].name 16 | ip_address = l7lb_be_value.ip_address 17 | load_balancer_id = l7lb_bes_value.l7lb_id 18 | port = l7lb_be_value.port 19 | backup = l7lb_be_value.backup 20 | drain = l7lb_be_value.drain 21 | offline = l7lb_be_value.offline 22 | weight = l7lb_be_value.weight 23 | l7lb_name = l7lb_bes_value.l7lb_name 24 | l7lb_id = l7lb_bes_value.l7lb_id 25 | l7lb_key = l7lb_bes_value.l7lb_key 26 | network_configuration_category = l7lb_bes_value.network_configuration_category 27 | l7lb_be_key = l7lb_be_key 28 | l7lb_bes_key = l7lb_bes_key 29 | } 30 | ] : [] : [] 31 | ]) : flat_backend.l7lb_be_key => flat_backend 32 | } : null : null 33 | 34 | provisioned_l7_lb_backends = { 35 | for l7lb_be_key, l7lb_be_value in oci_load_balancer_backend.these : l7lb_be_key => { 36 | backendset_name = l7lb_be_value.backendset_name 37 | backendset_key = local.one_dimension_processed_l7_lb_backends[l7lb_be_key].l7lb_bes_key 38 | backup = l7lb_be_value.backup 39 | drain = l7lb_be_value.drain 40 | id = l7lb_be_value.id 41 | ip_address = l7lb_be_value.ip_address 42 | load_balancer_id = l7lb_be_value.load_balancer_id 43 | name = l7lb_be_value.name 44 | offline = l7lb_be_value.offline 45 | port = l7lb_be_value.port 46 | state = l7lb_be_value.state 47 | timeouts = l7lb_be_value.timeouts 48 | weight = l7lb_be_value.weight 49 | network_configuration_category = local.one_dimension_processed_l7_lb_backends[l7lb_be_key].network_configuration_category 50 | l7lb_name = local.one_dimension_processed_l7_lb_backends[l7lb_be_key].l7lb_name 51 | l7lb_id = local.one_dimension_processed_l7_lb_backends[l7lb_be_key].l7lb_id 52 | l7lb_key = local.one_dimension_processed_l7_lb_backends[l7lb_be_key].l7lb_key 53 | } 54 | } 55 | } 56 | 57 | resource "oci_load_balancer_backend" "these" { 58 | for_each = local.one_dimension_processed_l7_lb_backends != null ? local.one_dimension_processed_l7_lb_backends : {} 59 | #Required 60 | backendset_name = each.value.backendset_name 61 | ip_address = each.value.ip_address 62 | load_balancer_id = each.value.load_balancer_id 63 | port = each.value.port 64 | 65 | #Optional 66 | backup = each.value.backup 67 | drain = each.value.drain 68 | offline = each.value.offline 69 | weight = each.value.weight 70 | } -------------------------------------------------------------------------------- /modules/l7_load_balancers/l7_lb_cipher_suites.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | locals { 11 | one_dimension_processed_l7_lb_cipher_suites = local.one_dimension_processed_l7_load_balancers != null ? length(local.one_dimension_processed_l7_load_balancers) > 0 ? { 12 | for flat_cipher_suite in flatten([ 13 | for l7lb_key, l7lb_value in local.one_dimension_processed_l7_load_balancers : l7lb_value.cipher_suites != null ? length(l7lb_value.cipher_suites) > 0 ? [ 14 | for l7lb_cs_key, l7lb_cs_value in l7lb_value.cipher_suites : { 15 | load_balancer_id = local.provisioned_l7_lbs[l7lb_key].id 16 | name = l7lb_cs_value.name 17 | ciphers = l7lb_cs_value.ciphers, 18 | l7lb_cs_key = l7lb_cs_key 19 | l7lb_name = l7lb_value.display_name 20 | l7lb_id = local.provisioned_l7_lbs[l7lb_key].id 21 | l7lb_key = l7lb_key 22 | network_configuration_category = l7lb_value.network_configuration_category 23 | } 24 | ] : [] : [] 25 | ]) : flat_cipher_suite.l7lb_cs_key => flat_cipher_suite 26 | } : null : null 27 | 28 | provisioned_l7_lbs_cipher_suites = { 29 | for l7lb_cs_key, l7lb_cs_value in oci_load_balancer_ssl_cipher_suite.these : l7lb_cs_key => { 30 | ciphers = l7lb_cs_value.ciphers, 31 | id = l7lb_cs_value.id 32 | load_balancer_id = l7lb_cs_value.load_balancer_id 33 | l7lb_name = local.one_dimension_processed_l7_lb_cipher_suites[l7lb_cs_key].l7lb_name 34 | l7lb_id = local.one_dimension_processed_l7_lb_cipher_suites[l7lb_cs_key].l7lb_id 35 | l7lb_key = local.one_dimension_processed_l7_lb_cipher_suites[l7lb_cs_key].l7lb_key 36 | name = l7lb_cs_value.name 37 | state = l7lb_cs_value.state 38 | timeouts = l7lb_cs_value.timeouts 39 | l7lb_cs_key = l7lb_cs_key 40 | network_configuration_category = local.one_dimension_processed_l7_lb_cipher_suites[l7lb_cs_key].network_configuration_category 41 | } 42 | } 43 | } 44 | 45 | resource "oci_load_balancer_ssl_cipher_suite" "these" { 46 | for_each = local.one_dimension_processed_l7_lb_cipher_suites != null ? local.one_dimension_processed_l7_lb_cipher_suites : {} 47 | #Required 48 | ciphers = each.value.ciphers 49 | load_balancer_id = each.value.load_balancer_id 50 | name = each.value.name 51 | } -------------------------------------------------------------------------------- /modules/l7_load_balancers/l7_lb_host_names.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | locals { 11 | one_dimension_processed_l7_lb_host_names = local.one_dimension_processed_l7_load_balancers != null ? length(local.one_dimension_processed_l7_load_balancers) > 0 ? { 12 | for flat_hostname in flatten([ 13 | for l7lb_key, l7lb_value in local.one_dimension_processed_l7_load_balancers : l7lb_value.host_names != null ? length(l7lb_value.host_names) > 0 ? [ 14 | for l7lb_hostname_key, l7lb_hostname_value in l7lb_value.host_names : { 15 | load_balancer_id = local.provisioned_l7_lbs[l7lb_key].id, 16 | name = l7lb_hostname_value.name, 17 | l7lb_hostname_key = l7lb_hostname_key, 18 | hostname = l7lb_hostname_value.hostname, 19 | l7lb_name = l7lb_value.display_name, 20 | l7lb_id = local.provisioned_l7_lbs[l7lb_key].id, 21 | l7lb_key = l7lb_key, 22 | network_configuration_category = l7lb_value.network_configuration_category 23 | } 24 | ] : [] : [] 25 | ]) : flat_hostname.l7lb_hostname_key => flat_hostname 26 | } : null : null 27 | 28 | provisioned_l7_lbs_hostnames = { 29 | for l7lb_hostname_key, l7lb_hostname_value in oci_load_balancer_hostname.these : l7lb_hostname_key => { 30 | hostname = l7lb_hostname_value.hostname 31 | id = l7lb_hostname_value.id 32 | l7lb_hostname_key = l7lb_hostname_key 33 | load_balancer_id = l7lb_hostname_value.load_balancer_id 34 | l7lb_name = local.one_dimension_processed_l7_lb_host_names[l7lb_hostname_key].l7lb_name 35 | l7lb_id = local.one_dimension_processed_l7_lb_host_names[l7lb_hostname_key].l7lb_id 36 | l7lb_key = local.one_dimension_processed_l7_lb_host_names[l7lb_hostname_key].l7lb_key 37 | name = l7lb_hostname_value.name 38 | state = l7lb_hostname_value.state 39 | timeouts = l7lb_hostname_value.timeouts 40 | network_configuration_category = local.one_dimension_processed_l7_lb_host_names[l7lb_hostname_key].network_configuration_category 41 | } 42 | } 43 | } 44 | 45 | resource "oci_load_balancer_hostname" "these" { 46 | for_each = local.one_dimension_processed_l7_lb_host_names != null ? local.one_dimension_processed_l7_lb_host_names : {} 47 | #Required 48 | hostname = each.value.hostname 49 | load_balancer_id = each.value.load_balancer_id 50 | name = each.value.name 51 | 52 | #Optional 53 | lifecycle { 54 | create_before_destroy = true 55 | } 56 | } -------------------------------------------------------------------------------- /modules/l7_load_balancers/l7_lb_path_route_sets.