├── .github
    ├── ISSUE_TEMPLATE
    │   ├── bug_report.md
    │   ├── feature_request.md
    │   └── question.md
    ├── PULL_REQUEST_TEMPLATE
    └── workflows
    │   └── mdbook.yaml
├── .gitignore
├── CHANGELOG.adoc
├── CONTRIBUTING.adoc
├── CONTRIBUTORS.adoc
├── LICENSE
├── README.adoc
├── README.md
├── docs
    ├── book.toml
    ├── mdbook-admonish.css
    ├── prerequisites.adoc
    ├── prerequisites.md
    ├── resourcemanager.adoc
    ├── resourcemanager.md
    ├── src
    │   ├── SUMMARY.md
    │   ├── css
    │   │   ├── general.css
    │   │   └── mdbook-admonish.css
    │   ├── images
    │   │   ├── createstack.png
    │   │   ├── planlogs.png
    │   │   ├── review.png
    │   │   ├── tfplan.png
    │   │   ├── uploadzip.png
    │   │   ├── variable1.png
    │   │   └── variable2.png
    │   ├── introduction.md
    │   ├── prerequisites.md
    │   ├── terraformoptions.md
    │   └── ug
    │   │   ├── createvcn.md
    │   │   ├── gateways.md
    │   │   ├── resourcemanager.md
    │   │   ├── reusemodule.md
    │   │   ├── routerules.md
    │   │   └── userguide.md
    ├── terraformoptions.adoc
    └── terraformoptions.md
├── examples
    ├── custom_route_rules
    │   ├── README.md
    │   ├── main.tf
    │   ├── terraform.tfvars.example
    │   └── variables.tf
    ├── drg
    │   ├── README.md
    │   ├── main.tf
    │   ├── outputs.tf
    │   ├── terraform.tfvars.example
    │   ├── variables.tf
    │   └── version.tf
    ├── hub-spoke
    │   ├── README.md
    │   ├── main.tf
    │   ├── terraform.tfvars.example
    │   ├── variables.tf
    │   └── version.tf
    └── module_composition
    │   ├── README.md
    │   ├── main.tf
    │   ├── terraform.tfvars.example
    │   ├── variables.tf
    │   └── version.tf
├── locals.tf
├── modules
    └── subnet
    │   ├── outputs.tf
    │   ├── subnet.tf
    │   ├── variables.tf
    │   └── versions.tf
├── outputs.tf
├── schema.yaml
├── terraform.tfvars.example
├── variables.tf
├── vcn.tf
├── vcn_defaultresources.tf
├── vcn_gateways.tf
└── versions.tf


/.github/ISSUE_TEMPLATE/bug_report.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: 🐛 Bug Report
 3 | about: If something isn't working as expected 🤔.
 4 | labels: bug
 5 | ---
 6 | 
 7 | <!---
 8 | Please note the following potential times when an issue might be in Terraform core:
 9 | 
10 | * [Configuration Language](https://www.terraform.io/docs/configuration/index.html) or resource ordering issues
11 | * [State](https://www.terraform.io/docs/state/index.html) and [State Backend](https://www.terraform.io/docs/backends/index.html) issues
12 | * [Provisioner](https://www.terraform.io/docs/provisioners/index.html) issues
13 | * [Registry](https://registry.terraform.io/) issues
14 | * Spans resources across multiple providers
15 | 
16 | If you are running into one of these scenarios, we recommend opening an issue in the [Terraform core repository](https://github.com/hashicorp/terraform/) instead.
17 | --->
18 | 
19 | <!--- Please keep this note for the community --->
20 | 
21 | ### Community Note
22 | 
23 | * Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the community and maintainers prioritize this request
24 | * Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
25 | * If you are interested in working on this issue or have submitted a pull request, please leave a comment
26 | 
27 | <!--- Thank you for keeping this note for the community --->
28 | 
29 | ### Terraform Version and Provider Version
30 | 
31 | <!--- Please run `terraform -v` to show the Terraform core version and provider version(s).
32 | If you are using a local copy of the Terraform Oracle Cloud Infrastructure Provider, run the plugin directly to get the version: `<path-to-plugin>/terraform-provider-oci`
33 | If you are not running the latest version of Terraform or the provider, please upgrade because your issue may have already been fixed. [Terraform documentation on provider versioning](https://www.terraform.io/docs/configuration/providers.html#provider-versions). --->
34 | 
35 | ### Affected Resource(s)
36 | 
37 | <!--- Please list the affected resources and data sources. For example, "oci_core_vcn". --->
38 | 
39 | 
40 | ### Terraform Configuration Files
41 | 
42 | <!--- Information about code formatting: https://help.github.com/articles/basic-writing-and-formatting-syntax/#quoting-code --->
43 | 
44 | ```hcl
45 | # Copy-paste your Terraform configurations here - for large Terraform configs,
46 | # please use a service like Dropbox and share a link to the ZIP file.
47 | # Please remove any sensitive information from configuration files before sharing them.
48 | ```
49 | 
50 | ### Debug Output
51 | 
52 | <!---
53 | Please provide a link to a GitHub Gist containing the complete debug output. Please do NOT paste the debug output in the issue; just paste a link to the Gist.
54 | 
55 | To obtain the debug output, see the [Verbose logging for OCI Terraform Provider](https://www.terraform.io/docs/providers/oci/guides/troubleshooting.html#verbose-logging-for-oci-terraform-provider).
56 | 
57 | Github Gist: https://gist.github.com/
58 | --->
59 | 
60 | ### Panic Output
61 | 
62 | <!---
63 | If Terraform produced a panic, please provide a link to a GitHub Gist containing the output of the `crash.log`.
64 | 
65 | Github Gist: https://gist.github.com/
66 | --->
67 | 
68 | ### Expected Behavior
69 | 
70 | <!--- What should have happened? --->
71 | 
72 | ### Actual Behavior
73 | 
74 | <!--- What actually happened? --->
75 | 
76 | ### Steps to Reproduce
77 | 
78 | <!--- Please list the steps required to reproduce the issue. --->
79 | 
80 | 1. `terraform apply`
81 | 
82 | ### Important Factoids
83 | 
84 | <!--- Is there anything atypical about your environment that we should know? For example: Is the issue specific to a region? --->
85 | 
86 | ### References
87 | 
88 | <!---
89 | Information about referencing Github Issues: https://help.github.com/articles/basic-writing-and-formatting-syntax/#referencing-issues-and-pull-requests
90 | 
91 | Are there any other GitHub issues (open or closed) or pull requests that should be linked here? Vendor documentation? For example:
92 | --->


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/feature_request.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: 🚀 Feature Request
 3 | about: I have a suggestion (and might want to implement myself 🙂)!
 4 | labels: enhancement
 5 | ---
 6 | 
 7 | <!--- Please keep this note for the community --->
 8 | 
 9 | ### Community Note
10 | 
11 | * Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the community and maintainers prioritize this request
12 | * Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
13 | * If you are interested in working on this issue or have submitted a pull request, please leave a comment
14 | 
15 | <!--- Thank you for keeping this note for the community --->
16 | 
17 | ### Description
18 | 
19 | <!--- Please leave a helpful description of the feature request here. --->
20 | 
21 | ### New or Affected Resource(s)
22 | 
23 | <!--- Please list any new or affected resources and data sources that are part of the request. For example: "oci_core_vcn" --->
24 | 
25 | 
26 | ### Potential Terraform Configuration
27 | 
28 | <!--- Information about code formatting: https://help.github.com/articles/basic-writing-and-formatting-syntax/#quoting-code --->
29 | 
30 | ```hcl
31 | # Copy-paste any Terraform configurations for how the requested feature may be used.
32 | ```
33 | 
34 | ### References
35 | 
36 | <!---
37 | Information about referencing Github Issues: https://help.github.com/articles/basic-writing-and-formatting-syntax/#referencing-issues-and-pull-requests
38 | 
39 | Are there any other GitHub issues (open or closed) or pull requests that should be linked here? Vendor blog posts or documentation? For example:
40 | 
41 | --->
42 | 


--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/question.md:
--------------------------------------------------------------------------------
 1 | ---
 2 | name: 💬 Question
 3 | about: Questions regarding the Terraform Oracle Cloud Infrastructure VCN module
 4 | labels: question
 5 | ---
 6 | 
 7 | This Github template is intended for questions regarding the Terraform **Oracle Cloud Infrastructure** VCN module.
 8 | 
 9 | If you have a support request or question related to core Terraform functionality or the OCI provider, please submit them to one of these resources:
10 | 
11 | * [Terraform OCI provider](https://github.com/terraform-providers/terraform-provider-oci)
12 | * [Terraform community resources](https://www.terraform.io/docs/extend/community/index.html)
13 | * [HashiCorp support](https://support.hashicorp.com) (Terraform Enterprise customers)
14 | 


--------------------------------------------------------------------------------
/.github/PULL_REQUEST_TEMPLATE:
--------------------------------------------------------------------------------
 1 | # Proposed change
 2 | 
 3 | <!---
 4 | 
 5 | Be sure that an issue describes the problem you're fixing, or documents the design for the feature you'd like to add. Discussing the design upfront helps to ensure that we're ready to accept your work.
 6 | 
 7 | The subject of your PR should denote the type of change, i.e: `fix: ...` or `feat: ...`.
 8 | 
 9 | Please include a summary of this contribution. If there is an existing issue related to this change, your PR description should auto-link it using these keywords:
10 | 
11 | - for a bug fix, use `fix` keyword, i.e: `fix #000`
12 | - for a new feature, use `close `keword, i.e: `close #000`
13 | 
14 | --->
15 | 
16 | ## How has these changes been tested?
17 | 
18 | ### Automated testing
19 | 
20 | If you're running automated testing for this module, we would love to hear from you, and potentially integrate it to the module standard workflow.
21 | 
22 | <!---
23 | Please describe the tests that you ran to verify your changes and provide instructions so we can reproduce. Please also list any relevant details for your test configuration.
24 | --->
25 | 
26 | ### Manual testing
27 | 
28 | If no automated testing is run, please ensure that at least the three steps below are passing without any error.
29 | 
30 | - [ ] Running `terraform apply` on each example provided with this module provisions the intended resource(s) without any errors.
31 | - [ ] Modifying module's *Input Variables* after initial provisioning behaves as intended, i.e: any updateable properties are ameneded without recreation of the resource(s).
32 | - [ ] Running `terraform destroy` on each example provided with this module destroys all the resources created by this module and only the resources created by this module.
33 | 
34 | ## Checklist before submitting your PR
35 | 
36 | - [ ] My code follows [the style guidelines of this project](../tree/main/docs/codingconventions.adoc)
37 | - [ ] these changes provision new resources:
38 |   - [ ] I have updated the README introduction section (README.adoc)
39 |   - [ ] I have updated the README introduction section (README.md)
40 | - [ ] these changes adds any new variables:
41 |   - [ ] I have updated [docs/terraformoptions.adoc](../tree/main/docs/terraformoptions.adoc) to include each variable
42 | - [ ] I have updated the changelog to include an entry for these changes
43 | - [ ] I have updated all provided examples, including each README file and all applicable code blocks
44 | - [ ] these changes generates no new warnings
45 | - [ ] Any dependent changes have been merged and published in upstream modules
46 | 
47 | Note: *If you are not an Oracle employee, to contribute to an Oracle-sponsored open-source project, you need to sign the [Oracle Contributor Agreement (OCA)](https://oca.opensource.oracle.com/).*
48 | 


--------------------------------------------------------------------------------
/.github/workflows/mdbook.yaml:
--------------------------------------------------------------------------------
 1 | name: Publish Documentation
 2 | on:
 3 |   push:
 4 |     branches: ["main"]
 5 |   workflow_dispatch:
 6 | 
 7 | # Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
 8 | permissions:
 9 |   contents: read
10 |   pages: write
11 |   id-token: write
12 | 
13 | # Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
14 | # However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
15 | concurrency:
16 |   group: "pages"
17 |   cancel-in-progress: false
18 |   
19 | jobs:
20 |   install-mdbook:
21 |     environment:
22 |       name: github-pages
23 |     runs-on: ubuntu-latest
24 |     steps:
25 |       - uses: actions/cache@v3
26 |         continue-on-error: true
27 |         id: cache-mdbook
28 |         with:
29 |           key: mdbook
30 |           path: ./cargo/**/*
31 |       - if: ${{ steps.cache-mdbook.outputs.cache-hit != 'true' }}
32 |         name: Install mdbook
33 |         env:
34 |           CARGO_HOME: ./cargo
35 |         run: |
36 |           # install mdbook
37 |           cargo install --locked --force mdbook@0.4.34 mdbook-admonish@1.10.2 mdbook-variables@0.2.2 mdbook-toc@0.14.1 mdbook-pagetoc@0.1.7
38 |           
39 |           # Build the HTML content
40 |           mdbook build -d book/ docs/
41 | 
42 |           # Create and switch to the gh-pages work tree
43 |           git worktree add gh-pages gh-pages
44 |           cd $GITHUB_WORKSPACE/gh-pages
45 | 
46 |           git config user.name "GitHub Actions"
47 |           git config user.email "oci-dax-tools_ww@oracle.com"
48 | 
49 |           # Delete the ref to avoid keeping history.
50 |           git update-ref -d refs/heads/gh-pages
51 |           rm -rf *
52 | 
53 |           mv $GITHUB_WORKSPACE/docs/book/* $GITHUB_WORKSPACE/gh-pages
54 |           touch $GITHUB_WORKSPACE/gh-pages/.nojekyll
55 | 
56 |           git add .
57 |           git commit -m "Deploy $GITHUB_SHA to gh-pages"
58 |           git push --force-with-lease
59 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | #  Local .terraform directories
 2 | **/.terraform/*
 3 | 
 4 | # .tfstate files
 5 | *.tfstate
 6 | *.tfstate.*
 7 | 
 8 | # .tfvars files
 9 | *.tfvars
10 | 
11 | # provider file for testing - should be manually added
12 | provider.tf
13 | 
14 | docs/book
15 | 
16 | # visual code
17 | **/.vscode/*
18 | 
19 | # macOS related files
20 | **/.DS_Store
21 | .terraform.lock.hcl
22 | 


--------------------------------------------------------------------------------
/CHANGELOG.adoc:
--------------------------------------------------------------------------------
  1 | = CHANGELOG
  2 | :idprefix:
  3 | :idseparator: *
  4 | 
  5 | :uri-changelog: http://keepachangelog.com/
  6 | :uri-semver: https://semver.org/
  7 | All notable changes to this project are documented in this file.
  8 | 
  9 | The format is based on {uri-changelog}[Keep a Changelog] and the versioning follows the {uri-semver}[Semantic Versioning 2.0.0] specification.
 10 | 
 11 | Given a version number MAJOR.MINOR.PATCH:
 12 | 
 13 | - MAJOR version when making incompatible API changes,
 14 | - MINOR version when adding functionality in a backwards compatible manner,
 15 | - PATCH version when making backwards compatible bug fixes.
 16 | 
 17 | == 4.0.0 (not released)
 18 | * Added support for disabled VCN DNS resolution with null vcn_dns_label variable
 19 | * Change default vcn_name from vcn-module -> vcn
 20 | * Added default route to Internet Gateway when IPv6 is enabled
 21 | 
 22 | == 3.5.2 (October 7, 2022)
 23 | * Ignored lifecycle changes for defined_tags, freeform_tags
 24 | 
 25 | == 3.5.1 (September 5, 2022)
 26 | * removed DRG submodule, now promoted to terraform-oci-drg module (feat: )
 27 | * updated examples to use GitHub repo as source ()
 28 | 
 29 | == 3.4.0 (March 27, 2022)
 30 | * Replaced required provider hashicorp/oci --> oracle/oci
 31 | 
 32 | == 3.3.0 (March 18, 2022)
 33 | * Added support for Defined Tags (fixes #73)
 34 | * Fixed route tables with drg destination (fixes #80)
 35 | 
 36 | == v3.2.0 (January 19, 2022)
 37 | 
 38 | === New features
 39 | * Added Remote Peering Connection capability in DRG module (fixes #71)
 40 | 
 41 | == v3.1.0 (October 06, 2021)
 42 | 
 43 | === New features
 44 | * Added IPv6 support for VCN (fixes #62)
 45 | * Added capability to attach multiple vcn to a drg using the new drg sub-module
 46 | * Added optional DNS activation on VCN. `var.vcn_dns_label` is now also validated to be alphanumeric string that begins with a letter (fixes #66)
 47 | 
 48 | === Changes
 49 | * drg is refactored as an independent sub-module
 50 | * `var.vcn_name` is not a required input anymore for vcn module. Default value is set to `"vcn-module"`
 51 | * `var.vcn_dns_label` is not a required input anymore for vcn module. Default value is set to `"vcnmodule"`
 52 | 
 53 | === Deprecation notice
 54 | 
 55 | Creating a DRG directly from vcn module with `var.create_drg` is deprecated. Previous features related to `var.create_drg` remains unchanged and works as expected before:
 56 | 
 57 | * DRG provisioning and attachment features are moving to their own sub-module as part of the "DRG refactor" effort (#46)
 58 | * Any new feature related to DRG will be handled into the new vcn sub-module: `module/drg`
 59 | 
 60 | == v3.0.0 (September 03, 2021)
 61 | 
 62 | === Breaking changes
 63 | * Changed minimum Terraform version to 1.0.0 (fixes #49)
 64 | * removed `var.vcn_cidr` (string), use `var.vcn_cidrs` instead (list of strings: IPv4 CIDRs).
 65 | * renamed previous gateway-creation variable names. See **v2.2.0 deprecation notice** and codingconventions (fixes #24 and #54)
 66 | 
 67 | === New features
 68 | * Added support for local peering gateways (fixes #38)
 69 | * Added custom display name for gateways and drg attachment (fixes #30 and #44)
 70 | 
 71 | === Changes
 72 | * Added variable validation for gateway display names (fixes #56)
 73 | * `var.internet_gateway_route_rules` and `var.nat_gateway_route_rules` new type: `list(map(string))` instead of `list(object)` (backward compatible change)
 74 | 
 75 | === Fixes
 76 | * Fixed description for `var.local_peering_gateways` (fixes #51)
 77 | 
 78 | === Other minor changes
 79 | * Updated default tag values
 80 | * Updated all examples with new features and using Terraform Registry
 81 | 
 82 | == v2.3.0 (July 21, 2021)
 83 | 
 84 | === New features
 85 | * Added a new parameter to support reserved IP address for the NAT gateway (fixes #14)
 86 | 
 87 | == v2.2.0 (March 23, 2021)
 88 | 
 89 | === New features
 90 | * Added a new parameter to create a DRG and attach it to VCN (fixes #16)
 91 | * Added support for custom routing rules to provisioned route tables (fixes #17)
 92 | * Added new outputs for each provisioned resources: "all_attributes" outputs have full provider coverage and are auto-updating. (fixes #34)
 93 | * added `service_gateway_id` output
 94 | 
 95 | === Changes
 96 | * OCI provider minimum version to 4.0.0
 97 | * Module examples
 98 | ** Added Terraform minimum version to 0.13 and OCI provider minimum version to 4.0.0
 99 | ** Changed default label prefix to "terraform-oci"
100 | ** Added outputs for cli feedback
101 | ** Added a new example config for custom routing rules
102 | * Documentation update: coding conventions
103 | * Repo: default branch renamed from `master` to `main`
104 | 
105 | === Fixes
106 | * Update legacy (attributes only) splat syntax in outputs
107 | 
108 | === Deprecation notice
109 | 
110 | The folowwing variables will be renamed at the next major release of this module (related to issue #24):
111 | 
112 | * `var.internet_gateway_enabled` will be renamed to `var.create_internet_gateway`
113 | * `var.nat_gateway_enabled` will be renamed to `var.create_nat_gateway`
114 | * `var.service_gateway_enabled` will be renamed to `var.create_service_gateway`
115 | * `var.tags` will be renamed to `var.freeform_tags`
116 | 
117 | == v2.1.0 (February 03, 2021)
118 | 
119 | === New features
120 | * Added a new parameter to lockdown the VCN Default Security List and option to revert to original state (fixes #22)
121 | 
122 | === Changes
123 | * Update CONTRIBUTING guide
124 | * Fix typo on resource oci_core_internet_gateway.ig
125 | 
126 | == v2.0.1 (February 01,2021)
127 | 
128 | === Changes
129 | * Changed input region to be optional (fixes #18)
130 | 
131 | == v2.0.0 (November 26,2020)
132 | 
133 | === Changes
134 | * Added Terraform 0.13 compatibility
135 | * Changed Terraform minimum version to 0.13
136 | 
137 | == v1.0.3 (July 13,2020)
138 | 
139 | === New features
140 | * Added schema for Resource Manager ( #3)
141 | 
142 | === Changes
143 | * Made label_prefix is optional (#5)
144 | 
145 | == v1.0.2 (May 21,2020)
146 | 
147 | === Changes
148 | * Removed unnecessary variables (#2)
149 | * Updated docs on how to use this module from HashiCorp registry
150 | 
151 | == v1.0.1 (May 27,2020)
152 | 
153 | === Changes
154 | * Renamed freeform_tags to tags
155 | 
156 | == v1.0.0 (May 21,2020)
157 | 
158 | === Changes
159 | * First release after split from terraform-oci-base
160 | * Changed most variables to simple types
161 | * Internet gateway now optional
162 | * Updated docs
163 | 


--------------------------------------------------------------------------------
/CONTRIBUTING.adoc:
--------------------------------------------------------------------------------
 1 | = CONTRIBUTING
 2 | ifdef::env-github[]
 3 | :tip-caption: :bulb:
 4 | :note-caption: :information_source:
 5 | :important-caption: :heavy_exclamation_mark:
 6 | :caution-caption: :fire:
 7 | :warning-caption: :warning:
 8 | endif::[]
 9 | :toc:
10 | 
11 | :uri-oracle-oca: https://oca.opensource.oracle.com/
12 | 
13 | Oracle welcomes contributions to this repository from anyone.
14 | 
15 | If you want to submit a pull request to fix a bug or enhance an existing
16 | feature, please first open an issue and link to that issue when you
17 | submit your pull request.
18 | 
19 | If you have any questions about a possible submission, feel free to open
20 | an issue too.
21 | 
22 | == Coding conventions
23 | 
24 | Be sure to check xref:docs/codingconventions.adoc[the coding conventions] of this project before starting to develop.
25 | 
26 | == Required documentation updates
27 | 
28 | The documentation for your contribution is as valuable as the code you contribute.
29 | 
30 | Please ensure the documentation is updated to include any new feature, functionality or fix you contribute. Including documentation changes will make the contribution process far quicker and easier (and the maintainers will love you!).
31 | 
32 | You should ensure that your documentation changes include the following:
33 | 
34 | - Add an entry that explains your fix or enhancement to the list of unreleased items in xref:CHANGELOG.adoc[CHANGELOG]. The maintainers will move your entry to the appropriate version during the release process for that version.
35 | - If your contribution provision new resources, update the README introduction section
36 | - If your contribution adds any new variables, update xref:docs/terraformoptions.md[docs/terraformoptions] with the variable requirements
37 | - Add your GitHub handler to xref:CONTRIBUTORS.adoc[CONTRIBUTORS] under the *CONTRIBUTORS* section
38 | -
39 | - Don't forget how important the documentation is, especially for examples: we would love it if you updated the `main.tf` and `variables.tf` in the `examples/` folder. A simple example is fine.
40 | - You should also update the code examples in link:examples/README.md[examples/README]: it contains sample code blocks that probably needs to be updated to reflect your changes
41 | 
42 | *Notes:*
43 | 
44 | - We are evaluating options to auto-document as much as possible. Tables on xref:docs/terraformoptions.adoc[docs/terraformoptions] may be the first point will we address.
45 | - Any changes made to link:README.md[README.md] must be done in xref:README.adoc[README.adoc] and vice-versa. We are also evaluating how to reduce friction here.
46 | 
47 | == How to contribute to this repository
48 | 
49 | Pull requests can be made under
50 | {uri-oracle-oca}[The Oracle Contributor Agreement (OCA)].
51 | 
52 | For pull requests to be accepted, the bottom of your commit message must have
53 | the following line using your name and e-mail address as it appears in the
54 | OCA Signatories list.
55 | 
56 | ----
57 | Signed-off-by: Your Name <you@example.org>
58 | ----
59 | 
60 | This can be automatically added to pull requests by committing with:
61 | 
62 | ----
63 |   git commit --signoff
64 | ----
65 | 
66 | Only pull requests from committers that can be verified as having
67 | signed the OCA can be accepted.
68 | 
69 | === Pull request process
70 | 
71 | . Fork this repository
72 | . Create a branch in your fork to implement the changes. We recommend using
73 | the issue number as part of your branch name, e.g. `1234-fixes`
74 | . Ensure that any documentation is updated with the changes that are required
75 | by your fix.
76 | . Ensure that any samples are updated to reflect your new features.
77 | . Submit the pull request. *Do not leave the pull request blank*. Explain exactly
78 | what your changes are meant to do and provide simple steps on how to validate
79 | your changes. Ensure that you reference the issue you created as well.
80 | 
81 | We will assign the pull request to 2-3 people for review before it is merged. Please engage with the maintainer if there is a clarification request and change suggestion. Pull Request with no follow-up from the creator will be closed.
82 | 


--------------------------------------------------------------------------------
/CONTRIBUTORS.adoc:
--------------------------------------------------------------------------------
 1 | == GitHub userids of contributors
 2 | 
 3 | === Maintainers
 4 | 
 5 | _maintainers have admin access and can merge code to main_
 6 | 
 7 | - https://github.com/hyder[@hyder]
 8 | - https://github.com/snafuz[@snafuz]
 9 | 
10 | === CONTRIBUTORS
11 | 
12 | - https://github.com/karthicgit[@karthicgit]
13 | - https://github.com/difu[@difu]
14 | - https://github.com/kral2[@kral2]
15 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | Copyright (c) 2019, 2021 Oracle and/or its affiliates.
 2 | 
 3 | The Universal Permissive License (UPL), Version 1.0
 4 | 
 5 | Subject to the condition set forth below, permission is hereby granted to any
 6 | person obtaining a copy of this software, associated documentation and/or data
 7 | (collectively the "Software"), free of charge and under any and all copyright
 8 | rights in the Software, and any and all patent rights owned or freely
 9 | licensable by each licensor hereunder covering either (i) the unmodified
10 | Software as contributed to or provided by such licensor, or (ii) the Larger
11 | Works (as defined below), to deal in both
12 | 
13 | (a) the Software, and
14 | (b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
15 | one is included with the Software (each a "Larger Work" to which the Software
16 | is contributed by such licensors),
17 | 
18 | without restriction, including without limitation the rights to copy, create
19 | derivative works of, display, perform, and distribute the Software and make,
20 | use, sell, offer for sale, import, export, have made, and have sold the
21 | Software and the Larger Work(s), and to sublicense the foregoing rights on
22 | either these or other terms.
23 | 
24 | This license is subject to the following condition:
25 | The above copyright notice and either this complete permission notice or at
26 | a minimum a reference to the UPL must be included in all copies or
27 | substantial portions of the Software.
28 | 
29 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
30 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
31 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
32 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
33 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
34 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
35 | SOFTWARE.


