mharb
/
tf-oci-ans-selfhost-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
tf-oci-ans-selfhost-dev/terraform_plans/network-subnet-public.tf

159 lines
4.2 KiB
HCL
Raw Blame History

resource "oci_core_subnet" "vcn-public-subnet" {
compartment_id = oci_identity_compartment.tf-playground.id
vcn_id = module.vcn.vcn_id
cidr_block = "10.0.0.0/28"
freeform_tags = var.tags
route_table_id = module.vcn.ig_route_id
security_list_ids = [
oci_core_security_list.public-security-list.id,
]
display_name = "public-subnet"
dhcp_options_id = oci_core_dhcp_options.dhcp-options.id
dns_label = "publicsubnet"
}
resource "oci_core_security_list" "public-security-list" {
compartment_id = oci_identity_compartment.tf-playground.id
vcn_id = module.vcn.vcn_id
display_name = "security-list-public"
freeform_tags = var.tags
egress_security_rules {
stateless = false
destination = "0.0.0.0/0"
destination_type = "CIDR_BLOCK"
protocol = "all"
}
ingress_security_rules {
stateless = false
source = var.ssh_allow_range
source_type = "CIDR_BLOCK"
protocol = "6"
description = "SSH traffic"
tcp_options {
min = 22
max = 22
}
}
## If you wish to open further network ports to the internet,
## add your firewall ACLs as the following:
ingress_security_rules {
stateless = false
source = var.go_live ? "0.0.0.0/0" : var.ssh_allow_range
source_type = "CIDR_BLOCK"
protocol = "6"
description = "HTTPs traffic"
tcp_options {
min = 443
max = 443
}
}
ingress_security_rules {
stateless = false
source = var.go_live ? "0.0.0.0/0" : var.ssh_allow_range
source_type = "CIDR_BLOCK"
protocol = "6"
description = "HTTP traffic"
tcp_options {
min = 80
max = 80
}
}
# ingress_security_rules {
# stateless = false
# source = "0.0.0.0/0"
# source_type = "CIDR_BLOCK"
# protocol = "6"
# description = "HTTPS traffic"
# tcp_options {
# min = 443
# max = 443
# }
# ingress_security_rules {
# stateless = false
# source = "0.0.0.0/0"
# source_type = "CIDR_BLOCK"
# protocol = "1"
# description = "ICMP Port Unreachable"
#
# icmp_options {
# type = 3
# code = 4
# }
# }
#
# ingress_security_rules {
# stateless = false
# source = "10.0.0.0/16"
# source_type = "CIDR_BLOCK"
# protocol = "1"
# description = "ICMP Destination Unreachable"
#
# icmp_options {
# type = 3
# }
# }
#
# ingress_security_rules {
# stateless = false
# source = "10.0.0.0/16"
# source_type = "CIDR_BLOCK"
# protocol = "1"
# description = "ICMP Echo Reply"
#
# icmp_options {
# type = 0
# }
# }
#
# ingress_security_rules {
# stateless = false
# source = "10.0.0.0/16"
# source_type = "CIDR_BLOCK"
# protocol = "1"
# description = "ICMP Echo"
#
# icmp_options {
# type = 8
# }
# }
}
resource "oci_core_network_security_group" "tf-playground-network-security-group" {
compartment_id = oci_identity_compartment.tf-playground.id
vcn_id = module.vcn.vcn_id
display_name = "network-security-group-tf-playground"
freeform_tags = var.tags
}
resource "oci_core_network_security_group_security_rule" "tf-playground-network-security-group-list-ingress" {
network_security_group_id = oci_core_network_security_group.tf-playground-network-security-group.id
direction = "INGRESS"
source = oci_core_network_security_group.tf-playground-network-security-group.id
source_type = "NETWORK_SECURITY_GROUP"
protocol = "all"
stateless = true
}
resource "oci_core_network_security_group_security_rule" "tf-playground-network-security-group-list-egress" {
network_security_group_id = oci_core_network_security_group.tf-playground-network-security-group.id
direction = "EGRESS"
destination = oci_core_network_security_group.tf-playground-network-security-group.id
destination_type = "NETWORK_SECURITY_GROUP"
protocol = "all"
stateless = true
}
Reference in New Issue View Git Blame Copy Permalink