| api_fingerprint |
The fingerprint of API |
string |
"" |
no |
| api_private_key |
The API private key |
string |
"" |
no |
| api_private_key_path |
The local path to the API private key |
string |
"" |
no |
| archive_log_retention_policy_duration_amount |
The timeAmount is interpreted in units defined by the timeUnit parameter, and is calculated in relation to each object's Last-Modified timestamp. |
string |
"1" |
no |
| archive_log_retention_policy_duration_time_unit |
The unit that should be used to interpret timeAmount. |
string |
"DAYS" |
no |
| bgp_md5auth_key |
The key for BGP MD5 authentication. Only applicable if your system requires MD5 authentication |
string |
"" |
no |
| break_glass_user_email_list |
Unique list of break glass user email addresses that do not exist in the tenancy. These users are added to the Administrator group. |
list(string) |
[] |
no |
| cloud_guard_target_tenancy |
true if cloud guard targets to tenancy, false if cloud guard targets to Landing Zone home compartment |
bool |
false |
no |
| current_user_ocid |
The OCID of the current user |
string |
"" |
no |
| customer_onprem_ip_cidr |
n/a |
list(string) |
[] |
no |
| customer_primary_bgp_peering_ip |
The primary BGP IPv4 address of the customer's router |
string |
"" |
no |
| customer_secondary_bgp_peering_ip |
[Optional] The secondary BGP IPv4 address of the customer's router |
string |
"" |
no |
| enable_cloud_guard |
true if you don't have cloud guard enabled, false if you've already have cloud guard enabled. |
bool |
true |
no |
| enable_compartment_delete |
Set to true to allow the compartments to delete on terraform destroy. |
bool |
true |
no |
| enable_vpn_or_fastconnect |
Option to enable VPN or FASTCONNECT service. Options are NONE, VPN, FASTCONNECT. |
string |
"NONE" |
no |
| fastconnect_provider |
Fastconnect provider. Please choose from: AT&T, Azure, Megaport, QTS, CEintro, Cologix, CoreSite, Digitial Realty, EdgeConneX, Epsilon, Equinix, InterCloud, Lumen, Neutrona, OMCS, OracleL2ItegDeployment, OracleL3ItegDeployment, Orange, Verizon, Zayo |
string |
"" |
no |
| fastconnect_routing_policy |
Available FastConnect routing policies: ORACLE_SERVICE_NETWORK, REGIONAL, MARKET_LEVEL, GLOBAL |
list(string) |
[] |
no |
| home_compartment_name |
The name of the Landing Zone home compartment. |
string |
"OCI-ELZ-CMP-HOME" |
no |
| igw_hub_check |
n/a |
list(string) |
[
""
] |
no |
| nat_gw_hub_check |
n/a |
list(string) |
[
""
] |
no |
| nat_gw_spoke_check |
n/a |
list(string) |
[
""
] |
no |
| nonprod_application_admin_group_name |
The group name for the OCI Application Administrators Group. Defaults to OCI-ELZ-UGP-N-APP-ADMIN if blank or not provided. |
string |
"" |
no |
| nonprod_bastion_client_cidr_block_allow_list |
A list of address ranges in CIDR notation that you want to allow to connect to sessions hosted by this bastion. |
list(string) |
n/a |
yes |
| nonprod_bgp_cust_tunnela_ip |
The IP address for the CPE end of the inside tunnel interface. |
string |
"" |
no |
| nonprod_bgp_oci_tunnela_ip |
The IP address for the Oracle end of the inside tunnel interface. |
string |
"" |
no |
| nonprod_budget_alert_rule_message |
The alert message for budget alerts. Required if nonprod_enable_budget is true. |
string |
"" |
no |
| nonprod_budget_alert_rule_recipients |
The delimited list of email addresses to receive the alert when it triggers. Delimiter characters can be a comma, space, TAB, or semicolon. Required if nonprod_enable_budget is true. |
string |
"" |
no |
| nonprod_budget_alert_rule_threshold |
The threshold for the budget alert. Required if nonprod_enable_budget is true. |
string |
"" |
no |
| nonprod_budget_amount |
The amount of the budget expressed as a whole number in the currency of the customer's rate card. Required if nonprod_enable_budget is true. |
string |
"" |
no |