--------------------------------------------------------------------------------
/README.adoc:
--------------------------------------------------------------------------------
 1 | = Terraform VCN for Oracle Cloud Infrastructure
 2 | 
 3 | :idprefix:
 4 | :idseparator: -
 5 | 
 6 | :uri-repo: https://github.com/oracle-terraform-modules/terraform-oci-vcn
 7 | 
 8 | :uri-rel-file-base: link:{uri-repo}/blob/main
 9 | :uri-rel-tree-base: link:{uri-repo}/tree/main
10 | 
11 | :uri-docs: {uri-rel-file-base}/docs
12 | 
13 | :uri-changelog: {uri-rel-file-base}/CHANGELOG.adoc
14 | 
15 | :uri-contribute: {uri-rel-file-base}/CONTRIBUTING.adoc
16 | :uri-contributors: {uri-rel-file-base}/CONTRIBUTORS.adoc
17 | 
18 | :uri-license: {uri-rel-file-base}/LICENSE
19 | :uri-canonical-license: https://oss.oracle.com/licenses/upl/
20 | :uri-networks-subnets-cidr: https://erikberg.com/notes/networks.html
21 | :uri-oci: https://cloud.oracle.com/cloud-infrastructure
22 | :uri-oci-documentation: https://docs.cloud.oracle.com/iaas/Content/home.htm
23 | :uri-oracle: https://www.oracle.com
24 | :uri-prereqs: {uri-docs}/prerequisites.adoc
25 | :uri-quickstart: {uri-docs}/quickstart.adoc
26 | :uri-reuse-module: {uri-rel-tree-base}/examples/
27 | :uri-rm: {uri-docs}/resourcemanager.adoc
28 | :uri-terraform: https://www.terraform.io
29 | :uri-terraform-hashicorp-examples: https://github.com/hashicorp/terraform-guides/tree/master/infrastructure-as-code/terraform-0.12-examples
30 | :uri-terraform-oci: https://www.terraform.io/docs/providers/oci/index.html
31 | :uri-terraform-options: {uri-docs}/terraformoptions.adoc
32 | :uri-terraform-oci-examples: https://github.com/terraform-providers/terraform-provider-oci/tree/master/examples
33 | 
34 | The {uri-repo}[Terraform VCN] for {uri-oci}[Oracle Cloud Infrastructure] (OCI) provides a reusable Terraform module that provisions a minimal VCN on OCI.
35 | 
36 | It creates the following resources:
37 | 
38 | * A VCN with one or more customizable CIDR blocks
39 | * An optional internet gateway and a route table
40 | * An optional NAT gateway and a route table
41 | * An optional service gateway
42 | * One or more optional Local Peering Gateways in requestor or acceptor mode, and possibilities to associate a Route Table
43 | 
44 | It also controls the Default Security List, with a *Lockdown mode* that can be enabled or disabled
45 | 
46 | Custom route rules can be added to the two route tables created by the module.
47 | 
48 | This module is primarily meant to be reusable to create more advanced infrastructure on {uri-oci}[OCI] either manually in the OCI Console or by extending the Terraform code.
49 | 
50 | == {uri-docs}[Documentation]
51 | 
52 | * {uri-prereqs}[Pre-requisites]
53 | 
54 | * Instructions
55 | ** {uri-quickstart}[Quickstart]
56 | ** {uri-rm}[Resource Manager]
57 | ** {uri-reuse-module}[Reusing as a Terraform module]
58 | * {uri-terraform-options}[Terraform Options]
59 | 
60 | == Related Documentation, Blog
61 | * {uri-oci-documentation}[Oracle Cloud Infrastructure Documentation]
62 | * {uri-terraform-oci}[Terraform OCI Provider Documentation]
63 | * {uri-networks-subnets-cidr}[Erik Berg on Networks, Subnets and CIDR]
64 | 
65 | == Projects using this module
66 | 
67 | == Changelog
68 | 
69 | View the {uri-changelog}[CHANGELOG].
70 | 
71 | == Acknowledgement
72 | 
73 | Code derived and adapted from {uri-terraform-oci-examples}[Terraform OCI Examples] and Hashicorp's {uri-terraform-hashicorp-examples}[Terraform 0.12 examples]
74 | 
75 | == Contributors
76 | 
77 | {uri-contributors}[Folks who contributed with explanations, code, feedback, ideas, testing etc.]
78 | 
79 | Learn how to {uri-contribute}[contribute].
80 | 
81 | == License
82 | 
83 | Copyright &copy; 2019, 2021, Oracle and/or its associates.
84 | 
85 | Licensed under the {uri-license}[Universal Permissive License 1.0] as shown at
86 | {uri-canonical-license}[https://oss.oracle.com/licenses/upl].
87 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Terraform VCN for Oracle Cloud Infrastructure
 2 | 
 3 | The [Terraform VCN][repo] for [Oracle Cloud Infrastructure][OCI] provides a reusable [Terraform][terraform] module that provisions a minimal VCN on OCI.
 4 | 
 5 | It creates the following resources:
 6 | 
 7 | * A VCN with one or more customizable CIDR blocks
 8 | * An optional internet gateway and a route table
 9 | * An optional NAT gateway
10 | * An optional service gateway
11 | * One or more optional Local Peering Gateways in requestor or acceptor mode, and possibilities to associate a Route Table
12 | 
13 | It also controls the Default Security List, with a *Lockdown mode* that can be enabled or disabled.
14 | 
15 | Custom route rules can be added to the two route tables created by the module.
16 | 
17 | This module is primarily meant to be reusable to create more advanced infrastructure on [OCI][OCI] either manually in the OCI Console or by extending the Terraform code.
18 | 
19 | ## [Documentation][docs]
20 | 
21 | ### [Pre-requisites][prerequisites]
22 | 
23 | #### Instructions
24 | 
25 | * [Quickstart][quickstart]
26 | * [Reusing as a Terraform module][reuse]
27 | * [Terraform Options][terraform_options]
28 | 
29 | ## Related Documentation, Blog
30 | 
31 | * [Oracle Cloud Infrastructure Documentation][oci_documentation]
32 | * [Terraform OCI Provider Documentation][terraform_oci]
33 | * [Erik Berg on Networks, Subnets and CIDR][subnets]
34 | 
35 | ## Projects using this module
36 | 
37 | ## Changelog
38 | 
39 | View the [CHANGELOG][changelog].
40 | 
41 | ## Acknowledgement
42 | 
43 | Code derived and adapted from [Terraform OCI Examples][terraform_oci_examples] and Hashicorp's [Terraform 0.12 examples][terraform_oci_examples]
44 | 
45 | ## Contributors
46 | 
47 | [Folks who contributed with explanations, code, feedback, ideas, testing etc.][contributors]
48 | 
49 | Learn how to [contribute][contributing].
50 | 
51 | ## License
52 | 
53 | Copyright (c) 2019, 2021 Oracle and/or its associates.
54 | 
55 | Licensed under the [Universal Permissive License 1.0][license] as shown at
56 | [https://oss.oracle.com/licenses/upl][canonical_license].
57 | 
58 | <!-- Links reference section -->
59 | [changelog]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/CHANGELOG.adoc
60 | [contributing]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/CONTRIBUTING.adoc
61 | [contributors]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/CONTRIBUTORS.adoc
62 | [docs]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/tree/main/docs
63 | 
64 | [license]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/LICENSE
65 | [canonical_license]: https://oss.oracle.com/licenses/upl/
66 | 
67 | [oci]: https://cloud.oracle.com/cloud-infrastructure
68 | [oci_documentation]: https://docs.cloud.oracle.com/iaas/Content/home.htm
69 | 
70 | [oracle]: https://www.oracle.com
71 | [prerequisites]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/docs/prerequisites.md
72 | 
73 | [quickstart]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/docs/quickstart.adoc
74 | [repo]: https://github.com/oracle/terraform-oci-vcn
75 | [reuse]: https://github.com/oracle/terraform-oci-vcn/examples/db
76 | [subnets]: https://erikberg.com/notes/networks.html
77 | [terraform]: https://www.terraform.io
78 | [terraform_hashircorp_examples]: https://github.com/hashicorp/terraform-guides/tree/master/infrastructure-as-code/terraform-0.12-examples
79 | [terraform_oci]: https://www.terraform.io/docs/providers/oci/index.html
80 | [terraform_options]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/docs/terraformoptions.md
81 | [terraform_oci_examples]: https://github.com/terraform-providers/terraform-provider-oci/tree/master/examples
82 | [terraform_oci_oke]: https://github.com/oracle-terraform-modules/terraform-oci-oke
83 | <!-- Links reference section -->


--------------------------------------------------------------------------------
/docs/book.toml:
--------------------------------------------------------------------------------
 1 | [book]
 2 | authors = ["The Terraform OCI VCN Module contributors"]
 3 | language = "en"
 4 | multilingual = false
 5 | src = "src"
 6 | title = "Terraform OCI VCN module"
 7 | 
 8 | [preprocessor.admonish]
 9 | command = "mdbook-admonish"
10 | assets_version = "2.0.0" # do not edit: managed by `mdbook-admonish install`
11 | 
12 | [output.html]
13 | curly-quotes = false
14 | git-repository-url = "https://github.com/oracle-terraform-modules/terraform-oci-vcn"
15 | additional-css = ["./src/css/mdbook-admonish.css", "././mdbook-admonish.css"]


--------------------------------------------------------------------------------
/docs/mdbook-admonish.css:
--------------------------------------------------------------------------------
  1 | @charset "UTF-8";
  2 | :root {
  3 |   --md-admonition-icon--note:
  4 |     url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-1.84 1.83 3.75 3.75M3 17.25V21h3.75L17.81 9.93l-3.75-3.75L3 17.25z'/></svg>");
  5 |   --md-admonition-icon--abstract:
  6 |     url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M17 9H7V7h10m0 6H7v-2h10m-3 6H7v-2h7M12 3a1 1 0 0 1 1 1 1 1 0 0 1-1 1 1 1 0 0 1-1-1 1 1 0 0 1 1-1m7 0h-4.18C14.4 1.84 13.3 1 12 1c-1.3 0-2.4.84-2.82 2H5a2 2 0 0 0-2 2v14a2 2 0 0 0 2 2h14a2 2 0 0 0 2-2V5a2 2 0 0 0-2-2z'/></svg>");
  7 |   --md-admonition-icon--info:
  8 |     url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M13 9h-2V7h2m0 10h-2v-6h2m-1-9A10 10 0 0 0 2 12a10 10 0 0 0 10 10 10 10 0 0 0 10-10A10 10 0 0 0 12 2z'/></svg>");
  9 |   --md-admonition-icon--tip:
 10 |     url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M17.66 11.2c-.23-.3-.51-.56-.77-.82-.67-.6-1.43-1.03-2.07-1.66C13.33 7.26 13 4.85 13.95 3c-.95.23-1.78.75-2.49 1.32-2.59 2.08-3.61 5.75-2.39 8.9.04.1.08.2.08.33 0 .22-.15.42-.35.5-.23.1-.47.04-.66-.12a.58.58 0 0 1-.14-.17c-1.13-1.43-1.31-3.48-.55-5.12C5.78 10 4.87 12.3 5 14.47c.06.5.12 1 .29 1.5.14.6.41 1.2.71 1.73 1.08 1.73 2.95 2.97 4.96 3.22 2.14.27 4.43-.12 6.07-1.6 1.83-1.66 2.47-4.32 1.53-6.6l-.13-.26c-.21-.46-.77-1.26-.77-1.26m-3.16 6.3c-.28.24-.74.5-1.1.6-1.12.4-2.24-.16-2.9-.82 1.19-.28 1.9-1.16 2.11-2.05.17-.8-.15-1.46-.28-2.23-.12-.74-.1-1.37.17-2.06.19.38.39.76.63 1.06.77 1 1.98 1.44 2.24 2.8.04.14.06.28.06.43.03.82-.33 1.72-.93 2.27z'/></svg>");
 11 |   --md-admonition-icon--success:
 12 |     url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='m9 20.42-6.21-6.21 2.83-2.83L9 14.77l9.88-9.89 2.83 2.83L9 20.42z'/></svg>");
 13 |   --md-admonition-icon--question:
 14 |     url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='m15.07 11.25-.9.92C13.45 12.89 13 13.5 13 15h-2v-.5c0-1.11.45-2.11 1.17-2.83l1.24-1.26c.37-.36.59-.86.59-1.41a2 2 0 0 0-2-2 2 2 0 0 0-2 2H8a4 4 0 0 1 4-4 4 4 0 0 1 4 4 3.2 3.2 0 0 1-.93 2.25M13 19h-2v-2h2M12 2A10 10 0 0 0 2 12a10 10 0 0 0 10 10 10 10 0 0 0 10-10c0-5.53-4.5-10-10-10z'/></svg>");
 15 |   --md-admonition-icon--warning:
 16 |     url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M13 14h-2V9h2m0 9h-2v-2h2M1 21h22L12 2 1 21z'/></svg>");
 17 |   --md-admonition-icon--failure:
 18 |     url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M20 6.91 17.09 4 12 9.09 6.91 4 4 6.91 9.09 12 4 17.09 6.91 20 12 14.91 17.09 20 20 17.09 14.91 12 20 6.91z'/></svg>");
 19 |   --md-admonition-icon--danger:
 20 |     url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M11 15H6l7-14v8h5l-7 14v-8z'/></svg>");
 21 |   --md-admonition-icon--bug:
 22 |     url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M14 12h-4v-2h4m0 6h-4v-2h4m6-6h-2.81a5.985 5.985 0 0 0-1.82-1.96L17 4.41 15.59 3l-2.17 2.17a6.002 6.002 0 0 0-2.83 0L8.41 3 7 4.41l1.62 1.63C7.88 6.55 7.26 7.22 6.81 8H4v2h2.09c-.05.33-.09.66-.09 1v1H4v2h2v1c0 .34.04.67.09 1H4v2h2.81c1.04 1.79 2.97 3 5.19 3s4.15-1.21 5.19-3H20v-2h-2.09c.05-.33.09-.66.09-1v-1h2v-2h-2v-1c0-.34-.04-.67-.09-1H20V8z'/></svg>");
 23 |   --md-admonition-icon--example:
 24 |     url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M7 13v-2h14v2H7m0 6v-2h14v2H7M7 7V5h14v2H7M3 8V5H2V4h2v4H3m-1 9v-1h3v4H2v-1h2v-.5H3v-1h1V17H2m2.25-7a.75.75 0 0 1 .75.75c0 .2-.08.39-.21.52L3.12 13H5v1H2v-.92L4 11H2v-1h2.25z'/></svg>");
 25 |   --md-admonition-icon--quote:
 26 |     url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M14 17h3l2-4V7h-6v6h3M6 17h3l2-4V7H5v6h3l-2 4z'/></svg>");
 27 |   --md-details-icon:
 28 |     url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M8.59 16.58 13.17 12 8.59 7.41 10 6l6 6-6 6-1.41-1.42Z'/></svg>");
 29 | }
 30 | 
 31 | :is(.admonition) {
 32 |   display: flow-root;
 33 |   margin: 1.5625em 0;
 34 |   padding: 0 1.2rem;
 35 |   color: var(--fg);
 36 |   page-break-inside: avoid;
 37 |   background-color: var(--bg);
 38 |   border: 0 solid black;
 39 |   border-inline-start-width: 0.4rem;
 40 |   border-radius: 0.2rem;
 41 |   box-shadow: 0 0.2rem 1rem rgba(0, 0, 0, 0.05), 0 0 0.1rem rgba(0, 0, 0, 0.1);
 42 | }
 43 | @media print {
 44 |   :is(.admonition) {
 45 |     box-shadow: none;
 46 |   }
 47 | }
 48 | :is(.admonition) > * {
 49 |   box-sizing: border-box;
 50 | }
 51 | :is(.admonition) :is(.admonition) {
 52 |   margin-top: 1em;
 53 |   margin-bottom: 1em;
 54 | }
 55 | :is(.admonition) > .tabbed-set:only-child {
 56 |   margin-top: 0;
 57 | }
 58 | html :is(.admonition) > :last-child {
 59 |   margin-bottom: 1.2rem;
 60 | }
 61 | 
 62 | a.admonition-anchor-link {
 63 |   display: none;
 64 |   position: absolute;
 65 |   left: -1.2rem;
 66 |   padding-right: 1rem;
 67 | }
 68 | a.admonition-anchor-link:link, a.admonition-anchor-link:visited {
 69 |   color: var(--fg);
 70 | }
 71 | a.admonition-anchor-link:link:hover, a.admonition-anchor-link:visited:hover {
 72 |   text-decoration: none;
 73 | }
 74 | a.admonition-anchor-link::before {
 75 |   content: "§";
 76 | }
 77 | 
 78 | :is(.admonition-title, summary) {
 79 |   position: relative;
 80 |   margin-block: 0;
 81 |   margin-inline: -1.6rem -1.2rem;
 82 |   padding-block: 0.8rem;
 83 |   padding-inline: 4.4rem 1.2rem;
 84 |   font-weight: 700;
 85 |   background-color: rgba(68, 138, 255, 0.1);
 86 |   display: flex;
 87 | }
 88 | :is(.admonition-title, summary) p {
 89 |   margin: 0;
 90 | }
 91 | html :is(.admonition-title, summary):last-child {
 92 |   margin-bottom: 0;
 93 | }
 94 | :is(.admonition-title, summary)::before {
 95 |   position: absolute;
 96 |   top: 0.625em;
 97 |   inset-inline-start: 1.6rem;
 98 |   width: 2rem;
 99 |   height: 2rem;
100 |   background-color: #448aff;
101 |   mask-image: url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"></svg>');
102 |   -webkit-mask-image: url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"></svg>');
103 |   mask-repeat: no-repeat;
104 |   -webkit-mask-repeat: no-repeat;
105 |   mask-size: contain;
106 |   -webkit-mask-size: contain;
107 |   content: "";
108 | }
109 | :is(.admonition-title, summary):hover a.admonition-anchor-link {
110 |   display: initial;
111 | }
112 | 
113 | details.admonition > summary.admonition-title::after {
114 |   position: absolute;
115 |   top: 0.625em;
116 |   inset-inline-end: 1.6rem;
117 |   height: 2rem;
118 |   width: 2rem;
119 |   background-color: currentcolor;
120 |   mask-image: var(--md-details-icon);
121 |   -webkit-mask-image: var(--md-details-icon);
122 |   mask-repeat: no-repeat;
123 |   -webkit-mask-repeat: no-repeat;
124 |   mask-size: contain;
125 |   -webkit-mask-size: contain;
126 |   content: "";
127 |   transform: rotate(0deg);
128 |   transition: transform 0.25s;
129 | }
130 | details[open].admonition > summary.admonition-title::after {
131 |   transform: rotate(90deg);
132 | }
133 | 
134 | :is(.admonition):is(.note) {
135 |   border-color: #448aff;
136 | }
137 | 
138 | :is(.note) > :is(.admonition-title, summary) {
139 |   background-color: rgba(68, 138, 255, 0.1);
140 | }
141 | :is(.note) > :is(.admonition-title, summary)::before {
142 |   background-color: #448aff;
143 |   mask-image: var(--md-admonition-icon--note);
144 |   -webkit-mask-image: var(--md-admonition-icon--note);
145 |   mask-repeat: no-repeat;
146 |   -webkit-mask-repeat: no-repeat;
147 |   mask-size: contain;
148 |   -webkit-mask-repeat: no-repeat;
149 | }
150 | 
151 | :is(.admonition):is(.abstract, .summary, .tldr) {
152 |   border-color: #00b0ff;
153 | }
154 | 
155 | :is(.abstract, .summary, .tldr) > :is(.admonition-title, summary) {
156 |   background-color: rgba(0, 176, 255, 0.1);
157 | }
158 | :is(.abstract, .summary, .tldr) > :is(.admonition-title, summary)::before {
159 |   background-color: #00b0ff;
160 |   mask-image: var(--md-admonition-icon--abstract);
161 |   -webkit-mask-image: var(--md-admonition-icon--abstract);
162 |   mask-repeat: no-repeat;
163 |   -webkit-mask-repeat: no-repeat;
164 |   mask-size: contain;
165 |   -webkit-mask-repeat: no-repeat;
166 | }
167 | 
168 | :is(.admonition):is(.info, .todo) {
169 |   border-color: #00b8d4;
170 | }
171 | 
172 | :is(.info, .todo) > :is(.admonition-title, summary) {
173 |   background-color: rgba(0, 184, 212, 0.1);
174 | }
175 | :is(.info, .todo) > :is(.admonition-title, summary)::before {
176 |   background-color: #00b8d4;
177 |   mask-image: var(--md-admonition-icon--info);
178 |   -webkit-mask-image: var(--md-admonition-icon--info);
179 |   mask-repeat: no-repeat;
180 |   -webkit-mask-repeat: no-repeat;
181 |   mask-size: contain;
182 |   -webkit-mask-repeat: no-repeat;
183 | }
184 | 
185 | :is(.admonition):is(.tip, .hint, .important) {
186 |   border-color: #00bfa5;
187 | }
188 | 
189 | :is(.tip, .hint, .important) > :is(.admonition-title, summary) {
190 |   background-color: rgba(0, 191, 165, 0.1);
191 | }
192 | :is(.tip, .hint, .important) > :is(.admonition-title, summary)::before {
193 |   background-color: #00bfa5;
194 |   mask-image: var(--md-admonition-icon--tip);
195 |   -webkit-mask-image: var(--md-admonition-icon--tip);
196 |   mask-repeat: no-repeat;
197 |   -webkit-mask-repeat: no-repeat;
198 |   mask-size: contain;
199 |   -webkit-mask-repeat: no-repeat;
200 | }
201 | 
202 | :is(.admonition):is(.success, .check, .done) {
203 |   border-color: #00c853;
204 | }
205 | 
206 | :is(.success, .check, .done) > :is(.admonition-title, summary) {
207 |   background-color: rgba(0, 200, 83, 0.1);
208 | }
209 | :is(.success, .check, .done) > :is(.admonition-title, summary)::before {
210 |   background-color: #00c853;
211 |   mask-image: var(--md-admonition-icon--success);
212 |   -webkit-mask-image: var(--md-admonition-icon--success);
213 |   mask-repeat: no-repeat;
214 |   -webkit-mask-repeat: no-repeat;
215 |   mask-size: contain;
216 |   -webkit-mask-repeat: no-repeat;
217 | }
218 | 
219 | :is(.admonition):is(.question, .help, .faq) {
220 |   border-color: #64dd17;
221 | }
222 | 
223 | :is(.question, .help, .faq) > :is(.admonition-title, summary) {
224 |   background-color: rgba(100, 221, 23, 0.1);
225 | }
226 | :is(.question, .help, .faq) > :is(.admonition-title, summary)::before {
227 |   background-color: #64dd17;
228 |   mask-image: var(--md-admonition-icon--question);
229 |   -webkit-mask-image: var(--md-admonition-icon--question);
230 |   mask-repeat: no-repeat;
231 |   -webkit-mask-repeat: no-repeat;
232 |   mask-size: contain;
233 |   -webkit-mask-repeat: no-repeat;
234 | }
235 | 
236 | :is(.admonition):is(.warning, .caution, .attention) {
237 |   border-color: #ff9100;
238 | }
239 | 
240 | :is(.warning, .caution, .attention) > :is(.admonition-title, summary) {
241 |   background-color: rgba(255, 145, 0, 0.1);
242 | }
243 | :is(.warning, .caution, .attention) > :is(.admonition-title, summary)::before {
244 |   background-color: #ff9100;
245 |   mask-image: var(--md-admonition-icon--warning);
246 |   -webkit-mask-image: var(--md-admonition-icon--warning);
247 |   mask-repeat: no-repeat;
248 |   -webkit-mask-repeat: no-repeat;
249 |   mask-size: contain;
250 |   -webkit-mask-repeat: no-repeat;
251 | }
252 | 
253 | :is(.admonition):is(.failure, .fail, .missing) {
254 |   border-color: #ff5252;
255 | }
256 | 
257 | :is(.failure, .fail, .missing) > :is(.admonition-title, summary) {
258 |   background-color: rgba(255, 82, 82, 0.1);
259 | }
260 | :is(.failure, .fail, .missing) > :is(.admonition-title, summary)::before {
261 |   background-color: #ff5252;
262 |   mask-image: var(--md-admonition-icon--failure);
263 |   -webkit-mask-image: var(--md-admonition-icon--failure);
264 |   mask-repeat: no-repeat;
265 |   -webkit-mask-repeat: no-repeat;
266 |   mask-size: contain;
267 |   -webkit-mask-repeat: no-repeat;
268 | }
269 | 
270 | :is(.admonition):is(.danger, .error) {
271 |   border-color: #ff1744;
272 | }
273 | 
274 | :is(.danger, .error) > :is(.admonition-title, summary) {
275 |   background-color: rgba(255, 23, 68, 0.1);
276 | }
277 | :is(.danger, .error) > :is(.admonition-title, summary)::before {
278 |   background-color: #ff1744;
279 |   mask-image: var(--md-admonition-icon--danger);
280 |   -webkit-mask-image: var(--md-admonition-icon--danger);
281 |   mask-repeat: no-repeat;
282 |   -webkit-mask-repeat: no-repeat;
283 |   mask-size: contain;
284 |   -webkit-mask-repeat: no-repeat;
285 | }
286 | 
287 | :is(.admonition):is(.bug) {
288 |   border-color: #f50057;
289 | }
290 | 
291 | :is(.bug) > :is(.admonition-title, summary) {
292 |   background-color: rgba(245, 0, 87, 0.1);
293 | }
294 | :is(.bug) > :is(.admonition-title, summary)::before {
295 |   background-color: #f50057;
296 |   mask-image: var(--md-admonition-icon--bug);
297 |   -webkit-mask-image: var(--md-admonition-icon--bug);
298 |   mask-repeat: no-repeat;
299 |   -webkit-mask-repeat: no-repeat;
300 |   mask-size: contain;
301 |   -webkit-mask-repeat: no-repeat;
302 | }
303 | 
304 | :is(.admonition):is(.example) {
305 |   border-color: #7c4dff;
306 | }
307 | 
308 | :is(.example) > :is(.admonition-title, summary) {
309 |   background-color: rgba(124, 77, 255, 0.1);
310 | }
311 | :is(.example) > :is(.admonition-title, summary)::before {
312 |   background-color: #7c4dff;
313 |   mask-image: var(--md-admonition-icon--example);
314 |   -webkit-mask-image: var(--md-admonition-icon--example);
315 |   mask-repeat: no-repeat;
316 |   -webkit-mask-repeat: no-repeat;
317 |   mask-size: contain;
318 |   -webkit-mask-repeat: no-repeat;
319 | }
320 | 
321 | :is(.admonition):is(.quote, .cite) {
322 |   border-color: #9e9e9e;
323 | }
324 | 
325 | :is(.quote, .cite) > :is(.admonition-title, summary) {
326 |   background-color: rgba(158, 158, 158, 0.1);
327 | }
328 | :is(.quote, .cite) > :is(.admonition-title, summary)::before {
329 |   background-color: #9e9e9e;
330 |   mask-image: var(--md-admonition-icon--quote);
331 |   -webkit-mask-image: var(--md-admonition-icon--quote);
332 |   mask-repeat: no-repeat;
333 |   -webkit-mask-repeat: no-repeat;
334 |   mask-size: contain;
335 |   -webkit-mask-repeat: no-repeat;
336 | }
337 | 
338 | .navy :is(.admonition) {
339 |   background-color: var(--sidebar-bg);
340 | }
341 | 
342 | .ayu :is(.admonition), .coal :is(.admonition) {
343 |   background-color: var(--theme-hover);
344 | }
345 | 
346 | .rust :is(.admonition) {
347 |   background-color: var(--sidebar-bg);
348 |   color: var(--sidebar-fg);
349 | }
350 | .rust .admonition-anchor-link:link, .rust .admonition-anchor-link:visited {
351 |   color: var(--sidebar-fg);
352 | }


--------------------------------------------------------------------------------
/docs/prerequisites.adoc:
--------------------------------------------------------------------------------
 1 | ## Pre-requisites
 2 | 
 3 | 1. Local development tools: [Git][uri-git], [Terraform][uri-terraform], a terminal.
 4 | 2. Understanding of Oracle Cloud Infrastructure (OCI) and its services, in particular the Virtual Cloud Networking (VCN) service.
 5 | 
 6 | ### Generate and upload your OCI API keys
 7 | 
 8 | Follow the documentation for [generating and uploading your API keys][uri-oci-keys].
 9 | 
10 | Note the key fingerprint.
11 | 
12 | ### Create an OCI compartment
13 | 
14 | Follow the documentation for [creating a compartment][uri-oci-compartment].
15 | 
16 | ### Obtain the necessary OCIDs
17 | 
18 | The following OCIDs are required:
19 | 
20 | 1. Compartment OCID
21 | 2. Tenancy OCID
22 | 3. User OCID
23 | 
24 | Follow the documentation for [obtaining the tenancy and user OCIDs][uri-oci-ocids].
25 | 
26 | To obtain the compartment OCID:
27 | 
28 | 1. Navigate to Identity > Compartments
29 | 2. Click on your Compartment
30 | 3. Locate OCID on the page and click on `Copy`
31 | 
32 | ### Configuring Policies
33 | 
34 | 1. Create a group (e.g. mygroup) and add a user to the group.
35 | 
36 | 2. Create a policy:
37 | 
38 | `Allow group mygroup to manage virtual-network-family in compartment id  ocid1.compartment.oc1..aaa `
39 | 
40 | [uri-oci-compartment]: https://docs.cloud.oracle.com/iaas/Content/Identity/Tasks/managingcompartments.htm#two
41 | [uri-oci-keys]: https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm#two
42 | [uri-oci-ocids]: https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm#five
43 | 
44 | [uri-git]: https://git-scm.com/
45 | [uri-terraform]: https://www.terraform.io


