This configuration guide will detail the required and available configurations needed to deploy an Oracle Enterprise Landing Zone(OELZ) 2.0 Workload Expansion on Oracle Cloud Infrastructure.
Oracle Enterprise Landing Zone(OELZ) stack will be fully deployed on the OCI Tenanacy.
Deployment of the OELZ is controlled by several Terraform input variables, however most of these have sensible default values. Here are the minimum required configurations to deploy a OELZ Workload Expansion:
The required provider variables for the OELZ:
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| current_user_ocid | The ID of user to deploy the OELZ. | string |
"" |
yes |
| api_fingerprint | The API fingerprint which can be retrieved from the console. | string |
"" |
yes |
| api_private_key_path | The local path to the API private key | string |
"" |
yes |
| tenancy_ocid | The ID of tenancy | string |
n/a | yes |
| region | The OCI region to deploy the OELZ resources to. | string |
n/a | yes |
This architecture diagram illustrates the compartments for Enterprise LZ deploys Workload Expansion.
The OELZ Workload Expansion will create L3 workload compartment on the user defined Parent Compartment OCID .
The required arguments for OELZ Workload Compartment:
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| enable_compartment_delete | Set to true to allow the compartments to delete on terraform destroy. | bool |
true |
yes |
| workload_compartment_name | The name of the workload compartment under which all Workload resources will be deployed. | string |
"OCI-ELZ-Workload1-[Region]-01" |
yes |
| environment_compartment_id | The name of parent compartment where workload compartment will be created | string |
"OCID Value" |
yes |
| workload_expansion_flag | Flag to enable workload expansion | bool |
true |
yes |
| environment_prefix | The unique prefix for environment created in baseline stack (e.g. N, P) | string |
yes |
The required arguments for OELZ Workload Network:
- OELZ Workload Spoke VCN Related Variables
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| workload_prefix | Workload Prefix. | string |
"WRK1" |
yes |
| vcn_display_name | Workload Spoke VCN Display Name. | string |
"OCI-ELZ-${var.workload_prefix}-EXP-SPK-VCN-${local.region_key[0]}" |
no |
| workload_spoke_vcn_cidr | Workload Spoke VCN IPv4 CIDR Block. | string |
yes | |
| vcn_dns_label | Workload Spoke VCN DNS Label. | string |
"wrkspokevcn" |
yes |
- OELZ Workload Spoke VCN Subnet Related Variables
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| workload_private_spoke_subnet_web_display_name | Workload Spoke VCN Web Subnet Display Name | string |
"OCI-ELZ-${var.workload_prefix}-EXP-SPK-VCN-SUB-${local.region_key[0]}-001" |
no |
| workload_private_spoke_subnet_app_display_name | Workload Spoke VCN App Subnet Display Name | string |
"OCI-ELZ-${var.workload_prefix}-EXP-SPK-VCN-SUB-${local.region_key[0]}-002" |
no |
| workload_private_spoke_subnet_db_display_name | Workload Spoke VCN DB Subnet Display Name | string |
"OCI-ELZ-${var.workload_prefix}-EXP-SPK-VCN-SUB-${local.region_key[0]}-003" |
no |
| workload_private_spoke_subnet_web_cidr_block | Workload Spoke VCN Web Subnet CIDR BLOCK | string |
""(Valid IPv4 Address) |
yes |
| workload_private_spoke_subnet_app_cidr_block | Workload Spoke VCN App Subnet CIDR BLOCK | string |
""(Valid IPv4 Address) |
yes |
| workload_private_spoke_subnet_db_cidr_block | Workload Spoke VCN Db Subnet CIDR BLOCK | string |
""(Valid IPv4 Address) |
yes |
| workload_private_spoke_subnet_web_dns_label | Workload Spoke VCN Web Subnet DNS Label | string |
"wrkweblabel" |
yes |
| workload_private_spoke_subnet_app_dns_label | Workload Spoke VCN App Subnet DNS Label | string |
"wrkapplabel" |
yes |
| workload_private_spoke_subnet_db_dns_label | Workload Spoke VCN Db Subnet DNS Label | string |
"wrkdblabel" |
yes |
- OELZ Workload Spoke VCN Gateway Related Variables
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| enable_nat_gateway_spoke | Workload Spoke VCN Enable Nat-Gateway | bool |
false |
yes |
| nat_gateway_display_name | Workload Spoke VCN Nat-Gateway Display Name | string |
"OCI-ELZ-${var.workload_prefix}-EXP-SPK-NAT-${local.region_key[0]}" |
no |
| enable_service_gateway_spoke | Workload Spoke VCN Enable Service Gateway | bool |
false |
yes |
| service_gateway_display_name | Workload Spoke VCN Service Gateway Display Name | string |
"OCI-ELZ-${var.workload_prefix}-EXP-SPK-SGW-${local.region_key[0]}" |
no |
- OELZ Workload Spoke VCN Route Table and Security List Related Variables
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| hub_public_subnet_cidr_block | Provide Hub Public Subnet IPv4 CIDR Block. | string |
""(Valid IPv4 CIDR Block) |
yes |
| hub_private_subnet_cidr_block | Provide Hub Private Subnet IPv4 CIDR Block. | string |
""(Valid IPv4 CIDR Block) |
yes |
The required arguments Workload Expansion IAM:
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| workload_admin_group_name | Provide Workload Admin Group Name. | string |
"OCI-ELZ-UGP-[workload_prefix]-WRK-ADMIN" |
yes |
| application_admin_group_name | Provide Workload Application Admin Group Name. | string |
"OCI-ELZ-UGP-[workload_prefix]-APP-ADMIN" |
yes |
| database_admin_group_name | Provide Workload DB Admin Group Name. | string |
"OCI-ELZ-UGP-[workload_prefix]-DB-ADMIN" |
yes |
The required arguments Workload Expansion Policy:
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| security_compartment_name | Provide Security Compartment Name. | string |
"" |
yes |
| security_compartment_ocid | Provide Security Compartment OCID. | string |
"" |
yes |
| identity_domain_name | Identity Domain Name. | string |
"" |
yes |
| identity_domain_ocid | Identity Domain OCID. | string |
"" |
yes |
These are the configuration options for Workload Monitoring:
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| workload_topic_endpoints | List of email addresses for Workload notifications. | list(string) |
[] |
no |
| workload_name | Prefix to avoid name conflicts in Topic | string |
W |
no |
| enable_network_monitoring_alarms | Enable network alarm in workload expansion | bool |
false |
no |
| enable_security_monitoring_alarms | Enable security alarm in workload expansion | bool |
false |
no |
| enable_enable_workload_monitoring_alarms | Enable workload alarm in workload expansion | bool |
false |
no |
Bastion service is created in the L4 Security Compartment.
-
Required Arguments/Parameters Under Bastion Module:
| Name | Description | Type | Default | Required | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------- | -------------- | ------- | :------: | | enable_bastion | Option to enable bastion service |
bool| n/a | yes | | bastion_client_cidr_block_allow_list | A list of address ranges in CIDR notation that you want to allow to connect to sessions hosted by this bastion. |list(string)| n/a | yes |
These are the configuration options for Workload Expansion ExaData Datasafe:
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| enable_datasafe | To enable datasafe feature in workload exadata module | bool |
false |
no |
The link provided below can give more information on overview, features etc for OCI ExaData Datasafe. https://www.oracle.com/security/database-security/data-safe/
Copyright (c) 2022,2023 Oracle and/or its affiliates.
Licensed under the Universal Permissive License (UPL), Version 1.0.
See LICENSE for more details.