add vcn, igw, route table, security list

2024-05-24 16:17:53 +06:00 · 2024-05-24 16:17:53 +06:00 · e80919d3be
commit e80919d3be
parent d4f4d01645
4 changed files with 79 additions and 0 deletions
--- a/oci.locals.tf
+++ b/oci.locals.tf
@ -5,4 +5,6 @@ locals {
    "iac/source"    = var.iac_project_source
    "iac/component" = var.iac_project_name
  }
+  # vcn dns label must be only alphanumeric and max 15 chars
+  vcn_dns_label   = substr(replace(join("", [var.prefix, "vcn"]), "/(?i)[^0-9a-z]/", ""), 0, 15)
 }
--- a/oci.networking.tf
+++ b/oci.networking.tf
@ -0,0 +1,50 @@
+resource "oci_core_vcn" "vcn" {
+  compartment_id = oci_identity_compartment.compartment.id
+  cidr_block     = var.vcn_cidr
+  is_ipv6enabled = var.enable_ipv6
+  display_name   = join("", [var.prefix, "vcn"])
+  dns_label      = local.vcn_dns_label
+  freeform_tags  = local.freeform_tags
+}
+
+resource "oci_core_internet_gateway" "igw" {
+  compartment_id = oci_identity_compartment.compartment.id
+  vcn_id         = oci_core_vcn.vcn.id
+  display_name   = join("", [var.prefix, "igw"])
+  freeform_tags  = local.freeform_tags
+}
+
+# https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/terraformbestpractices_topic-vcndefaults.htm
+
+resource "oci_core_default_route_table" "rt" {
+  compartment_id             = oci_identity_compartment.compartment.id
+  manage_default_resource_id = oci_core_vcn.vcn.default_route_table_id
+  freeform_tags              = local.freeform_tags
+  route_rules {
+    network_entity_id = oci_core_internet_gateway.igw.id
+    destination       = "0.0.0.0/0"
+  }
+}
+
+resource "oci_core_security_list" "open_ports" {
+  compartment_id = oci_identity_compartment.compartment.id
+  vcn_id         = oci_core_vcn.vcn.id
+  display_name   = "all-open"
+  freeform_tags  = local.freeform_tags
+  egress_security_rules {
+    destination = "0.0.0.0/0"
+    protocol    = "all"
+  }
+  egress_security_rules {
+    destination = "::/0"
+    protocol    = "all"
+  }
+  ingress_security_rules {
+    source   = "0.0.0.0/0"
+    protocol = "all"
+  }
+  ingress_security_rules {
+    source   = "::/0"
+    protocol = "all"
+  }
+}
--- a/terraform.outputs.tf
+++ b/terraform.outputs.tf
@ -56,3 +56,18 @@ output "api_key_fingerprint" {
  description = "The fingerprint of the admin user API key"
  value       = try(oci_identity_api_key.admin[0].fingerprint, null)
 }
+
+output "vcn_cidr_blocks" {
+  description = "The CIDR block for the VCN"
+  value       = oci_core_vcn.vcn.cidr_blocks
+}
+
+output "vcn_ipv6_cidr_blocks" {
+  description = "The IPv6 CIDR block for the VCN"
+  value       = oci_core_vcn.vcn.ipv6cidr_blocks
+}
+
+output "vcn_ipv6_cidr_private_blocks" {
+  description = "The IPv6 CIDR block for the VCN"
+  value       = oci_core_vcn.vcn.ipv6private_cidr_blocks
+}
--- a/terraform.variables.tf
+++ b/terraform.variables.tf
@ -48,3 +48,15 @@ variable "admin_create_credentials" {
  }
  description = "Types of credentials to create for the admin user"
 }
+
+variable "vcn_cidr" {
+  description = "The CIDR block for the VCN"
+  type        = string
+  default     = "10.0.0.0/16"
+}
+
+variable "enable_ipv6" {
+  description = "Enable IPv6 for the VCN"
+  type        = bool
+  default     = true
+}