--------------------------------------------------------------------------------
/docs/prerequisites.md:
--------------------------------------------------------------------------------
 1 | ## Pre-requisites
 2 | 
 3 | 1. Local development tools: [Git][uri-git], [Terraform][uri-terraform], a terminal.
 4 | 2. Understanding of Oracle Cloud Infrastructure (OCI) and its services, in particular the Virtual Cloud Networking (VCN) service.
 5 | 
 6 | ### Generate and upload your OCI API keys
 7 | 
 8 | Follow the documentation for [generating and uploading your API keys][uri-oci-keys].
 9 | 
10 | Note the key fingerprint.
11 | 
12 | ### Create an OCI compartment
13 | 
14 | Follow the documentation for [creating a compartment][uri-oci-compartment].
15 | 
16 | ### Obtain the necessary OCIDs
17 | 
18 | The following OCIDs are required:
19 | 
20 | 1. Compartment OCID
21 | 2. Tenancy OCID
22 | 3. User OCID
23 | 
24 | Follow the documentation for [obtaining the tenancy and user OCIDs][uri-oci-ocids].
25 | 
26 | To obtain the compartment OCID:
27 | 
28 | 1. Navigate to Identity > Compartments
29 | 2. Click on your Compartment
30 | 3. Locate OCID on the page and click on `Copy`
31 | 
32 | ### Configuring Policies
33 | 
34 | 1. Create a group (e.g. mygroup) and add a user to the group.
35 | 
36 | 2. Create a policy:
37 | 
38 | `Allow group mygroup to manage virtual-network-family in compartment id  ocid1.compartment.oc1..aaa `
39 | 
40 | [uri-oci-compartment]: https://docs.cloud.oracle.com/iaas/Content/Identity/Tasks/managingcompartments.htm#two
41 | [uri-oci-keys]: https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm#two
42 | [uri-oci-ocids]: https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm#five
43 | 
44 | [uri-git]: https://git-scm.com/
45 | [uri-terraform]: https://www.terraform.io


--------------------------------------------------------------------------------
/docs/resourcemanager.adoc:
--------------------------------------------------------------------------------
 1 | ## Using Resource Manager
 2 | 
 3 | [uri-rm-overview]: https://docs.cloud.oracle.com/en-us/iaas/Content/ResourceManager/Concepts/resourcemanager.htm
 4 | [uri-rm-stack]: https://docs.cloud.oracle.com/en-us/iaas/Content/ResourceManager/Tasks/managingstacksandjobs.htm
 5 | 
 6 | 
 7 | - [Overview][uri-rm-overview]
 8 | - [Create Stack][uri-rm-stack]
 9 | - Step by Step Instructions
10 | 
11 | 
12 | ```
13 | git clone https://github.com/oracle-terraform-modules/terraform-oci-vcn.git
14 | zip terraform-oci-vcn.zip *.tf schema.yaml -x main.tf
15 | ```
16 | 
17 | 1. ![Create Stack](./images/createstack.png)
18 | 
19 | 2. Upload zip file:
20 | ![Upload zip file](./images/uploadzip.png)
21 | 
22 | 
23 | 3. Configure variables as per your needs:
24 | ![Upload zip file](./images/variables1.png)
25 | 
26 | 4. Check the relevant boxes if you need gateways:
27 | ![Upload zip file](./images/variables2.png)
28 | 
29 | 5. Review your stack:
30 | ![Upload zip file](./images/review.png)
31 | 
32 | 6. Run Terraform plan and apply:
33 | ![Upload zip file](./images/tfplan.png)
34 | 
35 | 7. Check the logs:
36 | ![Upload zip file](./images/planlogs.png)
37 | 
38 | 


--------------------------------------------------------------------------------
/docs/resourcemanager.md:
--------------------------------------------------------------------------------
 1 | ## Using Resource Manager
 2 | 
 3 | [uri-rm-overview]: https://docs.cloud.oracle.com/en-us/iaas/Content/ResourceManager/Concepts/resourcemanager.htm
 4 | [uri-rm-stack]: https://docs.cloud.oracle.com/en-us/iaas/Content/ResourceManager/Tasks/managingstacksandjobs.htm
 5 | 
 6 | 
 7 | - [Overview][uri-rm-overview]
 8 | - [Create Stack][uri-rm-stack]
 9 | - Step by Step Instructions
10 | 
11 | 
12 | ```
13 | git clone https://github.com/oracle-terraform-modules/terraform-oci-vcn.git
14 | zip terraform-oci-vcn.zip *.tf schema.yaml -x main.tf
15 | ```
16 | 
17 | 1. ![Create Stack](./images/createstack.png)
18 | 
19 | 2. Upload zip file:
20 | ![Upload zip file](./images/uploadzip.png)
21 | 
22 | 
23 | 3. Configure variables as per your needs:
24 | ![Upload zip file](./images/variables1.png)
25 | 
26 | 4. Check the relevant boxes if you need gateways:
27 | ![Upload zip file](./images/variables2.png)
28 | 
29 | 5. Review your stack:
30 | ![Upload zip file](./images/review.png)
31 | 
32 | 6. Run Terraform plan and apply:
33 | ![Upload zip file](./images/tfplan.png)
34 | 
35 | 7. Check the logs:
36 | ![Upload zip file](./images/planlogs.png)
37 | 
38 | 


--------------------------------------------------------------------------------
/docs/src/SUMMARY.md:
--------------------------------------------------------------------------------
 1 | # Summary
 2 | 
 3 | - [Introduction](./introduction.md)
 4 | - [Pre-requisites](./prerequisites.md)
 5 | - [User Guide](./ug/userguide.md)
 6 |   - [Creating a Virtual Cloud Network](./ug/createvcn.md)
 7 |   - [Reusing as a Terraform module](./ug/reusemodule.md)
 8 |   - [Virtual Cloud Network Gateways](././ug/gateways.md)
 9 |   - [Configuring routing rules](./ug/routerules.md)
10 |   - [Using Resource Manager](./ug/resourcemanager.md)
11 | - [Terraform Options](./terraformoptions.md)
12 | 


--------------------------------------------------------------------------------
/docs/src/css/general.css:
--------------------------------------------------------------------------------
  1 | /* Base styles and content styles */
  2 | 
  3 | @import 'variables.css';
  4 | 
  5 | :root {
  6 |     /* Browser default font-size is 16px, this way 1 rem = 10px */
  7 |     font-size: 62.5%;
  8 | }
  9 | 
 10 | html {
 11 |     font-family: "Open Sans", sans-serif;
 12 |     color: var(--fg);
 13 |     background-color: var(--bg);
 14 |     text-size-adjust: none;
 15 |     -webkit-text-size-adjust: none;
 16 | }
 17 | 
 18 | body {
 19 |     margin: 0;
 20 |     font-size: 1.5rem;
 21 |     overflow-x: hidden;
 22 | }
 23 | 
 24 | code {
 25 |     font-family: var(--mono-font) !important;
 26 |     font-size: var(--code-font-size);
 27 | }
 28 | 
 29 | /* make long words/inline code not x overflow */
 30 | main {
 31 |     overflow-wrap: break-word;
 32 | }
 33 | 
 34 | /* make wide tables scroll if they overflow */
 35 | .table-wrapper {
 36 |     overflow-x: auto;    
 37 | }
 38 | 
 39 | /* Don't change font size in headers. */
 40 | h1 code, h2 code, h3 code, h4 code, h5 code, h6 code {
 41 |     font-size: unset;
 42 | }
 43 | 
 44 | .left { float: left; }
 45 | .right { float: right; }
 46 | .boring { opacity: 0.6; }
 47 | .hide-boring .boring { display: none; }
 48 | .hidden { display: none !important; }
 49 | 
 50 | h2, h3 { margin-top: 2.5em; }
 51 | h4, h5 { margin-top: 2em; }
 52 | 
 53 | .header + .header h3,
 54 | .header + .header h4,
 55 | .header + .header h5 {
 56 |     margin-top: 1em;
 57 | }
 58 | 
 59 | h1:target::before,
 60 | h2:target::before,
 61 | h3:target::before,
 62 | h4:target::before,
 63 | h5:target::before,
 64 | h6:target::before {
 65 |     display: inline-block;
 66 |     content: "»";
 67 |     margin-left: -30px;
 68 |     width: 30px;
 69 | }
 70 | 
 71 | /* This is broken on Safari as of version 14, but is fixed
 72 |    in Safari Technology Preview 117 which I think will be Safari 14.2.
 73 |    https://bugs.webkit.org/show_bug.cgi?id=218076
 74 | */
 75 | :target {
 76 |     scroll-margin-top: calc(var(--menu-bar-height) + 0.5em);
 77 | }
 78 | 
 79 | .page {
 80 |     outline: 0;
 81 |     padding: 0 var(--page-padding);
 82 |     margin-top: calc(0px - var(--menu-bar-height)); /* Compensate for the #menu-bar-hover-placeholder */
 83 | }
 84 | .page-wrapper {
 85 |     box-sizing: border-box;
 86 | }
 87 | .js:not(.sidebar-resizing) .page-wrapper {
 88 |     transition: margin-left 0.3s ease, transform 0.3s ease; /* Animation: slide away */
 89 | }
 90 | 
 91 | .content {
 92 |     overflow-y: auto;
 93 |     padding: 0 5px 50px 5px;
 94 | }
 95 | .content main {
 96 |     margin-left: auto;
 97 |     margin-right: auto;
 98 |     min-width: 90%;
 99 |     max-width: 90%;    
100 | }
101 | .content p { line-height: 1.45em; }
102 | .content ol { line-height: 1.45em; }
103 | .content ul { line-height: 1.45em; }
104 | .content a { text-decoration: none; }
105 | .content a:hover { text-decoration: underline; }
106 | .content img, .content video { max-width: 100%; }
107 | .content .header:link,
108 | .content .header:visited {
109 |     color: var(--fg);
110 | }
111 | .content .header:link,
112 | .content .header:visited:hover {
113 |     text-decoration: none;
114 | }
115 | 
116 | table {
117 |     margin: 0 auto;
118 |     border-collapse: collapse;
119 |     min-width: 90%;
120 |     max-width: 90%;    
121 | }
122 | table td {
123 |     padding: 20px 20px;
124 |     border: 1px var(--table-border-color) solid;
125 | }
126 | table thead {
127 |     background: var(--table-header-bg);
128 | }
129 | table thead td {
130 |     font-weight: 700;
131 |     border: none;
132 | }
133 | table thead th {
134 |     padding: 3px 20px;
135 | }
136 | table thead tr {
137 |     border: 1px var(--table-header-bg) solid;
138 | }
139 | /* Alternate background colors for rows */
140 | table tbody tr:nth-child(2n) {
141 |     background: var(--table-alternate-bg);
142 | }
143 | 
144 | 
145 | blockquote {
146 |     margin: 20px 0;
147 |     padding: 0 20px;
148 |     color: var(--fg);
149 |     background-color: var(--quote-bg);
150 |     border-top: .1em solid var(--quote-border);
151 |     border-bottom: .1em solid var(--quote-border);
152 | }
153 | 
154 | kbd {
155 |     background-color: var(--table-border-color);
156 |     border-radius: 4px;
157 |     border: solid 1px var(--theme-popup-border);
158 |     box-shadow: inset 0 -1px 0 var(--theme-hover);
159 |     display: inline-block;
160 |     font-size: var(--code-font-size);
161 |     font-family: var(--mono-font);
162 |     line-height: 10px;
163 |     padding: 4px 5px;
164 |     vertical-align: middle;
165 | }
166 | 
167 | :not(.footnote-definition) + .footnote-definition,
168 | .footnote-definition + :not(.footnote-definition) {
169 |     margin-top: 2em;
170 | }
171 | .footnote-definition {
172 |     font-size: 0.9em;
173 |     margin: 0.5em 0;
174 | }
175 | .footnote-definition p {
176 |     display: inline;
177 | }
178 | 
179 | .tooltiptext {
180 |     position: absolute;
181 |     visibility: hidden;
182 |     color: #fff;
183 |     background-color: #333;
184 |     transform: translateX(-50%); /* Center by moving tooltip 50% of its width left */
185 |     left: -8px; /* Half of the width of the icon */
186 |     top: -35px;
187 |     font-size: 0.8em;
188 |     text-align: center;
189 |     border-radius: 6px;
190 |     padding: 5px 8px;
191 |     margin: 5px;
192 |     z-index: 1000;
193 | }
194 | .tooltipped .tooltiptext {
195 |     visibility: visible;
196 | }
197 | 
198 | .chapter li.part-title {
199 |     color: var(--sidebar-fg);
200 |     margin: 5px 0px;
201 |     font-weight: bold;
202 | }
203 | 
204 | .result-no-output {
205 |     font-style: italic;
206 | }
207 | 


--------------------------------------------------------------------------------
/docs/src/css/mdbook-admonish.css:
--------------------------------------------------------------------------------
  1 | :root {
  2 |     --md-admonition-icon--note:
  3 |       url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-1.84 1.83 3.75 3.75M3 17.25V21h3.75L17.81 9.93l-3.75-3.75L3 17.25z'/></svg>");
  4 |     --md-admonition-icon--abstract:
  5 |       url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M17 9H7V7h10m0 6H7v-2h10m-3 6H7v-2h7M12 3a1 1 0 0 1 1 1 1 1 0 0 1-1 1 1 1 0 0 1-1-1 1 1 0 0 1 1-1m7 0h-4.18C14.4 1.84 13.3 1 12 1c-1.3 0-2.4.84-2.82 2H5a2 2 0 0 0-2 2v14a2 2 0 0 0 2 2h14a2 2 0 0 0 2-2V5a2 2 0 0 0-2-2z'/></svg>");
  6 |     --md-admonition-icon--info:
  7 |       url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M13 9h-2V7h2m0 10h-2v-6h2m-1-9A10 10 0 0 0 2 12a10 10 0 0 0 10 10 10 10 0 0 0 10-10A10 10 0 0 0 12 2z'/></svg>");
  8 |     --md-admonition-icon--tip:
  9 |       url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M17.66 11.2c-.23-.3-.51-.56-.77-.82-.67-.6-1.43-1.03-2.07-1.66C13.33 7.26 13 4.85 13.95 3c-.95.23-1.78.75-2.49 1.32-2.59 2.08-3.61 5.75-2.39 8.9.04.1.08.2.08.33 0 .22-.15.42-.35.5-.23.1-.47.04-.66-.12a.58.58 0 0 1-.14-.17c-1.13-1.43-1.31-3.48-.55-5.12C5.78 10 4.87 12.3 5 14.47c.06.5.12 1 .29 1.5.14.6.41 1.2.71 1.73 1.08 1.73 2.95 2.97 4.96 3.22 2.14.27 4.43-.12 6.07-1.6 1.83-1.66 2.47-4.32 1.53-6.6l-.13-.26c-.21-.46-.77-1.26-.77-1.26m-3.16 6.3c-.28.24-.74.5-1.1.6-1.12.4-2.24-.16-2.9-.82 1.19-.28 1.9-1.16 2.11-2.05.17-.8-.15-1.46-.28-2.23-.12-.74-.1-1.37.17-2.06.19.38.39.76.63 1.06.77 1 1.98 1.44 2.24 2.8.04.14.06.28.06.43.03.82-.33 1.72-.93 2.27z'/></svg>");
 10 |     --md-admonition-icon--success:
 11 |       url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='m9 20.42-6.21-6.21 2.83-2.83L9 14.77l9.88-9.89 2.83 2.83L9 20.42z'/></svg>");
 12 |     --md-admonition-icon--question:
 13 |       url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='m15.07 11.25-.9.92C13.45 12.89 13 13.5 13 15h-2v-.5c0-1.11.45-2.11 1.17-2.83l1.24-1.26c.37-.36.59-.86.59-1.41a2 2 0 0 0-2-2 2 2 0 0 0-2 2H8a4 4 0 0 1 4-4 4 4 0 0 1 4 4 3.2 3.2 0 0 1-.93 2.25M13 19h-2v-2h2M12 2A10 10 0 0 0 2 12a10 10 0 0 0 10 10 10 10 0 0 0 10-10c0-5.53-4.5-10-10-10z'/></svg>");
 14 |     --md-admonition-icon--warning:
 15 |       url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M13 14h-2V9h2m0 9h-2v-2h2M1 21h22L12 2 1 21z'/></svg>");
 16 |     --md-admonition-icon--failure:
 17 |       url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M20 6.91 17.09 4 12 9.09 6.91 4 4 6.91 9.09 12 4 17.09 6.91 20 12 14.91 17.09 20 20 17.09 14.91 12 20 6.91z'/></svg>");
 18 |     --md-admonition-icon--danger:
 19 |       url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M11 15H6l7-14v8h5l-7 14v-8z'/></svg>");
 20 |     --md-admonition-icon--bug:
 21 |       url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M14 12h-4v-2h4m0 6h-4v-2h4m6-6h-2.81a5.985 5.985 0 0 0-1.82-1.96L17 4.41 15.59 3l-2.17 2.17a6.002 6.002 0 0 0-2.83 0L8.41 3 7 4.41l1.62 1.63C7.88 6.55 7.26 7.22 6.81 8H4v2h2.09c-.05.33-.09.66-.09 1v1H4v2h2v1c0 .34.04.67.09 1H4v2h2.81c1.04 1.79 2.97 3 5.19 3s4.15-1.21 5.19-3H20v-2h-2.09c.05-.33.09-.66.09-1v-1h2v-2h-2v-1c0-.34-.04-.67-.09-1H20V8z'/></svg>");
 22 |     --md-admonition-icon--example:
 23 |       url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M7 13v-2h14v2H7m0 6v-2h14v2H7M7 7V5h14v2H7M3 8V5H2V4h2v4H3m-1 9v-1h3v4H2v-1h2v-.5H3v-1h1V17H2m2.25-7a.75.75 0 0 1 .75.75c0 .2-.08.39-.21.52L3.12 13H5v1H2v-.92L4 11H2v-1h2.25z'/></svg>");
 24 |     --md-admonition-icon--quote:
 25 |       url("data:image/svg+xml;charset=utf-8,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 24 24'><path d='M14 17h3l2-4V7h-6v6h3M6 17h3l2-4V7H5v6h3l-2 4z'/></svg>");
 26 |   }
 27 |   
 28 |   :is(.admonition) {
 29 |     display: flow-root;
 30 |     margin: 1.5625em 0;
 31 |     padding: 0 1.2rem;
 32 |     color: var(--fg);
 33 |     page-break-inside: avoid;
 34 |     background-color: var(--bg);
 35 |     border: 0 solid black;
 36 |     border-inline-start-width: 0.4rem;
 37 |     border-radius: 0.2rem;
 38 |     box-shadow: 0 0.2rem 1rem rgba(0, 0, 0, 0.05), 0 0 0.1rem rgba(0, 0, 0, 0.1);
 39 |   }
 40 |   @media print {
 41 |     :is(.admonition) {
 42 |       box-shadow: none;
 43 |     }
 44 |   }
 45 |   :is(.admonition) > * {
 46 |     box-sizing: border-box;
 47 |   }
 48 |   :is(.admonition) :is(.admonition) {
 49 |     margin-top: 1em;
 50 |     margin-bottom: 1em;
 51 |   }
 52 |   :is(.admonition) > .tabbed-set:only-child {
 53 |     margin-top: 0;
 54 |   }
 55 |   html :is(.admonition) > :last-child {
 56 |     margin-bottom: 1.2rem;
 57 |   }
 58 |   
 59 |   :is(.admonition-title, summary) {
 60 |     position: relative;
 61 |     margin-block: 0;
 62 |     margin-inline: -1.6rem -1.2rem;
 63 |     padding-block: 0.8rem;
 64 |     padding-inline: 4rem 1.2rem;
 65 |     font-weight: 700;
 66 |     background-color: rgba(68, 138, 255, 0.1);
 67 |     border: 0 solid #448aff;
 68 |     border-inline-start-width: 0.4rem;
 69 |     border-start-start-radius: 0.2rem;
 70 |     display: flex;
 71 |   }
 72 |   :is(.admonition-title, summary) > p {
 73 |     margin: 0;
 74 |   }
 75 |   html :is(.admonition-title, summary):last-child {
 76 |     margin-bottom: 0;
 77 |   }
 78 |   :is(.admonition-title, summary)::before {
 79 |     position: absolute;
 80 |     top: 0.625em;
 81 |     inset-inline-start: 1.2rem;
 82 |     width: 2rem;
 83 |     height: 2rem;
 84 |     background-color: #448aff;
 85 |     mask-image: url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"></svg>');
 86 |     -webkit-mask-image: url('data:image/svg+xml;charset=utf-8,<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"></svg>');
 87 |     mask-repeat: no-repeat;
 88 |     -webkit-mask-repeat: no-repeat;
 89 |     mask-size: contain;
 90 |     -webkit-mask-size: contain;
 91 |     content: "";
 92 |   }
 93 |   
 94 |   :is(.admonition):is(.note) {
 95 |     border-color: #448aff;
 96 |   }
 97 |   
 98 |   :is(.note) > :is(.admonition-title, summary) {
 99 |     background-color: rgba(68, 138, 255, 0.1);
100 |     border-color: #448aff;
101 |   }
102 |   :is(.note) > :is(.admonition-title, summary)::before {
103 |     background-color: #448aff;
104 |     mask-image: var(--md-admonition-icon--note);
105 |     -webkit-mask-image: var(--md-admonition-icon--note);
106 |     mask-repeat: no-repeat;
107 |     -webkit-mask-repeat: no-repeat;
108 |     mask-size: contain;
109 |     -webkit-mask-repeat: no-repeat;
110 |   }
111 |   
112 |   :is(.admonition):is(.abstract, .summary, .tldr) {
113 |     border-color: #00b0ff;
114 |   }
115 |   
116 |   :is(.abstract, .summary, .tldr) > :is(.admonition-title, summary) {
117 |     background-color: rgba(0, 176, 255, 0.1);
118 |     border-color: #00b0ff;
119 |   }
120 |   :is(.abstract, .summary, .tldr) > :is(.admonition-title, summary)::before {
121 |     background-color: #00b0ff;
122 |     mask-image: var(--md-admonition-icon--abstract);
123 |     -webkit-mask-image: var(--md-admonition-icon--abstract);
124 |     mask-repeat: no-repeat;
125 |     -webkit-mask-repeat: no-repeat;
126 |     mask-size: contain;
127 |     -webkit-mask-repeat: no-repeat;
128 |   }
129 |   
130 |   :is(.admonition):is(.info, .todo) {
131 |     border-color: #00b8d4;
132 |   }
133 |   
134 |   :is(.info, .todo) > :is(.admonition-title, summary) {
135 |     background-color: rgba(0, 184, 212, 0.1);
136 |     border-color: #00b8d4;
137 |   }
138 |   :is(.info, .todo) > :is(.admonition-title, summary)::before {
139 |     background-color: #00b8d4;
140 |     mask-image: var(--md-admonition-icon--info);
141 |     -webkit-mask-image: var(--md-admonition-icon--info);
142 |     mask-repeat: no-repeat;
143 |     -webkit-mask-repeat: no-repeat;
144 |     mask-size: contain;
145 |     -webkit-mask-repeat: no-repeat;
146 |   }
147 |   
148 |   :is(.admonition):is(.tip, .hint, .important) {
149 |     border-color: #00bfa5;
150 |   }
151 |   
152 |   :is(.tip, .hint, .important) > :is(.admonition-title, summary) {
153 |     background-color: rgba(0, 191, 165, 0.1);
154 |     border-color: #00bfa5;
155 |   }
156 |   :is(.tip, .hint, .important) > :is(.admonition-title, summary)::before {
157 |     background-color: #00bfa5;
158 |     mask-image: var(--md-admonition-icon--tip);
159 |     -webkit-mask-image: var(--md-admonition-icon--tip);
160 |     mask-repeat: no-repeat;
161 |     -webkit-mask-repeat: no-repeat;
162 |     mask-size: contain;
163 |     -webkit-mask-repeat: no-repeat;
164 |   }
165 |   
166 |   :is(.admonition):is(.success, .check, .done) {
167 |     border-color: #00c853;
168 |   }
169 |   
170 |   :is(.success, .check, .done) > :is(.admonition-title, summary) {
171 |     background-color: rgba(0, 200, 83, 0.1);
172 |     border-color: #00c853;
173 |   }
174 |   :is(.success, .check, .done) > :is(.admonition-title, summary)::before {
175 |     background-color: #00c853;
176 |     mask-image: var(--md-admonition-icon--success);
177 |     -webkit-mask-image: var(--md-admonition-icon--success);
178 |     mask-repeat: no-repeat;
179 |     -webkit-mask-repeat: no-repeat;
180 |     mask-size: contain;
181 |     -webkit-mask-repeat: no-repeat;
182 |   }
183 |   
184 |   :is(.admonition):is(.question, .help, .faq) {
185 |     border-color: #64dd17;
186 |   }
187 |   
188 |   :is(.question, .help, .faq) > :is(.admonition-title, summary) {
189 |     background-color: rgba(100, 221, 23, 0.1);
190 |     border-color: #64dd17;
191 |   }
192 |   :is(.question, .help, .faq) > :is(.admonition-title, summary)::before {
193 |     background-color: #64dd17;
194 |     mask-image: var(--md-admonition-icon--question);
195 |     -webkit-mask-image: var(--md-admonition-icon--question);
196 |     mask-repeat: no-repeat;
197 |     -webkit-mask-repeat: no-repeat;
198 |     mask-size: contain;
199 |     -webkit-mask-repeat: no-repeat;
200 |   }
201 |   
202 |   :is(.admonition):is(.warning, .caution, .attention) {
203 |     border-color: #ff9100;
204 |   }
205 |   
206 |   :is(.warning, .caution, .attention) > :is(.admonition-title, summary) {
207 |     background-color: rgba(255, 145, 0, 0.1);
208 |     border-color: #ff9100;
209 |   }
210 |   :is(.warning, .caution, .attention) > :is(.admonition-title, summary)::before {
211 |     background-color: #ff9100;
212 |     mask-image: var(--md-admonition-icon--warning);
213 |     -webkit-mask-image: var(--md-admonition-icon--warning);
214 |     mask-repeat: no-repeat;
215 |     -webkit-mask-repeat: no-repeat;
216 |     mask-size: contain;
217 |     -webkit-mask-repeat: no-repeat;
218 |   }
219 |   
220 |   :is(.admonition):is(.failure, .fail, .missing) {
221 |     border-color: #ff5252;
222 |   }
223 |   
224 |   :is(.failure, .fail, .missing) > :is(.admonition-title, summary) {
225 |     background-color: rgba(255, 82, 82, 0.1);
226 |     border-color: #ff5252;
227 |   }
228 |   :is(.failure, .fail, .missing) > :is(.admonition-title, summary)::before {
229 |     background-color: #ff5252;
230 |     mask-image: var(--md-admonition-icon--failure);
231 |     -webkit-mask-image: var(--md-admonition-icon--failure);
232 |     mask-repeat: no-repeat;
233 |     -webkit-mask-repeat: no-repeat;
234 |     mask-size: contain;
235 |     -webkit-mask-repeat: no-repeat;
236 |   }
237 |   
238 |   :is(.admonition):is(.danger, .error) {
239 |     border-color: #ff1744;
240 |   }
241 |   
242 |   :is(.danger, .error) > :is(.admonition-title, summary) {
243 |     background-color: rgba(255, 23, 68, 0.1);
244 |     border-color: #ff1744;
245 |   }
246 |   :is(.danger, .error) > :is(.admonition-title, summary)::before {
247 |     background-color: #ff1744;
248 |     mask-image: var(--md-admonition-icon--danger);
249 |     -webkit-mask-image: var(--md-admonition-icon--danger);
250 |     mask-repeat: no-repeat;
251 |     -webkit-mask-repeat: no-repeat;
252 |     mask-size: contain;
253 |     -webkit-mask-repeat: no-repeat;
254 |   }
255 |   
256 |   :is(.admonition):is(.bug) {
257 |     border-color: #f50057;
258 |   }
259 |   
260 |   :is(.bug) > :is(.admonition-title, summary) {
261 |     background-color: rgba(245, 0, 87, 0.1);
262 |     border-color: #f50057;
263 |   }
264 |   :is(.bug) > :is(.admonition-title, summary)::before {
265 |     background-color: #f50057;
266 |     mask-image: var(--md-admonition-icon--bug);
267 |     -webkit-mask-image: var(--md-admonition-icon--bug);
268 |     mask-repeat: no-repeat;
269 |     -webkit-mask-repeat: no-repeat;
270 |     mask-size: contain;
271 |     -webkit-mask-repeat: no-repeat;
272 |   }
273 |   
274 |   :is(.admonition):is(.example) {
275 |     border-color: #7c4dff;
276 |   }
277 |   
278 |   :is(.example) > :is(.admonition-title, summary) {
279 |     background-color: rgba(124, 77, 255, 0.1);
280 |     border-color: #7c4dff;
281 |   }
282 |   :is(.example) > :is(.admonition-title, summary)::before {
283 |     background-color: #7c4dff;
284 |     mask-image: var(--md-admonition-icon--example);
285 |     -webkit-mask-image: var(--md-admonition-icon--example);
286 |     mask-repeat: no-repeat;
287 |     -webkit-mask-repeat: no-repeat;
288 |     mask-size: contain;
289 |     -webkit-mask-repeat: no-repeat;
290 |   }
291 |   
292 |   :is(.admonition):is(.quote, .cite) {
293 |     border-color: #9e9e9e;
294 |   }
295 |   
296 |   :is(.quote, .cite) > :is(.admonition-title, summary) {
297 |     background-color: rgba(158, 158, 158, 0.1);
298 |     border-color: #9e9e9e;
299 |   }
300 |   :is(.quote, .cite) > :is(.admonition-title, summary)::before {
301 |     background-color: #9e9e9e;
302 |     mask-image: var(--md-admonition-icon--quote);
303 |     -webkit-mask-image: var(--md-admonition-icon--quote);
304 |     mask-repeat: no-repeat;
305 |     -webkit-mask-repeat: no-repeat;
306 |     mask-size: contain;
307 |     -webkit-mask-repeat: no-repeat;
308 |   }
309 |   
310 |   .navy :is(.admonition) {
311 |     background-color: var(--sidebar-bg);
312 |   }
313 |   
314 |   .ayu :is(.admonition), .coal :is(.admonition) {
315 |     background-color: var(--theme-hover);
316 |   }
317 |   
318 |   .rust :is(.admonition) {
319 |     background-color: var(--sidebar-bg);
320 |     color: var(--sidebar-fg);
321 |   }