| nonprod_cost_center_tagging |
Non-ProductionGeo Location. |
string |
n/a |
yes |
| nonprod_cpe_display_name |
Customer Premises Equipment name. Recommendation: OCI-ELZ-CPE-[Environment]-HUB-[Region] 001 |
string |
"" |
no |
| nonprod_cpe_ip_address |
Customer Premises Equipment (CPE) IP address |
string |
"" |
no |
| nonprod_cpe_vendor |
Type corresponding number as your CPE vendor: Yamaha-RTX1210 0, Other 1, Cisco-9.7.1-or-later 2, Yamaha-RTX830 3, Libreswan 4, Fortinet 5, NEC 6, Cisco-8.5+ 7, Cisco-IOS 8, WatchGuard 9, Juniper-MX 10, Juniper-SRX 11, Furukawa 12, Check_Point 13, Palo_Alto 14 |
number |
0 |
no |
| nonprod_create_master_encryption_key |
Option create master encryption key |
bool |
true |
no |
| nonprod_customer_bgp_asn |
ASN is required and used for the tunnel's BGP session |
string |
"" |
no |
| nonprod_database_admin_group_name |
The group name for the OCI Database Logging Administrators Group. Defaults to OCI-ELZ-UGP-N-DB-ADMIN if blank or not provided. |
string |
"" |
no |
| nonprod_domain_admin_email |
The email address for the non prod identity domain admin. |
string |
n/a |
yes |
| nonprod_enable_bastion |
Option to enable bastion service |
bool |
n/a |
yes |
| nonprod_enable_budget |
n/a |
bool |
n/a |
yes |
| nonprod_enable_fastconnect |
[Please don't change this value] Enable fastconnect in non prod environment. |
bool |
false |
no |
| nonprod_enable_internet_gateway_hub |
Option to enable TRUE and Disable false. |
string |
"false" |
no |
| nonprod_enable_nat_gateway_hub |
Option to enable TRUE and Disable false. |
string |
"false" |
no |
| nonprod_enable_nat_gateway_spoke |
Option to enable TRUE and Disable false. |
string |
"false" |
no |
| nonprod_enable_network_monitoring_alarms |
Enable Network Monitoring Alarms in Non-Production Network Compartment |
bool |
false |
no |
| nonprod_enable_security_monitoring_alarms |
Enable Security Monitoring Alarms in Non-Production Security Compartment |
bool |
false |
no |
| nonprod_enable_service_gateway_hub |
Option to enable TRUE and Disable false. |
string |
"false" |
no |
| nonprod_enable_service_gateway_spoke |
Option to enable TRUE and Disable false. |
string |
"false" |
no |
| nonprod_enable_tagging |
Option to enable Tagging gateway in Non-Production environment |
bool |
false |
no |
| nonprod_enable_vault_replication |
Option to enable vault replication |
bool |
false |
no |
| nonprod_enable_vpn |
Enable VPN in non prod environment |
bool |
false |
no |
| nonprod_enable_workload_monitoring_alarms |
Enable Workload Monitoring Alarms in Non-Production Workload Compartment |
bool |
false |
no |
| nonprod_geo_location_tagging |
Non-Production Geo Location. |
string |
n/a |
yes |
| nonprod_hub_private_subnet_cidr_block |
Non-Production Enivornment HUB Private Subnet CIDR Block. |
string |
n/a |
yes |
| nonprod_hub_public_subnet_cidr_block |
Non-Production Enivornment HUB Public Subnet CIDR Block. |
string |
n/a |
yes |
| nonprod_hub_vcn_cidr_block |
Non-Production Enivornment HUB VCN CIDR Block. |
string |
n/a |
yes |
| nonprod_iam_admin_group_name |
The group name for the OCI Landing Zone IAM Administrators Group. Defaults to OCI-ELZ-UGP-N-IDP-ADMIN if blank or not provided. |
string |
"" |
no |
| nonprod_identity_topic_endpoints |
List of email addresses for Identity notifications. |
list(string) |
[] |
no |
| nonprod_ipsec_connection_static_routes |
n/a |
list(string) |
[
""
] |
no |
| nonprod_ipsec_display_name |
IPsec display name. Recommendation: OCI-ELZ-IPS-[Environment]-HUB-[Region] 001 |
string |
"" |
no |
| nonprod_ipsec_routing_type |
BGP dynamic routing, STATIC routing. Type BGP or STATIC |
string |
"STATIC" |
no |
| nonprod_network_admin_group_name |
The group name for the OCI Landing Zone Network Administrators Group. Defaults to OCI-ELZ-UGP-N-NET-ADMIN if blank or not provided. |
string |
"" |
no |
