Skip to content

Latest commit

 

History

History
55 lines (49 loc) · 8.53 KB

README.md

File metadata and controls

55 lines (49 loc) · 8.53 KB

Module for base VPC lab environment

Resources

Name Type
ibm_is_floating_ip.bastion resource
ibm_is_instance.bastion resource
ibm_is_public_gateway.regional resource
ibm_is_ssh_key.generated_key resource
ibm_is_subnet.backend resource
ibm_is_subnet.frontend resource
ibm_is_vpc.vpc resource
null_resource.create_private_key resource
random_string.prefix resource
tls_private_key.ssh resource
ibm_is_image.base data source
ibm_is_ssh_key.sshkey data source
ibm_is_zones.regional data source

Inputs

Name Description Type Default Required
allow_ip_spoofing Allow IP Spoofing on the network interface. Default is true. bool true no
classic_access Whether or not to enable classic access for the VPC. Default is false. bool false no
default_address_prefix Indicates whether a default address prefix should be created automatically auto or manually manual for each zone in this VPC. Default value is auto string "auto" no
enable_bastion Whether or not to enable a bastion host. Default is false. bool false no
existing_resource_group Existing resource group to use for the VPC and related resources. If not set, a new resource group will be created. string n/a yes
existing_ssh_key Existing SSH key to use for the VPC. If not set, a new SSH key will be created. string "" no
image_name The name of an existing OS image to use. You can list available images with the command 'ibmcloud is images'. string "ibm-ubuntu-22-04-2-minimal-amd64-1" no
init_script Path to the init script to run on the bastion host. If not set, a simple script will be used to update the system and install the IBM Cloud CLI and tools. string "" no
instance_profile Compute instance profile to use for the instance. See https://cloud.ibm.com/docs/vpc?topic=vpc-profiles for more information. If you have the IBM Cloud CLI installed, you can run 'ibmcloud is instance-profiles' to list available profiles. string "cx2-2x4" no
metadata_service n/a
object({
enabled = bool
protocol = string
response_hop_limit = number
})
{
"enabled": true,
"protocol": "https",
"response_hop_limit": 3
}
no
number_of_addresses Number of IPs to assign for each subnet. number 64 no
owner Owner tag to attach to all deployed resources. Will be added in the format owner:<owner>. string n/a yes
project_prefix Prefix to use for resource names. If not set, a random string will be generated. string "" no
region The region where the VPC will be deployed. If not specified, the default is us-south. string "us-south" no
frontend_rules A list of security group rules to be added to the Frontend security group
list(
object({
name = string
direction = string
remote = string
tcp = optional(
object({
port_max = optional(number)
port_min = optional(number)
})
)
udp = optional(
object({
port_max = optional(number)
port_min = optional(number)
})
)
icmp = optional(
object({
type = optional(number)
code = optional(number)
})
)
})
)
[
{
"direction": "inbound",
"ip_version": "ipv4",
"name": "inbound-http",
"remote": "0.0.0.0/0",
"tcp": {
"port_max": 80,
"port_min": 80
}
},
{
"direction": "inbound",
"ip_version": "ipv4",
"name": "inbound-https",
"remote": "0.0.0.0/0",
"tcp": {
"port_max": 443,
"port_min": 443
}
},
{
"direction": "inbound",
"ip_version": "ipv4",
"name": "inbound-ssh",
"remote": "0.0.0.0/0",
"tcp": {
"port_max": 22,
"port_min": 22
}
},
{
"direction": "inbound",
"icmp": {
"code": 0,
"type": 8
},
"ip_version": "ipv4",
"name": "inbound-icmp",
"remote": "0.0.0.0/0"
},
{
"direction": "outbound",
"ip_version": "ipv4",
"name": "http-outbound",
"remote": "0.0.0.0/0",
"tcp": {
"port_max": 80,
"port_min": 80
}
},
{
"direction": "outbound",
"ip_version": "ipv4",
"name": "https-outbound",
"remote": "0.0.0.0/0",
"tcp": {
"port_max": 443,
"port_min": 443
}
},
{
"direction": "outbound",
"ip_version": "ipv4",
"name": "iaas-services-outbound",
"remote": "161.26.0.0/16"
},
{
"direction": "outbound",
"ip_version": "ipv4",
"name": "cloud-services-outbound",
"remote": "166.8.0.0/14"
}
]
no

Outputs

Name Description
backend_subnet_id Backend subnet IDs.
bastion_instance_id The ID of the bastion instance (if created).
bastion_instance_ip The Public IP of the bastion instance (if created).
frontend_security_group_id Frontend Security group ID.
frontend_subnet_ids Frontend subnet IDs.
vpc_crn The VPCs CRN.
vpc_default_routing_table_id ID of the VPCs default routing table.
vpc_default_security_group_id ID of the VPCs default security group.
vpc_id The VPC ID.