--------------------------------------------------------------------------------
/docs/src/images/createstack.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/oracle-terraform-modules/terraform-oci-vcn/f50424b62feb91430870d0e08d67290e82ce87e2/docs/src/images/createstack.png


--------------------------------------------------------------------------------
/docs/src/images/planlogs.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/oracle-terraform-modules/terraform-oci-vcn/f50424b62feb91430870d0e08d67290e82ce87e2/docs/src/images/planlogs.png


--------------------------------------------------------------------------------
/docs/src/images/review.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/oracle-terraform-modules/terraform-oci-vcn/f50424b62feb91430870d0e08d67290e82ce87e2/docs/src/images/review.png


--------------------------------------------------------------------------------
/docs/src/images/tfplan.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/oracle-terraform-modules/terraform-oci-vcn/f50424b62feb91430870d0e08d67290e82ce87e2/docs/src/images/tfplan.png


--------------------------------------------------------------------------------
/docs/src/images/uploadzip.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/oracle-terraform-modules/terraform-oci-vcn/f50424b62feb91430870d0e08d67290e82ce87e2/docs/src/images/uploadzip.png


--------------------------------------------------------------------------------
/docs/src/images/variable1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/oracle-terraform-modules/terraform-oci-vcn/f50424b62feb91430870d0e08d67290e82ce87e2/docs/src/images/variable1.png


--------------------------------------------------------------------------------
/docs/src/images/variable2.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/oracle-terraform-modules/terraform-oci-vcn/f50424b62feb91430870d0e08d67290e82ce87e2/docs/src/images/variable2.png


--------------------------------------------------------------------------------
/docs/src/introduction.md:
--------------------------------------------------------------------------------
 1 | ## Terraform VCN for Oracle Cloud Infrastructure
 2 | 
 3 | The [Terraform VCN module][repo] for [Oracle Cloud Infrastructure][OCI] provides a reusable [Terraform][terraform] module that provisions a minimal VCN on OCI.
 4 | 
 5 | It creates the following resources:
 6 | 
 7 | * A VCN with one or more customizable CIDR blocks
 8 | * An optional Internet Gateway with a corresponding route table
 9 | * An optional NAT Gateway with a corresponding route table
10 | * An optional Service Gateway
11 | * One or more optional Local Peering Gateways in requestor or acceptor mode, and possibilities to associate a Route Table
12 | 
13 | It also controls the Default Security List, with a *Lockdown mode* that can be enabled or disabled.
14 | 
15 | Custom route rules can be added to the two route tables created by the module.
16 | 
17 | This module is primarily meant to be reusable to create more advanced infrastructure on [OCI][OCI] either manually in the OCI Console or by extending the Terraform code.
18 | 
19 | ### [Documentation][docs]
20 | 
21 | - [Pre-requisites](./chapter_2.md)
22 | - [User Guide](./chapter_3.md)
23 |   - [Creating a VCN](./chapter_4.md)
24 |   - [Reusing as a Terraform module](chapter_5.md)
25 |   - [VCN Gateways](./chapter_6.md)
26 |   - [Configuring routing rules](./chapter_7.md)
27 |   - [Using OCI Resource Manager](./chapter_8.md)
28 | - [Terraform Options](./chapter_9.md)
29 | 
30 | ### Related Documentation, Blog
31 | 
32 | * [Oracle Cloud Infrastructure Documentation][oci_documentation]
33 | * [Terraform OCI Provider Documentation][terraform_oci]
34 | * [Erik Berg on Networks, Subnets and CIDR][subnets]
35 | 
36 | ### Changelog
37 | 
38 | View the [CHANGELOG][changelog].
39 | 
40 | ### Acknowledgement
41 | 
42 | Code derived and adapted from [Terraform OCI Examples][terraform_oci_examples] and Hashicorp's [Terraform 0.12 examples][terraform_oci_examples]
43 | 
44 | ### Contributors
45 | 
46 | [Folks who contributed with explanations, code, feedback, ideas, testing etc.][contributors]
47 | 
48 | Learn how to [contribute][contributing].
49 | 
50 | ### License
51 | 
52 | Copyright (c) 2019, 2023 Oracle and/or its associates.
53 | 
54 | Licensed under the [Universal Permissive License 1.0][license] as shown at
55 | [https://oss.oracle.com/licenses/upl][canonical_license].
56 | 
57 | <!-- Links reference section -->
58 | [changelog]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/CHANGELOG.adoc
59 | [contributing]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/CONTRIBUTING.adoc
60 | [contributors]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/CONTRIBUTORS.adoc
61 | [docs]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/tree/main/docs
62 | 
63 | [license]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/LICENSE
64 | [canonical_license]: https://oss.oracle.com/licenses/upl/
65 | 
66 | [oci]: https://cloud.oracle.com/cloud-infrastructure
67 | [oci_documentation]: https://docs.cloud.oracle.com/iaas/Content/home.htm
68 | 
69 | [oracle]: https://www.oracle.com
70 | [prerequisites]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/docs/prerequisites.adoc
71 | 
72 | [quickstart]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/docs/quickstart.adoc
73 | [repo]: https://github.com/oracle/terraform-oci-vcn
74 | [reuse]: https://github.com/oracle/terraform-oci-vcn/examples/db
75 | [subnets]: https://erikberg.com/notes/networks.html
76 | [terraform]: https://www.terraform.io
77 | [terraform_hashircorp_examples]: https://github.com/hashicorp/terraform-guides/tree/master/infrastructure-as-code/terraform-0.12-examples
78 | [terraform_oci]: https://www.terraform.io/docs/providers/oci/index.html
79 | [terraform_options]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/docs/terraformoptions.adoc
80 | [terraform_oci_examples]: https://github.com/terraform-providers/terraform-provider-oci/tree/master/examples
81 | [terraform_oci_oke]: https://github.com/oracle-terraform-modules/terraform-oci-oke
82 | <!-- Links reference section -->


--------------------------------------------------------------------------------
/docs/src/prerequisites.md:
--------------------------------------------------------------------------------
 1 | ## Pre-requisites
 2 | 
 3 | 1. Local development tools: [Git][uri-git], [Terraform][uri-terraform], a terminal.
 4 | 2. Understanding of Oracle Cloud Infrastructure (OCI) and its services, in particular the Virtual Cloud Networking (VCN) service.
 5 | 
 6 | ### Generate and upload your OCI API keys
 7 | 
 8 | Follow the documentation for [generating and uploading your API keys][uri-oci-keys].
 9 | 
10 | Note the key fingerprint.
11 | 
12 | ### Create an OCI compartment
13 | 
14 | Follow the documentation for [creating a compartment][uri-oci-compartment].
15 | 
16 | ### Obtain the necessary OCIDs
17 | 
18 | The following OCIDs are required:
19 | 
20 | 1. Compartment OCID
21 | 2. Tenancy OCID
22 | 3. User OCID
23 | 
24 | Follow the documentation for [obtaining the tenancy and user OCIDs][uri-oci-ocids].
25 | 
26 | To obtain the compartment OCID:
27 | 
28 | 1. Navigate to Identity > Compartments
29 | 2. Click on your Compartment
30 | 3. Locate OCID on the page and click on `Copy`
31 | 
32 | ### Configuring Policies
33 | 
34 | 1. Create a group (e.g. mygroup) and add a user to the group.
35 | 
36 | 2. Create a policy:
37 | 
38 | `Allow group mygroup to manage virtual-network-family in compartment id  ocid1.compartment.oc1..aaa `
39 | 
40 | [uri-oci-compartment]: https://docs.cloud.oracle.com/iaas/Content/Identity/Tasks/managingcompartments.htm#two
41 | [uri-oci-keys]: https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm#two
42 | [uri-oci-ocids]: https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm#five
43 | 
44 | [uri-git]: https://git-scm.com/
45 | [uri-terraform]: https://www.terraform.io


--------------------------------------------------------------------------------
/docs/src/terraformoptions.md:
--------------------------------------------------------------------------------
 1 | ## Terraform Options
 2 | 
 3 | ### Provider
 4 | 
 5 | | Parameter | Description | Type        | Default |
 6 | | --------- | ----------- | ----------- | ------- |
 7 | | region | Region where to provision the vcn. List of regions. *Required*. | string | |
 8 | 
 9 | ### General OCI
10 | 
11 | | Parameter | Description | Type        | Default |
12 | | --------- | ----------- | ----------- | ------- |
13 | | compartment_id | Compartment id where the VCN Cluster will be provisioned. *Required*. | string | |
14 | | label_prefix | a string to be prepended to the name of resources.  *Required*. | string |none |
15 | | freeform_tags | simple key-value pairs to tag the resources created specified in the form of a map | map(any)|freeform_tags = { environment = "dev" } |
16 | | defined_tags | predefined and scoped to a namespace to tag the resources created using defined tags. | map(string) |null |
17 | 
18 | ### VCN
19 | 
20 | | Parameter | Description | Type        | Default |
21 | | --------- | ----------- | ----------- | ------- |
22 | | attached_drg_id | DRG OCID to be attached to the VCN. | string ||
23 | | create_internet_gateway | Whether to create an Internet Gateway. | bool | false|
24 | | create_nat_gateway | Whether to create an NAT gateway. | bool | false|
25 | | create_service_gateway | Whether to create a service gateway to use Oracle Services. | bool | false|
26 | | enable_ipv6 | (Updatable) Whether IPv6 is enabled for the VCN. If enabled, Oracle will assign the VCN a IPv6 /56 CIDR block. | bool | false|
27 | | internet_gateway_display_name | (Updatable) Name of Internet Gateway. Does not have to be unique.| string | internet-gateway|
28 | | internet_gateway_route_rules | (Updatable) List of routing rules to add to Internet Gateway Route Table.| list(map(string)) | null|
29 | | local_peering_gateways | Map of Local Peering Gateways to attach to the VCN | map(any) | null|
30 | | lockdown_default_seclist | Whether to remove all default security rules from the VCN Default Security List | bool | true|
31 | | nat_gateway_display_name | (Updatable) Name of NAT Gateway. It does not have to be unique. | string | nat-gateway|
32 | | nat_gateway_public_ip_id | OCID of reserved IP address for NAT gateway. If default value "none" is used, then a public IP address is selected from Oracle’s public IP pool. | string | none|
33 | | nat_gateway_route_rules | (Updatable) List of routing rules to add to NAT Gateway Route Table | list(map(string)) | null|
34 | | service_gateway_display_name | (Updatable) Name of Service Gateway. Does not have to be unique. | string | service-gateway|
35 | | vcn_cidrs | (Updatable) The list of IPv4 CIDR blocks the VCN will use. The CIDR block specified for the VCN must not overlap with the CIDR block of another network. | string | ["10.0.0.0/16"]|
36 | | vcn_dns_label | (Optional)A DNS label for the VCN, used in conjunction with the VNIC’s hostname and subnet’s DNS label to form a fully qualified domain name (FQDN) for each VNIC within this subnet. DNS resolution for hostnames in the VCN is disabled if null. | string | vcnmodule|
37 | | vcn_name | (Optional)(Updatable) The name of the VCN that will be appended to the label_prefix. | string | vcn|
38 | 
39 | ### Subnets
40 | 
41 | | Parameter | Description | Type        | Default |
42 | | --------- | ----------- | ----------- | ------- |
43 | | subnets | Subnets to be created in the VCN | any |{}|
44 | 


--------------------------------------------------------------------------------
/docs/src/ug/createvcn.md:
--------------------------------------------------------------------------------
 1 | ## Creating a VCN
 2 | 
 3 | [uri-terraform-options]: ./chapter_5.md
 4 | [uri-oci-keys]: https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm#two
 5 | [uri-oci-ocids]: https://docs.cloud.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm#five
 6 | ### Assumptions
 7 | 
 8 | 1. You have setup the [required keys][uri-oci-keys]
 9 | 2. You know the [required OCIDs][uri-oci-ocids]
10 | 3. You have the necessary permissions
11 | 
12 | ### Pre-requisites
13 | 
14 | 1. Git is installed
15 | 2. SSH client is installed
16 | 3. Terraform 1.3.0 or greater is installed
17 | 
18 | ### Instructions
19 | 
20 | #### Provisioning using this git repo
21 | 
22 | 1. Clone the repo:
23 | 
24 | ```bash
25 | git clone https://github.com/oracle-terraform-modules/terraform-oci-vcn.git tfvcn
26 | 
27 | cd tfvcn
28 | 
29 | cp terraform.tfvars.example terraform.tfvars
30 | ```
31 | 
32 | 2. Create a provider.tf file and add the following:
33 | 
34 | ```
35 | provider "oci" {
36 |   fingerprint          = var.api_fingerprint
37 |   private_key_path     = var.api_private_key_path
38 |   region               = var.region
39 |   tenancy_ocid         = var.tenancy_id
40 |   user_ocid            = var.user_id
41 | }
42 | 
43 | # provider identity parameters
44 | variable "api_fingerprint" {
45 |   description = "fingerprint of oci api private key"
46 |   type        = string
47 | }
48 | 
49 | variable "api_private_key_path" {
50 |   description = "path to oci api private key used"
51 |   type        = string
52 | }
53 | 
54 | variable "tenancy_id" {
55 |   description = "tenancy id where to create the sources"
56 |   type        = string
57 | }
58 | 
59 | variable "user_id" {
60 |   description = "id of user that terraform will use to create the resources"
61 |   type        = string
62 | }
63 | ```
64 | 
65 | 3. Set mandatory provider parameters in terraform.tfvars:
66 | 
67 | * `api_fingerprint`
68 | * `api_private_key_path`
69 | * `region`
70 | * `tenancy_id`
71 | * `user_id`
72 | 
73 | 4. Override other parameters in terraform.tfvars:
74 | 
75 | * `compartment_id`
76 | * `label_prefix`
77 | * `vcn_name`
78 | 
79 | 5. Optional parameters to override:
80 | 
81 | * `create_internet_gateway`
82 | * `create_nat_gateway`
83 | * `create_service_gateway`
84 | * `freeform_tags`
85 | * `attached_drg_id`
86 | * `vcn_dns_label`
87 | 
88 | 6. Run Terraform:
89 | 
90 | ```
91 | terraform init
92 | terraform plan
93 | terraform apply
94 | ```


--------------------------------------------------------------------------------
/docs/src/ug/gateways.md:
--------------------------------------------------------------------------------
 1 | ## VCN Gateways
 2 | 
 3 | [uri-tf-namedvalues]: https://www.terraform.io/docs/language/expressions/references.html
 4 | [uri-oci-lpg]: https://registry.terraform.io/providers/hashicorp/oci/latest/docs/resources/core_local_peering_gateway
 5 | [uri-oci-lpg-concepts]: https://docs.oracle.com/en-us/iaas/Content/Network/Tasks/localVCNpeering.htm#Importan
 6 | [uri-oci-transit-routing]: https://docs.oracle.com/en-us/iaas/Content/Network/Tasks/transitrouting.htm
 7 | [uri-hub-spoke]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/tree/main/examples/hub-spoke
 8 | 
 9 | ### Local Peering Gateways
10 | 
11 | Local Peering Gateways are used to establish a single peering relationship between two VCNs. For more information about how Local Peering works on OCI, see [Important Local Peering concepts][uri-oci-lpg-concepts] and [Transit Routing][uri-oci-transit-routing].
12 | 
13 | The VCN module allows you to declare several LPG using the module's `local_peering_gateways` variable Input:
14 | 
15 | - each key of `local_peering_gateways` is an LPG.
16 | - the key is the LPG's display name.
17 | - you can optionally declare a `route_table_id` to be attached to the LPG. This is useful on to create a Hub VCN for Transit Routing.
18 | - you can optionally declare a `peer_id`, so your module will act as a requestor and trigger the peering processus (to be used either in the hub vcn module or the spoke vcn module, but not both).
19 | 
20 | ### Using the module outputs to retrieve an LPG OCID
21 | 
22 | You can dynamically retrieve the OCID of an LPG created with this module using the module's `lpg_all_attributes` output: `module.*<module_name>*.lpg_all_attributes["*<lpg_key>*"]["id"]`.
23 | 
24 | This is particularly useful when both VCNs to be peered are in the same Terraform configuration and created using this module.
25 | 
26 | ### Generic values for `route_table_id` or `peer_id`
27 | 
28 | If you need to attach a Routing Table or peer with an LPG created outside of the VCN module, you can simply provide the resource OCID using a valid Terraform method (any {uri-tf-namedvalues}[Named Value]).
29 | 
30 | ### Examples
31 | 
32 | This is an example that shows how to declare LPGs in three different ways:
33 | 
34 | ```hcl
35 | module "vcn_hub" {
36 |   ...
37 |   local_peering_gateways = {
38 |     to_spoke1 = {
39 |       // this LPG will have a Route Table associated with it
40 |       route_table_id = oci_core_route_table.VTR_spokes.id
41 |     }
42 |     to_spoke2 = {
43 |       // this LPG will have a Route Table associated with it and the peering connection will be established (requestor mode)
44 |       route_table_id = oci_core_route_table.VTR_spokes.id
45 |       peer_id = module.vcn_spoke2.lpg_all_attributes["to_hub"]["id"]
46 |     }
47 |     to_spoke3 = {}
48 |       // this LPG will be created without any Route Table associated, and ready to be peered (acceptor mode)
49 |   }
50 | }
51 | ```
52 | 
53 | See the [hub-and-spoke example][uri-hub-spoke] that for more details on how to use this feature.
54 | 


--------------------------------------------------------------------------------
/docs/src/ug/resourcemanager.md:
--------------------------------------------------------------------------------
 1 | ## Using Resource Manager
 2 | 
 3 | [uri-rm-overview]: https://docs.cloud.oracle.com/en-us/iaas/Content/ResourceManager/Concepts/resourcemanager.htm
 4 | [uri-rm-stack]: https://docs.cloud.oracle.com/en-us/iaas/Content/ResourceManager/Tasks/managingstacksandjobs.htm
 5 | 
 6 | 
 7 | - [Overview][uri-rm-overview]
 8 | - [Create Stack][uri-rm-stack]
 9 | - Step by Step Instructions
10 | 
11 | 
12 | ```
13 | git clone https://github.com/oracle-terraform-modules/terraform-oci-vcn.git
14 | zip terraform-oci-vcn.zip *.tf schema.yaml -x main.tf
15 | ```
16 | 
17 | 1. ![Create Stack](./images/createstack.png)
18 | 
19 | 2. Upload zip file:
20 | ![Upload zip file](./images/uploadzip.png)
21 | 
22 | 
23 | 3. Configure variables as per your needs:
24 | ![Upload zip file](./images/variables1.png)
25 | 
26 | 4. Check the relevant boxes if you need gateways:
27 | ![Upload zip file](./images/variables2.png)
28 | 
29 | 5. Review your stack:
30 | ![Upload zip file](./images/review.png)
31 | 
32 | 6. Run Terraform plan and apply:
33 | ![Upload zip file](./images/tfplan.png)
34 | 
35 | 7. Check the logs:
36 | ![Upload zip file](./images/planlogs.png)
37 | 
38 | 


--------------------------------------------------------------------------------
/docs/src/ug/reusemodule.md:
--------------------------------------------------------------------------------
  1 | ## Reusing as a Terraform module
  2 | 
  3 | You can also use the method below to reuse this in your own module.
  4 | 
  5 | 1. Create a variable.tf file in your root project and add the contents of [the variables.tf from the example][uri-variables-example].
  6 | 
  7 | 2. Create a provider.tf file in your root directory and add the following:
  8 | 
  9 | ```
 10 | provider "oci" {
 11 |   fingerprint          = var.api_fingerprint
 12 |   private_key_path     = var.api_private_key_path
 13 |   region               = var.region
 14 |   tenancy_ocid         = var.tenancy_id
 15 |   user_ocid            = var.user_id
 16 | }
 17 | ```
 18 | 3. Create a main.tf file and add the following:
 19 | 
 20 | ```
 21 | module "vcn" {
 22 |   
 23 |   source = "github.com/oracle-terraform-modules/terraform-oci-vcn"
 24 |   # to use the terraform registry version comment the previous line and uncomment the 2 lines below
 25 |   # source  = "oracle-terraform-modules/vcn/oci"
 26 |   # version = "specify_version_number"
 27 | 
 28 |   # general oci parameters
 29 |   compartment_id = var.compartment_id
 30 |   label_prefix   = var.label_prefix
 31 |   freeform_tags  = var.freeform_tags
 32 |   defined_tags = var.defined_tags
 33 | 
 34 |   # vcn parameters
 35 |   create_internet_gateway  = var.create_internet_gateway  # boolean: true or false
 36 |   lockdown_default_seclist = var.lockdown_default_seclist # boolean: true or false
 37 |   create_nat_gateway       = var.create_nat_gateway       # boolean: true or false
 38 |   create_service_gateway   = var.create_service_gateway   # boolean: true or false
 39 |   enable_ipv6              = var.enable_ipv6
 40 |   vcn_cidrs                = var.vcn_cidrs # List of IPv4 CIDRs
 41 |   vcn_dns_label            = var.vcn_dns_label
 42 |   vcn_name                 = var.vcn_name
 43 | 
 44 |   # gateways parameters
 45 |   internet_gateway_display_name = var.internet_gateway_display_name
 46 |   nat_gateway_display_name      = var.nat_gateway_display_name
 47 |   service_gateway_display_name  = var.service_gateway_display_name
 48 |   attached_drg_id               = var.attached_drg_id
 49 | }
 50 | ```
 51 | 
 52 | 4. In order to obtain and reuse the VCN resources created, export the OCIDs in outputs.tf:
 53 | 
 54 | ```
 55 | # Outputs
 56 | 
 57 | output "module_vcn_ids" {
 58 |   description = "vcn and gateways information"
 59 |   value = {
 60 |     internet_gateway_id          = module.vcn.internet_gateway_id
 61 |     internet_gateway_route_id    = module.vcn.ig_route_id
 62 |     nat_gateway_id               = module.vcn.nat_gateway_id
 63 |     nat_gateway_route_id         = module.vcn.nat_route_id
 64 |     service_gateway_id           = module.vcn.service_gateway_id
 65 |     vcn_dns_label                = module.vcn.vcn_all_attributes.dns_label
 66 |     vcn_default_security_list_id = module.vcn.vcn_all_attributes.default_security_list_id
 67 |     vcn_default_route_table_id   = module.vcn.vcn_all_attributes.default_route_table_id
 68 |     vcn_default_dhcp_options_id  = module.vcn.vcn_all_attributes.default_dhcp_options_id
 69 |     vcn_id                       = module.vcn.vcn_id
 70 |   }
 71 | }
 72 | ```
 73 | 
 74 | 5. Copy terraform.tfvars.example to terraform.tfvars
 75 | ```
 76 | cp terraform.tfvars.example terraform.tfvars
 77 | ```
 78 | 
 79 | 6. Set the mandatory provider parameters:
 80 | * `api_fingerprint`
 81 | * `api_private_key_path`
 82 | * `region`
 83 | * `tenancy_id`
 84 | * `user_id`
 85 | 
 86 | 7. Override other parameters in terraform.tfvars:
 87 | 
 88 | * `compartment_id`
 89 | * `label_prefix`
 90 | * `vcn_name`
 91 | 
 92 | 8. Optional parameters to override:
 93 | 
 94 | * `attached_drg_id`
 95 | * `create_internet_gateway`
 96 | * `create_nat_gateway`
 97 | * `create_service_gateway`
 98 | * `freeform_tags`
 99 | * `defined_tags`
100 | * `vcn_dns_label`
101 | 
102 | 9. Run Terraform:
103 | ```
104 | terraform init
105 | terraform plan
106 | terraform apply
107 | ```
108 | 
109 | #### Related documentation:
110 | 
111 | * [All Terraform configuration options][uri-terraform-options] for this project.
112 | 
113 | [uri-terraform-options]: ./chapter_8.md
114 | [uri-variables-example]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/examples/module_composition/variables.tf


--------------------------------------------------------------------------------
/docs/src/ug/routerules.md:
--------------------------------------------------------------------------------
 1 | ## Configuring routing rules
 2 | 
 3 | [uri-tf-namedvalues]: https://www.terraform.io/docs/language/expressions/references.html
 4 | [uri-oci-lpg]: https://registry.terraform.io/providers/hashicorp/oci/latest/docs/resources/core_local_peering_gateway
 5 | [uri-custom-route-rules]: https://github.com/oracle-terraform-modules/terraform-oci-vcn/tree/main/examples/custom_route_rules
 6 | 
 7 | When you create an Internet or a NAT gateway, the terraform-oci-vcn module automatically creates a dedicated route table for each gateway:
 8 | 
 9 | - `<label_prefix>-internet-route` route table is created if `create_internet_gateway = true`
10 | - `<label_prefix>-nat-route` route table is created if `create_nat_gateway = true`
11 | 
12 | These automatically created route tables comes with automatic rules, that cannot be controlled by the module user.
13 | 
14 | ### internet-route route table
15 | 
16 | internet-route is meant to be attached to public subnets you provision. It comes with one automatic/non-editable rule that redirects all unknown destination to the Internet Gateway created by this module: `0.0.0.0/0 --> Internet Gateway`.
17 | 
18 | ### nat-route route table
19 | 
20 | nat-route table is meant to be attached to private subnets you provision. It comes with one automatic/non-editable rule that redirects all unknown destination to the NAT Gateway created by this module: `0.0.0.0/0 --> NAT Gateway`.
21 | 
22 | If a Service Gateway is also created by the module with `create_service_gateway = true`, a second rule is added to redirect all Oracle Network Services traffic to the Service Gateway created by this module: `All <REGION> services in OSN --> Service Gateway`
23 | 
24 | ### Custom routes
25 | 
26 | terraform-oci-vcn module have two optional Input Variables to inject user-defined route rules into `internet-route` and `nat-route` route tables using respectively:
27 | 
28 | - `internet_gateway_route_rules` defined as a `list(map(string))` with the following expected schema:
29 | 
30 | ```
31 | variable "internet_gateway_route_rules" {
32 |   description = "(Updatable) List of routing rules to add to Internet Gateway Routing Table"
33 |   type = list(object({
34 |     destination       = string # required
35 |     destination_type  = string # required
36 |     network_entity_id = string # required
37 |     description       = string # optional
38 |   }))
39 |   default = null
40 | }
41 | ```
42 | 
43 | - `nat_gateway_route_rules` defined as a `list(map(string))` with the following expected schema:
44 | 
45 | ```
46 | variable "nat_gateway_route_rules" {
47 |   description = "(Updatable) List of routing rules to add to NAT Gateway Routing Table"
48 |   type = list(object({
49 |     destination       = string # required
50 |     destination_type  = string # required
51 |     network_entity_id = string # required
52 |     description       = string # optional
53 |   }))
54 |   default = null
55 | }
56 | ```
57 | 
58 | They share the same schema but each Input Variable controls the associated route table:
59 | 
60 | - `destination` accept string value and represent the CIDR that will be affected by the rule,
61 | - `destination_type` accept string value, with `CIDR_BLOCK` or `SERVICE_CIDR_BLOCK` as valid values,
62 | - `network_entity_id` accept string value and represent the gateway to be the target of the rule,
63 | - `description` accept arbitrary string value and give context about the goal of the rule.
64 | 
65 | #### Special values for `network_entity_id`
66 | 
67 | For routing rules targeting a gateway created by the module, `network_entity_id` accepts some special strings to automatically retrieve the gateway OCID.
68 | 
69 | - `internet_gateway_route_rules` and `nat_gateway_route_rules` recognise the `"drg"` string and resolve it to the Dynamic Routing Gateway(DRG) OCID attached to the module (if available),
70 | - `internet_gateway_route_rules` recognise the `"internet_gateway"` string and resolve it to the Internet Gateway OCID created by the module,
71 | - `nat_gateway_route_rules` recognise the `"nat_gateway"` string and resolve it to the NAT Gateway OCID created by the module.
72 | 
73 | #### Generic values for `network_entity_id`
74 | 
75 | If you need to create a routing rule with a target gateway created outside of the module, you can simply provide the resource OCID using a valid Terraform method (any [named value][uri-tf-namedvalues]).
76 | 
77 | ### Examples
78 | 
79 | For example configuration using this option, see [custom route rules][uri-custom-route-rules].
80 | 