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | locals { 11 | one_dimension_processed_l7_lb_path_route_sets = local.one_dimension_processed_l7_load_balancers != null ? length(local.one_dimension_processed_l7_load_balancers) > 0 ? { 12 | for flat_path_route_set in flatten([ 13 | for l7lb_key, l7lb_value in local.one_dimension_processed_l7_load_balancers : l7lb_value.path_route_sets != null ? length(l7lb_value.path_route_sets) > 0 ? [ 14 | for l7lb_prs_key, l7lb_prs_value in l7lb_value.path_route_sets : { 15 | load_balancer_id = local.provisioned_l7_lbs[l7lb_key].id, 16 | name = l7lb_prs_value.name, 17 | l7lb_prs_key = l7lb_prs_key, 18 | path_routes = l7lb_prs_value.path_routes, 19 | l7lb_name = l7lb_value.display_name, 20 | l7lb_id = local.provisioned_l7_lbs[l7lb_key].id, 21 | l7lb_key = l7lb_key, 22 | network_configuration_category = l7lb_value.network_configuration_category 23 | } 24 | ] : [] : [] 25 | ]) : flat_path_route_set.l7lb_prs_key => flat_path_route_set 26 | } : null : null 27 | 28 | provisioned_l7_lbs_path_route_sets = { 29 | for l7lb_prs_key, l7lb_prs_value in oci_load_balancer_path_route_set.these : l7lb_prs_key => { 30 | id = l7lb_prs_value.id 31 | load_balancer_id = l7lb_prs_value.load_balancer_id 32 | l7lb_name = local.one_dimension_processed_l7_lb_path_route_sets[l7lb_prs_key].l7lb_name 33 | l7lb_id = local.one_dimension_processed_l7_lb_path_route_sets[l7lb_prs_key].l7lb_id 34 | l7lb_key = local.one_dimension_processed_l7_lb_path_route_sets[l7lb_prs_key].l7lb_key 35 | name = l7lb_prs_value.name 36 | path_routes = l7lb_prs_value.path_routes 37 | state = l7lb_prs_value.state 38 | timeouts = l7lb_prs_value.timeouts 39 | l7lb_prs_key = l7lb_prs_key 40 | network_configuration_category = local.one_dimension_processed_l7_lb_path_route_sets[l7lb_prs_key].network_configuration_category 41 | } 42 | } 43 | } 44 | 45 | resource "oci_load_balancer_path_route_set" "these" { 46 | for_each = local.one_dimension_processed_l7_lb_path_route_sets != null ? local.one_dimension_processed_l7_lb_path_route_sets : {} 47 | #Required 48 | load_balancer_id = each.value.load_balancer_id 49 | name = each.value.name 50 | 51 | dynamic "path_routes" { 52 | for_each = each.value.path_routes != null ? length(each.value.path_routes) > 0 ? each.value.path_routes : {} : {} 53 | #Required 54 | content { 55 | backend_set_name = local.provisioned_l7_lbs_backend_sets[path_routes.value.backend_set_key].name 56 | path = path_routes.value.path 57 | path_match_type { 58 | match_type = path_routes.value.path_match_type.match_type 59 | } 60 | } 61 | } 62 | } -------------------------------------------------------------------------------- /modules/l7_load_balancers/metadata.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | #-- Used to inform module and release number. 5 | locals { 6 | cislz_module_tag = {"ocilz-terraform-module" : fileexists("${path.module}/../../release.txt") ? "${var.module_name}/${file("${path.module}/../../release.txt")}" : "${var.module_name}"} 7 | } -------------------------------------------------------------------------------- /modules/l7_load_balancers/outputs.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | output "provisioned_l7_load_balancers" { 11 | description = "Provisioned l7_load_balancers" 12 | value = { 13 | l7_load_balancers = local.provisioned_l7_lbs 14 | l7_lb_backend_sets = local.provisioned_l7_lbs_backend_sets 15 | l7_lb_back_ends = local.provisioned_l7_lb_backends 16 | l7_lb_cipher_suites = local.provisioned_l7_lbs_cipher_suites 17 | l7_lb_path_route_sets = local.provisioned_l7_lbs_path_route_sets 18 | l7_lb_hostnames = local.provisioned_l7_lbs_hostnames 19 | l7_lb_routing_policies = local.provisioned_l7_lbs_path_routing_policies 20 | l7_lb_rule_sets = local.provisioned_l7_lbs_path_rule_sets 21 | l7_lb_certificates = local.provisioned_l7_lbs_certificates 22 | l7_lb_listeners = local.provisioned_l7_lb_listeners 23 | } 24 | } -------------------------------------------------------------------------------- /modules/l7_load_balancers/providers.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | terraform { 11 | required_version = ">= 1.3.0" 12 | required_providers { 13 | oci = { 14 | source = "oracle/oci" 15 | } 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /modules/nlb/.gitignore: -------------------------------------------------------------------------------- 1 | **/*.tfvars -------------------------------------------------------------------------------- /modules/nlb/examples/vision/input.auto.tfvars.template: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | #--------------------------------------------------------------------------------------------------------------------- 5 | # 1. Rename this file to .auto.tfvars, where is a name of your choice. 6 | # 2. Provide values for "Tenancy Connectivity Variables". 7 | # 3. Replace placeholders with appropriate values. 8 | #---------------------------------------------------------------------------------------------------------------------- 9 | 10 | #--------------------------------------- 11 | # Tenancy Connectivity Variables 12 | #--------------------------------------- 13 | 14 | tenancy_ocid = "" # Get this from OCI Console (after logging in, go to top-right-most menu item and click option "Tenancy: "). 15 | user_ocid = "" # Get this from OCI Console (after logging in, go to top-right-most menu item and click option "My profile"). 16 | fingerprint = "" # The fingerprint can be gathered from your user account. In the "My profile page, click "API keys" on the menu in left hand side. 17 | private_key_path = "" # This is the full path on your local system to the API signing private key. 18 | private_key_password = "" # This is the password that protects the private key, if any. 19 | region = "" # This is your tenancy home region. 20 | 21 | 22 | #--------------------------------------- 23 | # Input variable 24 | #--------------------------------------- 25 | 26 | nlb_configuration = { 27 | default_compartment_id = "" 28 | default_subnet_id = "" 29 | nlbs = { 30 | VISION-NLB = { 31 | display_name = "vision-nlb" 32 | is_private = true 33 | security = { 34 | zpr_attributes = {namespace = "", attr_name = "", attr_value = ""} 35 | } 36 | listeners = { 37 | LISTENER-1 = { 38 | port = "" 39 | protocol = "TCP" 40 | backend_set = { 41 | name = "default-backend-set" 42 | #is_preserve_source = false # To Disable NLB preserves the source IP of the packet when it is forwarded to backend 43 | health_checker = { 44 | protocol = "TCP" 45 | } 46 | backends = { 47 | BACKEND-1 = { 48 | name = "backend-1" 49 | port = "" 50 | ip_address = "" 51 | } 52 | BACKEND-2 = { 53 | name = "backend-2" 54 | port = "" 55 | ip_address = "" 56 | } 57 | } 58 | } 59 | } 60 | } 61 | } 62 | } 63 | } -------------------------------------------------------------------------------- /modules/nlb/examples/vision/main.tf: -------------------------------------------------------------------------------- 1 | 2 | # Copyright (c) 2023 Oracle and/or its affiliates. 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 4 | 5 | module "vision_nlbs" { 6 | source = "../.." 