generated from oracle/template-repo
-
Notifications
You must be signed in to change notification settings - Fork 2
/
variables_net_three_tier_vcns.tf
285 lines (281 loc) · 11.3 KB
/
variables_net_three_tier_vcns.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
# Copyright (c) 2023 Oracle and/or its affiliates.
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
# ------------------------------------------------------
# ----- Networking - Three-tier VCN 1
#-------------------------------------------------------
variable "add_tt_vcn1" {
type = bool
default = false
description = "Whether to add a VCN configured for three-tier workload deployments, with up to four subnets: web (public by default), application (private), database (private). An optional subnet (private by default) for bastion deployment is also available. The added VCN is labelled 'TT-VCN-1'. The label should be used in the '*_routable_vcns' fields of other VCNs for constraining network traffic to those respective VCNs in a Hub/Spoke topology."
}
variable "tt_vcn1_name" {
type = string
default = null
description = "The VCN name. If unassigned, a default name is provided. VCN label: TT-VCN-1."
}
variable "tt_vcn1_cidrs" {
type = list(string)
default = ["10.0.0.0/20"]
description = "The list of CIDR blocks for the VCN."
}
variable "tt_vcn1_attach_to_drg" {
type = bool
default = false
description = "If true, the VCN is attached to a DRG, enabling cross-vcn traffic routing."
}
variable "tt_vcn1_routable_vcns" {
type = list(string)
default = []
description = "The VCN labels that this VCN can send traffic to. Leave unassigned for sending traffic to all VCNs. Only applicable for Hub/Spoke topology where a DRG is deployed as the hub. Valid values: TT-VCN-2, TT-VCN-3, EXA-VCN-1, EXA-VCN-2, EXA-VCN3, OKE-VCN-1, OKE-VCN-2, OKE-VCN-3."
}
variable "customize_tt_vcn1_subnets" {
type = bool
default = false
description = "If true, allows for the customization of default subnets settings. Only applicable to RMS deployments."
}
variable "tt_vcn1_web_subnet_name" {
type = string
default = null
description = "The Web subnet name."
}
variable "tt_vcn1_web_subnet_cidr" {
type = string
default = null
description = "The Web subnet CIDR block. It must be within the VCN CIDR blocks."
}
variable "tt_vcn1_web_subnet_is_private" {
type = bool
default = false
description = "Whether the Web subnet private. It is public by default."
}
variable "tt_vcn1_app_subnet_name" {
type = string
default = null
description = "The Application subnet name."
}
variable "tt_vcn1_app_subnet_cidr" {
type = string
default = null
description = "The Application subnet CIDR block. It must be within the VCN CIDR blocks."
}
variable "tt_vcn1_db_subnet_name" {
type = string
default = null
description = "The Database subnet name."
}
variable "tt_vcn1_db_subnet_cidr" {
type = string
default = null
description = "The Database subnet CIDR block. It must be within the VCN CIDR blocks."
}
variable "deploy_tt_vcn1_bastion_subnet" {
type = bool
default = false
description = "Whether to deploy a subnet where you can further deploy OCI Bastion service or a jump host."
}
variable "tt_vcn1_bastion_subnet_name" {
type = string
default = null
description = "The Bastion subnet name."
}
variable "tt_vcn1_bastion_subnet_cidr" {
type = string
default = null
description = "The Bastion subnet CIDR block. A /29 block is usually enough, unless you plan on deploying a large number of jump hosts. It must be within the VCN CIDR blocks."
}
variable "tt_vcn1_bastion_is_access_via_public_endpoint" {
type = bool
default = false
description = "If true, the Bastion subnet is made public where you'd later deploy and manage your jump hosts. By default, the Bastion subnet is private, where OCI Bastion service is expected to be deployed."
}
variable "tt_vcn1_bastion_subnet_allowed_cidrs" {
type = list(string)
default = []
description = "List of CIDR blocks allowed to SSH into the the jump host that is eventually deployed in the public Bastion subnet. Leave it empty for no access."
}
variable "add_tt_vcn2" {
type = bool
default = false
description = "Whether to add a second VCN configured for three-tier workload deployments, with up to four subnets: web (public by default), application (private), database (private). An optional subnet (private by default) for bastion deployment is also available. The added VCN is labelled 'TT-VCN-2'. The label should be used in the '*_routable_vcns' fields of other VCNs for constraining network traffic to those respective VCNs in a Hub/Spoke topology."
}
# ------------------------------------------------------
# ----- Networking - Three-tier VCN 2
#-------------------------------------------------------
variable "tt_vcn2_name" {
type = string
default = null
description = "The VCN name. If unassigned, a default name is provided. Label: TT-VCN-2."
}
variable "tt_vcn2_cidrs" {
type = list(string)
default = ["10.1.0.0/20"]
description = "The list of CIDR blocks for the VCN."
}
variable "tt_vcn2_attach_to_drg" {
type = bool
default = false
description = "If true, the VCN is attached to a DRG, enabling cross-vcn traffic routing."
}
variable "tt_vcn2_routable_vcns" {
type = list(string)
default = []
description = "The VCN labels that this VCN can send traffic to. Only applicable for Hub/Spoke topology where a DRG is deployed as the hub. Valid values: TT-VCN-1, TT-VCN-3, EXA-VCN-1, EXA-VCN-2, EXA-VCN3, OKE-VCN-1, OKE-VCN-2, OKE-VCN-3."
}
variable "customize_tt_vcn2_subnets" {
type = bool
default = false
description = "If true, allows for the customization of default subnets settings. Only applicable to RMS deployments."