--------------------------------------------------------------------------------
/docs/src/ug/userguide.md:
--------------------------------------------------------------------------------
1 | # User Guide
2 | 
3 |   - [Creating a Virtual Cloud Network](./createvcn.md)
4 |   - [Reusing as a Terraform module](./reusemodule.md)
5 |   - [Virtual Cloud Network Gateways](././gateways.md)
6 |   - [Configuring routing rules](./routerules.md)
7 |   - [Using Resource Manager](./resourcemanager.md)


--------------------------------------------------------------------------------
/docs/terraformoptions.adoc:
--------------------------------------------------------------------------------
 1 | ## Terraform Options
 2 | 
 3 | ### Provider
 4 | 
 5 | | Parameter | Description | Type        | Default |
 6 | | --------- | ----------- | ----------- | ------- |
 7 | | region | Region where to provision the vcn. List of regions. *Required*. | string | |
 8 | 
 9 | ### General OCI
10 | 
11 | | Parameter | Description | Type        | Default |
12 | | --------- | ----------- | ----------- | ------- |
13 | | compartment_id | Compartment id where the VCN Cluster will be provisioned. *Required*. | string | |
14 | | label_prefix | a string to be prepended to the name of resources.  *Required*. | string |none |
15 | | freeform_tags | simple key-value pairs to tag the resources created specified in the form of a map | map(any)|freeform_tags = { environment = "dev" } |
16 | | defined_tags | predefined and scoped to a namespace to tag the resources created using defined tags. | map(string) |null |
17 | 
18 | ### VCN
19 | 
20 | | Parameter | Description | Type        | Default |
21 | | --------- | ----------- | ----------- | ------- |
22 | | attached_drg_id | DRG OCID to be attached to the VCN. | string ||
23 | | create_internet_gateway | Whether to create an Internet Gateway. | bool | false|
24 | | create_nat_gateway | Whether to create an NAT gateway. | bool | false|
25 | | create_service_gateway | Whether to create a service gateway to use Oracle Services. | bool | false|
26 | | enable_ipv6 | (Updatable) Whether IPv6 is enabled for the VCN. If enabled, Oracle will assign the VCN a IPv6 /56 CIDR block. | bool | false|
27 | | internet_gateway_display_name | (Updatable) Name of Internet Gateway. Does not have to be unique.| string | internet-gateway|
28 | | internet_gateway_route_rules | (Updatable) List of routing rules to add to Internet Gateway Route Table.| list(map(string)) | null|
29 | | local_peering_gateways | Map of Local Peering Gateways to attach to the VCN | map(any) | null|
30 | | lockdown_default_seclist | Whether to remove all default security rules from the VCN Default Security List | bool | true|
31 | | nat_gateway_display_name | (Updatable) Name of NAT Gateway. It does not have to be unique. | string | nat-gateway|
32 | | nat_gateway_public_ip_id | OCID of reserved IP address for NAT gateway. If default value "none" is used, then a public IP address is selected from Oracle’s public IP pool. | string | none|
33 | | nat_gateway_route_rules | (Updatable) List of routing rules to add to NAT Gateway Route Table | list(map(string)) | null|
34 | | service_gateway_display_name | (Updatable) Name of Service Gateway. Does not have to be unique. | string | service-gateway|
35 | | vcn_cidrs | (Updatable) The list of IPv4 CIDR blocks the VCN will use. The CIDR block specified for the VCN must not overlap with the CIDR block of another network. | string | ["10.0.0.0/16"]|
36 | | vcn_dns_label | (Optional)A DNS label for the VCN, used in conjunction with the VNIC’s hostname and subnet’s DNS label to form a fully qualified domain name (FQDN) for each VNIC within this subnet. DNS resolution for hostnames in the VCN is disabled if null. | string | vcnmodule|
37 | | vcn_name | (Optional)(Updatable) The name of the VCN that will be appended to the label_prefix. | string | vcn|
38 | 
39 | ### Subnets
40 | 
41 | | Parameter | Description | Type        | Default |
42 | | --------- | ----------- | ----------- | ------- |
43 | | subnets | Subnets to be created in the VCN | any |{}|
44 | 


--------------------------------------------------------------------------------
/docs/terraformoptions.md:
--------------------------------------------------------------------------------
 1 | ## Terraform Options
 2 | 
 3 | ### Provider
 4 | 
 5 | | Parameter | Description | Type        | Default |
 6 | | --------- | ----------- | ----------- | ------- |
 7 | | region | Region where to provision the vcn. List of regions. *Required*. | string | |
 8 | 
 9 | ### General OCI
10 | 
11 | | Parameter | Description | Type        | Default |
12 | | --------- | ----------- | ----------- | ------- |
13 | | compartment_id | Compartment id where the VCN Cluster will be provisioned. *Required*. | string | |
14 | | label_prefix | a string to be prepended to the name of resources.  *Required*. | string |none |
15 | | freeform_tags | simple key-value pairs to tag the resources created specified in the form of a map | map(any)|freeform_tags = { environment = "dev" } |
16 | | defined_tags | predefined and scoped to a namespace to tag the resources created using defined tags. | map(string) |null |
17 | 
18 | ### VCN
19 | 
20 | | Parameter | Description | Type        | Default |
21 | | --------- | ----------- | ----------- | ------- |
22 | | attached_drg_id | DRG OCID to be attached to the VCN. | string ||
23 | | create_internet_gateway | Whether to create an Internet Gateway. | bool | false|
24 | | create_nat_gateway | Whether to create an NAT gateway. | bool | false|
25 | | create_service_gateway | Whether to create a service gateway to use Oracle Services. | bool | false|
26 | | enable_ipv6 | (Updatable) Whether IPv6 is enabled for the VCN. If enabled, Oracle will assign the VCN a IPv6 /56 CIDR block. | bool | false|
27 | | internet_gateway_display_name | (Updatable) Name of Internet Gateway. Does not have to be unique.| string | internet-gateway|
28 | | internet_gateway_route_rules | (Updatable) List of routing rules to add to Internet Gateway Route Table.| list(map(string)) | null|
29 | | local_peering_gateways | Map of Local Peering Gateways to attach to the VCN | map(any) | null|
30 | | lockdown_default_seclist | Whether to remove all default security rules from the VCN Default Security List | bool | true|
31 | | nat_gateway_display_name | (Updatable) Name of NAT Gateway. It does not have to be unique. | string | nat-gateway|
32 | | nat_gateway_public_ip_id | OCID of reserved IP address for NAT gateway. If default value "none" is used, then a public IP address is selected from Oracle’s public IP pool. | string | none|
33 | | nat_gateway_route_rules | (Updatable) List of routing rules to add to NAT Gateway Route Table | list(map(string)) | null|
34 | | service_gateway_display_name | (Updatable) Name of Service Gateway. Does not have to be unique. | string | service-gateway|
35 | | vcn_cidrs | (Updatable) The list of IPv4 CIDR blocks the VCN will use. The CIDR block specified for the VCN must not overlap with the CIDR block of another network. | string | ["10.0.0.0/16"]|
36 | | vcn_dns_label | (Optional)A DNS label for the VCN, used in conjunction with the VNIC’s hostname and subnet’s DNS label to form a fully qualified domain name (FQDN) for each VNIC within this subnet. DNS resolution for hostnames in the VCN is disabled if null. | string | vcnmodule|
37 | | vcn_name | (Optional)(Updatable) The name of the VCN that will be appended to the label_prefix. | string | vcn|
38 | 
39 | ### Subnets
40 | 
41 | | Parameter | Description | Type        | Default |
42 | | --------- | ----------- | ----------- | ------- |
43 | | subnets | Subnets to be created in the VCN | any |{}|
44 | 


--------------------------------------------------------------------------------
/examples/custom_route_rules/README.md:
--------------------------------------------------------------------------------
 1 | # Declaring custom routing rules for module terraform-oci-vcn
 2 | 
 3 | [Terraform Variable Definition file]:https://www.terraform.io/docs/language/values/variables.html#variable-definitions-tfvars-files
 4 | [Input Variables]:https://www.terraform.io/docs/language/values/variables.html
 5 | [Local Values]:https://www.terraform.io/docs/language/values/locals.html
 6 | [Named Values]:https://www.terraform.io/docs/language/expressions/references.html
 7 | [docs/prerequisites]:https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/docs/prerequisites.adoc
 8 | [docs/terraformoptions]:https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/docs/terraformoptions.adoc
 9 | [docs/routing_rules]:https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/docs/routing_rules.adoc
10 | [Provisioning Infrastructure with Terraform]:https://www.terraform.io/docs/cli/run/index.html
11 | 
12 | This example illustrates how to use `terraform-oci-vcn` module to create a vcn with gateways and custom routing rules.
13 | 
14 | For demonstration purpose, all the gateways supported by this module are created:
15 | 
16 | - DRG
17 | - Internet Gateway
18 | - NAT Gateway
19 | - Service Gateway
20 | - local Peering Gateway (LPG)
21 | 
22 | Two Route Tables also are created by the module:
23 | 
24 | - `internet_gateway_route_rules` module Input Variable, which controls the rules in `terraform-oci-internet-route` Route Table
25 | - `nat_gateway_route_rules` module Input Variable, which controls the rules in `terraform-oci-nat-route` Route Table
26 | 
27 | In addition, a Local Peering Gateway is created at the root of the configuration (not managed by the module) : `terraform-oci-lpg`
28 | 
29 | This diagram illustrates what will be created by this example.
30 | 
31 | ![diagram](https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/docs/images/custom_route_rules.drawio.PNG?raw=true&sanitize=true)
32 | 
33 | ## How to specify module Input Variables values
34 | 
35 | This example shows two methods to specify values for `internet_gateway_route_rules` and `nat_gateway_route_rules` module Variable Inputs:
36 | 
37 | - using a Variable Input for `internet_gateway_route_rules`, declared in `variables.tf` with values initialized in `terraform.tfvars` (you can copy/rename `terraform.tfvars.example` from the same folder)
38 | - using a Local Value for `nat_gateway_route_rules`, declared and initialized directly in `variables.tf`
39 | 
40 | Using [Input Variables] in conjuction with *.tfvars files is a common pattern. We introduce here the usage of [Local Values] for the same goal. There is many advantages in using `Local Values` over `Variable Inputs` at the root of the configuration:
41 | 
42 | - Values can be computed and becomes dynamic, with Terraform Functions, of coming possibly from any valid [Named Values]
43 | - Declaration and Initialization occurs in one place, for easier reading and configuration sharing
44 | 
45 | For details about type and the accepted values for these two Input Variables, please see [docs/terraformoptions] and [docs/routing_rules]
46 | 
47 | ## Prerequisites
48 | 
49 | You will need to collect the following information before you start:
50 | 
51 | 1. your OCI provider authentication values
52 | 2. a compartment OCID in which the present configuration will be created
53 | 
54 | For detailed instructions, see [docs/prerequisites]
55 | 
56 | ## Using this example with Terraform CLI
57 | 
58 | Prepare one [Terraform Variable Definition file] named `terraform.tfvars` with the required authentication information.
59 | 
60 | *TIP: You can rename and configure `terraform.tfvars.example` from this example's folder.*
61 | 
62 | Then apply the example using the following commands:
63 | 
64 | ```shell
65 | > terraform init
66 | > terraform plan
67 | > terraform apply
68 | ```
69 | 
70 | See [Provisioning Infrastructure with Terraform] for more details about Terraform CLI and the available subcommands.
71 | 


--------------------------------------------------------------------------------
/examples/custom_route_rules/main.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2019, 2021, Oracle Corporation and/or affiliates.
 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 3 | 
 4 | # Version requirements
 5 | 
 6 | terraform {
 7 |   required_providers {
 8 |     oci = {
 9 |       source  = "oracle/oci"
10 |       version = ">=4.67.3"
11 |     }
12 |   }
13 |   required_version = ">= 1.0.0"
14 | }
15 | 
16 | # Resources
17 | 
18 | module "vcn" {
19 | 
20 |   source = "github.com/oracle-terraform-modules/terraform-oci-vcn"
21 |   # to use the terraform registry version comment the previous line and uncomment the 2 lines below
22 |   # source  = "oracle-terraform-modules/vcn/oci"
23 |   # version = "specify_version_number"
24 | 
25 |   # general oci parameters
26 |   compartment_id = var.compartment_id
27 |   label_prefix   = var.label_prefix
28 |   freeform_tags  = var.freeform_tags
29 |   defined_tags   = var.defined_tags
30 | 
31 |   # vcn parameters
32 |   create_internet_gateway  = var.create_internet_gateway  # boolean: true or false
33 |   lockdown_default_seclist = var.lockdown_default_seclist # boolean: true or false
34 |   create_nat_gateway       = var.create_nat_gateway       # boolean: true or false
35 |   create_service_gateway   = var.create_service_gateway   # boolean: true or false
36 |   enable_ipv6              = var.enable_ipv6
37 |   vcn_cidrs                = var.vcn_cidrs # List of IPv4 CIDRs
38 |   vcn_dns_label            = var.vcn_dns_label
39 |   vcn_name                 = var.vcn_name
40 | 
41 |   # gateways parameters
42 |   internet_gateway_display_name = var.internet_gateway_display_name
43 |   nat_gateway_display_name      = var.nat_gateway_display_name
44 |   service_gateway_display_name  = var.service_gateway_display_name
45 |   attached_drg_id               = var.attached_drg_id
46 | 
47 |   # routing rules
48 | 
49 |   internet_gateway_route_rules = var.internet_gateway_route_rules # this module input shows how to pass routing information to the vcn module through  Variable Input. Can be initialized in a *.tfvars or *.auto.tfvars file
50 |   nat_gateway_route_rules      = local.nat_gateway_route_rules    # this module input shows how to pass routing information to the vcn module through Local Values.
51 | }
52 | 
53 | resource "oci_core_local_peering_gateway" "lpg" {
54 |   # this is a Local Peering Gateway created to demonstrate how to use a gateway generated outside of the module as a target for a routing rule
55 |   compartment_id = var.compartment_id
56 |   vcn_id         = module.vcn.vcn_id
57 |   display_name   = "terraform-oci-lpg"
58 | }
59 | 
60 | # Outputs
61 | 
62 | output "module_vcn" {
63 |   description = "vcn and gateways information"
64 |   value = {
65 |     internet_gateway_id = module.vcn.internet_gateway_id
66 |     nat_gateway_id      = module.vcn.nat_gateway_id
67 |     service_gateway_id  = module.vcn.service_gateway_id
68 |     vcn_id              = module.vcn.vcn_id
69 |   }
70 | }
71 | 
72 | output "local_peering_gateway" {
73 |   description = "local peering gateways information"
74 |   value       = oci_core_local_peering_gateway.lpg.id
75 | }
76 | 


--------------------------------------------------------------------------------
/examples/custom_route_rules/terraform.tfvars.example:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2019, 2020 Oracle Corporation and/or affiliates.  All rights reserved.
 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 3 | 
 4 | # provider identity parameters
 5 | 
 6 | api_fingerprint = ""
 7 | 
 8 | api_private_key_path = ""
 9 | 
10 | region = "us-phoenix-1"
11 | 
12 | tenancy_id = ""
13 | 
14 | user_id = ""
15 | 
16 | # general oci parameters
17 | 
18 | compartment_id = ""
19 | 
20 | label_prefix = "dev"
21 | 
22 | # vcn parameters
23 | 
24 | 
25 | create_internet_gateway = false
26 | 
27 | create_nat_gateway = false
28 | 
29 | create_service_gateway = false
30 | 
31 | enable_ipv6 = false
32 | 
33 | vcn_cidrs = ["10.0.0.0/16"]
34 | 
35 | vcn_dns_label = "vcn"
36 | 
37 | vcn_name = "vcn"
38 | 
39 | attached_drg_id = "ocid1.drg.oc1.aaaaaa" # edit this OCID
40 | 
41 | freeform_tags = {
42 |   environment = "dev"
43 |   lob         = "finance"
44 | }
45 | 
46 | defined_tags = {
47 |   "Operations.CostCenter" = "42"
48 | }
49 | 
50 | local_peering_gateways = {
51 |   to_shared_svc = {}
52 | }
53 | 
54 | # routing rules
55 | 
56 | internet_gateway_route_rules = [ # this module input shows how to pass routing information to the vcn module inline, directly on the vcn module block
57 |   {
58 |     destination       = "192.168.0.0/16" # Route Rule Destination CIDR
59 |     destination_type  = "CIDR_BLOCK"     # only CIDR_BLOCK is supported at the moment
60 |     network_entity_id = "drg"            # for internet_gateway_route_rules input variable, you can use special strings "drg", "internet_gateway" or pass a valid OCID using string or any Named Values
61 |     description       = "Terraformed - User added Routing Rule: To drg provided to this module. drg_id, if available, is automatically retrieved with keyword drg"
62 |   },
63 |   {
64 |     destination       = "172.16.0.0/16"
65 |     destination_type  = "CIDR_BLOCK"
66 |     network_entity_id = "drg"
67 |     description       = "Terraformed - User added Routing Rule: To drg provided to this module. drg_id, if available, is automatically retrieved with keyword drg"
68 |   },
69 |   {
70 |     destination       = "203.0.113.0/24" # rfc5737 (TEST-NET-3)
71 |     destination_type  = "CIDR_BLOCK"
72 |     network_entity_id = "internet_gateway"
73 |     description       = "Terraformed - User added Routing Rule: To Internet Gateway created by this module. internet_gateway_id is automatically retrieved with keyword internet_gateway"
74 |   },
75 |   {
76 |     destination       = "172.17.0.0/16" # 'shared_services' VCN peered with an LPG
77 |     destination_type  = "CIDR_BLOCK"
78 |     network_entity_id = "lpg@to_shared_svc"
79 |     description       = "Terraformed - User added Routing Rule: To LPG provided to this module."
80 |   },
81 |   # {
82 |   #   destination       = "192.168.1.0/24"
83 |   #   destination_type  = "CIDR_BLOCK"
84 |   #   network_entity_id = "ocid1.localpeeringgateway.oc1.aaaaaa" # <-- edit this OCID
85 |   #   description       = "Terraformed - User added Routing Rule: To lpg with lpg_id directly passed by user. Useful for gateways created outside of vcn module"
86 |   # },
87 | ]
88 | 


--------------------------------------------------------------------------------
/examples/custom_route_rules/variables.tf:
--------------------------------------------------------------------------------
  1 | # Copyright (c) 2019, 2021, Oracle Corporation and/or affiliates.
  2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
  3 | 
  4 | # provider identity parameters
  5 | variable "api_fingerprint" {
  6 |   description = "fingerprint of oci api private key"
  7 |   type        = string
  8 |   # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc
  9 | }
 10 | 
 11 | variable "api_private_key_path" {
 12 |   description = "path to oci api private key used"
 13 |   type        = string
 14 |   # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc
 15 | }
 16 | 
 17 | variable "region" {
 18 |   description = "the oci region where resources will be created"
 19 |   type        = string
 20 |   # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc
 21 |   # List of regions: https://docs.cloud.oracle.com/iaas/Content/General/Concepts/regions.htm#ServiceAvailabilityAcrossRegions
 22 | }
 23 | 
 24 | variable "tenancy_id" {
 25 |   description = "tenancy id where to create the sources"
 26 |   type        = string
 27 |   # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc
 28 | }
 29 | 
 30 | variable "user_id" {
 31 |   description = "id of user that terraform will use to create the resources"
 32 |   type        = string
 33 |   # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc
 34 | }
 35 | 
 36 | # general oci parameters
 37 | 
 38 | variable "compartment_id" {
 39 |   description = "compartment id where to create all resources"
 40 |   type        = string
 41 |   # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc
 42 | }
 43 | 
 44 | variable "label_prefix" {
 45 |   description = "a string that will be prepended to all resources"
 46 |   type        = string
 47 |   default     = "terraform-oci"
 48 | }
 49 | 
 50 | variable "freeform_tags" {
 51 |   description = "simple key-value pairs to tag the created resources using freeform OCI Free-form tags."
 52 |   type        = map(any)
 53 |   default = {
 54 |     terraformed = "please do not edit manually"
 55 |     module      = "oracle-terraform-modules/vcn/oci"
 56 |   }
 57 | }
 58 | 
 59 | variable "defined_tags" {
 60 |   description = "predefined and scoped to a namespace to tag the resources created using defined tags."
 61 |   type        = map(string)
 62 |   default     = null
 63 | }
 64 | 
 65 | # vcn parameters
 66 | 
 67 | 
 68 | variable "create_internet_gateway" {
 69 |   description = "whether to create the internet gateway"
 70 |   type        = bool
 71 |   default     = true
 72 | }
 73 | 
 74 | variable "create_nat_gateway" {
 75 |   description = "whether to create a nat gateway in the vcn"
 76 |   type        = bool
 77 |   default     = true
 78 | }
 79 | 
 80 | variable "create_service_gateway" {
 81 |   description = "whether to create a service gateway"
 82 |   type        = bool
 83 |   default     = true
 84 | }
 85 | 
 86 | variable "enable_ipv6" {
 87 |   description = "Whether IPv6 is enabled for the VCN. If enabled, Oracle will assign the VCN a IPv6 /56 CIDR block."
 88 |   type        = bool
 89 |   default     = false
 90 | }
 91 | 
 92 | variable "lockdown_default_seclist" {
 93 |   description = "whether to remove all default security rules from the VCN Default Security List"
 94 |   type        = bool
 95 |   default     = true
 96 | }
 97 | 
 98 | variable "vcn_cidrs" {
 99 |   description = "The list of IPv4 CIDR blocks the VCN will use."
100 |   type        = list(string)
101 |   default     = ["10.0.0.0/16"]
102 | }
103 | 
104 | variable "vcn_dns_label" {
105 |   description = "A DNS label for the VCN, used in conjunction with the VNIC's hostname and subnet's DNS label to form a fully qualified domain name (FQDN) for each VNIC within this subnet"
106 |   type        = string
107 |   default     = "vcnmodule"
108 | }
109 | 
110 | variable "vcn_name" {
111 |   description = "user-friendly name of to use for the vcn to be appended to the label_prefix"
112 |   type        = string
113 |   default     = "vcn"
114 | }
115 | 
116 | # gateways parameters
117 | 
118 | variable "attached_drg_id" {
119 |   description = "the ID of DRG attached to the VCN"
120 |   type        = string
121 |   default     = null
122 | }
123 | 
124 | variable "internet_gateway_display_name" {
125 |   description = "(Updatable) Name of Internet Gateway. Does not have to be unique."
126 |   type        = string
127 |   default     = "igw"
128 | }
129 | 
130 | variable "nat_gateway_display_name" {
131 |   description = "(Updatable) Name of NAT Gateway. Does not have to be unique."
132 |   type        = string
133 |   default     = "ngw"
134 | }
135 | 
136 | variable "service_gateway_display_name" {
137 |   description = "(Updatable) Name of Service Gateway. Does not have to be unique."
138 |   type        = string
139 |   default     = "sgw"
140 | }
141 | 
142 | # routing rules
143 | 
144 | variable "internet_gateway_route_rules" {
145 |   description = "(Updatable) List of routing rules to add to Internet Gateway Route Table"
146 |   type        = list(map(string))
147 |   default     = null
148 | }
149 | 
150 | locals {
151 |   nat_gateway_route_rules = [ # this is a local that can be used to pass routing information to vcn module for either route tables
152 |     {
153 |       destination       = "192.168.0.0/16" # Route Rule Destination CIDR
154 |       destination_type  = "CIDR_BLOCK"     # only CIDR_BLOCK is supported at the moment
155 |       network_entity_id = "drg"            # for nat_gateway_route_rules input variable, you can use special strings "drg", "nat_gateway" or pass a valid OCID using string or any Named Values
156 |       description       = "Terraformed - User added Routing Rule: To drg provided to this module. drg_id, if available, is automatically retrieved with keyword drg"
157 |     },
158 |     {
159 |       destination       = "172.16.0.0/16"
160 |       destination_type  = "CIDR_BLOCK"
161 |       network_entity_id = var.attached_drg_id == null ? "" : var.attached_drg_id
162 |       description       = "Terraformed - User added Routing Rule: To drg provided to this module. drg_id, if available, is automatically retrieved with keyword drg"
163 |     },
164 |     {
165 |       destination       = "203.0.113.0/24" # rfc5737 (TEST-NET-3)
166 |       destination_type  = "CIDR_BLOCK"
167 |       network_entity_id = "nat_gateway"
168 |       description       = "Terraformed - User added Routing Rule: rfc5737 (TEST-NET-3) To NAT Gateway created by this module. nat_gateway_id is automatically retrieved with keyword nat_gateway"
169 |     },
170 |     {
171 |       destination       = "192.168.1.0/24"
172 |       destination_type  = "CIDR_BLOCK"
173 |       network_entity_id = oci_core_local_peering_gateway.lpg.id
174 |       description       = "Terraformed - User added Routing Rule: To lpg with lpg_id directly passed by user. Useful for gateways created outside of vcn module"
175 |     }
176 |   ]
177 | }
178 | 


--------------------------------------------------------------------------------
/examples/drg/README.md:
--------------------------------------------------------------------------------
 1 | # Creating a DRG
 2 | 
 3 | [docs/prerequisites]:https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/docs/prerequisites.adoc
 4 | [Provisioning Infrastructure with Terraform]:https://www.terraform.io/docs/cli/run/index.html
 5 | 
 6 | This example illustrates how to use  `terraform-drg-module` to create an hub and spoke configuration.
 7 | 
 8 | 
 9 | 
10 | ## Prerequisites
11 | 
12 | You will need to collect the following information before you start:
13 | 
14 | 1. your OCI provider authentication values
15 | 2. a compartment OCID in which the present configuration will be created
16 | 
17 | For detailed instructions, see [docs/prerequisites]
18 | 
19 | ## Using this example with Terraform CLI
20 | 
21 | Prepare one [Terraform Variable Definition file] named `terraform.tfvars` with the required authentication information.
22 | 
23 | *TIP: You can rename and configure `terraform.tfvars.example` from this example's folder.*
24 | 
25 | Then apply the example using the following commands:
26 | 
27 | ```shell
28 | > terraform init
29 | > terraform plan
30 | > terraform apply
31 | ```
32 | 
33 | See [Provisioning Infrastructure with Terraform] for more details about Terraform CLI and the available subcommands.
34 | 


--------------------------------------------------------------------------------
/examples/drg/main.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2019, 2021, Oracle Corporation and/or affiliates.
 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 3 | 
 4 | # Version requirements
 5 | 
 6 | 
 7 | 
 8 | # Resources
 9 | 
10 | module "drg_hub" {
11 | 
12 |   source = "github.com/oracle-terraform-modules/terraform-oci-drg"
13 |   # to use the terraform registry version comment the previous line and uncomment the 2 lines below
14 |   # source  = "oracle-terraform-modules/drg/oci"
15 |   # version = "specify_version_number"
16 | 
17 |   # general oci parameters
18 |   compartment_id = var.compartment_id
19 |   label_prefix   = var.label_prefix
20 | 
21 |   # drg parameters
22 |   drg_display_name = var.drg_display_name
23 |   drg_vcn_attachments = { for k, v in module.vcn_spokes : k => {
24 |     # instead of manually setting the vcn_id in a variable named var.vcn_attachments for example
25 |     # this `for` expression gets the vcn_id values dynamically from the vcn module used in the same
26 |     # configuration below. for example on how to setup this field manually, please see terraform.tfvars.example
27 |     # in this folder.
28 |     vcn_id : v.vcn_id
29 |     vcn_transit_routing_rt_id : null
30 |     drg_route_table_id : null
31 |     }
32 |   }
33 | }
34 | 
35 | module "vcn_spokes" {
36 | 
37 |   source = "github.com/oracle-terraform-modules/terraform-oci-vcn"
38 |   # to use the terraform registry version comment the previous line and uncomment the 2 lines below
39 |   # source  = "oracle-terraform-modules/vcn/oci"
40 |   # version = "specify_version_number"
41 | 
42 |   for_each = var.vcn_spokes
43 | 
44 |   # general oci parameters
45 |   compartment_id  = var.compartment_id
46 |   label_prefix    = var.label_prefix
47 |   attached_drg_id = module.drg_hub.drg_id
48 | 
49 |   # vcn parameters
50 |   create_internet_gateway      = each.value["create_internet_gateway"]  # boolean: true or false
51 |   lockdown_default_seclist     = each.value["lockdown_default_seclist"] # boolean: true or false
52 |   create_nat_gateway           = each.value["create_nat_gateway"]       # boolean: true or false
53 |   create_service_gateway       = each.value["create_service_gateway"]   # boolean: true or false
54 |   enable_ipv6                  = each.value["enable_ipv6"]              # boolean: true or false
55 |   vcn_cidrs                    = each.value["cidrs"]                    # List of IPv4 CIDRs
56 |   vcn_dns_label                = each.value["dns_label"]                # string
57 |   vcn_name                     = each.key                               # string
58 |   internet_gateway_route_rules = var.internet_gateway_route_rules
59 |   freeform_tags                = var.freeform_tags
60 | }
61 | 
62 | 