7 | nlb_configuration = var.nlb_configuration 8 | } 9 | -------------------------------------------------------------------------------- /modules/nlb/examples/vision/outputs.tf: -------------------------------------------------------------------------------- 1 | 2 | # Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 4 | 5 | output "nlbs" { 6 | description = "The NLBs" 7 | value = module.vision_nlbs.nlbs 8 | } 9 | 10 | output "nlbs_primary_private_ips" { 11 | description = "The NLBs primary private IP addresses." 12 | value = module.vision_nlbs.nlbs_primary_private_ips 13 | } 14 | 15 | output "nlbs_public_ips" { 16 | description = "The NLBs public IP addresses." 17 | value = module.vision_nlbs.nlbs_public_ips 18 | } 19 | -------------------------------------------------------------------------------- /modules/nlb/examples/vision/providers.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | provider "oci" { 5 | region = var.region 6 | tenancy_ocid = var.tenancy_ocid 7 | user_ocid = var.user_ocid 8 | fingerprint = var.fingerprint 9 | private_key_path = var.private_key_path 10 | private_key_password = var.private_key_password 11 | } 12 | 13 | terraform { 14 | required_version = ">= 1.3.0" 15 | required_providers { 16 | oci = { 17 | source = "oracle/oci" 18 | } 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /modules/nlb/examples/vision/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | variable "tenancy_ocid" {} 5 | variable "region" { description = "Your tenancy region" } 6 | variable "user_ocid" { default = "" } 7 | variable "fingerprint" { default = "" } 8 | variable "private_key_path" { default = "" } 9 | variable "private_key_password" { default = "" } 10 | 11 | variable "nlb_configuration" { 12 | type = any 13 | default = {} 14 | } -------------------------------------------------------------------------------- /modules/nlb/metadata.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | #-- Used to inform module and release number. 5 | locals { 6 | cislz_module_tag = {"ocilz-terraform-module" : fileexists("${path.module}/../release.txt") ? "${var.module_name}/${file("${path.module}/../release.txt")}" : "${var.module_name}"} 7 | } -------------------------------------------------------------------------------- /modules/nlb/outputs.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | output "nlbs" { 5 | description = "The Network Load Balancers (NLBs)." 6 | value = var.enable_output ? oci_network_load_balancer_network_load_balancer.these : null 7 | } 8 | 9 | output "nlb_listeners" { 10 | description = "The NLB listeners." 11 | value = var.enable_output ? oci_network_load_balancer_listener.these : null 12 | } 13 | 14 | output "nlb_backend_sets" { 15 | description = "The NLB backend sets." 16 | value = var.enable_output ? oci_network_load_balancer_backend_set.these : null 17 | } 18 | 19 | output "nlb_backends" { 20 | description = "The NLB backends." 21 | value = var.enable_output ? oci_network_load_balancer_backend.these : null 22 | } 23 | 24 | output "nlbs_primary_private_ips" { 25 | description = "The NLBs primary private IP addresses." 26 | value = data.oci_core_private_ips.these 27 | } 28 | 29 | output "nlbs_public_ips" { 30 | description = "The NLBs public IP addresses." 31 | value = data.oci_core_public_ip.these 32 | } 33 | -------------------------------------------------------------------------------- /modules/nlb/providers.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | terraform { 5 | required_version = ">= 1.3.0" 6 | required_providers { 7 | oci = { 8 | source = "oracle/oci" 9 | } 10 | } 11 | } -------------------------------------------------------------------------------- /modules/vtap/examples/input.auto.tfvars.template: -------------------------------------------------------------------------------- 1 | #--------------------------------------- 2 | # Tenancy Connectivity Variables 3 | #--------------------------------------- 4 | 5 | # tenancy_ocid = "" # Get this from OCI Console (after logging in, go to top-right-most menu item and click option "Tenancy: "). 6 | # user_ocid = "" # Get this from OCI Console (after logging in, go to top-right-most menu item and click option "My profile"). 7 | # fingerprint = "" # The fingerprint can be gathered from your user account. In the "My profile page, click "API keys" on the menu in left hand side. 8 | # private_key_path = "" # This is the full path on your local system to the API signing private key. 9 | # private_key_password = "" # This is the password that protects the private key, if any. 10 | # region = "" # The region name. 11 | 12 | #--------------------------------------- 13 | # Input variable 14 | #--------------------------------------- 15 | vtaps_configuration = { 16 | default_compartment_id = "" 17 | 18 | capture_filters = { 19 | DEFAULT-CAPTURE-FILTER = { 20 | filter_type = "VTAP" 21 | display_name = "" 22 | vtap_capture_filter_rules = { 23 | "allow-all" = { 24 | traffic_direction = "INGRESS" 25 | rule_action = "INCLUDE" 26 | } 27 | } 28 | } 29 | } 30 | 31 | network_load_balancers = { 32 | DEFAULT-NLB = { 33 | display_name = "" 34 | subnet_id = "" 35 | } 36 | } 37 | 38 | vtaps = { 39 | DEFAULT-VTAP = { 40 | source_type = "LOAD_BALANCER" 41 | source_id = "" 42 | vcn_id = "" 43 | display_name = "EXAMPLE-VTAP-DISPLAY-NAME" 44 | is_vtap_enabled = false 45 | target_type = "NETWORK_LOAD_BALANCER" 46 | target_id = "DEFAULT-NLB" # key of network load balancer 47 | capture_filter_id = "DEFAULT-CAPTURE-FILTER" # key of capture filter 48 | } 49 | } 50 | 51 | network_load_balancer_backend_sets = { 52 | DEFAULT-LB-BACKEND-SET = { 53 | name = "EXAMPLE-NLB-BACKEND-SET-DISPLAY-NAME" 54 | network_load_balancer_id = "DEFAULT-NLB" # key of network load balancer 55 | policy = "FIVE_TUPLE" 56 | protocol = "TCP" 57 | } 58 | } 59 | 60 | network_load_balancer_listeners = { 61 | DEFAULT-NLB-LISTENER = { 62 | default_backend_set_name = "DEFAULT-LB-BACKEND-SET" # key of network load balancer backend set 63 | listener_name = "EXAMPLE-NLB-LISTENER-NAME" 64 | network_load_balancer_id = "DEFAULT-NLB" # key of network load balancer 65 | port = "4789" 66 | protocol = "UDP" 67 | } 68 | } 69 | } -------------------------------------------------------------------------------- /modules/vtap/providers.tf: -------------------------------------------------------------------------------- 1 | # ###################################################################################################### # 2 | # Copyright (c) 2024 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | # ###################################################################################################### # 5 | 6 | terraform { 7 | required_version = ">= 1.3.0" 8 | required_providers { 9 | oci = { 10 | source = "oracle/oci" 11 | } 12 | } 13 | } -------------------------------------------------------------------------------- /modules/vtap/variables.tf: -------------------------------------------------------------------------------- 1 | # ###################################################################################################### # 2 | # Copyright (c) 2024 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | # ###################################################################################################### # 5 | 6 | 7 | variable "vtaps_configuration" { 8 | type = object({ 9 | default_compartment_id = optional(string) 10 | capture_filters = optional(map(object({ 11 | compartment_id = optional(string) 12 | filter_type = string 13 | display_name = optional(string) 14 | vtap_capture_filter_rules = optional(map(object({ 15 | traffic_direction = optional(string) 16 | rule_action = optional(string) 17 | source_cidr = optional(string) 18 | destination_cidr = optional(string) 19 | protocol = optional(string) 20 | icmp_options = optional(map(object({ 21 | type = optional(string) 22 | code = optional(string) 23 | }))) 24 | tcp_options = optional(map(object({ 25 | destination_port_range_max = optional(number) 26 | destination_port_range_min = optional(number) 27 | source_port_range_max = optional(number) 28 | source_port_range_min = optional(number) 29 | }))) 30 | udp_options = optional(map(object({ 31 | destination_port_range_max = optional(number) 32 | destination_port_range_min = optional(number) 33 | source_port_range_max = optional(number) 34 | source_port_range_min = optional(number) 35 | }))) 36 | }))) 37 | }))) 38 | 39 | network_load_balancers = optional(map(object({ 40 | compartment_id = optional(string) 41 | display_name = string 42 | subnet_id = string 43 | }))) 44 | 45 | vtaps = optional(map(object({ 46 | compartment_id = optional(string) 47 | source_type = optional(string) 48 | source_id = string 49 | vcn_id = string 50 | display_name = optional(string) 51 | is_vtap_enabled = optional(bool) 52 | target_type = optional(string) 53 | target_id = optional(string) 54 | capture_filter_id = string 55 | }))) 56 | 57 | network_load_balancer_listeners = optional(map(object({ 58 | default_backend_set_name = string 59 | listener_name = string 60 | network_load_balancer_id = string 61 | port = number 62 | protocol = string 63 | }))) 64 | 65 | network_load_balancer_backend_sets = optional(map(object({ 66 | name = string 67 | network_load_balancer_id = string 68 | policy = string 69 | protocol = string 70 | }))) 71 | }) 72 | } 73 | 74 | variable "compartments_dependency" { 75 | description = "A map of objects containing the externally managed compartments this module may depend on. All map objects must have the same type and must contain an 'id' attribute of string type set with the compartment OCID." 76 | type = map(object({ 77 | id = string # the compartment OCID 78 | })) 79 | default = null 80 | } 81 | 82 | variable network_dependency { 83 | description = "An object containing the externally managed network resources this module may depend on. Supported resource is 'subnets' , represented as map of objects. Each object, when defined, must have an 'id' attribute of string type set with the subnet OCID." 84 | type = object({ 85 | subnets = optional(map(object({ 86 | id = string # the subnet OCID 87 | }))) 88 | }) 89 | default = null 90 | } -------------------------------------------------------------------------------- /modules/waa/SPEC.md: -------------------------------------------------------------------------------- 1 | ## Requirements 2 | 3 | | Name | Version | 4 | |------|---------| 5 | | [terraform](#requirement\_terraform) | >= 1.3.0 | 6 | 7 | ## Providers 8 | 9 | | Name | Version | 10 | |------|---------| 11 | | [oci](#provider\_oci) | n/a | 12 | 13 | ## Modules 14 | 15 | No modules. 16 | 17 | ## Resources 18 | 19 | | Name | Type | 20 | |------|------| 21 | | [oci_waa_web_app_acceleration.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/waa_web_app_acceleration) | resource | 22 | | [oci_waa_web_app_acceleration_policy.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/waa_web_app_acceleration_policy) | resource | 23 | 24 | ## Inputs 25 | 26 | | Name | Description | Type | Default | Required | 27 | |------|-------------|------|---------|:--------:| 28 | | [compartments\_dependency](#input\_compartments\_dependency) | A map of objects containing the externally managed compartments this module may depend on. All map objects must have the same type and must contain an 'id' attribute of string type set with the compartment OCID. See External Dependencies section in README.md (https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking#ext-dep) for details. | 
map(object({
    id = string
  }))
| `null` | no | 29 | | [waa\_configuration](#input\_waa\_configuration) | Web application acceleration (WAA) configuration settings for the WAA and the WAA policies. | 
object({
    default_compartment_id     = optional(string),
    default_defined_tags       = optional(map(string)),
    default_freeform_tags      = optional(map(string)),

    web_app_accelerations = map(object({
      compartment_id                           = optional(string)
      display_name                             = optional(string)
      defined_tags                             = optional(map(string))
      freeform_tags                            = optional(map(string))
      load_balancer_id                         = string
      backend_type                             = string
      is_response_header_based_caching_enabled = optional(bool)
      gzip_compression_is_enabled              = optional(bool)
    }))
  })
| n/a | yes | 30 | 31 | ## Outputs 32 | 33 | No outputs. 34 | -------------------------------------------------------------------------------- /modules/waa/examples/input.auto.tfvars.template: -------------------------------------------------------------------------------- 1 | #--------------------------------------- 2 | # Tenancy Connectivity Variables 3 | #--------------------------------------- 4 | 5 | # tenancy_ocid = "" # Get this from OCI Console (after logging in, go to top-right-most menu item and click option "Tenancy: "). 6 | # user_ocid = "" # Get this from OCI Console (after logging in, go to top-right-most menu item and click option "My profile"). 7 | # fingerprint = "" # The fingerprint can be gathered from your user account. In the "My profile page, click "API keys" on the menu in left hand side. 8 | # private_key_path = "" # This is the full path on your local system to the API signing private key. 9 | # private_key_password = "" # This is the password that protects the private key, if any. 10 | # region = "" # The region name. 11 | 12 | #--------------------------------------- 13 | # Input variable 14 | #--------------------------------------- 15 | 16 | waa_configuration = { 17 | default_compartment_id = "" 18 | web_app_accelerations = { 19 | TEST-WAA = { 20 | compartment_id = null 21 | display_name = "TEST-WAA" 22 | backend_type = "LOAD_BALANCER" 23 | load_balancer_id = "" 24 | is_response_header_based_caching_enabled = true 25 | gzip_compression_is_enabled = true 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /modules/waa/examples/main.tf: -------------------------------------------------------------------------------- 1 | module "test_waa" { 2 | source = "../" 3 | waa_configuration = var.waa_configuration 4 | } 5 | -------------------------------------------------------------------------------- /modules/waa/examples/provider.tf: -------------------------------------------------------------------------------- 1 | # ###################################################################################################### # 2 | # Copyright (c) 2024 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | # ###################################################################################################### # 