terraform-oci-freestuff/vcn.tf
2022-12-03 14:54:36 +01:00

147 lines
3.2 KiB
HCL

resource "oci_core_vcn" "list" {
for_each = var.vcn
compartment_id = var.compartment_ocid
display_name = "VCN ${each.key}"
cidr_blocks = [each.value.cidr_block]
dns_label = each.key
}
resource "oci_core_subnet" "list" {
for_each = var.vcn
compartment_id = var.compartment_ocid
vcn_id = oci_core_vcn.list[each.key].id
cidr_block = each.value.cidr_block
display_name = "Subnet ${each.key}"
dns_label = each.key
}
resource "oci_core_internet_gateway" "list" {
for_each = var.vcn
compartment_id = var.compartment_ocid
vcn_id = oci_core_vcn.list[each.key].id
}
resource "oci_core_default_route_table" "list" {
for_each = var.vcn
manage_default_resource_id = oci_core_vcn.list[each.key].default_route_table_id
compartment_id = var.compartment_ocid
route_rules {
destination = "0.0.0.0/0"
destination_type = "CIDR_BLOCK"
network_entity_id = oci_core_internet_gateway.list[each.key].id
}
}
resource "oci_core_default_security_list" "list" {
for_each = var.vcn
manage_default_resource_id = oci_core_vcn.list[each.key].default_security_list_id
compartment_id = var.compartment_ocid
egress_security_rules {
destination = "0.0.0.0/0"
destination_type = "CIDR_BLOCK"
protocol = "all"
stateless = false
}
ingress_security_rules {
protocol = "1" # ICMP
source = "172.16.2.0/24"
source_type = "CIDR_BLOCK"
stateless = false
icmp_options {
code = -1
type = 3
}
}
ingress_security_rules {
protocol = "1" # ICMP
source = "0.0.0.0/0"
source_type = "CIDR_BLOCK"
stateless = false
icmp_options {
code = 4
type = 3
}
}
ingress_security_rules {
description = "SSH"
protocol = "6" # TCP
source = "0.0.0.0/0"
source_type = "CIDR_BLOCK"
stateless = false
tcp_options {
max = 22
min = 22
}
}
ingress_security_rules {
description = "HTTPS"
protocol = "6" # TCP
source = "0.0.0.0/0"
source_type = "CIDR_BLOCK"
stateless = false
tcp_options {
max = 443
min = 443
}
}
ingress_security_rules {
description = "HTTPS"
protocol = "6" # TCP
source = "0.0.0.0/0"
source_type = "CIDR_BLOCK"
stateless = false
tcp_options {
max = 80
min = 80
}
}
dynamic "ingress_security_rules" {
for_each = each.value.firewall_rules
content {
description = ingress_security_rules.value.description
protocol = ingress_security_rules.value.is_udp ? "17" : "6"
source = ingress_security_rules.value.cidr
source_type = "CIDR_BLOCK"
dynamic "tcp_options" {
for_each = ingress_security_rules.value.is_udp ? [] : [1]
content{
max = ingress_security_rules.value.port_max
min = ingress_security_rules.value.port_min
}
}
dynamic "udp_options"{
for_each = ingress_security_rules.value.is_udp ? [1] : []
content{
max = ingress_security_rules.value.port_max
min = ingress_security_rules.value.port_min
}
}
}
}
}