generated from oracle/template-repo
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathmain.tf.template
62 lines (53 loc) · 3.33 KB
/
main.tf.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# Copyright (c) 2024 Oracle and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
# ----------------------------------------------------------------------------------------
# -- This configuration deploys a CIS compliant landing zone with custom VCN settings.
# -- See other templates for other CIS compliant landing zones with alternative settings.
# -- 1. Rename this file to main.tf.
# -- 2. Provide/review the variable assignments below.
# -- 3. In this folder, execute the typical Terraform workflow:
# ----- $ terraform init
# ----- $ terraform plan
# ----- $ terraform apply
# ----------------------------------------------------------------------------------------
module "core_lz" {
source = "../../"
# ------------------------------------------------------
# ----- Environment
# ------------------------------------------------------
tenancy_ocid = "ocid1.tenancy.oc1..aaaaaaaa...3jb" # Replace with your tenancy OCID.
user_ocid = "ocid1.user.oc1..aaaaaaaa...xsb" # Replace with your user OCID.
fingerprint = "19:42:xx:92:yy:b3:zz:2f:aa:ea:bb:59:cc:be:dd:ba" # Replace with user fingerprint.
private_key_path = "path-to-pem-file-with-private-key" # Replace with user private key local path.
private_key_password = "" # Replace with private key password, if any.
region = "us-phoenix-1" # Replace with region name.
service_label = "ocibastion" # Prefix prepended to deployed resource names.
# ------------------------------------------------------
# ----- Networking
# ------------------------------------------------------
define_net = true # enables network resources provisioning
# --- Hub deployment option: a Hub VCN is deployed.
hub_deployment_option = "VCN or on-premises connectivity routing through DMZ VCN with Network Virtual Appliance (DRG and DMZ VCN will be created)"
hub_vcn_cidrs = ["192.168.0.0/24"]
# -- Bastion Jump Host options: deploy jump host and enable bastion service
deploy_bastion_jump_host = true
deploy_bastion_service = true
bastion_service_allowed_cidrs = ["x.x.x.x"] # Replace with Bastion service CIDR block allow list
# --- Spoke VCN: three-tier VCN 1
add_tt_vcn1 = true
tt_vcn1_cidrs = ["10.0.0.0/20"]
tt_vcn1_attach_to_drg = true
# --- Spoke VCN: Exadata VCN 1
add_exa_vcn1 = true
exa_vcn1_cidrs = ["172.16.0.0/20"]
exa_vcn1_attach_to_drg = true
# ------------------------------------------------------
# ----- Notifications
# ------------------------------------------------------
network_admin_email_endpoints = ["[email protected]"] # for network-related events. Replace with a real email address.
security_admin_email_endpoints = ["[email protected]"] # for security-related events. Replace with a real email address.
# ------------------------------------------------------
# ----- Security
# ------------------------------------------------------
enable_cloud_guard = false # Set to false if Cloud Guard has already been enabled.
}