5 | 6 | terraform { 7 | required_version = ">= 1.3.0" 8 | required_providers { 9 | oci = { 10 | source = "oracle/oci" 11 | } 12 | } 13 | } -------------------------------------------------------------------------------- /modules/waa/examples/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | variable "tenancy_ocid" {} 5 | variable "region" {description = "Your tenancy home region"} 6 | variable "user_ocid" {default = ""} 7 | variable "fingerprint" {default = ""} 8 | variable "private_key_path" {default = ""} 9 | variable "private_key_password" {default = ""} 10 | 11 | variable "waa_configuration" { 12 | description = "A map of web application acceleration resources" 13 | type = any 14 | } -------------------------------------------------------------------------------- /modules/waa/main.tf: -------------------------------------------------------------------------------- 1 | # ###################################################################################################### # 2 | # Copyright (c) 2024 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | # ###################################################################################################### # 5 | 6 | resource "oci_waa_web_app_acceleration_policy" "these" { 7 | for_each = var.waa_configuration.web_app_accelerations != null ? var.waa_configuration.web_app_accelerations : {} 8 | compartment_id = each.value.compartment_id != null ? (length(regexall("^ocid1.*$", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartments_dependency[each.value.compartment_id].id) : (length(regexall("^ocid1.*$", var.waa_configuration.default_compartment_id)) > 0 ? var.waa_configuration.default_compartment_id : var.compartments_dependency[var.waa_configuration.default_compartment_id].id) 9 | display_name = each.value.display_name 10 | defined_tags = merge(each.value.defined_tags, var.waa_configuration.default_defined_tags) 11 | freeform_tags = merge(each.value.freeform_tags, var.waa_configuration.default_freeform_tags) 12 | response_caching_policy { 13 | is_response_header_based_caching_enabled = each.value.is_response_header_based_caching_enabled 14 | } 15 | response_compression_policy { 16 | gzip_compression { 17 | is_enabled = each.value.gzip_compression_is_enabled 18 | } 19 | } 20 | } 21 | 22 | resource "oci_waa_web_app_acceleration" "these" { 23 | for_each = var.waa_configuration.web_app_accelerations != null ? var.waa_configuration.web_app_accelerations : {} 24 | compartment_id = each.value.compartment_id != null ? (length(regexall("^ocid1.*$", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartments_dependency[each.value.compartment_id].id) : (length(regexall("^ocid1.*$", var.waa_configuration.default_compartment_id)) > 0 ? var.waa_configuration.default_compartment_id : var.compartments_dependency[var.waa_configuration.default_compartment_id].id) 25 | display_name = each.value.display_name != null ? each.value.display_name : "webappacceleration" 26 | defined_tags = merge(each.value.defined_tags, var.waa_configuration.default_defined_tags) 27 | freeform_tags = merge(each.value.freeform_tags, var.waa_configuration.default_freeform_tags) 28 | backend_type = each.value.backend_type 29 | load_balancer_id = each.value.load_balancer_id 30 | web_app_acceleration_policy_id = oci_waa_web_app_acceleration_policy.these[each.key].id 31 | depends_on = [oci_waa_web_app_acceleration_policy.these] 32 | } 33 | -------------------------------------------------------------------------------- /modules/waa/provider.tf: -------------------------------------------------------------------------------- 1 | # ###################################################################################################### # 2 | # Copyright (c) 2024 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | # ###################################################################################################### # 5 | 6 | terraform { 7 | required_version = ">= 1.3.0" 8 | required_providers { 9 | oci = { 10 | source = "oracle/oci" 11 | } 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /modules/waa/variables.tf: -------------------------------------------------------------------------------- 1 | # ###################################################################################################### # 2 | # Copyright (c) 2024 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | # ###################################################################################################### # 5 | 6 | variable "waa_configuration" { 7 | description = "Web application acceleration (WAA) configuration settings for the WAA and the WAA policies." 8 | type = object({ 9 | default_compartment_id = optional(string), 10 | default_defined_tags = optional(map(string)), 11 | default_freeform_tags = optional(map(string)), 12 | 13 | web_app_accelerations = map(object({ 14 | compartment_id = optional(string) 15 | display_name = optional(string) 16 | defined_tags = optional(map(string)) 17 | freeform_tags = optional(map(string)) 18 | load_balancer_id = string 19 | backend_type = string 20 | is_response_header_based_caching_enabled = optional(bool) 21 | gzip_compression_is_enabled = optional(bool) 22 | })) 23 | }) 24 | } 25 | 26 | variable "compartments_dependency" { 27 | description = "A map of objects containing the externally managed compartments this module may depend on. All map objects must have the same type and must contain an 'id' attribute of string type set with the compartment OCID. See External Dependencies section in README.md (https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking#ext-dep) for details." 28 | type = map(object({ 29 | id = string 30 | })) 31 | default = null 32 | } 33 | -------------------------------------------------------------------------------- /modules/waf/SPEC.md: -------------------------------------------------------------------------------- 1 | ## Requirements 2 | 3 | | Name | Version | 4 | |------|---------| 5 | | [terraform](#requirement\_terraform) | >= 1.3.0 | 6 | 7 | ## Providers 8 | 9 | | Name | Version | 10 | |------|---------| 11 | | [oci](#provider\_oci) | n/a | 12 | 13 | ## Modules 14 | 15 | No modules. 16 | 17 | ## Resources 18 | 19 | | Name | Type | 20 | |------|------| 21 | | [oci_waf_web_app_firewall.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/waf_web_app_firewall) | resource | 22 | | [oci_waf_web_app_firewall_policy.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/waf_web_app_firewall_policy) | resource | 23 | 24 | ## Inputs 25 | 26 | | Name | Description | Type | Default | Required | 27 | |------|-------------|------|---------|:--------:| 28 | | [compartments\_dependency](#input\_compartments\_dependency) | A map of objects containing the externally managed compartments this module may depend on. All map objects must have the same type and must contain an 'id' attribute of string type set with the compartment OCID. See External Dependencies section in README.md (https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking#ext-dep) for details. | 
map(object({
    id = string
  }))
