Add oci managed terraform + create snet module

2025-08-13 22:39:06 +02:00 · 2024-03-03 14:03:14 +01:00
parent 32fd6300bf
commit 114f0ce3d5
8 changed files with 222 additions and 0 deletions
--- a/oci-managed/snet/security_rules.tf
+++ b/oci-managed/snet/security_rules.tf
@@ -0,0 +1,108 @@
+resource "oci_core_security_list" "private_subnet_sl" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = var.vcn_id
+
+  display_name = "${var.cluster_name}-${var.environment}-private-subnet-sl"
+
+  egress_security_rules {
+    stateless        = false
+    destination      = "0.0.0.0/0"
+    destination_type = "CIDR_BLOCK"
+    protocol         = "all"
+  }
+  
+  ingress_security_rules {
+    stateless   = false
+    source      = "10.0.0.0/16"
+    source_type = "CIDR_BLOCK"
+    protocol    = "all"
+  }
+
+  ingress_security_rules {
+    stateless   = false
+    source      = "10.0.0.0/24"
+    source_type = "CIDR_BLOCK"
+    protocol    = "6"
+    tcp_options {
+      min = 10256
+      max = 10256
+    }
+  }
+
+  ingress_security_rules {
+    stateless   = false
+    source      = "10.0.0.0/24"
+    source_type = "CIDR_BLOCK"
+    protocol    = "6"
+    tcp_options {
+      min = 31600
+      max = 31600
+    }
+  }
+}
+
+resource "oci_core_security_list" "public_subnet_sl" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = var.vcn_id
+
+  display_name = "${var.cluster_name}-${var.environment}-public-subnet-sl"
+
+  egress_security_rules {
+    stateless        = false
+    destination      = "0.0.0.0/0"
+    destination_type = "CIDR_BLOCK"
+    protocol         = "all"
+  }
+  
+  egress_security_rules {
+    stateless        = false
+    destination      = "10.0.1.0/24"
+    destination_type = "CIDR_BLOCK"
+    protocol         = "6"
+    tcp_options {
+      min = 31600
+      max = 31600
+    }
+  }
+
+  egress_security_rules {
+    stateless        = false
+    destination      = "10.0.1.0/24"
+    destination_type = "CIDR_BLOCK"
+    protocol         = "6"
+    tcp_options {
+      min = 10256
+      max = 10256
+    }
+  }
+
+  ingress_security_rules {
+    protocol    = "6"
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    stateless   = false
+
+    tcp_options {
+      max = 80
+      min = 80
+    }
+  } 
+
+  ingress_security_rules {
+    stateless   = false
+    source      = "10.0.0.0/16"
+    source_type = "CIDR_BLOCK"
+    protocol    = "all"
+  }
+
+  ingress_security_rules {
+    stateless   = false
+    source      = "0.0.0.0/0"
+    source_type = "CIDR_BLOCK"
+    protocol    = "6"
+    tcp_options {
+      min = 6443
+      max = 6443
+    }
+  }
+}