This module creates a multizone VPC in a single region with a single subnet in each zone. It will create an example ACL and can optionally create public gateways for each zone. xwww
- VPC
- Subnets
- Public Gateway
- Access Control List (ACL)
- Module Variables
- Outputs
- As a Module in a Larger Architecture
This module creates a VPC in a single region inside a resource group.
Use IBM Cloud™ Virtual Private Cloud to create your own space in IBM Cloud™. A virtual private cloud (VPC) is a secure, isolated virtual network that combines the security of a private cloud with the availability and scalability of IBM's public cloud. 1
classic_access
- Can betrue
orfalse
.- You can set up access from a VPC to your IBM Cloud classic infrastructure, including Direct Link connectivity. One VPC per region can communicate with classic resources.2
This module creates 3 subnets, one in each of the geographic zones in the region where the VPC was created.
Each subnet consists of a specified IP address range (CIDR block). Subnets are bound to a single zone, and they cannot span multiple zones or regions. Subnets in the same VPC are connected to each other. 3
cidr_blocks
- List of IP ranges- A list of three IP address ranges within the VPC where the subnet will be created.
- Cannot be a reserved IP address
- More about using the ibm_is_vpc_address_prefix terraform block in v0.12.0
- More about using the ibm_is_vpc_address_prefix terraform block in v0.12.0
- More about using the ibm_is_subnet terraform block in v0.12.0
This module can optionally create public gateways attached to the subnets.
A Public Gateway enables a subnet and all its attached virtual server instances to connect to the internet. Subnets are private by default. After a subnet is attached to the public gateway, all instances in that subnet can connect to the internet. Although each zone has only one public gateway, the public gateway can be attached to multiple subnets.4
This module creates an ACL and attaches it to the subnets
You can use an access control list (ACL) to control all incoming and outgoing traffic in IBM Cloud™ Virtual Private Cloud. An ACL is a built-in, virtual firewall, similar to a security group. In contrast to security groups, ACL rules control traffic to and from the subnets, rather than to and from the instances.5
Default variables can be overwritten, any variables without a default must have a value entered in for the module to run.
Variable | Type | Description | Default |
---|---|---|---|
ibmcloud_apikey |
String | IBM Cloud IAM API Key | |
ibm_region |
String | IBM Cloud region where all resources will be deployed | us-south |
resource_group |
String | Name of resource group to provision resources | default |
unique_id |
String | Prefix for all resources created in the module. Must begin with a letter. | |
tags |
List | A list of tags for resources created | ["multizone-vpc-module"] |
classic_access |
Boolean | VPC Classic Access | false |
cidr_blocks |
List | List of CIDR blocks for the subnets | ["10.10.10.0/24", "10.10.11.0/24", "10.10.12.0/24"] |
vpc_id
: ID of VPC createdsubnet_ids
: List of subnets created by moduleacl_id
: ID of ACL created
Use the ./module
folder to include this in a larger architecture
Declaring this Module:
data ibm_resource_group resource_group {
name = "<your resource group name>"
}
module vpc {
source = "./<path to your code>"
ibm_region = "<your value or reference>"
resource_group_id = "${data.ibm_resource_group.resource_group.id}"
unique_id = "<your value or reference>"
}
data ibm_resource_group resource_group {
name = "<your resource group name>"
}
module vpc {
source = "./<path to your code>"
ibm_region = "<your value or reference>"
resource_group_id = "${data.ibm_resource_group.resource_group.id}"
unique_id = "<your value or reference>"
tags = "<your value or reference>"
classic_access = "<your value or reference>"
cidr_blocks = "<your value or reference>"
}