| nonprod_network_topic_endpoints |
List of email addresses for Network Warning and Critical notifications. |
list(string) |
[] |
no |
| nonprod_ops_admin_group_name |
The group name for the OCI Landing Zone Ops Administrators Group. Defaults to OCI-ELZ-UGP-N-OPS-ADMIN if blank or not provided. |
string |
"" |
no |
| nonprod_platform_admin_group_name |
The group name for the OCI Landing Zone Platform Administrators Group. Defaults to OCI-ELZ-UGP-N-PLT-ADMIN if blank or not provided. |
string |
"" |
no |
| nonprod_platform_topic_endpoints |
List of email addresses for Platform notifications. |
list(string) |
[] |
no |
| nonprod_retention_policy_duration_amount |
The timeAmount is interpreted in units defined by the timeUnit parameter, and is calculated in relation to each object's Last-Modified timestamp. |
string |
"1" |
no |
| nonprod_retention_policy_duration_time_unit |
The unit that should be used to interpret timeAmount. |
string |
"DAYS" |
no |
| nonprod_secops_topic_endpoints |
List of email addresses for Secops Warning and Critical notifications. |
list(string) |
[] |
no |
| nonprod_security_admin_group_name |
The group name for the OCI Landing Zone Security Administrators Group. Defaults to OCI-ELZ-UGP-N-SEC-ADMIN if blank or not provided. |
string |
"" |
no |
| nonprod_shared_secret |
The shared secret (pre-shared key) to use for the IPSec tunnel |
string |
"example" |
no |
| nonprod_spoke_subnet_app_cidr_block |
Non-Production Enivornment Spoke App Subnet CIDR Block. |
string |
n/a |
yes |
| nonprod_spoke_subnet_db_cidr_block |
Non-Production Enivornment Spoke DB Subnet CIDR Block. |
string |
n/a |
yes |
| nonprod_spoke_subnet_web_cidr_block |
Non-Production Enivornment Spoke Web Subnet CIDR Block. |
string |
n/a |
yes |
| nonprod_spoke_vcn_cidr |
Non-Production Enivornment Spoke VCN CIDR Block. |
string |
n/a |
yes |
| nonprod_tunnel_a_display_name |
Tunnel A display name. Recommendation: |
string |
"" |
no |
| nonprod_tunnel_b_display_name |
Tunnel B display name. Recommendation: |
string |
"" |
no |
| nonprod_vault_replica_region |
the region to be created replica to. Required if nonprod_enable_vault_replication is true. |
string |
"" |
no |
| nonprod_vault_type |
The type of vault to create. |
string |
"DEFAULT" |
no |
| nonprod_workload_admin_group_name |
The group name for the OCI Workload Administrators Group. Defaults to OCI-ELZ-UGP-N-WRK-ADMIN if blank or not provided. |
string |
"" |
no |
| nonprod_workload_topic_endpoints |
List of email addresses for Non Prod Workload notifications. |
list(string) |
[] |
no |
| onboard_log_analytics |
Set to true to onboard the tenancy to logging analytics. |
bool |
true |
no |
| oracle_primary_bgp_peering_ip |
The primary BGP IPv4 address for Oracle's end of the BGP session |
string |
"" |
no |
| oracle_secondary_bgp_peering_ip |
[Optional] Secondary IPv4 address for Oracle's end of the BGP session |
string |
"" |
no |
| prod_application_admin_group_name |
The group name for the OCI Application Administrators Group. Defaults to OCI-ELZ-UGP-P-APP-ADMIN if blank or not provided. |
string |
"" |
no |
| prod_bastion_client_cidr_block_allow_list |
A list of address ranges in CIDR notation that you want to allow to connect to sessions hosted by this bastion. |
list(string) |
n/a |
yes |
| prod_bgp_cust_tunnela_ip |
The IP address for the CPE end of the inside tunnel interface. |
string |
"" |
no |
| prod_bgp_oci_tunnela_ip |
The IP address for the Oracle end of the inside tunnel interface. |
string |
"" |
no |
| prod_budget_alert_rule_message |
The alert message for budget alerts. Required if prod_enable_budget is true. |
string |
"" |
no |
| prod_budget_alert_rule_recipients |
The delimited list of email addresses to receive the alert when it triggers. Delimiter characters can be a comma, space, TAB, or semicolon. Required if prod_enable_budget is true. |