}
variable "tt_vcn2_web_subnet_name" {
type = string
default = null
description = "The Web subnet name."
}
variable "tt_vcn2_web_subnet_cidr" {
type = string
default = null
description = "The Web subnet CIDR block. It must be within the VCN CIDR blocks."
}
variable "tt_vcn2_web_subnet_is_private" {
type = bool
default = false
description = "Whether the Web subnet private. It is public by default."
}
variable "tt_vcn2_app_subnet_name" {
type = string
default = null
description = "The Application subnet name."
}
variable "tt_vcn2_app_subnet_cidr" {
type = string
default = null
description = "The Application subnet CIDR block. It must be within the VCN CIDR blocks."
}
variable "tt_vcn2_db_subnet_name" {
type = string
default = null
description = "The Database subnet name."
}
variable "tt_vcn2_db_subnet_cidr" {
type = string
default = null
description = "The Database subnet CIDR block. It must be within the VCN CIDR blocks."
}
variable "deploy_tt_vcn2_bastion_subnet" {
type = bool
default = false
description = "Whether to deploy a subnet where you can further deploy OCI Bastion service or a jump host."
}
variable "tt_vcn2_bastion_subnet_name" {
type = string
default = null
description = "The Bastion subnet name."
}
variable "tt_vcn2_bastion_subnet_cidr" {
type = string
default = null
description = "The Bastion subnet CIDR block. A /29 block is usually enough, unless you plan on deploying a large number of jump hosts. It must be within the VCN CIDR blocks."
}
variable "tt_vcn2_bastion_is_access_via_public_endpoint" {
type = bool
default = false
description = "If true, the Bastion subnet is made public where you'd later deploy and manage your jump hosts. By default, the Bastion subnet is private, where OCI Bastion service is expected to be deployed."
}
variable "tt_vcn2_bastion_subnet_allowed_cidrs" {
type = list(string)
default = []
description = "List of CIDRs blocks allowed to SSH into the the jump host that is eventually deployed in the public Bastion subnet. Leave it empty for no access."
}
variable "add_tt_vcn3" {
type = bool
default = false
description = "Whether to add a third VCN configured for three-tier workload deployments, with up to four subnets: web (public by default), application (private), database (private). An optional subnet (private by default) for bastion deployment is also available. The added VCN is labelled 'TT-VCN-3'. The label should be used in the '*_routable_vcns' fields of other VCNs for constraining network traffic to those respective VCNs in a Hub/Spoke topology."
}
# ------------------------------------------------------
# ----- Networking - Three-tier VCN 3
#-------------------------------------------------------
variable "tt_vcn3_name" {
type = string
default = null
description = "The VCN name. If unassigned, a default name is provided. Label: TT-VCN-3."
}
variable "tt_vcn3_cidrs" {
type = list(string)
default = ["10.2.0.0/20"]
description = "The list of CIDR blocks for the VCN."
}
variable "tt_vcn3_attach_to_drg" {
type = bool
default = false
description = "If true, the VCN is attached to a DRG, enabling cross-vcn traffic routing."
}
variable "tt_vcn3_routable_vcns" {
type = list(string)
default = []
description = "The VCN labels that this VCN can send traffic to. Only applicable for Hub/Spoke topology where a DRG is deployed as the hub. Valid values: TT-VCN-1, TT-VCN-2, EXA-VCN-1, EXA-VCN-2, EXA-VCN3, OKE-VCN-1, OKE-VCN-2, OKE-VCN-3."
}
variable "customize_tt_vcn3_subnets" {
type = bool
default = false
description = "If true, allows for the customization of default subnets settings. Only applicable to RMS deployments."
}
variable "tt_vcn3_web_subnet_name" {
type = string
default = null
description = "The Web subnet name."
}
variable "tt_vcn3_web_subnet_cidr" {
type = string
default = null
description = "The Web subnet CIDR block. It must be within the VCN CIDR blocks."
}
variable "tt_vcn3_web_subnet_is_private" {
type = bool
default = false
description = "Whether the Web subnet private. It is public by default."
}
variable "tt_vcn3_app_subnet_name" {
type = string
default = null
description = "The Application subnet name."
}
variable "tt_vcn3_app_subnet_cidr" {
type = string
default = null
description = "The Application subnet CIDR block. It must be within the VCN CIDR blocks."
}
variable "tt_vcn3_db_subnet_name" {
type = string
default = null
description = "The Database subnet name."
}
variable "tt_vcn3_db_subnet_cidr" {
type = string
default = null
description = "The Database subnet CIDR block. It must be within the VCN CIDR blocks."
}
variable "deploy_tt_vcn3_bastion_subnet" {
type = bool
default = false
description = "Whether to deploy a subnet where you can further deploy OCI Bastion service or a jump host."
}
variable "tt_vcn3_bastion_subnet_name" {
type = string
default = null
description = "The Bastion subnet name."
}
variable "tt_vcn3_bastion_subnet_cidr" {
type = string
default = null
description = "The Bastion subnet CIDR block. A /29 block is usually enough, unless you plan on deploying a large number of jump hosts. It must be within the VCN CIDR blocks."
}
variable "tt_vcn3_bastion_is_access_via_public_endpoint" {
type = bool
default = false
description = "If true, the Bastion subnet is made public where you'd later deploy and manage your jump hosts. By default, the Bastion subnet is private, where OCI Bastion service is expected to be deployed."
}
variable "tt_vcn3_bastion_subnet_allowed_cidrs" {
type = list(string)
default = []
description = "List of CIDRs allowed to SSH into the the jump host that is eventually deployed in the public Bastion subnet. Leave it empty for no access. 0.0.0.0/0 is not allowed."
}