Terraform : Oracle Cloud Infrastructure (OCI) Bastion
This article describes how to create a bastion on Oracle Cloud Infrastructure (OCI) using Terraform.
oracle miscconfigurationintermediate
by OracleDba
14 views
📋Steps in this guide1/4
1
Create Working Directory
Create a new working directory and switch to that directory.
In a previous article ( here ) we discussed the creation of an OCI provider. Copy the OCI provider information into this new working directory.
Code/Command (click line numbers to comment):
12345
mkdir \git\oraclebase\terraform\oci\oci_bastion
cd \git\oraclebase\terraform\oci\oci_bastion
copy \git\oraclebase\terraform\oci\oci_provider\*.tf .
copy \git\oraclebase\terraform\oci\oci_provider\*.tfvars .2
oci_bastion.tf
Create a file called "oci_bastion.tf" with the following contents.
The file begins with variable definitions. We could set default values for these variables, or use literal values directly in the provider definition, but we don't want sensitive information checked into version control, so it makes sense to separate out variable values from the script. Some of the parameters are defaulted. The resources section defines the bastion using the input variables. The outputs section allows us to see information about the bastion that's been created, including OCID.
The variables, resources and outputs sections can be split into separate files if you find that organisation easier. It may help for more complex definitions.
The full list of parameters and outputs available can be found here . You can also display the relevant information using the script defined here .
Code/Command (click line numbers to comment):
123456789101112131415161718192021222324252627
# Variables
variable "compartment_id" { type = string }
variable "target_subnet_id" { type = string }
variable "bastion_name" { type = string }
variable "bastion_client_cidr_block_allow_list" {
type = list
default = ["10.0.1.0/24"]
}
# Resources
resource "oci_bastion_bastion" "tf_bastion" {
#Required
bastion_type = "standard"
compartment_id = var.compartment_id
target_subnet_id = var.target_subnet_id
#Optional
name = var.bastion_name
client_cidr_block_allow_list = var.bastion_client_cidr_block_allow_list
}
# Outputs
output "bastion_id" {
value = oci_bastion_bastion.tf_bastion.id
}3
oci_bastion_variables.auto.tfvars
There are a number of ways to supply values for input variables ( see here ). In this example we'll use a ".auto.tfvars" file. We won't check this script into version control as it contains sensitive information.
Create a file called "oci_bastion_variables.auto.tfvars".
The is the OCID of the compartment that will house the basion. You must adjust it with a valid value from your Oracle Cloud account. You would not normally use the root compartment for this. You can get the ID of a compartment from your Oracle Cloud account as follows.
- Top-Left Hamburger > Identity > Compartments
- Click on the compartment of interest.
- Click the "Copy" link next to "OCID".
The is the OCID of the subnet the bastion instance will be connected to.
- Top-Left Hamburger > Networking > Virtual Cloud Networks
- Click on the VCN of interest.
- Click on the kebab menu to the far right of the subnet of interest.
- Select the "Copy OCID" option on the resulting popup menu.
Code/Command (click line numbers to comment):
1234
compartment_id = "ocid1.compartment.oc1..aaaaaaaa..."
target_subnet_id = "ocid1.subnet.oc1.uk-london-1.aaaaaaaa..."
bastion_name = "obbastion1"
bastion_client_cidr_block_allow_list = ["10.0.1.0/24"]4
Build the OCI bastion
Initialize the working directory using the command.
Use the command to test the execution plan.
Use the command to create the OCI compute instance.
Check the Oracle Cloud account to see the new bastion in the compartment you chose.
For more information see:
- oci_bastion_bastion
- Terraform : All Articles
Hope this helps. Regards Tim...
Code/Command (click line numbers to comment):
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104
terraform init
terraform plan
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
+ create
Terraform will perform the following actions:
# oci_bastion_bastion.tf_bastion will be created
+ resource "oci_bastion_bastion" "tf_bastion" {
+ bastion_type = "standard"
+ client_cidr_block_allow_list = [
+ "10.0.1.0/24",
]
+ compartment_id = "ocid1.compartment.oc1..aaaaaaaa..."
+ defined_tags = (known after apply)
+ freeform_tags = (known after apply)
+ id = (known after apply)
+ lifecycle_details = (known after apply)
+ max_session_ttl_in_seconds = (known after apply)
+ max_sessions_allowed = (known after apply)
+ name = "obbastion1"
+ phone_book_entry = (known after apply)
+ private_endpoint_ip_address = (known after apply)
+ state = (known after apply)
+ static_jump_host_ip_addresses = (known after apply)
+ system_tags = (known after apply)
+ target_subnet_id = "ocid1.subnet.oc1.uk-london-1.aaaaaaaa..."
+ target_vcn_id = (known after apply)
+ time_created = (known after apply)
+ time_updated = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ bastion_id = (known after apply)
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if
you run "terraform apply" now.
terraform apply
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
+ create
Terraform will perform the following actions:
# oci_bastion_bastion.tf_bastion will be created
+ resource "oci_bastion_bastion" "tf_bastion" {
+ bastion_type = "standard"
+ client_cidr_block_allow_list = [
+ "10.0.1.0/24",
]
+ compartment_id = "ocid1.compartment.oc1..aaaaaaaa..."
+ defined_tags = (known after apply)
+ freeform_tags = (known after apply)
+ id = (known after apply)
+ lifecycle_details = (known after apply)
+ max_session_ttl_in_seconds = (known after apply)
+ max_sessions_allowed = (known after apply)
+ name = "obbastion1"
+ phone_book_entry = (known after apply)
+ private_endpoint_ip_address = (known after apply)
+ state = (known after apply)
+ static_jump_host_ip_addresses = (known after apply)
+ system_tags = (known after apply)
+ target_subnet_id = "ocid1.subnet.oc1.uk-london-1.aaaaaaaa..."
+ target_vcn_id = (known after apply)
+ time_created = (known after apply)
+ time_updated = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ bastion_id = (known after apply)
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
oci_bastion_bastion.tf_bastion: Creating...
oci_bastion_bastion.tf_bastion: Still creating... [10s elapsed]
oci_bastion_bastion.tf_bastion: Still creating... [20s elapsed]
oci_bastion_bastion.tf_bastion: Still creating... [30s elapsed]
oci_bastion_bastion.tf_bastion: Still creating... [40s elapsed]
oci_bastion_bastion.tf_bastion: Still creating... [50s elapsed]
oci_bastion_bastion.tf_bastion: Still creating... [1m0s elapsed]
oci_bastion_bastion.tf_bastion: Still creating... [1m10s elapsed]
oci_bastion_bastion.tf_bastion: Still creating... [1m20s elapsed]
oci_bastion_bastion.tf_bastion: Still creating... [1m30s elapsed]
oci_bastion_bastion.tf_bastion: Creation complete after 1m33s [id=ocid1.bastion.oc1.uk-london-1.amaaaaaa...]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Outputs:
bastion_id = "ocid1.bastion.oc1.uk-london-1.amaaaaaa..."Comments (0)
Please to add comments
No comments yet. Be the first to comment!