string |
"" |
no |
| prod_budget_alert_rule_threshold |
The threshold for the budget alert. Required if prod_enable_budget is true. |
string |
"" |
no |
| prod_budget_amount |
The amount of the budget expressed as a whole number in the currency of the customer's rate card. Required if prod_enable_budget is true. |
string |
"" |
no |
| prod_cost_center_tagging |
Production Cost Center. |
string |
n/a |
yes |
| prod_cpe_display_name |
Customer Premises Equipment name. Recommendation: OCI-ELZ-CPE-[Environment]-HUB-[Region] 001 |
string |
"" |
no |
| prod_cpe_ip_address |
Customer Premises Equipment (CPE) IP address |
string |
"" |
no |
| prod_cpe_vendor |
Type corresponding number as your CPE vendor: Yamaha-RTX1210 0, Other 1, Cisco-9.7.1-or-later 2, Yamaha-RTX830 3, Libreswan 4, Fortinet 5, NEC 6, Cisco-8.5+ 7, Cisco-IOS 8, WatchGuard 9, Juniper-MX 10, Juniper-SRX 11, Furukawa 12, Check_Point 13, Palo_Alto 14 |
number |
0 |
no |
| prod_create_master_encryption_key |
Option create master encryption key |
bool |
true |
no |
| prod_customer_bgp_asn |
ASN is required and used for the tunnel's BGP session |
string |
"" |
no |
| prod_database_admin_group_name |
The group name for the OCI Database Logging Administrators Group. Defaults to OCI-ELZ-UGP-P-DB-ADMIN if blank or not provided. |
string |
"" |
no |
| prod_domain_admin_email |
The email address for the prod identity domain admin. |
string |
n/a |
yes |
| prod_enable_bastion |
Option to enable bastion service |
bool |
n/a |
yes |
| prod_enable_budget |
n/a |
bool |
n/a |
yes |
| prod_enable_fastconnect |
[Please don't change this value] Enable fastconnect in prod environment. |
bool |
true |
no |
| prod_enable_internet_gateway_hub |
Option to enable TRUE and Disable false. |
string |
"false" |
no |
| prod_enable_nat_gateway_hub |
Option to enable TRUE and Disable false. |
string |
"false" |
no |
| prod_enable_nat_gateway_spoke |
Option to enable TRUE and Disable false. |
string |
"false" |
no |
| prod_enable_network_monitoring_alarms |
Enable Network Monitoring Alarms in Production Network Compartment |
bool |
false |
no |
| prod_enable_security_monitoring_alarms |
Enable Security Monitoring Alarms in Production Security Compartment |
bool |
false |
no |
| prod_enable_service_gateway_hub |
Option to enable TRUE and Disable false. |
string |
"false" |
no |
| prod_enable_service_gateway_spoke |
Option to enable TRUE and Disable false. |
string |
"false" |
no |
| prod_enable_tagging |
Option to enable Tagging gateway in Production environment |
bool |
false |
no |
| prod_enable_vault_replication |
Option to enable vault replication |
bool |
false |
no |
| prod_enable_vpn |
Enable VPN in prod environment |
bool |
false |
no |
| prod_enable_workload_monitoring_alarms |
Enable Workload Monitoring Alarms in Production Workload Compartment |
bool |
false |
no |
| prod_geo_location_tagging |
Production Geo Center. |
string |
n/a |
yes |
| prod_hub_private_subnet_cidr_block |
Production Enivornment HUB Private Subnet CIDR Block. |
string |
n/a |
yes |
| prod_hub_public_subnet_cidr_block |
Production Enivornment HUB Public Subnet CIDR Block. |
string |
n/a |
yes |
| prod_hub_vcn_cidr_block |
Production Enivornment HUB VCN CIDR Block. |
string |
n/a |
yes |
| prod_iam_admin_group_name |
The group name for the OCI Landing Zone IAM Administrators Group. Defaults to OCI-ELZ-UGP-P-IDP-ADMIN if blank or not provided. |
string |
"" |
no |
| prod_identity_topic_endpoints |
List of email addresses for Identity notifications. |
list(string) |
[] |
no |
| prod_ipsec_connection_static_routes |
n/a |
list(string) |
[
""
] |
no |
| prod_ipsec_display_name |
IPsec display name. Recommendation: OCI-ELZ-IPS-[Environment]-HUB-[Region] 001 |
string |
"" |
no |
| prod_ipsec_routing_type |
BGP dynamic routing, STATIC routing. Type BGP or STATIC |
string |