--------------------------------------------------------------------------------
/examples/drg/outputs.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2019, 2021, Oracle Corporation and/or affiliates.
 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 3 | 
 4 | # display a summary of the drg and its attachments
 5 | output "module_drg_hub" {
 6 |   description = "drg name, OCID and vcn attachment summary"
 7 |   value       = module.drg_hub.drg_summary
 8 | }
 9 | 
10 | # display names and ids of a module that use for_each and shows how to use the *_all_attributes output to select a specific field
11 | output "module_vcn_spokes" {
12 |   description = "vcn names and OCIDs"
13 |   value       = { for vcn in module.vcn_spokes : "${~vcn.vcn_all_attributes.display_name~}" => "${vcn.vcn_id~}" }
14 |   # We combine here two expressions:
15 |   # 1. "for" expression to loop over each key of module.vcn_spokes wrapped with {...} to produce an object
16 |   # 2. "String Template directives" for interpolation and whitespace stripping:
17 |   #   --> ${ ... } evaluates the expression given between the markers, then inserts it into the final string https://www.terraform.io/docs/language/expressions/strings.html#interpolation
18 |   #   --> ~ indicates whitespace stripping before or after https://www.terraform.io/docs/language/expressions/strings.html#whitespace-stripping
19 |   #
20 |   # result will be an object containing "vcn.display_name" = "vcn.id" for each vcn in the vcn_spokes module
21 | }
22 | 


--------------------------------------------------------------------------------
/examples/drg/terraform.tfvars.example:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2019, 2021 Oracle Corporation and/or affiliates.  All rights reserved.
 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 3 | 
 4 | api_fingerprint      = ""
 5 | api_private_key_path = ""
 6 | compartment_id       = ""
 7 | drg_display_name     = "drg_hub"
 8 | label_prefix         = "terraform-oci"
 9 | region               = ""
10 | tenancy_id           = ""
11 | user_id              = ""
12 | vcn_spokes = {
13 |   "vcn_spoke1": {
14 |     "cidrs": [
15 |       "10.0.1.0/24",
16 |       "10.0.2.0/24"
17 |     ],
18 |     "create_internet_gateway": true,
19 |     "create_nat_gateway": true,
20 |     "create_service_gateway": true,
21 |     "dns_label": "spoke1",
22 |     "enable_ipv6": true,
23 |     "lockdown_default_seclist": true
24 |   },
25 |   "vcn_spoke2": {
26 |     "cidrs": [
27 |       "10.0.3.0/24"
28 |     ],
29 |     "create_internet_gateway": true,
30 |     "create_nat_gateway": false,
31 |     "create_service_gateway": true,
32 |     "dns_label": "spoke2",
33 |     "enable_ipv6": false,
34 |     "lockdown_default_seclist": true
35 |   }
36 | }
37 | vcn_attachments = {
38 |   "vcn_spoke1": {
39 |     vcn_id : ""
40 |     vcn_transit_routing_rt_id : ""
41 |     drg_route_table_id : ""
42 |   },
43 |   "vcn_spoke2": {
44 |     vcn_id : ""
45 |     vcn_transit_routing_rt_id : ""
46 |     drg_route_table_id : ""
47 |   }
48 | }


--------------------------------------------------------------------------------
/examples/drg/variables.tf:
--------------------------------------------------------------------------------
  1 | # Copyright (c) 2019, 2021, Oracle Corporation and/or affiliates.
  2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
  3 | 
  4 | # provider identity parameters
  5 | variable "api_fingerprint" {
  6 |   description = "fingerprint of oci api private key"
  7 |   type        = string
  8 |   # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc
  9 | }
 10 | 
 11 | variable "api_private_key_path" {
 12 |   description = "path to oci api private key used"
 13 |   type        = string
 14 |   # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc
 15 | }
 16 | 
 17 | variable "region" {
 18 |   description = "the oci region where resources will be created"
 19 |   type        = string
 20 |   # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc
 21 |   # List of regions: https://docs.cloud.oracle.com/iaas/Content/General/Concepts/regions.htm#ServiceAvailabilityAcrossRegions
 22 | }
 23 | 
 24 | variable "tenancy_id" {
 25 |   description = "tenancy id where to create the sources"
 26 |   type        = string
 27 |   # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc
 28 | }
 29 | 
 30 | variable "user_id" {
 31 |   description = "id of user that terraform will use to create the resources"
 32 |   type        = string
 33 |   # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc
 34 | }
 35 | 
 36 | # general oci parameters
 37 | 
 38 | variable "compartment_id" {
 39 |   description = "compartment id where to create all resources"
 40 |   type        = string
 41 |   # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc
 42 | }
 43 | 
 44 | variable "label_prefix" {
 45 |   description = "a string that will be prepended to all resources"
 46 |   type        = string
 47 |   default     = "terraform-oci"
 48 | }
 49 | 
 50 | # drg parameters
 51 | 
 52 | variable "drg_display_name" {
 53 |   description = "(Updatable) Name of Dynamic Routing Gateway. Does not have to be unique."
 54 |   type        = string
 55 |   default     = "drg_hub"
 56 | }
 57 | 
 58 | variable "internet_gateway_route_rules" {
 59 |   description = "(Updatable) List of routing rules to add to Internet Gateway Route Table"
 60 |   type        = list(map(string))
 61 |   default     = null
 62 | }
 63 | 
 64 | variable "freeform_tags" {
 65 |   description = "simple key-value pairs to tag the created resources using freeform OCI Free-form tags."
 66 |   type        = map(any)
 67 |   default = {
 68 |     terraformed = "Please do not edit manually"
 69 |     module      = "oracle-terraform-modules/vcn/oci"
 70 |   }
 71 | }
 72 | 
 73 | # vcn parameters
 74 | 
 75 | variable "vcn_spokes" {
 76 |   type = map(any)
 77 |   default = {
 78 |     vcn_spoke1 = {
 79 |       cidrs                    = ["10.0.1.0/24", "10.0.2.0/24"]
 80 |       dns_label                = "spoke1"
 81 |       create_internet_gateway  = true
 82 |       create_nat_gateway       = true
 83 |       create_service_gateway   = true
 84 |       enable_ipv6              = true
 85 |       lockdown_default_seclist = true
 86 |     }
 87 |     vcn_spoke2 = {
 88 |       cidrs                    = ["10.0.3.0/24"]
 89 |       dns_label                = "spoke2"
 90 |       create_internet_gateway  = true
 91 |       create_nat_gateway       = false
 92 |       create_service_gateway   = true
 93 |       enable_ipv6              = false
 94 |       lockdown_default_seclist = true
 95 |     }
 96 |   }
 97 | }
 98 | 
 99 | 
100 | 


--------------------------------------------------------------------------------
/examples/drg/version.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 |   required_providers {
3 |     oci = {
4 |       source  = "oracle/oci"
5 |       version = ">=4.67.3"
6 |     }
7 |   }
8 |   required_version = ">= 1.0.0"
9 | }


--------------------------------------------------------------------------------
/examples/hub-spoke/README.md:
--------------------------------------------------------------------------------
 1 | # Creating a hub-and-spoke using LPGs with module terraform-oci-vcn
 2 | 
 3 | [Terraform Variable Definition file]:https://www.terraform.io/docs/language/values/variables.html#variable-definitions-tfvars-files
 4 | [Input Variables]:https://www.terraform.io/docs/language/values/variables.html
 5 | [Local Values]:https://www.terraform.io/docs/language/values/locals.html
 6 | [Named Values]:https://www.terraform.io/docs/language/expressions/references.html
 7 | [docs/prerequisites]:https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/docs/prerequisites.adoc
 8 | [docs/terraformoptions]:https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/docs/terraformoptions.adoc
 9 | [docs/routing_rules]:https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/docs/routing_rules.adoc
10 | [Provisioning Infrastructure with Terraform]:https://www.terraform.io/docs/cli/run/index.html
11 | 
12 | This example illustrates how to use `terraform-oci-vcn` module to create a hub-and-spoke architecture for Transit Routing, using VCNs and Local Peering Gateways.
13 | 
14 | Three VCN will be created:
15 | 
16 | - One Hub VCN with 3 LPG and 1 Route Table
17 | - The Route Table on HUB VCN is attached to the first and second HUB LPG
18 | - Three Spoke VCN, with one LPG each
19 | - Spoke1 and Spoke2 are automatically peered with HUB VCN
20 | - Spoke3 VCN is not peered
21 | 
22 | This diagram illustrates what will be created by this example.
23 | 
24 | ![diagram](https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/docs/images/hub-spoke-lpg.png?raw=true&sanitize=true)
25 | 
26 | ## How to declare one or many LPG on the vcn module
27 | 
28 | You can declare several LPG using the module's Variable Input `local_peering_gateways` (type: map of maps):
29 | 
30 | - each key of `local_peering_gateways` is an LPG
31 | - the key is the LPG's display name
32 | - you can optionally declare a `route_table_id` to be attached to the LPG (useful on HUB VCN for Transit Routing)
33 | - you can optionally declare a `peer_id`, so your module will act as a requestor and establish the LPG peering (either in the hub vcn module or the spoke vcn module, but not both to).
34 | 
35 | This is an example that shows three ways to declare an LPG:
36 | 
37 | ```HCL
38 | module "vcn_hub" {
39 |   ...
40 |   local_peering_gateways = {
41 |     to_spoke1 = {
42 |       route_table_id = oci_core_route_table.VTR_spokes.id
43 |     }
44 |     to_spoke2 = {
45 |       route_table_id = oci_core_route_table.VTR_spokes.id
46 |       peer_id = module.vcn_spoke2.lpg_all_attributes["to_hub"]["id"]
47 |     }
48 |     to_spoke3 = {}
49 |   }
50 | }
51 | ```
52 | 
53 | The `peer_id` argument accept any valid string (OCI API is expecting an LPG OCID). The example for LPG named `to_spoke_2` shows how to use the vcn module outputs to dynamically retrieve a valid value.
54 | 
55 | ## Prerequisites
56 | 
57 | You will need to collect the following information before you start:
58 | 
59 | 1. your OCI provider authentication values
60 | 2. a compartment OCID in which the present configuration will be created
61 | 
62 | For detailed instructions, see [docs/prerequisites]
63 | 
64 | ## Using this example with Terraform CLI
65 | 
66 | Prepare one [Terraform Variable Definition file] named `terraform.tfvars` with the required authentication information.
67 | 
68 | *TIP: You can rename and configure `terraform.tfvars.example` from this example's folder.*
69 | 
70 | Then apply the example using the following commands:
71 | 
72 | ```shell
73 | > terraform init
74 | > terraform plan
75 | > terraform apply
76 | ```
77 | 
78 | See [Provisioning Infrastructure with Terraform] for more details about Terraform CLI and the available subcommands.
79 | 


--------------------------------------------------------------------------------
/examples/hub-spoke/main.tf:
--------------------------------------------------------------------------------
  1 | # Copyright (c) 2019, 2021, Oracle Corporation and/or affiliates.
  2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
  3 | 
  4 | 
  5 | # Resources
  6 | 
  7 | module "vcn_hub" {
  8 |   # this module use the generic vcn module and configure it to act as a hub in a hub-and-spoke topology
  9 | 
 10 |   source = "github.com/oracle-terraform-modules/terraform-oci-vcn"
 11 |   # to use the terraform registry version comment the previous line and uncomment the 2 lines below
 12 |   # source  = "oracle-terraform-modules/vcn/oci"
 13 |   # version = "specify_version_number"
 14 | 
 15 |   # general oci parameters
 16 |   compartment_id = var.compartment_id
 17 |   label_prefix   = var.label_prefix
 18 |   freeform_tags  = var.freeform_tags
 19 |   defined_tags   = var.defined_tags
 20 | 
 21 |   # vcn parameters
 22 |   create_internet_gateway  = var.create_internet_gateway  # boolean: true or false
 23 |   lockdown_default_seclist = var.lockdown_default_seclist # boolean: true or false
 24 |   create_nat_gateway       = var.create_nat_gateway       # boolean: true or false
 25 |   create_service_gateway   = var.create_service_gateway   # boolean: true or false
 26 |   enable_ipv6              = var.enable_ipv6
 27 |   vcn_cidrs                = var.vcn_cidrs # List of IPv4 CIDRs
 28 |   vcn_dns_label            = var.vcn_dns_label
 29 |   vcn_name                 = var.vcn_name
 30 | 
 31 |   # gateways parameters
 32 |   internet_gateway_display_name = var.internet_gateway_display_name
 33 |   nat_gateway_display_name      = var.nat_gateway_display_name
 34 |   service_gateway_display_name  = var.service_gateway_display_name
 35 |   attached_drg_id               = var.attached_drg_id
 36 | 
 37 |   local_peering_gateways = {
 38 |     to_spoke1 = { # LPG will be in acceptor mode with a route table attached
 39 |       route_table_id = oci_core_route_table.VTR_spokes.id
 40 |     }
 41 |     to_spoke2 = { # LPG will be in requestor mode with no route table attached
 42 |       route_table_id = oci_core_route_table.VTR_spokes.id
 43 |       peer_id        = module.vcn_spoke2.lpg_all_attributes["to_hub"]["id"]
 44 |     }
 45 |     to_spoke3 = {} # LPG will be in acceptor mode with no route table attached
 46 |   }
 47 | 
 48 |   # routing rules
 49 |   internet_gateway_route_rules = var.internet_gateway_route_rules # this module input shows how to pass routing information to the vcn module through  Variable Input. Can be initialized in a *.tfvars or *.auto.tfvars file
 50 | }
 51 | 
 52 | resource "oci_core_route_table" "VTR_spokes" {
 53 |   # this is a route table created to demonstrate how to attach a route table an LPG for Transit Routing use cases.
 54 |   compartment_id = var.compartment_id
 55 |   vcn_id         = module.vcn_hub.vcn_id
 56 | 
 57 |   display_name = "RT_VTR_spokes"
 58 | }
 59 | 
 60 | module "vcn_spoke1" {
 61 |   # this module use the generic vcn module and configure it to act as a spoke in a hub-and-spoke topology
 62 | 
 63 |   source = "github.com/oracle-terraform-modules/terraform-oci-vcn"
 64 |   # to use the terraform registry version comment the previous line and uncomment the 2 lines below
 65 |   # source  = "oracle-terraform-modules/vcn/oci"
 66 |   # version = "specify_version_number"
 67 | 
 68 |   # general oci parameters
 69 |   compartment_id = var.compartment_id
 70 |   label_prefix   = var.label_prefix
 71 |   freeform_tags  = var.freeform_tags
 72 | 
 73 |   # vcn parameters
 74 |   create_internet_gateway  = false           # boolean: true or false
 75 |   lockdown_default_seclist = true            # boolean: true or false
 76 |   create_nat_gateway       = false           # boolean: true or false
 77 |   create_service_gateway   = false           # boolean: true or false
 78 |   vcn_cidrs                = ["10.0.1.0/24"] # VCN CIDR
 79 |   vcn_dns_label            = "fraspoke1"
 80 |   vcn_name                 = "spoke1"
 81 | 
 82 |   # gateways parameters
 83 |   attached_drg_id = var.attached_drg_id
 84 | 
 85 |   local_peering_gateways = {
 86 |     to_hub = {
 87 |       peer_id = module.vcn_hub.lpg_all_attributes["to_spoke1"]["id"] # LPG will be in requestor mode with no route table attached
 88 |     }
 89 |   }
 90 | }
 91 | 
 92 | module "vcn_spoke2" {
 93 |   # this module use the generic vcn module and configure it to act as a spoke in a hub-and-spoke topology
 94 | 
 95 |   source = "github.com/oracle-terraform-modules/terraform-oci-vcn"
 96 |   # to use the terraform registry version comment the previous line and uncomment the 2 lines below
 97 |   # source  = "oracle-terraform-modules/vcn/oci"
 98 |   # version = "specify_version_number"
 99 | 
100 |   # general oci parameters
101 |   compartment_id = var.compartment_id
102 |   label_prefix   = var.label_prefix
103 |   freeform_tags  = var.freeform_tags
104 | 
105 |   # vcn parameters
106 |   create_internet_gateway  = false           # boolean: true or false
107 |   lockdown_default_seclist = true            # boolean: true or false
108 |   create_nat_gateway       = false           # boolean: true or false
109 |   create_service_gateway   = false           # boolean: true or false
110 |   vcn_cidrs                = ["10.0.2.0/24"] # VCN CIDR
111 |   vcn_dns_label            = "fraspoke2"
112 |   vcn_name                 = "spoke2"
113 | 
114 |   # gateways parameters
115 |   attached_drg_id = var.attached_drg_id
116 | 
117 |   local_peering_gateways = {
118 |     to_hub = {} # LPG will be in acceptor mode with no route table attached
119 |   }
120 | }
121 | 
122 | module "vcn_spoke3" {
123 |   # this module use the generic vcn module and configure it to act as a spoke in a hub-and-spoke topology
124 | 
125 |   source = "github.com/oracle-terraform-modules/terraform-oci-vcn"
126 |   # to use the terraform registry version comment the previous line and uncomment the 2 lines below
127 |   # source  = "oracle-terraform-modules/vcn/oci"
128 |   # version = "specify_version_number"
129 | 
130 |   # general oci parameters
131 |   compartment_id = var.compartment_id
132 |   label_prefix   = var.label_prefix
133 |   freeform_tags  = var.freeform_tags
134 | 
135 |   # vcn parameters
136 |   create_internet_gateway  = false           # boolean: true or false
137 |   lockdown_default_seclist = true            # boolean: true or false
138 |   create_nat_gateway       = false           # boolean: true or false
139 |   create_service_gateway   = false           # boolean: true or false
140 |   vcn_cidrs                = ["10.0.3.0/24"] # VCN CIDR
141 |   vcn_dns_label            = "fraspoke3"
142 |   vcn_name                 = "spoke3"
143 | 
144 |   # gateways parameters
145 |   attached_drg_id = var.attached_drg_id
146 |   local_peering_gateways = {
147 |     to_hub = {} # LPG will be in acceptor mode with no route table attached
148 |   }
149 | }


--------------------------------------------------------------------------------
/examples/hub-spoke/terraform.tfvars.example:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2019, 2021 Oracle Corporation and/or affiliates.  All rights reserved.
 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 3 | 
 4 | # provider identity parameters
 5 | 
 6 | api_fingerprint = ""
 7 | 
 8 | api_private_key_path = ""
 9 | 
10 | region = "us-phoenix-1"
11 | 
12 | tenancy_id = ""
13 | 
14 | user_id = ""
15 | 
16 | # general oci parameters
17 | 
18 | compartment_id = ""
19 | 
20 | label_prefix = "dev"
21 | 
22 | # vcn parameters
23 | 
24 | 
25 | create_internet_gateway = false
26 | 
27 | create_nat_gateway = false
28 | 
29 | create_service_gateway = false
30 | 
31 | enable_ipv6 = false
32 | 
33 | vcn_cidrs = ["10.0.0.0/24"]
34 | 
35 | vcn_dns_label = "vcn"
36 | 
37 | vcn_name = "vcn"
38 | 
39 | freeform_tags = {
40 |   environment = "dev"
41 |   lob         = "finance"
42 | }
43 | 
44 | defined_tags = {
45 |   "Operations.CostCenter" = "42"
46 | }
47 | 
48 | # gateways parameters
49 | 
50 | internet_gateway_display_name = "igw"
51 | nat_gateway_display_name = "ngw"
52 | service_gateway_display_name = "sgw"
53 | attached_drg_id = null
54 | 


--------------------------------------------------------------------------------
/examples/hub-spoke/variables.tf:
--------------------------------------------------------------------------------
  1 | # Copyright (c) 2019, 2021, Oracle Corporation and/or affiliates.
  2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
  3 | 
  4 | # provider identity parameters
  5 | variable "api_fingerprint" {
  6 |   description = "fingerprint of oci api private key"
  7 |   type        = string
  8 |   # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc
  9 | }
 10 | 
 11 | variable "api_private_key_path" {
 12 |   description = "path to oci api private key used"
 13 |   type        = string
 14 |   # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc
 15 | }
 16 | 
 17 | variable "region" {
 18 |   description = "the oci region where resources will be created"
 19 |   type        = string
 20 |   # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc
 21 |   # List of regions: https://docs.cloud.oracle.com/iaas/Content/General/Concepts/regions.htm#ServiceAvailabilityAcrossRegions
 22 | }
 23 | 
 24 | variable "tenancy_id" {
 25 |   description = "tenancy id where to create the sources"
 26 |   type        = string
 27 |   # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc
 28 | }
 29 | 
 30 | variable "user_id" {
 31 |   description = "id of user that terraform will use to create the resources"
 32 |   type        = string
 33 |   # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc
 34 | }
 35 | 
 36 | # general oci parameters
 37 | 
 38 | variable "compartment_id" {
 39 |   description = "compartment id where to create all resources"
 40 |   type        = string
 41 |   # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc
 42 | }
 43 | 
 44 | variable "label_prefix" {
 45 |   description = "a string that will be prepended to all resources"
 46 |   type        = string
 47 |   default     = "terraform-oci"
 48 | }
 49 | 
 50 | variable "freeform_tags" {
 51 |   description = "simple key-value pairs to tag the created resources using freeform OCI Free-form tags."
 52 |   type        = map(any)
 53 |   default = {
 54 |     terraformed = "please do not edit manually"
 55 |     module      = "oracle-terraform-modules/vcn/oci"
 56 |   }
 57 | }
 58 | 
 59 | variable "defined_tags" {
 60 |   description = "predefined and scoped to a namespace to tag the resources created using defined tags."
 61 |   type        = map(string)
 62 |   default     = null
 63 | }
 64 | 
 65 | # vcn parameters
 66 | 
 67 | variable "create_internet_gateway" {
 68 |   description = "whether to create the internet gateway"
 69 |   type        = bool
 70 |   default     = false
 71 | }
 72 | 
 73 | variable "create_nat_gateway" {
 74 |   description = "whether to create a nat gateway in the vcn"
 75 |   type        = bool
 76 |   default     = false
 77 | }
 78 | 
 79 | variable "create_service_gateway" {
 80 |   description = "whether to create a service gateway"
 81 |   type        = bool
 82 |   default     = false
 83 | }
 84 | 
 85 | variable "lockdown_default_seclist" {
 86 |   description = "whether to remove all default security rules from the VCN Default Security List"
 87 |   type        = bool
 88 |   default     = true
 89 | }
 90 | 
 91 | variable "enable_ipv6" {
 92 |   description = "Whether IPv6 is enabled for the VCN. If enabled, Oracle will assign the VCN a IPv6 /56 CIDR block."
 93 |   type        = bool
 94 |   default     = true
 95 | }
 96 | 
 97 | variable "vcn_cidrs" {
 98 |   description = "The list of IPv4 CIDR blocks the VCN will use."
 99 |   type        = list(string)
100 |   default     = ["10.0.0.0/24"]
101 | }
102 | 
103 | variable "vcn_dns_label" {
104 |   description = "A DNS label for the VCN, used in conjunction with the VNIC's hostname and subnet's DNS label to form a fully qualified domain name (FQDN) for each VNIC within this subnet"
105 |   type        = string
106 |   default     = "vcnmodule"
107 | }
108 | 
109 | variable "vcn_name" {
110 |   description = "user-friendly name of to use for the vcn to be appended to the label_prefix"
111 |   type        = string
112 |   default     = "vcn"
113 | }
114 | 
115 | # gateways parameters
116 | 
117 | variable "attached_drg_id" {
118 |   description = "the ID of DRG attached to the VCN"
119 |   type        = string
120 |   default     = null
121 | }
122 | 
123 | 
124 | variable "internet_gateway_display_name" {
125 |   description = "(Updatable) Name of Internet Gateway. Does not have to be unique."
126 |   type        = string
127 |   default     = "igw"
128 | }
129 | 
130 | variable "nat_gateway_display_name" {
131 |   description = "(Updatable) Name of NAT Gateway. Does not have to be unique."
132 |   type        = string
133 |   default     = "ngw"
134 | }
135 | 
136 | variable "service_gateway_display_name" {
137 |   description = "(Updatable) Name of Service Gateway. Does not have to be unique."
138 |   type        = string
139 |   default     = "sgw"
140 | }
141 | 
142 | # routing rules
143 | 
144 | variable "internet_gateway_route_rules" {
145 |   description = "(Updatable) List of routing rules to add to Internet Gateway Route Table"
146 |   type        = list(map(string))
147 |   default     = null
148 | }
149 | 
150 | 


--------------------------------------------------------------------------------
/examples/hub-spoke/version.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 |   required_providers {
3 |     oci = {
4 |       source  = "oracle/oci"
5 |       version = ">=4.67.3"
6 |     }
7 |   }
8 |   required_version = ">= 1.0.0"
9 | }


--------------------------------------------------------------------------------
/examples/module_composition/README.md:
--------------------------------------------------------------------------------
  1 | # Example reusing terraform-oci-vcn and extending to create other network resources
  2 | 
  3 | [rootvariables]:https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/examples/module_composition/variables.tf
  4 | [sampletfvars]:https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/examples/module_composition/terraform.tfvars.example
  5 | [terraformoptions]:https://github.com/oracle-terraform-modules/terraform-oci-vcn/blob/main/docs/terraformoptions.adoc
  6 | [terraform-oci-vcn]:https://registry.terraform.io/modules/oracle-terraform-modules/vcn/oci/latest
  7 | 
  8 | __Note: This is an example to demonstrate reusing this Terraform module to create additional network resources. Ensure you evaluate your own security needs when creating security lists, network security groups etc.__
  9 | 
 10 | ## Create a new Terraform project
 11 | 
 12 | As an example, we’ll be using [terraform-oci-vcn] to create
 13 | additional network resources in the VCN. The steps required are the following:
 14 | 
 15 | 1. Create a new directory for your project e.g. mynetwork
 16 | 
 17 | 2. Create the following files in root directory of your project:
 18 | 
 19 | - `variables.tf`
 20 | - `locals.tf`
 21 | - `provider.tf`
 22 | - `main.tf`
 23 | - `terraform.tfvars`
 24 | 
 25 | 3. Define the oci provider
 26 | 
 27 | ```HCL
 28 | provider "oci" {
 29 |   tenancy_ocid         = var.tenancy_id
 30 |   user_ocid            = var.user_id
 31 |   fingerprint          = var.api_fingerprint
 32 |   private_key_path     = var.api_private_key_path
 33 |   region               = var.region
 34 |   disable_auto_retries = false
 35 | }
 36 | ```
 37 | 
 38 | ## Define project variables
 39 | 
 40 | ### Variables to reuse the vcn module
 41 | 
 42 | 1. Define the vcn parameters in the root `variables.tf`.
 43 | See an example for [`variables.tf`][rootvariables].
 44 | 
 45 | 2. Add additional variables if you need to.
 46 | 
 47 | ## Define your modules
 48 | 
 49 | 1. Define the vcn module in root `main.tf`
 50 | 
 51 | ```HCL
 52 | module "vcn" {
 53 |   source  = "oracle-terraform-modules/vcn/oci"
 54 | 
 55 |   # general oci parameters
 56 |   compartment_id = var.compartment_id
 57 |   label_prefix   = var.label_prefix
 58 | 
 59 |   # vcn parameters
 60 |   create_internet_gateway = var.create_internet_gateway
 61 |   create_nat_gateway      = var.create_nat_gateway
 62 |   create_service_gateway  = var.create_service_gateway
 63 |   tags                     = var.freeform_tags
 64 |   vcn_cidrs                = var.vcn_cidrs
 65 |   vcn_dns_label            = var.vcn_dns_label
 66 |   vcn_name                 = var.vcn_name
 67 |   lockdown_default_seclist = var.lockdown_default_seclist
 68 |   attached_drg_id          = var.attached_drg_id
 69 | }
 70 | ```
 71 | 
 72 | 2. Enter appropriate values for `terraform.tfvars`. Review [Terraform Options][terraformoptions] for reference.
 73 | You can also use this example [terraform.tfvars][sampletfvars]. Just remove the `.example` extension.
 74 | 
 75 | ## Add your own modules
 76 | 
 77 | 1. Create your own module e.g. subnets. In modules directory, create a subnets directory:
 78 | 
 79 | ```shell
 80 | mkdir subnets
 81 | ```
 82 | 
 83 | 2. Define the additional variables(e.g. subnet masks) in the root and module variable file (`variables.tf`) e.g.
 84 | 
 85 | ```HCL
 86 | variable "netnum" {
 87 |   description = "zero-based index of the subnet when the network is masked with the newbit. use as netnum parameter for cidrsubnet function"
 88 |   default = {
 89 |     bastion = 32
 90 |     web     = 16
 91 |   }
 92 |   type = map
 93 | }
 94 | 
 95 | variable "newbits" {
 96 |   description = "new mask for the subnet within the virtual network. use as newbits parameter for cidrsubnet function"
 97 |   default = {
 98 |     bastion = 13
 99 |     web     = 11
100 |   }
101 |   type = map
102 | }
103 | ```
104 | 
105 | 3. Create the security lists and subnets in `security.tf` and `subnets.tf` respectively in the subnets module:
106 | 
107 | ```HCL
108 | resource "oci_core_security_list" "bastion" {
109 |   compartment_id = var.compartment_id
110 |   display_name   = "${var.label_prefix}-bastion"
111 | 
112 |   egress_security_rules {
113 |     protocol    = "all"
114 |     destination = "0.0.0.0/0"
115 |   }
116 | 
117 |   ingress_security_rules {
118 |     # allow ssh
119 |     protocol = 6
120 |     source   = "0.0.0.0/0"
121 | 
122 |     tcp_options {
123 |       min = 22
124 |       max = 22
125 |     }
126 |   }
127 |   vcn_id = var.vcn_id
128 | }
129 | 
130 | resource "oci_core_security_list" "web" {
131 |   compartment_id = var.compartment_id
132 |   display_name   = "${var.label_prefix}-web"
133 | 
134 |   egress_security_rules {
135 |     protocol    = "all"
136 |     destination = "all"
137 |   }
138 | 
139 |   ingress_security_rules {
140 |     # allow ssh
141 |     protocol = 6
142 | 
143 |     source = "0.0.0.0"
144 | 
145 |     tcp_options {
146 |       min = 80
147 |       max = 80
148 |     }
149 |   }
150 |   vcn_id         = var.vcn_id
151 | }
152 | 
153 | resource "oci_core_subnet" "bastion" {
154 |   cidr_block                 = cidrsubnet(var.vcn_cidr, var.newbits["bastion"], var.netnum["bastion])
155 |   compartment_id             = var.compartment_id
156 |   display_name               = "${var.label_prefix}-bastion"
157 |   dns_label                  = "bastion"
158 |   prohibit_public_ip_on_vnic = false
159 |   route_table_id             = var.ig_route_id
160 |   security_list_ids          = [oci_core_security_list.bastion.id]
161 |   vcn_id                     = var.vcn_id
162 | }
163 | 
164 | resource "oci_core_subnet" "web" {
165 |   cidr_block                 = cidrsubnet(var.vcn_cidr, var.newbits["web"], var.netnum["web])
166 |   compartment_id             = var.compartment_id
167 |   display_name               = "${var.label_prefix}-web"
168 |   dns_label                  = "web"
169 |   prohibit_public_ip_on_vnic = false
170 |   route_table_id             = var.ig_route_id
171 |   security_list_ids          = [oci_core_security_list.web.id]
172 |   vcn_id                     = var.vcn_id
173 | }
174 | ```
175 | 
176 | 4. Add the subnets module in the `main.tf`
177 | 
178 | ```HCL
179 | module "subnets" {
180 |   source = "./modules/subnets"
181 | 
182 |   netnum  = var.netnum
183 |   newbits = var.newbits
184 | 
185 |   # other required variables
186 |   .
187 |   .
188 |   .
189 | }
190 | ```
191 | 
192 | 5. Update your terraform variable file and add the database parameters:
193 | 
194 | ```HCL
195 | # subnets
196 | 
197 | netnum = {
198 |   bastion = 32
199 |   web     = 16
200 | }
201 | 
202 | newbits = {
203 |   bastion = 13
204 |   web     = 11
205 | }
206 | ```
207 | 


