147 lines
3.2 KiB
HCL
147 lines
3.2 KiB
HCL
resource "oci_core_vcn" "list" {
|
|
for_each = var.vcn
|
|
|
|
compartment_id = var.compartment_ocid
|
|
display_name = "VCN ${each.key}"
|
|
cidr_blocks = [each.value.cidr_block]
|
|
dns_label = each.key
|
|
}
|
|
|
|
|
|
resource "oci_core_subnet" "list" {
|
|
for_each = var.vcn
|
|
|
|
compartment_id = var.compartment_ocid
|
|
vcn_id = oci_core_vcn.list[each.key].id
|
|
cidr_block = each.value.cidr_block
|
|
display_name = "Subnet ${each.key}"
|
|
dns_label = each.key
|
|
}
|
|
|
|
resource "oci_core_internet_gateway" "list" {
|
|
for_each = var.vcn
|
|
|
|
compartment_id = var.compartment_ocid
|
|
vcn_id = oci_core_vcn.list[each.key].id
|
|
}
|
|
|
|
resource "oci_core_default_route_table" "list" {
|
|
for_each = var.vcn
|
|
|
|
manage_default_resource_id = oci_core_vcn.list[each.key].default_route_table_id
|
|
compartment_id = var.compartment_ocid
|
|
|
|
route_rules {
|
|
destination = "0.0.0.0/0"
|
|
destination_type = "CIDR_BLOCK"
|
|
network_entity_id = oci_core_internet_gateway.list[each.key].id
|
|
}
|
|
}
|
|
|
|
resource "oci_core_default_security_list" "list" {
|
|
for_each = var.vcn
|
|
|
|
manage_default_resource_id = oci_core_vcn.list[each.key].default_security_list_id
|
|
compartment_id = var.compartment_ocid
|
|
|
|
egress_security_rules {
|
|
destination = "0.0.0.0/0"
|
|
destination_type = "CIDR_BLOCK"
|
|
protocol = "all"
|
|
stateless = false
|
|
}
|
|
|
|
ingress_security_rules {
|
|
protocol = "1" # ICMP
|
|
source = "172.16.2.0/24"
|
|
source_type = "CIDR_BLOCK"
|
|
stateless = false
|
|
|
|
icmp_options {
|
|
code = -1
|
|
type = 3
|
|
}
|
|
}
|
|
|
|
ingress_security_rules {
|
|
protocol = "1" # ICMP
|
|
source = "0.0.0.0/0"
|
|
source_type = "CIDR_BLOCK"
|
|
stateless = false
|
|
|
|
icmp_options {
|
|
code = 4
|
|
type = 3
|
|
}
|
|
}
|
|
|
|
ingress_security_rules {
|
|
description = "SSH"
|
|
protocol = "6" # TCP
|
|
source = "0.0.0.0/0"
|
|
source_type = "CIDR_BLOCK"
|
|
stateless = false
|
|
|
|
tcp_options {
|
|
max = 22
|
|
min = 22
|
|
}
|
|
}
|
|
|
|
|
|
ingress_security_rules {
|
|
description = "HTTPS"
|
|
protocol = "6" # TCP
|
|
source = "0.0.0.0/0"
|
|
source_type = "CIDR_BLOCK"
|
|
stateless = false
|
|
|
|
tcp_options {
|
|
max = 443
|
|
min = 443
|
|
}
|
|
}
|
|
|
|
ingress_security_rules {
|
|
description = "HTTPS"
|
|
protocol = "6" # TCP
|
|
source = "0.0.0.0/0"
|
|
source_type = "CIDR_BLOCK"
|
|
stateless = false
|
|
|
|
tcp_options {
|
|
max = 80
|
|
min = 80
|
|
}
|
|
}
|
|
|
|
dynamic "ingress_security_rules" {
|
|
for_each = each.value.firewall_rules
|
|
|
|
content {
|
|
description = ingress_security_rules.value.description
|
|
protocol = ingress_security_rules.value.is_udp ? "17" : "6"
|
|
source = ingress_security_rules.value.cidr
|
|
source_type = "CIDR_BLOCK"
|
|
|
|
dynamic "tcp_options" {
|
|
for_each = ingress_security_rules.value.is_udp ? [] : [1]
|
|
content{
|
|
max = ingress_security_rules.value.port_max
|
|
min = ingress_security_rules.value.port_min
|
|
}
|
|
}
|
|
|
|
dynamic "udp_options"{
|
|
for_each = ingress_security_rules.value.is_udp ? [1] : []
|
|
|
|
content{
|
|
max = ingress_security_rules.value.port_max
|
|
min = ingress_security_rules.value.port_min
|
|
}
|
|
}
|
|
|
|
}
|
|
}
|
|
}
|