| `null` | no | 29 | | [waf\_configuration](#input\_waf\_configuration) | Web Application Firewall (WAF) configuration settings for the WAF and related WAF policies. | 
object({
    default_compartment_id     = optional(string),
    default_defined_tags       = optional(map(string)),
    default_freeform_tags      = optional(map(string)),

    waf = map(object({
      display_name            = optional(string)
      defined_tags            = optional(map(string))
      defined_tags            = optional(map(string))
      freeform_tags           = optional(map(string))
      backend_type            = string
      compartment_id          = optional(string)
      load_balancer_id        = string
      waf_policy_display_name = optional(string)
      actions = optional(map(object({
        name = string
        type = string
        body = optional(object({
          text = string
          type = string
        }))
        code = optional(string)
        headers = optional(object({
          name  = string
          value = string
        }))
      })))
    }))
  })
| n/a | yes | 30 | 31 | ## Outputs 32 | 33 | No outputs. 34 | -------------------------------------------------------------------------------- /modules/waf/examples/input.auto.tfvars.template: -------------------------------------------------------------------------------- 1 | #--------------------------------------- 2 | # Tenancy Connectivity Variables 3 | #--------------------------------------- 4 | 5 | # tenancy_ocid = "" # Get this from OCI Console (after logging in, go to top-right-most menu item and click option "Tenancy: "). 6 | # user_ocid = "" # Get this from OCI Console (after logging in, go to top-right-most menu item and click option "My profile"). 7 | # fingerprint = "" # The fingerprint can be gathered from your user account. In the "My profile page, click "API keys" on the menu in left hand side. 8 | # private_key_path = "" # This is the full path on your local system to the API signing private key. 9 | # private_key_password = "" # This is the password that protects the private key, if any. 10 | # region = "" # The region name. 11 | 12 | #--------------------------------------- 13 | # Input variable 14 | #--------------------------------------- 15 | 16 | waf_configuration = { 17 | default_compartment_id = "" 18 | waf = { 19 | TEST-WAF = { 20 | display_name = "TEST-WAF" 21 | backend_type = "LOAD_BALANCER" 22 | compartment_id = null 23 | load_balancer_id = "" 24 | waf_policy_display_name = "TEST-WAF-POLICY" 25 | actions = { 26 | ACTION-1 = { 27 | name = "Pre-configured Check Action" 28 | type = "CHECK" 29 | } 30 | ACTION-2 = { 31 | name = "Pre-configured Allow Action" 32 | type = "ALLOW" 33 | } 34 | ACTION-3 = { 35 | name = "Pre-configured 401 Response Code Action" 36 | type = "RETURN_HTTP_RESPONSE" 37 | body = { 38 | text = "{\"code\":\"401\",\"message\":\"Unauthorized\"}" 39 | type = "STATIC_TEXT" 40 | } 41 | code = "401" 42 | header = { 43 | name = "Content-Type" 44 | value = "application/json" 45 | } 46 | } 47 | } 48 | } 49 | } 50 | } -------------------------------------------------------------------------------- /modules/waf/examples/main.tf: -------------------------------------------------------------------------------- 1 | module "test_waf" { 2 | source = "../" 3 | waf_configuration = var.waf_configuration 4 | } -------------------------------------------------------------------------------- /modules/waf/examples/provider.tf: -------------------------------------------------------------------------------- 1 | # ###################################################################################################### # 2 | # Copyright (c) 2024 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | # ###################################################################################################### # 5 | 6 | terraform { 7 | required_version = ">= 1.3.0" 8 | required_providers { 9 | oci = { 10 | source = "oracle/oci" 11 | } 12 | } 13 | } -------------------------------------------------------------------------------- /modules/waf/examples/variables.tf: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2024, Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | variable "tenancy_ocid" {} 5 | variable "region" {description = "Your tenancy home region"} 6 | variable "user_ocid" {default = ""} 7 | variable "fingerprint" {default = ""} 8 | variable "private_key_path" {default = ""} 9 | variable "private_key_password" {default = ""} 10 | 11 | variable "waf_configuration" { 12 | description = "A map of web application firewall resources" 13 | type = any 14 | } -------------------------------------------------------------------------------- /modules/waf/main.tf: -------------------------------------------------------------------------------- 1 | # ###################################################################################################### # 2 | # Copyright (c) 2024 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | # ###################################################################################################### # 5 | 6 | resource "oci_waf_web_app_firewall_policy" "these" { 7 | for_each = var.waf_configuration != null ? (var.waf_configuration.waf != null ? var.waf_configuration.waf : {}) : {} 8 | compartment_id = each.value.compartment_id != null ? (length(regexall("^ocid1.*$", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartments_dependency[each.value.compartment_id].id) : (length(regexall("^ocid1.*$", var.waf_configuration.default_compartment_id)) > 0 ? var.waf_configuration.default_compartment_id : var.compartments_dependency[var.waf_configuration.default_compartment_id].id) 9 | display_name = each.value.waf_policy_display_name 10 | defined_tags = merge(each.value.defined_tags, var.waf_configuration.default_defined_tags) 11 | freeform_tags = merge(each.value.freeform_tags, var.waf_configuration.default_freeform_tags) 12 | dynamic "actions" { 13 | for_each = each.value.actions != null ? each.value.actions : {} 14 | content { 15 | name = actions.value.name 16 | type = actions.value.type 17 | dynamic "body" { 18 | for_each = actions.value.body != null ? [1] : [] 19 | content { 20 | text = actions.value.body.text != null ? actions.value.body.text : null 21 | type = actions.value.body.type != null ? actions.value.body.type : null 22 | } 23 | } 24 | code = actions.value.code 25 | dynamic "headers" { 26 | for_each = actions.value.headers != null ? [1] : [] 27 | content { 28 | name = actions.value.headers.name != null ? actions.value.headers.name : null 29 | value = actions.value.headers.value != null ? actions.value.headers.value : null 30 | } 31 | } 32 | } 33 | } 34 | } 35 | 36 | resource "oci_waf_web_app_firewall" "these" { 37 | for_each = var.waf_configuration != null ? (var.waf_configuration.waf != null ? var.waf_configuration.waf : {}) : {} 38 | compartment_id = each.value.compartment_id != null ? (length(regexall("^ocid1.*$", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartments_dependency[each.value.compartment_id].id) : (length(regexall("^ocid1.