--------------------------------------------------------------------------------
/examples/module_composition/main.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2019, 2021, Oracle Corporation and/or affiliates.
 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 3 | 
 4 | 
 5 | # Resources
 6 | 
 7 | module "vcn" {
 8 | 
 9 |   source = "github.com/oracle-terraform-modules/terraform-oci-vcn"
10 |   # to use the terraform registry version comment the previous line and uncomment the 2 lines below
11 |   # source  = "oracle-terraform-modules/vcn/oci"
12 |   # version = "specify_version_number"
13 | 
14 |   # general oci parameters
15 |   compartment_id = var.compartment_id
16 |   label_prefix   = var.label_prefix
17 |   freeform_tags  = var.freeform_tags
18 |   defined_tags   = var.defined_tags
19 | 
20 |   # vcn parameters
21 |   create_internet_gateway  = var.create_internet_gateway  # boolean: true or false
22 |   lockdown_default_seclist = var.lockdown_default_seclist # boolean: true or false
23 |   create_nat_gateway       = var.create_nat_gateway       # boolean: true or false
24 |   create_service_gateway   = var.create_service_gateway   # boolean: true or false
25 |   enable_ipv6              = var.enable_ipv6
26 |   vcn_cidrs                = var.vcn_cidrs # List of IPv4 CIDRs
27 |   vcn_dns_label            = var.vcn_dns_label
28 |   vcn_name                 = var.vcn_name
29 | 
30 |   # gateways parameters
31 |   internet_gateway_display_name = var.internet_gateway_display_name
32 |   nat_gateway_display_name      = var.nat_gateway_display_name
33 |   service_gateway_display_name  = var.service_gateway_display_name
34 |   attached_drg_id               = var.attached_drg_id
35 | }
36 | 
37 | # Outputs
38 | 
39 | output "module_vcn_ids" {
40 |   description = "vcn and gateways information"
41 |   value = {
42 |     internet_gateway_id          = module.vcn.internet_gateway_id
43 |     internet_gateway_route_id    = module.vcn.ig_route_id
44 |     nat_gateway_id               = module.vcn.nat_gateway_id
45 |     nat_gateway_route_id         = module.vcn.nat_route_id
46 |     service_gateway_id           = module.vcn.service_gateway_id
47 |     vcn_dns_label                = module.vcn.vcn_all_attributes.dns_label
48 |     vcn_default_security_list_id = module.vcn.vcn_all_attributes.default_security_list_id
49 |     vcn_default_route_table_id   = module.vcn.vcn_all_attributes.default_route_table_id
50 |     vcn_default_dhcp_options_id  = module.vcn.vcn_all_attributes.default_dhcp_options_id
51 |     vcn_id                       = module.vcn.vcn_id
52 |   }
53 | }
54 | 
55 | 


--------------------------------------------------------------------------------
/examples/module_composition/terraform.tfvars.example:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2019, 2020 Oracle Corporation and/or affiliates.  All rights reserved.
 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 3 | 
 4 | # provider identity parameters
 5 | 
 6 | api_fingerprint = ""
 7 | 
 8 | api_private_key_path = ""
 9 | 
10 | region = "us-phoenix-1"
11 | 
12 | tenancy_id = ""
13 | 
14 | user_id = ""
15 | 
16 | # general oci parameters
17 | 
18 | compartment_id = ""
19 | 
20 | label_prefix = "dev"
21 | 
22 | # vcn parameters
23 | 
24 | 
25 | create_internet_gateway = false
26 | 
27 | create_nat_gateway = false
28 | 
29 | create_service_gateway = false
30 | 
31 | enable_ipv6 = false
32 | 
33 | vcn_cidrs = ["10.0.0.0/16", "172.16.0.0/16", "192.168.0.0/24"]
34 | 
35 | vcn_dns_label = "vcn"
36 | 
37 | vcn_name = "vcn"
38 | 
39 | lockdown_default_seclist = false
40 | 
41 | freeform_tags = {
42 |   environment = "dev"
43 |   lob = "finance"
44 | }
45 | 
46 | defined_tags = {
47 |   "Operations.CostCenter" = "42"
48 | }
49 | 
50 | # gateways parameters
51 | 
52 | internet_gateway_display_name = "igw"
53 | nat_gateway_display_name = "ngw"
54 | service_gateway_display_name = "sgw"
55 | attached_drg_id = null
56 | 


--------------------------------------------------------------------------------
/examples/module_composition/variables.tf:
--------------------------------------------------------------------------------
  1 | # Copyright (c) 2019, 2021, Oracle Corporation and/or affiliates.
  2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
  3 | 
  4 | # provider identity parameters
  5 | variable "api_fingerprint" {
  6 |   description = "fingerprint of oci api private key"
  7 |   type        = string
  8 |   # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc
  9 | }
 10 | 
 11 | variable "api_private_key_path" {
 12 |   description = "path to oci api private key used"
 13 |   type        = string
 14 |   # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc
 15 | }
 16 | 
 17 | variable "region" {
 18 |   description = "the oci region where resources will be created"
 19 |   type        = string
 20 |   # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc
 21 |   # List of regions: https://docs.cloud.oracle.com/iaas/Content/General/Concepts/regions.htm#ServiceAvailabilityAcrossRegions
 22 | }
 23 | 
 24 | variable "tenancy_id" {
 25 |   description = "tenancy id where to create the sources"
 26 |   type        = string
 27 |   # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc
 28 | }
 29 | 
 30 | variable "user_id" {
 31 |   description = "id of user that terraform will use to create the resources"
 32 |   type        = string
 33 |   # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc
 34 | }
 35 | 
 36 | # general oci parameters
 37 | 
 38 | variable "compartment_id" {
 39 |   description = "compartment id where to create all resources"
 40 |   type        = string
 41 |   # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc
 42 | }
 43 | 
 44 | variable "label_prefix" {
 45 |   description = "a string that will be prepended to all resources"
 46 |   type        = string
 47 |   default     = "terraform-oci"
 48 | }
 49 | 
 50 | variable "freeform_tags" {
 51 |   description = "simple key-value pairs to tag the created resources using freeform OCI Free-form tags."
 52 |   type        = map(any)
 53 |   default = {
 54 |     terraformed = "please do not edit manually"
 55 |     module      = "oracle-terraform-modules/vcn/oci"
 56 |   }
 57 | }
 58 | 
 59 | variable "defined_tags" {
 60 |   description = "predefined and scoped to a namespace to tag the resources created using defined tags."
 61 |   type        = map(string)
 62 |   default     = null
 63 | }
 64 | 
 65 | # vcn parameters
 66 | 
 67 | variable "create_internet_gateway" {
 68 |   description = "whether to create the internet gateway"
 69 |   type        = bool
 70 |   default     = false
 71 | }
 72 | 
 73 | variable "create_nat_gateway" {
 74 |   description = "whether to create a nat gateway in the vcn"
 75 |   type        = bool
 76 |   default     = false
 77 | }
 78 | 
 79 | variable "create_service_gateway" {
 80 |   description = "whether to create a service gateway"
 81 |   type        = bool
 82 |   default     = false
 83 | }
 84 | 
 85 | variable "enable_ipv6" {
 86 |   description = "Whether IPv6 is enabled for the VCN. If enabled, Oracle will assign the VCN a IPv6 /56 CIDR block."
 87 |   type        = bool
 88 |   default     = false
 89 | }
 90 | 
 91 | variable "lockdown_default_seclist" {
 92 |   description = "whether to remove all default security rules from the VCN Default Security List"
 93 |   type        = bool
 94 |   default     = false
 95 | }
 96 | 
 97 | variable "vcn_cidrs" {
 98 |   description = "The list of IPv4 CIDR blocks the VCN will use."
 99 |   type        = list(string)
100 |   default     = ["10.0.0.0/16", "172.16.0.0/16", "192.168.0.0/24"]
101 | }
102 | 
103 | variable "vcn_dns_label" {
104 |   description = "A DNS label for the VCN, used in conjunction with the VNIC's hostname and subnet's DNS label to form a fully qualified domain name (FQDN) for each VNIC within this subnet"
105 |   type        = string
106 |   default     = "vcnmodule"
107 | }
108 | 
109 | variable "vcn_name" {
110 |   description = "user-friendly name of to use for the vcn to be appended to the label_prefix"
111 |   type        = string
112 |   default     = "vcn"
113 | }
114 | 
115 | # gateways parameters
116 | 
117 | variable "attached_drg_id" {
118 |   description = "the ID of DRG attached to the VCN"
119 |   type        = string
120 |   default     = null
121 | }
122 | 
123 | 
124 | variable "internet_gateway_display_name" {
125 |   description = "(Updatable) Name of Internet Gateway. Does not have to be unique."
126 |   type        = string
127 |   default     = "igw"
128 | }
129 | 
130 | variable "nat_gateway_display_name" {
131 |   description = "(Updatable) Name of NAT Gateway. Does not have to be unique."
132 |   type        = string
133 |   default     = "ngw"
134 | }
135 | 
136 | variable "service_gateway_display_name" {
137 |   description = "(Updatable) Name of Service Gateway. Does not have to be unique."
138 |   type        = string
139 |   default     = "sgw"
140 | }
141 | 
142 | 


--------------------------------------------------------------------------------
/examples/module_composition/version.tf:
--------------------------------------------------------------------------------
1 | terraform {
2 |   required_providers {
3 |     oci = {
4 |       source  = "oracle/oci"
5 |       version = ">=4.67.3"
6 |     }
7 |   }
8 |   required_version = ">= 1.0.0"
9 | }


--------------------------------------------------------------------------------
/locals.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2019, 2020 Oracle Corporation and/or affiliates.  All rights reserved.
 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 3 | 
 4 | locals {
 5 |   anywhere      = "0.0.0.0/0"
 6 |   anywhere_ipv6 = "::/0"
 7 |   internet_gateway_display_name = coalesce(
 8 |     var.label_prefix == "none" && var.internet_gateway_display_name == "none" ? "internet-route" : null,
 9 |     var.label_prefix == "none" && var.internet_gateway_display_name != "none" ? var.internet_gateway_display_name : null,
10 |     var.label_prefix != "none" && var.internet_gateway_display_name == "none" ? "${var.label_prefix}-internet-route" : null,
11 |     var.label_prefix != "none" && var.internet_gateway_display_name != "none" ? "${var.label_prefix}-${var.internet_gateway_display_name}" : null
12 |   )
13 |   service_gateway_display_name = coalesce(
14 |     var.label_prefix == "none" && var.service_gateway_display_name == "none" ? "service-gw-route" : null,
15 |     var.label_prefix == "none" && var.service_gateway_display_name != "none" ? var.service_gateway_display_name : null,
16 |     var.label_prefix != "none" && var.service_gateway_display_name == "none" ? "${var.label_prefix}-service-gw-route" : null,
17 |     var.label_prefix != "none" && var.service_gateway_display_name != "none" ? "${var.label_prefix}-${var.service_gateway_display_name}" : null
18 |   )
19 |   nat_gateway_display_name = coalesce(
20 |     var.label_prefix == "none" && var.nat_gateway_display_name == "none" ? "nat-route" : null,
21 |     var.label_prefix == "none" && var.nat_gateway_display_name != "none" ? var.nat_gateway_display_name : null,
22 |     var.label_prefix != "none" && var.nat_gateway_display_name == "none" ? "${var.label_prefix}-nat-route" : null,
23 |     var.label_prefix != "none" && var.nat_gateway_display_name != "none" ? "${var.label_prefix}-${var.nat_gateway_display_name}" : null
24 |   )
25 | }


--------------------------------------------------------------------------------
/modules/subnet/outputs.tf:
--------------------------------------------------------------------------------
1 | # Copyright (c) 2022 Oracle Corporation and/or affiliates.  All rights reserved.
2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
3 | output "subnet_id" {
4 |   value = { for v in oci_core_subnet.vcn_subnet : v.display_name => v.id }
5 | }
6 | output "all_attributes" {
7 |   value = { for k, v in oci_core_subnet.vcn_subnet : k => v }
8 | }
9 | 


--------------------------------------------------------------------------------
/modules/subnet/subnet.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2022 Oracle Corporation and/or affiliates.  All rights reserved.
 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 3 | 
 4 | locals {
 5 |   dhcp_default_options = data.oci_core_dhcp_options.dhcp_options.options.0.id
 6 |    // Tenancy-specific availability domains in region
 7 |   // Common reference for data source re-used throughout module
 8 |   ads = data.oci_identity_availability_domains.all.availability_domains
 9 | 
10 |   // Map of parsed availability domain numbers to tenancy-specific names
11 |   // Used by resources with AD placement for generic selection
12 |   ad_numbers_to_names = local.ads != null ? {
13 |   for ad in local.ads : parseint(substr(ad.name, -1, -1), 10) => ad.name
14 |   } : { -1 : "" } # Fallback handles failure when unavailable but not required
15 | 
16 |   // List of availability domain numbers in region
17 |   // Used to intersect desired AD lists against presence in region
18 |   ad_numbers = local.ads != null ? sort(keys(local.ad_numbers_to_names)) : []
19 | }
20 | 
21 | data "oci_identity_availability_domains" "all" {
22 |   compartment_id = var.tenancy_id
23 | }
24 | 
25 | resource "oci_core_subnet" "vcn_subnet" {
26 |   for_each       = var.subnets
27 |   cidr_block     = each.value.cidr_block
28 |   compartment_id = var.compartment_id
29 |   vcn_id         = var.vcn_id
30 |   availability_domain = lookup(each.value, "availability_domain", null) != null ? local.ad_numbers_to_names[each.value.availability_domain] : null
31 |   
32 |   defined_tags    = var.defined_tags
33 |   dhcp_options_id = local.dhcp_default_options
34 |   display_name    = lookup(each.value, "name", each.key)
35 |   dns_label       = lookup(each.value, "dns_label", null)
36 |   freeform_tags   = var.freeform_tags
37 |   #commented for IPV6 support
38 |   #ipv6cidr_block             = var.enable_ipv6 == false ? null : each.value.ipv6cidr_block
39 |   #ipv6cidr_blocks            = var.enable_ipv6 == false ? null : [each.value.ipv6cidr_block]
40 |   #prohibit_internet_ingress  = var.enable_ipv6 && lookup(each.value,"type","public") == "public" ? each.value.prohibit_internet_ingress : false
41 |   prohibit_public_ip_on_vnic = lookup(each.value, "type", "public") == "public" ? false : true
42 |   route_table_id             = lookup(each.value, "type", "public") == "public" ? var.ig_route_id : var.nat_route_id
43 |   security_list_ids          = null
44 | 
45 |   lifecycle {
46 |     ignore_changes = [defined_tags, dns_label, freeform_tags]
47 |   }
48 | }
49 | 
50 | data "oci_core_dhcp_options" "dhcp_options" {
51 | 
52 |   compartment_id = var.compartment_id
53 |   vcn_id         = var.vcn_id
54 | }
55 | 


--------------------------------------------------------------------------------
/modules/subnet/variables.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2022 Oracle Corporation and/or affiliates.  All rights reserved.
 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 3 | 
 4 | variable "compartment_id" {
 5 |   description = "compartment id where to create all resources"
 6 |   type        = string
 7 | }
 8 | 
 9 | variable "subnets" {
10 |   description = "Subnets to be created"
11 |   type        = any
12 |   default     = {}
13 | }
14 | 
15 | variable "enable_ipv6" {
16 |   description = "Enable IPV6"
17 |   type        = bool
18 |   default     = false
19 | }
20 | 
21 | variable "vcn_id" {
22 |   description = "VCN ID"
23 |   type        = string
24 | 
25 | }
26 | 
27 | variable "ig_route_id" {
28 |   description = "Internet Gateway route table id"
29 |   type        = string
30 | }
31 | 
32 | variable "nat_route_id" {
33 |   description = "NAT Gateway route table id"
34 |   type        = string
35 | }
36 | 
37 | variable "defined_tags" {
38 |   description = "predefined and scoped to a namespace to tag the resources created using defined tags."
39 |   type        = map(string)
40 |   default     = null
41 | }
42 | 
43 | 
44 | variable "freeform_tags" {
45 |   description = "simple key-value pairs to tag the created resources using freeform OCI Free-form tags."
46 |   type        = map(any)
47 |   default = {
48 |     terraformed = "Please do not edit manually"
49 |     module      = "oracle-terraform-modules/vcn/oci"
50 |   }
51 | }
52 | 
53 | variable "tenancy_id" {
54 |   description = "Tenancy OCID"
55 |   type        = string
56 | }
57 | 


--------------------------------------------------------------------------------
/modules/subnet/versions.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2022 Oracle Corporation and/or affiliates.  All rights reserved.
 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
 3 | 
 4 | terraform {
 5 |   required_providers {
 6 |     oci = {
 7 |       source  = "oracle/oci"
 8 |       version = ">=4.67.3"
 9 |     }
10 |   }
11 |   required_version = ">= 1.0.0"
12 | }
13 | 


--------------------------------------------------------------------------------
/outputs.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2019, 2020 Oracle Corporation and/or affiliates.  All rights reserved.
 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 3 | 
 4 | output "vcn_id" {
 5 |   description = "id of vcn that is created"
 6 |   value       = oci_core_vcn.vcn.id
 7 | }
 8 | 
 9 | 
10 | output "nat_gateway_id" {
11 |   description = "id of nat gateway if it is created"
12 |   value       = join(",", oci_core_nat_gateway.nat_gateway[*].id)
13 | }
14 | 
15 | output "internet_gateway_id" {
16 |   description = "id of internet gateway if it is created"
17 |   value       = join(",", oci_core_internet_gateway.ig[*].id)
18 | }
19 | 
20 | output "service_gateway_id" {
21 |   description = "id of service gateway if it is created"
22 |   value       = join(",", oci_core_service_gateway.service_gateway[*].id)
23 | }
24 | 
25 | output "ig_route_id" {
26 |   description = "id of internet gateway route table"
27 |   value       = join(",", oci_core_route_table.ig[*].id)
28 | }
29 | 
30 | output "nat_route_id" {
31 |   description = "id of VCN NAT gateway route table"
32 |   value       = join(",", oci_core_route_table.nat[*].id)
33 | }
34 | 
35 | output "sgw_route_id" {
36 |   description = "id of VCN Service gateway route table"
37 |   value       = join(",", oci_core_route_table.service_gw[*].id)
38 | }
39 | 
40 | # New complete outputs for each resources with provider parity. Auto-updating.
41 | # Usefull for module composition.
42 | 
43 | 
44 | output "internet_gateway_all_attributes" {
45 |   description = "all attributes of created internet gateway"
46 |   value       = { for k, v in oci_core_internet_gateway.ig : k => v }
47 | }
48 | 
49 | output "ig_route_all_attributes" {
50 |   description = "all attributes of created ig route table"
51 |   value       = { for k, v in oci_core_route_table.ig : k => v }
52 | }
53 | 
54 | output "lpg_all_attributes" {
55 |   description = "all attributes of created lpg"
56 |   value       = { for k, v in oci_core_local_peering_gateway.lpg : k => v }
57 | }
58 | 
59 | output "nat_gateway_all_attributes" {
60 |   description = "all attributes of created nat gateway"
61 |   value       = { for k, v in oci_core_nat_gateway.nat_gateway : k => v }
62 | }
63 | 
64 | output "nat_route_all_attributes" {
65 |   description = "all attributes of created nat gateway route table"
66 |   value       = { for k, v in oci_core_route_table.nat : k => v }
67 | }
68 | 
69 | output "service_gateway_all_attributes" {
70 |   description = "all attributes of created service gateway"
71 |   value       = { for k, v in oci_core_service_gateway.service_gateway : k => v }
72 | }
73 | 
74 | output "vcn_all_attributes" {
75 |   description = "all attributes of created vcn"
76 |   value       = { for k, v in oci_core_vcn.vcn : k => v }
77 | }
78 | 
79 | # subnet
80 | output "subnet_id" {
81 |   value = try(module.subnet[0].subnet_id, null)
82 | }
83 | 
84 | output "subnet_all_attributes" {
85 |   value = try(module.subnet[0].all_attributes, null)
86 | }
87 | 
88 | output "default_security_list_id" {
89 |   value = try(oci_core_vcn.vcn.default_security_list_id, null)
90 | }


--------------------------------------------------------------------------------
/schema.yaml:
--------------------------------------------------------------------------------
 1 | schemaVersion: 1.1.0
 2 | version: "20190304"
 3 | locale: "en"
 4 | groupings:
 5 |   - title: "Create A VCN with optional gateways"
 6 |     variables:
 7 |     - region
 8 |     - compartment_id
 9 |     - vcn_cidr
10 |     - vcn_name
11 |     - vcn_dns_label
12 |     - lockdown_default_seclist
13 | 
14 | variables:
15 |   region:
16 |     type: oci:identity:region:name
17 |     title: Region
18 |     description: The OCI region where resources will be created
19 |     required: true
20 | 
21 |   compartment_id:
22 |     type: oci:identity:compartment:id
23 |     title: Target Compartment
24 |     description: The target compartment id where to create all resources
25 |     required: true
26 | 
27 |   label_prefix:
28 |     type: string
29 |     title: Label Prefix
30 |     description: a string that will be prepended to all resources
31 |     required: false
32 |     default: dev
33 | 
34 |   vcn_cidrs:
35 |     type: list(string)
36 |     title: VCN CIDR
37 |     default: ["10.0.0.0/16"]
38 |     required: true
39 | 
40 |   vcn_name:
41 |     type: string
42 |     title: VCN Name
43 |     required: true
44 |     default: Test VCN
45 | 
46 |   vcn_dns_label:
47 |     title: VCN DNS Label
48 |     type: string
49 |     required: false
50 |     default: vcn
51 | 
52 |   lockdown_default_seclist:
53 |     title: Enable VCN Default Security List Lockdown
54 |     type: string
55 |     required: false
56 |     default: true
57 | 
58 |   attached_drg_id:
59 |     title: DRG OCID to attach to the VCN
60 |     type: string
61 |     required: false
62 |     default: null
63 | 
64 |   freeform_tags:
65 |     type: map
66 |     visible: false
67 | 


--------------------------------------------------------------------------------
/terraform.tfvars.example:
--------------------------------------------------------------------------------
  1 | # Copyright (c) 2019, 2021 Oracle Corporation and/or affiliates.  All rights reserved.
  2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
  3 | 
  4 | # Tenancy
  5 | 
  6 | tenancy_id = "ocid1.tenancy.oc1..axxx"
  7 | 
  8 | # Region
  9 | 
 10 | region = "us-phoenix-1"
 11 | 
 12 | # general oci parameters
 13 | 
 14 | compartment_id = ""
 15 | 
 16 | label_prefix = "none"
 17 | 
 18 | # vcn parameters
 19 | create_internet_gateway = false
 20 | 
 21 | internet_gateway_display_name = "none"
 22 | 
 23 | create_nat_gateway = false
 24 | 
 25 | nat_gateway_display_name = "none"
 26 | 
 27 | enable_ipv6 = false
 28 | 
 29 | nat_gateway_public_ip_id = "none"
 30 | 
 31 | create_service_gateway = false
 32 | 
 33 | service_gateway_display_name = "none"
 34 | 
 35 | vcn_cidrs = ["10.0.0.0/16"]
 36 | 
 37 | vcn_dns_label = "vcn"
 38 | 
 39 | vcn_name = "vcn"
 40 | 
 41 | freeform_tags = {
 42 |   environment = "dev"
 43 | }
 44 | 
 45 | defined_tags = {
 46 |   "Operations.CostCenter" = "42"
 47 | }
 48 | 
 49 | #ID of the DRG attached to the VCN
 50 | attached_drg_id = null
 51 | 
 52 | # # custom routing rules variable declaration example
 53 | 
 54 | # internet_gateway_route_rules = [ # this module input shows how to pass routing information to the vcn module inline, directly on the vcn module block
 55 | #   {
 56 | #     destination       = "192.168.0.0/16" # Route Rule Destination CIDR
 57 | #     destination_type  = "CIDR_BLOCK"     # only CIDR_BLOCK is supported at the moment
 58 | #     network_entity_id = "drg"            # for internet_gateway_route_rules input variable, you can use special strings "drg", "internet_gateway" or pass a valid OCID using string or any Named Values
 59 | #     description       = "Terraformed - User added Routing Rule: To drg provided to this module. drg_id, if available, is automatically retrieved with keyword drg"
 60 | #   },
 61 | #   {
 62 | #     destination       = "172.16.0.0/16"
 63 | #     destination_type  = "CIDR_BLOCK"
 64 | #     network_entity_id = "drg"
 65 | #     description       = "Terraformed - User added Routing Rule: To drg provided to this module. drg_id, if available, is automatically retrieved with keyword drg"
 66 | #   },
 67 | #   {
 68 | #     destination       = "203.0.113.0/24" # rfc5737 (TEST-NET-3)
 69 | #     destination_type  = "CIDR_BLOCK"
 70 | #     network_entity_id = "internet_gateway"
 71 | #     description       = "Terraformed - User added Routing Rule: To Internet Gateway created by this module. internet_gateway_id is automatically retrieved with keyword internet_gateway"
 72 | #   },
 73 | #   # {
 74 | #   #   destination       = "192.168.1.0/24"
 75 | #   #   destination_type  = "CIDR_BLOCK"
 76 | #   #   network_entity_id = "ocid1.localpeeringgateway.oc1.aaaaaa" # <-- edit this OCID
 77 | #   #   description       = "Terraformed - User added Routing Rule: To lpg with lpg_id directly passed by user. Useful for gateways created outside of vcn module"
 78 | #   # },
 79 | # ]
 80 | 
 81 | # nat_gateway_route_rules = [ # this is a local that can be used to pass routing information to vcn module for either route tables
 82 | #   {
 83 | #     destination       = "192.168.0.0/16" # Route Rule Destination CIDR
 84 | #     destination_type  = "CIDR_BLOCK"     # only CIDR_BLOCK is supported at the moment
 85 | #     network_entity_id = "drg"            # for nat_gateway_route_rules input variable, you can use special strings "drg", "nat_gateway" or pass a valid OCID using string or any Named Values
 86 | #     description       = "Terraformed - User added Routing Rule: To drg provided to this module. drg_id, if available, is automatically retrieved with keyword drg"
 87 | #   },
 88 | #   {
 89 | #     destination       = "203.0.113.0/24" # rfc5737 (TEST-NET-3)
 90 | #     destination_type  = "CIDR_BLOCK"
 91 | #     network_entity_id = "nat_gateway"
 92 | #     description       = "Terraformed - User added Routing Rule: To NAT Gateway created by this module. nat_gateway_id is automatically retrieved with keyword nat_gateway"
 93 | #   },
 94 | #   {
 95 | #     destination       = "192.168.1.0/24"
 96 | #     destination_type  = "CIDR_BLOCK"
 97 | #     network_entity_id = oci_core_local_peering_gateway.lpg.id
 98 | #     description       = "Terraformed - User added Routing Rule: To lpg with lpg_id directly passed by user. Useful for gateways created outside of vcn module"
 99 | #   },
100 | # ]
101 | 
102 | # # Local peering gateway variable declaration example
103 | 
104 | # hub_local_peering_gateways = {
105 | #   to_spoke1 = { # LPG will be in acceptor mode with a route table attached
106 | #     route_table_id = ""
107 | #     peer_id        = ""
108 | #   }
109 | # }
110 | 
111 | #Subnets
112 | #subnets = {
113 | #  sub1 = {name = "subnet1",cidr_block = "10.0.4.0/24"}
114 | #  sub2 = {cidr_block="10.0.5.0/24",type="private"}
115 | #  sub3 = {cidr_block="10.0.6.0/24",availability_domain=1}
116 | #}
117 | 
118 | #Logging
119 | #enable_vcn_logging = true
120 | #log_retention_duration = 30


