This module creates a VPC with any number of subnets across 1, 2, or 3 zones. It will create an example ACL and can optionally create public gateways for each zone.
- VPC
- Subnets
- Public Gateway
- Access Control List (ACL)
- Module Variables
- Outputs
- As a Module in a Larger Architecture
This module creates a VPC in a single region inside a resource group.
Use IBM Cloud™ Virtual Private Cloud to create your own space in IBM Cloud™. A virtual private cloud (VPC) is a secure, isolated virtual network that combines the security of a private cloud with the availability and scalability of IBM's public cloud. 1
-
classic_access- Can betrueorfalse. -
You can set up access from a VPC to your IBM Cloud classic infrastructure, including Direct Link connectivity. One VPC per region can communicate with classic resources.2
This module creates any of number of subnets in each of up to 3 geographic zones in the region where the VPC was created.
Each subnet consists of a specified IP address range (CIDR block). Subnets are bound to a single zone, and they cannot span multiple zones or regions. Subnets in the same VPC are connected to each other. 3
This module can optionally create public gateways attached to the subnets.
A Public Gateway enables a subnet and all its attached virtual server instances to connect to the internet. Subnets are private by default. After a subnet is attached to the public gateway, all instances in that subnet can connect to the internet. Although each zone has only one public gateway, the public gateway can be attached to multiple subnets.4
This module creates an ACL and attaches it to the subnets
You can use an access control list (ACL) to control all incoming and outgoing traffic in IBM Cloud™ Virtual Private Cloud. An ACL is a built-in, virtual firewall, similar to a security group. In contrast to security groups, ACL rules control traffic to and from the subnets, rather than to and from the instances.5
| Variable | Type | Description | Default |
|---|---|---|---|
| ibmcloud_api_key | string | The IBM Cloud platform API key needed to deploy IAM enabled resources | |
| unique_id | string | A unique identifier need to provision resources. Must begin with a letter | "asset-multizone" |
| ibm_region | string | IBM Cloud region where all resources will be deployed | |
| resource_group | string | Name of resource group where all infrastructure will be provisioned | "asset-development" |
| classic_access | bool | Enable VPC Classic Access. Note: only one VPC per region can have classic access | false |
| enable_public_gateway | bool | Enable public gateways for subnets, true or false. | true |
| cidr_blocks | An object containing lists of CIDR blocks. Each CIDR block will be used to create a subnet | {zone-1 = ["10.10.10.0/28","10.20.10.0/28","10.30.10.0/28" ],zone-2 = ["10.40.10.0/28","10.50.10.0/28","10.60.10.0/28" ],zone-3 = ["10.70.10.0/28","10.80.10.0/28","10.90.10.0/28" ]} |
|
| acl_rules | Access control list rule set | [{name = "allow-all-inbound"action = "allow"source = "0.0.0.0/0"destination = "0.0.0.0/0"direction = "inbound"},{name = "allow-all-outbound"action = "allow"source = "0.0.0.0/0"destination = "0.0.0.0/0"direction = "outbound"}] |
|
| security_group_rules | map | List of security group rules to be added to default security group | {allow_all_inbound = {source = "0.0.0.0/0"direction = "inbound"}`} |