*$", var.waf_configuration.default_compartment_id)) > 0 ? var.waf_configuration.default_compartment_id : var.compartments_dependency[var.waf_configuration.default_compartment_id].id) 39 | display_name = each.value.display_name 40 | defined_tags = merge(each.value.defined_tags, var.waf_configuration.default_defined_tags) 41 | freeform_tags = merge(each.value.freeform_tags, var.waf_configuration.default_freeform_tags) 42 | backend_type = upper(each.value.backend_type) 43 | load_balancer_id = each.value.load_balancer_id 44 | web_app_firewall_policy_id = oci_waf_web_app_firewall_policy.these[each.key].id 45 | } 46 | -------------------------------------------------------------------------------- /modules/waf/provider.tf: -------------------------------------------------------------------------------- 1 | # ###################################################################################################### # 2 | # Copyright (c) 2024 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | # ###################################################################################################### # 5 | 6 | terraform { 7 | required_version = ">= 1.3.0" 8 | required_providers { 9 | oci = { 10 | source = "oracle/oci" 11 | } 12 | } 13 | } -------------------------------------------------------------------------------- /modules/waf/variables.tf: -------------------------------------------------------------------------------- 1 | # ###################################################################################################### # 2 | # Copyright (c) 2024 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. # 4 | # ###################################################################################################### # 5 | 6 | variable "waf_configuration" { 7 | description = "Web Application Firewall (WAF) configuration settings for the WAF and related WAF policies." 8 | type = object({ 9 | default_compartment_id = optional(string), 10 | default_defined_tags = optional(map(string)), 11 | default_freeform_tags = optional(map(string)), 12 | 13 | waf = map(object({ 14 | display_name = optional(string) 15 | defined_tags = optional(map(string)) 16 | freeform_tags = optional(map(string)) 17 | backend_type = string 18 | compartment_id = optional(string) 19 | load_balancer_id = string 20 | waf_policy_display_name = optional(string) 21 | actions = optional(map(object({ 22 | name = string 23 | type = string 24 | body = optional(object({ 25 | text = string 26 | type = string 27 | })) 28 | code = optional(string) 29 | headers = optional(object({ 30 | name = string 31 | value = string 32 | })) 33 | }))) 34 | })) 35 | }) 36 | } 37 | 38 | variable "compartments_dependency" { 39 | description = "A map of objects containing the externally managed compartments this module may depend on. All map objects must have the same type and must contain an 'id' attribute of string type set with the compartment OCID. See External Dependencies section in README.md (https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking#ext-dep) for details." 40 | type = map(object({ 41 | id = string 42 | })) 43 | default = null 44 | } 45 | -------------------------------------------------------------------------------- /orm-facade/main.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | locals { 11 | network_configuration = local.network_configuration_from_input_json_yaml_file != null ? { 12 | default_compartment_id = contains(keys(local.network_configuration_from_input_json_yaml_file), "default_compartment_id") ? local.network_configuration_from_input_json_yaml_file.default_compartment_id != null ? local.network_configuration_from_input_json_yaml_file.default_compartment_id : var.default_compartment_ocid != null ? var.default_compartment_ocid : var.tenancy_ocid : var.default_compartment_ocid != null ? var.default_compartment_ocid : var.tenancy_ocid 13 | default_defined_tags = contains(keys(local.network_configuration_from_input_json_yaml_file), "default_defined_tags") ? local.network_configuration_from_input_json_yaml_file.default_defined_tags : null 14 | default_freeform_tags = contains(keys(local.network_configuration_from_input_json_yaml_file), "default_freeform_tags") ? local.network_configuration_from_input_json_yaml_file.default_freeform_tags : null 15 | default_enable_cis_checks = contains(keys(local.network_configuration_from_input_json_yaml_file), "default_enable_cis_checks") ? local.network_configuration_from_input_json_yaml_file.default_enable_cis_checks : null 16 | default_ssh_ports_to_check = contains(keys(local.network_configuration_from_input_json_yaml_file), "default_ssh_ports_to_check") ? local.network_configuration_from_input_json_yaml_file.default_ssh_ports_to_check : null 17 | network_configuration_categories = contains(keys(local.network_configuration_from_input_json_yaml_file), "network_configuration_categories") ? local.network_configuration_from_input_json_yaml_file.network_configuration_categories : null 18 | } : null 19 | } 20 | 21 | module "terraform-oci-landing-zones-networking" { 22 | source = "../" 23 | network_configuration = local.network_configuration 24 | } -------------------------------------------------------------------------------- /orm-facade/outputs.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | output "provisioned_networking_resources" { 11 | description = "Provisioned networking resources" 12 | value = module.terraform-oci-landing-zones-networking.provisioned_networking_resources 13 | } 14 | 15 | -------------------------------------------------------------------------------- /orm-facade/provider.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | provider "oci" { 11 | region = var.region 12 | tenancy_ocid = var.tenancy_ocid 13 | user_ocid = var.user_ocid 14 | fingerprint = var.fingerprint 15 | private_key_path = var.private_key_path 16 | private_key_password = var.private_key_password 17 | } 18 | 19 | terraform { 20 | required_version = ">= 1.3.0" 21 | 22 | required_providers { 23 | oci = { 24 | source = "oracle/oci" 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /orm-facade/read_input_data_from_url_file.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | data "http" "input_config_file_url" { 11 | 12 | url = var.input_config_file_url 13 | 14 | # Optional request headers 15 | request_headers = { 16 | Accept = "application/json" 17 | } 18 | } 19 | 20 | locals { 21 | json_config_file = data.http.input_config_file_url != null ? try(jsondecode(data.http.input_config_file_url.body), null) : null 22 | 23 | yaml_config_file = data.http.input_config_file_url != null ? try(yamldecode(data.http.input_config_file_url.body), null) : null 24 | 25 | config_file = coalesce(local.json_config_file, local.yaml_config_file, null) 26 | 27 | network_configuration_from_input_json_yaml_file = local.config_file != null ? contains(keys(local.config_file), "network_configuration") ? local.config_file.network_configuration : null : null 28 | } -------------------------------------------------------------------------------- /orm-facade/schema.yml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2023 Oracle and/or its affiliates. 