What will the future of Terraform be?

(required) The fingerprint of the API signature key you uploaded. (required) The full path and name of the file that contains your Private API Signing Key. (required) Your tenant's OCID. (required) The OCID of the user that Terraform should use to authenticate with Oracle Cloud Infrastructure. (required) The OCID of the compartment in which you want to create the resources.A short ID that you want to use as a prefix in the names of the resources.

Use a string that allows you to identify the purpose or type of resources by their names. For example, if you want to use the Terraform configuration to set up a test or staging environment, you should use the prefix or.

The ID of the realm where you want to create the resources.

The ID of the region "US East (Ashburn)" is e.g. B.

Specify to create a NAT gateway for VCN.

A NAT gateway is required if any of the private compute instances (such as admin host or Kubernetes employee nodes) need to access hosts on the public internet.

Enter to create a service gateway for VCN.

A service gateway is required if the compute instances in VCN need to access other Oracle services such as Oracle Cloud Infrastructure Object Storage.

An IPv4 CIDR block of your choice for VCN.

The standard is. The allowable range is to

The name prefix for the internal DNS name of the VCN.

The name given here is prepended to form the DNS domain name of VCN. Example: If you specify as a prefix, the DNS domain name would be from VCN

The name of the VCN resource.The availability domain in which you want to provision admin and base hosts.

Example: To make the bastion host available in the second availability domain, set this variable to.

If the region contains only one availability domain, keep this variable at the default value.

The range of IP addresses (in CIDR notation) from which SSH access to the bastion must be granted.

To allow SSH access from any host (), leave the variable at the default value.

Specify to create a bastion host. The OCID of the image to be used to build the bastion host.

If you leave this variable at the default value, an Oracle Autonomous Linux image will be used.

The unit of compute that you want to use for the bastion host.Specify if you want the bastion host's security packages to be upgraded the first time the host boots.

When set to, this variable will be unavailable for a short period of time after the bastion host is provisioned during the security package upgrade. However, enabling this upgrade will minimize the security vulnerabilities of the bastion host.

and When you apply the configuration, Terraform passes the values ​​from and as arguments to the Terraform function. This function calculates the CIDR prefixes of the subnets for the bastion host and the admin host.
  • The size of the subnet is determined with. This is the difference between the VCN netmask and the netmask you need for the bastion subnet.

    Example: If you want to create a subnet with the netmask in a - VCN, enter the value of (i.e. minus).

    A lower value leads to a subnet with a larger address space.

  • is used to determine the boundaries of the subnet. This is the zero-based index of the subnet if the network is masked with.

    With the previous example, if you specify and, the function returns the CIDR prefix of the subnet that is the first address space within the VCN.

Default values:
If you leave these variables at their default values ​​and specify the CIDR range for VCN, the Terraform function calculates the following CIDR prefixes for the subnets. The available addresses are shown in brackets. Note that the first two addresses and the last address in a subnet are reserved by the networking service.
  • Bastion subnet: (available addresses: to, i.e. 5 hosts)
  • Admin subnet: (for; 5 hosts)

If you need subnets that have different addresses or sizes than the default settings, you should determine the appropriate values ​​for and. To do this, you need basic knowledge of the IP addresses to be passed through. For more information on the function, see the Terraform documentation.

With the Oracle Cloud Infrastructure notification service, you can receive status notifications from the bastion host when updates are applied or when a known load attempt has been detected by Oracle Ksplice.
Specify to enable sending notifications for the bastion host.

Note:

The Terraform code in this solution only configures notifications when using the Oracle Autonomous Linux default image.
The email address to which notifications should be sent. This variable is required if you bet on. Set this variable on. A name for the notification subject to be created. This variable is required if you bet on. The full path and name of the file that contains the SSH private key that corresponds to the public key you want to provide for the bastion host and admin host.

This value is used to create the command that will allow you to access the bastion host. The command will appear in the output when you apply the Terraform configuration. Note that Terraform does not read or copy the private key.

The full path and name of the file that contains the SSH public key that you want to provide for the bastion host and admin host.The time zone to be configured for the bastion host and admin host, in IANA time zone format (example:). Specify to use the Oracle Autonomous Linux image for the bastion host and admin host. If you want to use a different picture, set this variable on. Enter to create an admin host. The OCID of the image to be used to build the bastion host.

If you leave this variable at the default value, an Oracle-supplied Linux image will be used.

The computing power unit that you want to use for the admin host.Specify if the security packages of the admin host are to be upgraded when the host is started up for the first time.

If this variable is set to, it will be unavailable for a short period of time after the admin host is provisioned during the security package upgrade. However, enabling this upgrade will minimize the security vulnerabilities of the Admin Host.

Specify if you want to enable the admin host to manage all resources in the compartment you specified.
Use this feature when you want to run CLI commands or make API calls from the admin host to manage resources in the topology.

Note:

Anyone who can log in to a compute instance using SSH inherits the instance principal's permissions that are assigned to the instance. Keep this in mind when deciding whether to specify the Admin Host as the Instance Principal. You can turn this feature off or on at any time without affecting the admin host.

If you set this variable to, the Admin Host becomes a member of a dynamic group and a policy statement is created that allows the dynamic group to manage all resources in the compartment.