This module creates a VPC with subnets across 1, 2, or 3 zones, a network ACL, and optionally creates public gateways in those zones.
- VPC
- Version
- Public Gateways
- Network ACL
- Subnets
- Module Variables
- Module Outputs
- As A Module in a Larger Architecture
This module creates a VPC in a resource group with optional Classic Access. It also allows users to update the default vpc security group with additional rules.
Default security group rules are converted from a list to an object to ensure that adding, deleting, or changing the order of rules listed will not force unwanted changes. Example:
ibm_is_security_group_rule.default_vpc_rule["allow-inbound-ping"]
ibm_is_security_group_rule.default_vpc_rule["allow-inbound-ssh"]This sample supports Terrform v0.13 and higher.
This module allows a user to optionally create public gateways in the VPC in each of the three zones of the VPC's region.
This module creates a network ACL with any number of rules. (Note: by default, VPC Network ACLs have a maximum of 25 rules.) Any subnets created by this module will be connected to this ACL
The subnet module allows users to create subnets in 1, 2, or 3 zones. Public gateways can be optionally attached to each subnet.
A CIDR block is created in the VPC for each subnet that will be provisioned
The type of the subnets variable is as follows:
object({
zone-1 = list(object({
name = string
cidr = string
public_gateway = optional(bool)
}))
zone-2 = list(object({
name = string
cidr = string
public_gateway = optional(bool)
}))
zone-3 = list(object({
name = string
cidr = string
public_gateway = optional(bool)
}))
})While zone-1, zone-2, and zone-3 are all lists, these lists are converted into an object before the resources are provisioned. This ensures that the addition or deletion of subnets will affect only the added or deleted subnets. Example:
module.subnets.ibm_is_subnet.subnet["gcat-multizone-subnet-a"]
module.subnets.ibm_is_subnet.subnet["gcat-multizone-subnet-b"]
module.subnets.ibm_is_subnet.subnet["gcat-multizone-subnet-c"]
module.subnets.ibm_is_vpc_address_prefix.subnet_prefix["gcat-multizone-subnet-a"]
module.subnets.ibm_is_vpc_address_prefix.subnet_prefix["gcat-multizone-subnet-b"]
module.subnets.ibm_is_vpc_address_prefix.subnet_prefix["gcat-multizone-subnet-c"]| Name | Type | Description | Sensitive | Default |
|---|---|---|---|---|
| ibmcloud_api_key | string | The IBM Cloud platform API key needed to deploy IAM enabled resources. Only needed if running locally | true | |
| prefix | string | A unique identifier need to provision resources. Must begin with a letter | gcat-multizone | |
| region | string | Region where VPC will be created | us-south | |
| resource_group | string | Name of resource group where all infrastructure will be provisioned | asset-development | |
| classic_access | bool | Enable VPC Classic Access. Note: only one VPC per region can have classic access | false | |
| subnets | object({ zone-1 = list(object({ name = string cidr = string public_gateway = optional(bool) })) zone-2 = list(object({ name = string cidr = string public_gateway = optional(bool) })) zone-3 = list(object({ name = string cidr = string public_gateway = optional(bool) })) }) | List of subnets for the vpc. For each item in each array, a subnet will be created. | { zone-1 = [{ name = "subnet-a" cidr = "10.10.10.0/24" public_gateway = true }], zone-2 = [{ name = "subnet-b" cidr = "10.20.10.0/24" public_gateway = true }], zone-3 = [{ name = "subnet-c" cidr = "10.30.10.0/24" public_gateway = true }] } |
|
| use_public_gateways | object({ zone-1 = optional(bool) zone-2 = optional(bool) zone-3 = optional(bool) }) | Create a public gateway in any of the three zones with true. |
{ zone-1 = true zone-2 = true zone-3 = true } |
|
| acl_rules | list( object({ name = string action = string destination = string direction = string source = string tcp = optional( object({ port_max = optional(number) port_min = optional(number) source_port_max = optional(number) source_port_min = optional(number) }) ) udp = optional( object({ port_max = optional(number) port_min = optional(number) source_port_max = optional(number) source_port_min = optional(number) }) ) icmp = optional( object({ type = optional(number) code = optional(number) }) ) }) ) | Access control list rule set | [ { name = "allow-all-inbound" action = "allow" direction = "inbound" destination = "0.0.0.0/0" source = "0.0.0.0/0" }, { name = "allow-all-outbound" action = "allow" direction = "outbound" destination = "0.0.0.0/0" source = "0.0.0.0/0" } ] |
|
| security_group_rules | list( object({ name = string direction = string remote = string tcp = optional( object({ port_max = optional(number) port_min = optional(number) }) ) udp = optional( object({ port_max = optional(number) port_min = optional(number) }) ) icmp = optional( object({ type = optional(number) code = optional(number) }) ) }) ) | A list of security group rules to be added to the default vpc security group | [ { name = "allow-inbound-ping" direction = "inbound" remote = "0.0.0.0/0" icmp = { type = 8 } }, { name = "allow-inbound-ssh" direction = "inbound" remote = "0.0.0.0/0" tcp = { port_min = 22 port_max = 22 } }, ] |
| Name | Description | Value |
|---|---|---|
| vpc_id | ID of VPC created | ibm_is_vpc.vpc.id |
| acl_id | ID of ACL created for subnets | ibm_is_network_acl.multizone_acl |
| public_gateways | Public gateways created | local.public_gateways |
| subnet_ids | The IDs of the subnets | module.subnets.ids |
| subnet_detail_list | A list of subnets containing names, CIDR blocks, and zones. | module.subnets.detail_list |
| subnet_zone_list | A list containing subnet IDs and subnet zones | module.subnets.zone_list |
module multizone_vpc {
source = "./multizone_vpc"
ibmcloud_api_key = var.ibmcloud_api_key
prefix = var.prefix
region = var.region
resource_group = var.resource_group
classic_access = var.classic_access
subnets = var.subnets
use_public_gateways = var.use_public_gateways
acl_rules = var.acl_rules
security_group_rules = var.security_group_rules
}