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 | 4 | 5 | title: "OCI Networking Module OCI ORM Stack" 6 | stackDescription: "Creates or changes any networking resource in any configuration in OCI." 7 | description: "Creates or changes any networking resource in any configuration in OCI." 8 | schemaVersion: 1.1.0 9 | version: "0.0.1" 10 | locale: "en" 11 | 12 | # URL of CIS Landing Zone logo icon used on Application Information tab. 13 | logoUrl: "https://objectstorage.us-ashburn-1.oraclecloud.com/p/taf6kC9fSJyQDNSYbxvqxS_JsdnSu56oFZ3-1h5vI7-WfJUv77mplChopLxZPePW/n/ociateam/b/cis-landing-zone/o/landing_zone_130.png" 14 | 15 | variableGroups: 16 | - title: "INPUT JSON OR YAML NETWORKING CONFIGURATION FILE URL" 17 | visible: true 18 | variables: 19 | - default_compartment_ocid 20 | - input_config_file_url 21 | - title: "Hidden Variables" 22 | visible: false 23 | variables: 24 | - "tenancy_ocid" 25 | - "user_ocid" 26 | - "fingerprint" 27 | - "private_key_path" 28 | - "private_key_password" 29 | - "region" 30 | - "home_region" 31 | variables: 32 | default_compartment_ocid: 33 | type: oci:identity:compartment:id 34 | title: "Default compartment OCID" 35 | description: "The compartment that will be used by default by all the networking resources if no specific network resource or category compartments are defined." 36 | required: false 37 | visible: true 38 | 39 | input_config_file_url: 40 | type: string 41 | title: Type or Paste the URLs 42 | additionalProps: 43 | allowMultiple: true 44 | description: "Only JSON OR YAML file accepted - HCL not supported yet" 45 | required: false 46 | 47 | outputs: 48 | release: 49 | type: string 50 | title: OCI Open Landing Zone Networking Module 51 | 52 | region: 53 | type: string 54 | title: Region 55 | 56 | provisioned_networking_resources: 57 | type: json 58 | title: Provisioned Networking Resources 59 | 60 | outputGroups: 61 | - title: Environment 62 | outputs: 63 | - ${release} 64 | - ${region} 65 | 66 | - title: Networking Resources 67 | outputs: 68 | - ${provisioned_networking_resources} -------------------------------------------------------------------------------- /orm-facade/variables.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | variable "tenancy_ocid" { 11 | type = string 12 | default = null 13 | } 14 | variable "user_ocid" { 15 | type = string 16 | default = null 17 | } 18 | variable "fingerprint" { 19 | type = string 20 | default = null 21 | } 22 | variable "private_key_path" { 23 | type = string 24 | default = null 25 | } 26 | variable "private_key_password" { 27 | type = string 28 | default = null 29 | } 30 | 31 | variable "region" { 32 | type = string 33 | default = null 34 | } 35 | 36 | variable "input_config_file_url" { 37 | type = string 38 | default = null 39 | description = "URL that points to the JSON OR YAML configuration file." 40 | } 41 | 42 | variable "default_compartment_ocid" { 43 | type = string 44 | default = null 45 | description = "The compartment that will be used by default by all the networking resources if no specific network resource or category compartments are defined." 46 | } -------------------------------------------------------------------------------- /providers.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Dec 13 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | terraform { 11 | required_version = ">= 1.3.0" 12 | required_providers { 13 | oci = { 14 | source = "oracle/oci" 15 | } 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /public_ips_pools.tf: -------------------------------------------------------------------------------- 1 | # ####################################################################################################### # 2 | # Copyright (c) 2023 Oracle and/or its affiliates, All rights reserved. # 3 | # Licensed under the Universal Permissive License v 1.0 as shown at https: //oss.oracle.com/licenses/upl. # 4 | # Author: Cosmin Tudor # 5 | # Author email: cosmin.tudor@oracle.com # 6 | # Last Modified: Wed Nov 15 2023 # 7 | # Modified by: Cosmin Tudor, email: cosmin.tudor@oracle.com # 8 | # ####################################################################################################### # 9 | 10 | 11 | locals { 12 | # PROCESSED INPUT 13 | one_dimension_processed_pub_ips_pools = local.one_dimension_processed_IPs != null ? { 14 | for flat_pubipspools in flatten([ 15 | for ips_key, ips_value in local.one_dimension_processed_IPs : 16 | ips_value.public_ips_pools != null ? length(ips_value.public_ips_pools) > 0 ? [ 17 | for pubipspools_key, pubipspools_value in ips_value.public_ips_pools : { 18 | compartment_id = pubipspools_value.compartment_id != null ? pubipspools_value.compartment_id : ips_value.category_compartment_id != null ? ips_value.category_compartment_id : ips_value.default_compartment_id != null ? ips_value.default_compartment_id : null 19 | default_compartment_id = ips_value.default_compartment_id 20 | category_compartment_id = ips_value.category_compartment_id 21 | defined_tags = merge(pubipspools_value.defined_tags, ips_value.category_defined_tags, ips_value.default_defined_tags) 22 | default_defined_tags = ips_value.default_defined_tags 23 | category_defined_tags = ips_value.category_defined_tags 24 | display_name = pubipspools_value.display_name 25 | freeform_tags = merge(pubipspools_value.freeform_tags, ips_value.category_freeform_tags, ips_value.default_freeform_tags) 26 | default_freeform_tags = ips_value.default_freeform_tags 27 | category_freeform_tags = ips_value.category_freeform_tags 28 | pubipspools_key = pubipspools_key 29 | network_configuration_category = ips_value.network_configuration_category 30 | } 31 | ] : [] : [] 32 | ]) : flat_pubipspools.pubipspools_key => flat_pubipspools 33 | } : null 34 | 35 | provisioned_oci_core_public_ip_pools = { 36 | for pubipspools_key, pubipspools_value in oci_core_public_ip_pool.these : pubipspools_key => { 37 | cidr_blocks = pubipspools_value.cidr_blocks 38 | compartment_id = pubipspools_value.compartment_id 39 | defined_tags = pubipspools_value.defined_tags 40 | display_name = pubipspools_value.display_name 41 | freeform_tags = pubipspools_value.freeform_tags 42 | id = pubipspools_value.id 43 | state = pubipspools_value.state 44 | time_created = pubipspools_value.time_created 45 | network_configuration_category = local.one_dimension_processed_pub_ips_pools[pubipspools_key].network_configuration_category 46 | pubipspools_key = pubipspools_key 47 | } 48 | } 49 | } 50 | 51 | resource "oci_core_public_ip_pool" "these" { 52 | for_each = local.one_dimension_processed_pub_ips_pools != null ? length(local.one_dimension_processed_pub_ips_pools) > 0 ? local.one_dimension_processed_pub_ips_pools : {} : {} 53 | #Required 54 | compartment_id = each.value.compartment_id != null ? (length(regexall("^ocid1.*$", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartments_dependency[each.value.compartment_id].id) : null 55 | 56 | #Optional 57 | defined_tags = each.value.defined_tags 58 | display_name = each.value.display_name 59 | freeform_tags = merge(local.cislz_module_tag, each.value.freeform_tags) 60 | } -------------------------------------------------------------------------------- /release.txt: -------------------------------------------------------------------------------- 1 | 0.7.5 --------------------------------------------------------------------------------