Oracle Cloud Infrastructure Documentation

Oracle Enterprise Landing Zone v2 - Workload Expansion Configuration

This information describes the required and available configurations needed to deploy an Oracle Enterprise Landing Zone (OELZ) v2 Workload Expansion in Oracle Cloud Infrastructure (OCI).

Prerequisites

The OELZ stack should be fully deployed in the OCI tenancy.

Minimum Required Configuration

Deployment of the OELZ is controlled by several Terraform input variables, however most of these have sensible default values. The following information describes the minimum required configurations to deploy an OELZ workload expansion.

Basic Terraform Connection Information

The following information lists the required provider variables for the OELZ.

NameDescriptionTypeDefaultRequired
input_current_user_ocidID of the user to deploy OELZstring""Yes
input_api_fingerprintAPI fingerprint retrieved from the Consolestring""Yes
input_api_private_key_pathLocal path to the API private keystring""Yes
input_tenancy_ocidID of tenancystringn/aYes
input_regionOCI region to deploy the OELZ resources tostringn/aYes

Compartment Module

The following diagram shows the compartments for OELZ deployment of the workload expansion.


Diagram showing the compartments for OELZ deployment of the workload expansion.

The following information provides the required arguments for the OELZ workload compartment.

NameDescriptionTypeDefaultRequired
input_enable_compartment_deleteSet to true to allow the compartments to be deleted on Terraform destroy.booltrueYes
workload_compartment_nameName of the workload compartment under which all workload resources are deployed.string"OCI-ELZ-Workload1-[Region]-01"Yes
environment_compartment_idName of the parent compartment where the workload compartment is created.string"OCID Value"Yes
workload_expansion_flagFlag to enable workload expansion.booltrueYes
environment_prefixUnique prefix for the environment created in the baseline stack (such as N, P).string Yes

Network Module

The following information provides the required arguments for the OELZ workload network.

OELZ Workload Spoke VCN Related Variables

NameDescriptionTypeDefaultRequired
workload_prefixWorkload prefixstring"WRK1"Yes
vcn_display_nameWorkload spoke VCN display namestring"OCI-ELZ-${var.workload_prefix}-EXP-SPK-VCN-${local.region_key[0]}"No
workload_spoke_vcn_cidrWorkload spoke VCN IPv4 CIDR blockstring Yes
vcn_dns_labelWorkload spoke VCN DNS labelstring"wrkspokevcn"Yes

OELZ Workload Spoke VCN Subnet Related Variables

NameDescriptionTypeDefaultRequired
workload_private_spoke_subnet_web_display_nameWorkload spoke VCN web subnet display namestring"OCI-ELZ-${var.workload_prefix}-EXP-SPK-VCN-SUB-${local.region_key[0]}-001"No
workload_private_spoke_subnet_app_display_nameWorkload spoke VCN app subnet display namestring"OCI-ELZ-${var.workload_prefix}-EXP-SPK-VCN-SUB-${local.region_key[0]}-002"No
workload_private_spoke_subnet_db_display_nameWorkload spoke VCN DB subnet display namestring"OCI-ELZ-${var.workload_prefix}-EXP-SPK-VCN-SUB-${local.region_key[0]}-003"No
workload_private_spoke_subnet_web_cidr_blockWorkload spoke VCN web subnet CIDR blockstring""(Valid IPv4 Address)Yes
workload_private_spoke_subnet_app_cidr_blockWorkload spoke VCN app subnet CIDR blockstring""(Valid IPv4 Address)Yes
workload_private_spoke_subnet_db_cidr_blockWorkload spoke VCN DB subnet CIDR blockstring""(Valid IPv4 Address)Yes
workload_private_spoke_subnet_web_dns_labelWorkload spoke VCN web subnet DNS labelstring"wrkweblabel"Yes
workload_private_spoke_subnet_app_dns_labelWorkload spoke VCN app subnet DNS labelstring"wrkapplabel"Yes
workload_private_spoke_subnet_db_dns_labelWorkload spoke VCN DB subnet DNS labelstring"wrkdblabel"Yes

OELZ Workload Spoke VCN Gateway Related Variables

NameDescriptionTypeDefaultRequired
enable_nat_gateway_spokeEnable NAT gateway in spokeboolfalseYes
nat_gateway_display_nameWorkload spoke VCN NAT gateway display namestring"OCI-ELZ-${var.workload_prefix}-EXP-SPK-NAT-${local.region_key[0]}"No
enable_service_gateway_spokeEnable service gateway in spokeboolfalseYes
service_gateway_display_nameWorkload spoke VCN service gateway display namestring"OCI-ELZ-${var.workload_prefix}-EXP-SPK-SGW-${local.region_key[0]}"No

OELZ Workload Spoke VCN Route Table and Security List Related Variables

NameDescriptionTypeDefaultRequired
hub_public_subnet_cidr_blockHub public subnet IPv4 CIDR blockstring""(Valid IPv4 CIDR Block)Yes
hub_private_subnet_cidr_blockHub private subnet IPv4 CIDR blockstring""(Valid IPv4 CIDR Block)Yes

IAM

The following information provides the required arguments for workload expansion identity and access management (IAM).

NameDescriptionTypeDefaultRequired
workload_admin_group_nameWorkload Admin Group namestring"OCI-ELZ-UGP-[workload_prefix]-WRK-ADMIN"Yes
application_admin_group_nameWorkload Application Admin Group namestring"OCI-ELZ-UGP-[workload_prefix]-APP-ADMIN"Yes
database_admin_group_nameWorkload DB Admin Group namestring"OCI-ELZ-UGP-[workload_prefix]-DB-ADMIN"Yes

Policy

The following information provides the required arguments for workload expansion policy.

NameDescriptionTypeDefaultRequired
security_compartment_nameSecurity compartment namestring""Yes
security_compartment_ocidSecurity compartment Oracle Cloud Identifier (OCID)string""Yes
identity_domain_nameIdentity domain namestring""Yes
identity_domain_idIdentity domain OCIDstring""Yes

Monitoring

The following information provides the configuration options for workload monitoring.

NameDescriptionTypeDefaultRequired
input_workload_topic_endpointsList of email addresses for workload notificationslist(string)[]No
input_workload_namePrefix to avoid name conflicts in topicstringWNo
input_enable_network_monitoring_alarmsEnable network alarm in workload expansionboolfalseNo
input_enable_security_monitoring_alarmsEnable security alarm in workload expansionboolfalseNo
input_enable_workload_monitoring_alarmsEnable workload alarm in workload expansionboolfalseNo