"STATIC" |
no |
| prod_network_admin_group_name |
The group name for the OCI Landing Zone Network Administrators Group. Defaults to OCI-ELZ-UGP-P-NET-ADMIN if blank or not provided. |
string |
"" |
no |
| prod_network_topic_endpoints |
List of email addresses for Network Warning and Critical notifications. |
list(string) |
[] |
no |
| prod_ops_admin_group_name |
The group name for the OCI Landing Zone Ops Administrators Group. Defaults to OCI-ELZ-UGP-P-OPS-ADMIN if blank or not provided. |
string |
"" |
no |
| prod_platform_admin_group_name |
The group name for the OCI Landing Zone Platform Administrators Group. Defaults to OCI-ELZ-UGP-P-PLT-ADMIN if blank or not provided. |
string |
"" |
no |
| prod_platform_topic_endpoints |
List of email addresses for Platform notifications. |
list(string) |
[] |
no |
| prod_retention_policy_duration_amount |
The timeAmount is interpreted in units defined by the timeUnit parameter, and is calculated in relation to each object's Last-Modified timestamp. |
string |
"1" |
no |
| prod_retention_policy_duration_time_unit |
The unit that should be used to interpret timeAmount. |
string |
"DAYS" |
no |
| prod_secops_topic_endpoints |
List of email addresses for Secops Warning and Critical notifications. |
list(string) |
[] |
no |
| prod_security_admin_group_name |
The group name for the OCI Landing Zone Security Administrators Group. Defaults to OCI-ELZ-UGP-P-SEC-ADMIN if blank or not provided. |
string |
"" |
no |
| prod_shared_secret |
The shared secret (pre-shared key) to use for the IPSec tunnel |
string |
"example" |
no |
| prod_spoke_subnet_app_cidr_block |
Production Enivornment Spoke App Subnet CIDR Block. |
string |
n/a |
yes |
| prod_spoke_subnet_db_cidr_block |
Production Enivornment Spoke DB Subnet CIDR Block. |
string |
n/a |
yes |
| prod_spoke_subnet_web_cidr_block |
Production Enivornment Spoke Web Subnet CIDR Block. |
string |
n/a |
yes |
| prod_spoke_vcn_cidr |
Production Enivornment Spoke VCN CIDR Block. |
string |
n/a |
yes |
| prod_tunnel_a_display_name |
Tunnel A display name. Recommendation: |
string |
"" |
no |
| prod_tunnel_b_display_name |
Tunnel B display name. Recommendation: |
string |
"" |
no |
| prod_vault_replica_region |
the region to be created replica to. Required if prod_enable_vault_replication is true. |
string |
"" |
no |
| prod_vault_type |
The type of vault to create. |
string |
"DEFAULT" |
no |
| prod_workload_admin_group_name |
The group name for the OCI Workload Administrators Group. Defaults to OCI-ELZ-UGP-P-WRK-ADMIN if blank or not provided. |
string |
"" |
no |
| prod_workload_topic_endpoints |
List of email addresses for Prod Workload notifications. |
list(string) |
[] |
no |
| provider_service_key_name |
The provider service key that the provider gives you when you set up a virtual circuit connection from the provider to OCI |
string |
"" |
no |
| region |
The OCI region |
string |
n/a |
yes |
| resource_label |
A prefix used to avoid naming conflicts if multiple Landing Zones are deployed. |
string |
"" |
no |
| service_gw_hub_check |
n/a |
list(string) |
[
""
] |
no |
| service_gw_spoke_check |
n/a |
list(string) |
[
""
] |
no |
| tenancy_ocid |
The OCID of tenancy |
string |
n/a |
yes |
| virtual_circuit_bandwidth_shape |
The provisioned data rate of the connection |
string |
"1500" |
no |
| virtual_circuit_customer_asn |
The BGP ASN of the network at the other end of the BGP session from Oracle |
string |
0 |
no |
| virtual_circuit_display_name |
The display name of this virtual circuit. Recommendation: OCI-ELZ-FCN-P-HUB-[REGION] 001 |
string |
"" |
no |
| virtual_circuit_is_bfd_enabled |
Set to true to enable BFD for IPv4 BGP peering, or set to false to disable BFD |
bool |
false |
no |
| virtual_circuit_type |
The type of IP addresses used in this virtual circuit. PRIVATE or PUBLIC |
string |
"" |
no |