2.1.2 VCN & public subnet (step-by-step in Terraform)
n.b: This tutorial is created in root compartment
Prerequisites: Terraform configured (if not configured yet, check one of my previous lessons "Install and configure Terraform")
We created in step 2.1.1 Create a virtual network using Start VCN Wizard the "vcnmysql" virtual network.
If you take a look at the created virtual network, you will notice that a VCN consists of:
Resources (Subnets - public and/or private), CIDR Blocks, Route Tables, Internet Gateways, Dynamic Routing Gateway, Network Security Groups, Security Lists, DHCP Options, NAT Gateways, etc)
DNS Resolver
DNS Domain Name
1. Define a VCN
Let's create a VCN (without resources). We will add the resources one by one in the next steps.
For VCN creation, we will be using the Teraform OCI resource oci core vcn.
But first, let's create our working directory, and define our provider and variables.
If you paid attention at point 2.1.1, when we configured VCN, there was field "VCN CIDR Block".
This accepts an IPv4 CIDR Block (of range /16 or /30). Let's use same value "10.0.0.0/16", and define it in our variables.tf file:
My vcn.tf file has following content
...and of course, the provider.tf, so that Terraform knows we work with OCI resources:
Run "terraform init" in the working directory
... then terraform plan, and if all good, "terraform apply"
And let's check in the Cloud, to see if it has been created:
... still, no resources (subnets, especially) for this VCN (except a few default ones):
2. Create a Subnet
To add a subnet to a VCN, you need to use the Terraform resource oci core subnet
Time to remind ourselves once again, about what we did at "Start VCN Wizard" ... remember that we also defined the subnets CIDR:
Let's use "10.0.1.0/24" for our subnet, and define it in our "variable.tf" file:
We obviously need to create a file where to define our subnet resource:
My working directory has the following files now:
Run command "terraform refresh" ...
... then, run "terraform plan" to see the changes that are about to be implemented
... and of course, make changes with "terraform apply"
And let's check in the Cloud:
3. Public Subnet, Security List and Internet Gateway
What does a Public Subnet imply? - access the Internet, inbound and outbound. This means that my VCN requires an Internet Gateway if I want to reach directly from workstation the instances/services that I deploy inside the VCN.
What else? This "public access" comes with a high price - I can't just leave my instances/services in plain sight, therefore I need to apply Security Lists (virtual firewall) that can control the traffic.
3.1 Create the internet gateway
For internet gateway creation, we will be using the Terraform resource oci core internet gatewayFor this too, I will create another file, int_gateway.tf, under my working directory.
The content for int_gateway.tf:
3.2 Create the Security Rules (Security List)
For security rules creation, we will be using the Terraform resource oci core security list.
Before creating the security rules terraform file, we need to modify the variables.tf files accordingly:
- range of IP addresses from which traffic can be accepted ("10.0.0.0/16" for ingress)
- TCP ports on which traffic is allowed (22, respectively 8666; feel free to add any other port of >1024 value)
The content of terraform file for Security List (for egress and ingress)
My working directory contains the following files now:
Perform again "terraform refresh", "terraform plan"
... and make the new changes with "terraform apply"
And let's check again in our Cloud:
for security list (ingress and egress):
for internet gateway
4. Route table
At 'Internet Gateway', notice the "Default Route Table" is set to "Default Route Table for WildTestVCN", and there is only one resource of Route Tables:
Route tables are used to direct the traffic; not to mention that in our case we have a Public IP that needs to access directly the internet.
For the creation of the route table, we will use the Terraform resource oci core route table
Our route.tf file will have the following content:
The working directory contains now the following terraform files:
As usual: "terraform refresh", "terraform plan" and "terraform apply"
And let's check in the Cloud if it has been created:
5. DHCP Options, DNS and, once again, Subnet
You need the DHCP options to specify the DNS type of each instance.
In OCI, forDNS, you have two options:
default choice: internet and vcn resolver
custom resolver
For creating the DHCP options we will use the Terraform resource oci core dhcp options
Our file dhcp_opt.tf will have the following content:
File subnet.tf will now look like this (comments for the newly added lines)
And file vcn.tf will have the following line added:
My working directory has the following files:
And, of course... "terraform refresh", "terraform plan", and "terraform apply"
And let's check in the Cloud
for DNS:
for DHCP
6. Test your VCN
Let's create an instance in the OCI UI that will be deployed in the VCN we just created, and see if we can access it via ssh:
Provide the ssh keys (here, providing the workstation's ssh keys):
After the creation, log in via ssh, using the public IP:
7. Destroy VCN resources
Terminate the instance you created as an example, and then, proceed to terminate the VCN and its resources with "terraform destroy":
Last updated