--------------------------------------------------------------------------------
/variables.tf:
--------------------------------------------------------------------------------
  1 | # Copyright (c) 2019, 2022 Oracle Corporation and/or affiliates.  All rights reserved.
  2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl
  3 | 
  4 | # provider identity parameters
  5 | 
  6 | variable "region" {
  7 |   # List of regions: https://docs.cloud.oracle.com/iaas/Content/General/Concepts/regions.htm#ServiceAvailabilityAcrossRegions
  8 |   description = "the OCI region where resources will be created"
  9 |   type        = string
 10 |   default     = null
 11 | }
 12 | 
 13 | # general oci parameters
 14 | 
 15 | variable "compartment_id" {
 16 |   description = "compartment id where to create all resources"
 17 |   type        = string
 18 |   # no default value, asking user to explicitly set this variable's value. see codingconventions.adoc
 19 | }
 20 | 
 21 | variable "label_prefix" {
 22 |   description = "a string that will be prepended to all resources"
 23 |   type        = string
 24 |   default     = "none"
 25 | }
 26 | 
 27 | variable "freeform_tags" {
 28 |   description = "simple key-value pairs to tag the created resources using freeform OCI Free-form tags."
 29 |   type        = map(any)
 30 |   default = {
 31 |     terraformed = "Please do not edit manually"
 32 |     module      = "oracle-terraform-modules/vcn/oci"
 33 |   }
 34 | }
 35 | 
 36 | variable "defined_tags" {
 37 |   description = "predefined and scoped to a namespace to tag the resources created using defined tags."
 38 |   type        = map(string)
 39 |   default     = null
 40 | }
 41 | 
 42 | # vcn parameters
 43 | variable "create_internet_gateway" {
 44 |   description = "whether to create the internet gateway in the vcn. If set to true, creates an Internet Gateway."
 45 |   default     = false
 46 |   type        = bool
 47 | }
 48 | 
 49 | variable "create_nat_gateway" {
 50 |   description = "whether to create a nat gateway in the vcn. If set to true, creates a nat gateway."
 51 |   default     = false
 52 |   type        = bool
 53 | }
 54 | 
 55 | variable "create_service_gateway" {
 56 |   description = "whether to create a service gateway. If set to true, creates a service gateway."
 57 |   default     = false
 58 |   type        = bool
 59 | }
 60 | 
 61 | variable "enable_ipv6" {
 62 |   description = "Whether IPv6 is enabled for the VCN. If enabled, Oracle will assign the VCN a IPv6 /56 CIDR block."
 63 |   type        = bool
 64 |   default     = false
 65 | }
 66 | 
 67 | variable "lockdown_default_seclist" {
 68 |   description = "whether to remove all default security rules from the VCN Default Security List"
 69 |   default     = true
 70 |   type        = bool
 71 | }
 72 | 
 73 | variable "nat_gateway_public_ip_id" {
 74 |   description = "OCID of reserved IP address for NAT gateway. The reserved public IP address needs to be manually created."
 75 |   default     = "none"
 76 |   type        = string
 77 | }
 78 | 
 79 | variable "vcn_cidrs" {
 80 |   description = "The list of IPv4 CIDR blocks the VCN will use."
 81 |   default     = ["10.0.0.0/16"]
 82 |   type        = list(string)
 83 | }
 84 | 
 85 | variable "vcn_dns_label" {
 86 |   description = "A DNS label for the VCN, used in conjunction with the VNIC's hostname and subnet's DNS label to form a fully qualified domain name (FQDN) for each VNIC within this subnet. DNS resolution of hostnames in the VCN is disabled when null."
 87 |   type        = string
 88 |   default     = "vcnmodule"
 89 | 
 90 |   validation {
 91 |     condition     = var.vcn_dns_label == null ? true : length(regexall("^[^0-9][a-zA-Z0-9_]{1,14}$", var.vcn_dns_label)) > 0
 92 |     error_message = "DNS label must be unset to disable, or an alphanumeric string with length of 1 through 15 that begins with a letter."
 93 |   }
 94 | }
 95 | 
 96 | variable "vcn_name" {
 97 |   description = "user-friendly name of to use for the vcn to be appended to the label_prefix"
 98 |   type        = string
 99 |   default     = "vcn"
100 |   validation {
101 |     condition     = length(var.vcn_name) > 0
102 |     error_message = "The vcn_name value cannot be an empty string."
103 |   }
104 | }
105 | 
106 | # gateways parameters
107 | variable "internet_gateway_display_name" {
108 |   description = "(Updatable) Name of Internet Gateway. Does not have to be unique."
109 |   type        = string
110 |   default     = "internet-gateway"
111 | 
112 |   validation {
113 |     condition     = length(var.internet_gateway_display_name) > 0
114 |     error_message = "The internet_gateway_display_name value cannot be an empty string."
115 |   }
116 | }
117 | 
118 | variable "local_peering_gateways" {
119 |   description = "Map of Local Peering Gateways to attach to the VCN."
120 |   type        = map(any)
121 |   default     = null
122 | }
123 | 
124 | variable "nat_gateway_display_name" {
125 |   description = "(Updatable) Name of NAT Gateway. Does not have to be unique."
126 |   type        = string
127 |   default     = "nat-gateway"
128 | 
129 |   validation {
130 |     condition     = length(var.nat_gateway_display_name) > 0
131 |     error_message = "The nat_gateway_display_name value cannot be an empty string."
132 |   }
133 | }
134 | 
135 | variable "service_gateway_display_name" {
136 |   description = "(Updatable) Name of Service Gateway. Does not have to be unique."
137 |   type        = string
138 |   default     = "service-gateway"
139 | 
140 |   validation {
141 |     condition     = length(var.service_gateway_display_name) > 0
142 |     error_message = "The service_gateway_display_name value cannot be an empty string."
143 |   }
144 | }
145 | 
146 | variable "internet_gateway_route_rules" {
147 |   description = "(Updatable) List of routing rules to add to Internet Gateway Route Table"
148 |   type        = list(map(string))
149 |   default     = null
150 | }
151 | 
152 | variable "nat_gateway_route_rules" {
153 |   description = "(Updatable) list of routing rules to add to NAT Gateway Route Table"
154 |   type        = list(map(string))
155 |   default     = null
156 | }
157 | 
158 | variable "attached_drg_id" {
159 |   description = "the ID of DRG attached to the VCN"
160 |   type        = string
161 |   default     = null
162 | }
163 | 
164 | #subnets
165 | variable "subnets" {
166 |   description = "Private or Public subnets in a VCN"
167 |   type        = any
168 |   default     = {}
169 | }
170 | 
171 | 
172 | variable "tenancy_id" {
173 |   description = "Tenancy OCID"
174 |   type        = string
175 | }
176 | 
177 | variable "enable_vcn_logging" {
178 |   type        = bool
179 |   default     = false
180 |   description = "Enable or Disable VCN logging"
181 | }
182 | 
183 | variable "log_retention_duration" {
184 |   type        = number
185 |   default     = 30
186 |   description = "Log retention duration"
187 | }


--------------------------------------------------------------------------------
/vcn.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2019, 2022 Oracle Corporation and/or affiliates.
 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 3 | 
 4 | resource "oci_core_vcn" "vcn" {
 5 |   # We still allow module users to declare a cidr using `vcn_cidr` instead of the now recommended `vcn_cidrs`, but internally we map both to `cidr_blocks`
 6 |   # The module always use the new list of string structure and let the customer update his module definition block at his own pace.
 7 |   cidr_blocks    = var.vcn_cidrs[*]
 8 |   compartment_id = var.compartment_id
 9 |   display_name   = var.label_prefix == "none" ? var.vcn_name : "${var.label_prefix}-${var.vcn_name}"
10 |   dns_label      = var.vcn_dns_label
11 |   is_ipv6enabled = var.enable_ipv6
12 | 
13 |   freeform_tags = var.freeform_tags
14 |   defined_tags  = var.defined_tags
15 | 
16 |   lifecycle {
17 |     ignore_changes = [defined_tags, dns_label, freeform_tags]
18 |   }
19 | }
20 | 
21 | #Module for Subnet
22 | module "subnet" {
23 |   source = "./modules/subnet"
24 | 
25 |   compartment_id = var.compartment_id
26 |   tenancy_id     = var.tenancy_id
27 |   subnets        = var.subnets
28 |   enable_ipv6    = var.enable_ipv6
29 |   vcn_id         = oci_core_vcn.vcn.id
30 |   ig_route_id    = var.create_internet_gateway ? oci_core_route_table.ig[0].id : null
31 |   nat_route_id   = var.create_nat_gateway ? oci_core_route_table.nat[0].id : null
32 | 
33 |   freeform_tags = var.freeform_tags
34 | 
35 |   count = length(var.subnets) > 0 ? 1 : 0
36 | 
37 | }
38 | 
39 | locals {
40 |   vcn_id = oci_core_vcn.vcn.id
41 |   subnet = {
42 |     for key, value in var.subnets : key => contains(keys(value), "name") ? value.name : key
43 |   }
44 |   service_logdef = { for k in local.subnet : format("%s_%s", k, "log") => { loggroup = "loggrp", service = "flowlogs", resource = k } }
45 | }
46 | 
47 | #Module for Logging
48 | module "logging" {
49 | 
50 |   count  = var.enable_vcn_logging ? 1 : 0
51 |   source = "github.com/oracle-terraform-modules/terraform-oci-logging"
52 | 
53 |   compartment_id         = var.compartment_id
54 |   log_retention_duration = var.log_retention_duration
55 |   service_logdef         = local.service_logdef
56 |   vcn_id                 = local.vcn_id
57 |   tenancy_id             = var.tenancy_id
58 | 
59 |   depends_on = [
60 |     oci_core_vcn.vcn,
61 |     module.subnet
62 |   ]
63 | }
64 | 


--------------------------------------------------------------------------------
/vcn_defaultresources.tf:
--------------------------------------------------------------------------------
 1 | # Copyright (c) 2021, Oracle Corporation and/or affiliates.
 2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 3 | 
 4 | # VCN default Security List Lockdown
 5 | // See Issue #22 for the reasoning
 6 | resource "oci_core_default_security_list" "lockdown" {
 7 |   // If variable is true, removes all rules from default security list
 8 |   manage_default_resource_id = oci_core_vcn.vcn.default_security_list_id
 9 | 
10 |   count = var.lockdown_default_seclist == true ? 1 : 0
11 | 
12 |   lifecycle {
13 |     ignore_changes = [egress_security_rules, ingress_security_rules, defined_tags]
14 |   }
15 | 
16 | }
17 | 
18 | resource "oci_core_default_security_list" "restore_default" {
19 |   // If variable is false, restore all default rules to default security list
20 |   manage_default_resource_id = oci_core_vcn.vcn.default_security_list_id
21 | 
22 |   egress_security_rules {
23 |     // allow all egress traffic
24 |     destination = "0.0.0.0/0"
25 |     protocol    = "all"
26 |   }
27 | 
28 |   ingress_security_rules {
29 |     // allow all SSH
30 |     protocol = "6"
31 |     source   = "0.0.0.0/0"
32 |     tcp_options {
33 |       min = 22
34 |       max = 22
35 |     }
36 |   }
37 | 
38 |   ingress_security_rules {
39 |     // allow ICMP for all type 3 code 4
40 |     protocol = "1"
41 |     source   = "0.0.0.0/0"
42 | 
43 |     icmp_options {
44 |       type = "3"
45 |       code = "4"
46 |     }
47 |   }
48 | 
49 |   dynamic "ingress_security_rules" {
50 |     //allow all ICMP from all VCN CIDRs
51 |     for_each = oci_core_vcn.vcn.cidr_blocks
52 |     iterator = vcn_cidr
53 |     content {
54 |       protocol = "1"
55 |       source   = vcn_cidr.value
56 |       icmp_options {
57 |         type = "3"
58 |       }
59 |     }
60 |   }
61 | 
62 |   lifecycle {
63 |     ignore_changes = [egress_security_rules, ingress_security_rules, defined_tags]
64 |   }
65 | 
66 |   count = var.lockdown_default_seclist == false ? 1 : 0
67 | }
68 | 


--------------------------------------------------------------------------------
/vcn_gateways.tf:
--------------------------------------------------------------------------------
  1 | # Copyright (c) 2019, 2021, Oracle Corporation and/or affiliates.
  2 | # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
  3 | 
  4 | ########################
  5 | # Internet Gateway (IGW)
  6 | ########################
  7 | 
  8 | resource "oci_core_internet_gateway" "ig" {
  9 |   compartment_id = var.compartment_id
 10 |   display_name   = var.label_prefix == "none" ? var.internet_gateway_display_name : "${var.label_prefix}-${var.internet_gateway_display_name}"
 11 | 
 12 |   freeform_tags = var.freeform_tags
 13 |   defined_tags  = var.defined_tags
 14 | 
 15 |   vcn_id = oci_core_vcn.vcn.id
 16 | 
 17 |   lifecycle {
 18 |     ignore_changes = [defined_tags, freeform_tags]
 19 |   }
 20 | 
 21 |   count = var.create_internet_gateway == true ? 1 : 0
 22 | }
 23 | 
 24 | resource "oci_core_route_table" "ig" {
 25 |   compartment_id = var.compartment_id
 26 |   display_name   = local.internet_gateway_display_name
 27 | 
 28 |   freeform_tags = var.freeform_tags
 29 |   defined_tags  = var.defined_tags
 30 | 
 31 |   route_rules {
 32 |     # * With this route table, Internet Gateway is always declared as the default gateway
 33 |     destination       = local.anywhere
 34 |     network_entity_id = oci_core_internet_gateway.ig[0].id
 35 |     description       = "Terraformed - Auto-generated at Internet Gateway creation: Internet Gateway as default gateway"
 36 |   }
 37 | 
 38 |   dynamic "route_rules" {
 39 |     # * With this route table, Internet Gateway is always declared as the default gateway
 40 |     for_each = var.enable_ipv6 == true ? [1] : []
 41 | 
 42 |     content {
 43 |       destination       = local.anywhere_ipv6
 44 |       network_entity_id = oci_core_internet_gateway.ig[0].id
 45 |       description       = "Terraformed - Auto-generated at Internet Gateway creation: Internet Gateway as default gateway"
 46 |     }
 47 |   }
 48 | 
 49 |   dynamic "route_rules" {
 50 |     # * filter var.internet_gateway_route_rules for routes with "drg" as destination
 51 |     # * and steer traffic to the attached DRG if available
 52 |     for_each = var.internet_gateway_route_rules != null ? { for k, v in var.internet_gateway_route_rules : k => v
 53 |     if v.network_entity_id == "drg" && var.attached_drg_id != null } : {}
 54 | 
 55 |     content {
 56 |       destination       = route_rules.value.destination
 57 |       destination_type  = route_rules.value.destination_type
 58 |       network_entity_id = var.attached_drg_id
 59 |       description       = route_rules.value.description
 60 |     }
 61 |   }
 62 | 
 63 |   dynamic "route_rules" {
 64 |     # * filter var.internet_gateway_route_rules for routes with "internet_gateway" as destination
 65 |     # * and steer traffic to the module created Internet Gateway
 66 |     for_each = var.internet_gateway_route_rules != null ? { for k, v in var.internet_gateway_route_rules : k => v
 67 |     if v.network_entity_id == "internet_gateway" } : {}
 68 | 
 69 |     content {
 70 |       destination       = route_rules.value.destination
 71 |       destination_type  = route_rules.value.destination_type
 72 |       network_entity_id = oci_core_internet_gateway.ig[0].id
 73 |       description       = route_rules.value.description
 74 |     }
 75 |   }
 76 | 
 77 |   dynamic "route_rules" {
 78 |     # * filter var.internet_gateway_route_rules for routes with "lpg@" as destination
 79 |     # * and steer traffic to the attached LPG if available
 80 |     for_each = var.internet_gateway_route_rules != null ? { for k, v in var.internet_gateway_route_rules : k => v
 81 |     if startswith(v.network_entity_id, "lpg@") && var.local_peering_gateways != null } : {}
 82 | 
 83 |     content {
 84 |       destination       = route_rules.value.destination
 85 |       destination_type  = route_rules.value.destination_type
 86 |       network_entity_id = oci_core_local_peering_gateway.lpg[split("@", route_rules.value.network_entity_id)[1]].id
 87 |       description       = route_rules.value.description
 88 |     }
 89 |   }
 90 | 
 91 |   dynamic "route_rules" {
 92 |     # * filter var.internet_gateway_route_rules for generic routes
 93 |     # * can take any Named Value : String, Input Variable, Local Value, Data Source, Resource, Module Output ...
 94 |     # * useful for gateways that are not managed by the module
 95 |     for_each = var.internet_gateway_route_rules != null ? { for k, v in var.internet_gateway_route_rules : k => v
 96 |     if contains(["drg", "internet_gateway"], v.network_entity_id) == false && startswith(v.network_entity_id, "lpg@") == false } : {}
 97 | 
 98 |     content {
 99 |       destination       = route_rules.value.destination
100 |       destination_type  = route_rules.value.destination_type
101 |       network_entity_id = route_rules.value.network_entity_id
102 |       description       = route_rules.value.description
103 |     }
104 |   }
105 | 
106 |   vcn_id = oci_core_vcn.vcn.id
107 | 
108 |   lifecycle {
109 |     ignore_changes = [defined_tags, freeform_tags]
110 |   }
111 | 
112 |   count = var.create_internet_gateway == true ? 1 : 0
113 | }
114 | 
115 | #######################
116 | # Service Gateway (SGW)
117 | #######################
118 | data "oci_core_services" "all_oci_services" {
119 |   filter {
120 |     name   = "name"
121 |     values = ["All .* Services In Oracle Services Network"]
122 |     regex  = true
123 |   }
124 |   count = var.create_service_gateway == true ? 1 : 0
125 | }
126 | 
127 | resource "oci_core_service_gateway" "service_gateway" {
128 |   compartment_id = var.compartment_id
129 |   display_name   = var.label_prefix == "none" ? var.service_gateway_display_name : "${var.label_prefix}-${var.service_gateway_display_name}"
130 | 
131 |   freeform_tags = var.freeform_tags
132 |   defined_tags  = var.defined_tags
133 |   services {
134 |     service_id = lookup(data.oci_core_services.all_oci_services[0].services[0], "id")
135 |   }
136 | 
137 |   vcn_id = oci_core_vcn.vcn.id
138 | 
139 |   lifecycle {
140 |     ignore_changes = [defined_tags, freeform_tags]
141 |   }
142 | 
143 |   count = var.create_service_gateway == true ? 1 : 0
144 | }
145 | 
146 | resource "oci_core_route_table" "service_gw" {
147 |   compartment_id = var.compartment_id
148 |   display_name   = local.service_gateway_display_name
149 | 
150 |   freeform_tags = var.freeform_tags
151 |   defined_tags  = var.defined_tags
152 | 
153 |   dynamic "route_rules" {
154 |     # * If Service Gateway is created with the module, automatically creates a rule to handle traffic for "all services" through Service Gateway
155 |     for_each = var.create_service_gateway == true ? [1] : []
156 | 
157 |     content {
158 |       destination       = lookup(data.oci_core_services.all_oci_services[0].services[0], "cidr_block")
159 |       destination_type  = "SERVICE_CIDR_BLOCK"
160 |       network_entity_id = oci_core_service_gateway.service_gateway[0].id
161 |       description       = "Terraformed - Auto-generated at Service Gateway creation: All Services in region to Service Gateway"
162 |     }
163 |   }
164 | 
165 |   vcn_id = oci_core_vcn.vcn.id
166 | 
167 |   lifecycle {
168 |     ignore_changes = [defined_tags, freeform_tags]
169 |   }
170 | 
171 |   count = var.create_service_gateway == true ? 1 : 0
172 | }
173 | 
174 | ###################
175 | # NAT Gateway (NGW)
176 | ###################
177 | resource "oci_core_public_ip" "nat_gateway_public_ip" {
178 |   count          = var.create_nat_gateway == true && var.nat_gateway_public_ip_id == "RESERVED" ? 1 : 0
179 |   compartment_id = var.compartment_id
180 |   lifetime       = "RESERVED"
181 |   freeform_tags  = var.freeform_tags
182 |   defined_tags   = var.defined_tags
183 |   display_name   = var.label_prefix == "none" ? var.nat_gateway_display_name : "${var.label_prefix}-${var.nat_gateway_display_name}"
184 | }
185 | 
186 | resource "oci_core_nat_gateway" "nat_gateway" {
187 |   compartment_id = var.compartment_id
188 |   display_name   = var.label_prefix == "none" ? var.nat_gateway_display_name : "${var.label_prefix}-${var.nat_gateway_display_name}"
189 | 
190 |   freeform_tags = var.freeform_tags
191 |   defined_tags  = var.defined_tags
192 | 
193 |   public_ip_id = var.nat_gateway_public_ip_id != "none" ? var.nat_gateway_public_ip_id != "RESERVED" ?  var.nat_gateway_public_ip_id : join(",",oci_core_public_ip.nat_gateway_public_ip.*.id) : null
194 | 
195 |   vcn_id = oci_core_vcn.vcn.id
196 | 
197 |   lifecycle {
198 |     ignore_changes = [defined_tags, freeform_tags]
199 |   }
200 | 
201 |   count = var.create_nat_gateway == true ? 1 : 0
202 | }
203 | 
204 | # special fix due to bug introduced in #101 which causes destruction and recreation of subnets
205 | # for existing users
206 | 
207 | resource "oci_core_route_table" "nat" {
208 |   compartment_id = var.compartment_id
209 |   display_name   = local.nat_gateway_display_name
210 | 
211 |   freeform_tags = var.freeform_tags
212 |   defined_tags  = var.defined_tags
213 | 
214 |   route_rules {
215 |     # * With this route table, NAT Gateway is always declared as the default gateway
216 |     destination       = local.anywhere
217 |     destination_type  = "CIDR_BLOCK"
218 |     network_entity_id = oci_core_nat_gateway.nat_gateway[0].id
219 |     description       = "Terraformed - Auto-generated at NAT Gateway creation: NAT Gateway as default gateway"
220 |   }
221 | 
222 |   # bring this block back to fix #101
223 |   dynamic "route_rules" {
224 |     # * If Service Gateway is created with the module, automatically creates a rule to handle traffic for "all services" through Service Gateway
225 |     for_each = var.create_service_gateway == true ? [1] : []
226 | 
227 |     content {
228 |       destination       = lookup(data.oci_core_services.all_oci_services[0].services[0], "cidr_block")
229 |       destination_type  = "SERVICE_CIDR_BLOCK"
230 |       network_entity_id = oci_core_service_gateway.service_gateway[0].id
231 |       description       = "Terraformed - Auto-generated at Service Gateway creation: All Services in region to Service Gateway"
232 |     }
233 |   }
234 | 
235 |   dynamic "route_rules" {
236 |     # * filter var.nat_gateway_route_rules for routes with "drg" as destination
237 |     # * and steer traffic to the attached DRG if available
238 |     for_each = var.nat_gateway_route_rules != null ? { for k, v in var.nat_gateway_route_rules : k => v
239 |     if v.network_entity_id == "drg" && var.attached_drg_id != null } : {}
240 | 
241 |     content {
242 |       destination       = route_rules.value.destination
243 |       destination_type  = route_rules.value.destination_type
244 |       network_entity_id = var.attached_drg_id
245 |       description       = route_rules.value.description
246 |     }
247 |   }
248 | 
249 |   dynamic "route_rules" {
250 |     # * filter var.nat_gateway_route_rules for routes with "nat_gateway" as destination
251 |     # * and steer traffic to the module created NAT Gateway
252 |     for_each = var.nat_gateway_route_rules != null ? { for k, v in var.nat_gateway_route_rules : k => v
253 |     if v.network_entity_id == "nat_gateway" } : {}
254 | 
255 |     content {
256 |       destination       = route_rules.value.destination
257 |       destination_type  = route_rules.value.destination_type
258 |       network_entity_id = oci_core_nat_gateway.nat_gateway[0].id
259 |       description       = route_rules.value.description
260 |     }
261 |   }
262 | 
263 |   dynamic "route_rules" {
264 |     # * filter var.nat_gateway_route_rules for routes with "lpg@" as destination
265 |     # * and steer traffic to the attached LPG if available
266 |     for_each = var.nat_gateway_route_rules != null ? { for k, v in var.nat_gateway_route_rules : k => v
267 |     if startswith(v.network_entity_id, "lpg@") && var.local_peering_gateways != null } : {}
268 | 
269 |     content {
270 |       destination       = route_rules.value.destination
271 |       destination_type  = route_rules.value.destination_type
272 |       network_entity_id = oci_core_local_peering_gateway.lpg[split("@", route_rules.value.network_entity_id)[1]].id
273 |       description       = route_rules.value.description
274 |     }
275 |   }
276 | 
277 |   dynamic "route_rules" {
278 |     # * filter var.nat_gateway_route_rules for generic routes
279 |     # * can take any Named Value : String, Input Variable, Local Value, Data Source, Resource, Module Output ...
280 |     # * useful for gateways that are not managed by the module
281 |     for_each = var.nat_gateway_route_rules != null ? { for k, v in var.nat_gateway_route_rules : k => v
282 |     if contains(["drg", "nat_gateway"], v.network_entity_id) == false && startswith(v.network_entity_id, "lpg@") == false } : {}
283 | 
284 |     content {
285 |       destination       = route_rules.value.destination
286 |       destination_type  = route_rules.value.destination_type
287 |       network_entity_id = route_rules.value.network_entity_id
288 |       description       = route_rules.value.description
289 |     }
290 |   }
291 | 
292 |   vcn_id = oci_core_vcn.vcn.id
293 | 
294 |   # ignore changes to route rules to avoid recreation issues due to #101.
295 |   # A fix may still be needed for when new custom route rules are added.
296 | 
297 |   lifecycle {
298 |     ignore_changes = [defined_tags, freeform_tags]
299 |   }
300 | 
301 |   count = var.create_nat_gateway ? 1 : 0
302 | }
303 | 
304 | 
305 | 
306 | #############################
307 | # Local Peering Gateway (LPG)
308 | #############################
309 | 
310 | resource "oci_core_local_peering_gateway" "lpg" {
311 |   for_each       = var.local_peering_gateways != null ? var.local_peering_gateways : {}
312 |   compartment_id = var.compartment_id
313 |   display_name   = var.label_prefix == "none" ? each.key : "${var.label_prefix}-${each.key}"
314 | 
315 |   freeform_tags = var.freeform_tags
316 |   defined_tags  = var.defined_tags
317 | 
318 |   vcn_id = oci_core_vcn.vcn.id
319 | 
320 |   #Optional
321 |   peer_id        = can(each.value.peer_id) == false ? null : each.value.peer_id
322 |   route_table_id = can(each.value.route_table_id) == false ? null : each.value.route_table_id
323 | 
324 |   lifecycle {
325 |     ignore_changes = [defined_tags, freeform_tags]
326 |   }
327 | }
328 | 


--------------------------------------------------------------------------------
/versions.tf:
--------------------------------------------------------------------------------
 1 | terraform {
 2 |   required_providers {
 3 |     oci = {
 4 |       source  = "oracle/oci"
 5 |       version = ">=4.67.3"
 6 |     }
 7 |   }
 8 |   required_version = ">= 1.0.0"
 9 | }
10 | 


--------------------------------------------------------------------------------