Skip to content


Repository files navigation


Although Oracle Cloud Infrastructure offers network security controls through security lists and network security groups, in some scenarios different types of network security are required. For those scenarios, Oracle Cloud Infrastructure uses virtual cloud networks (VCN) and subnets to lay the different segments of the network, and the firewall to handle the security controls.

For details of the architecture, see Protect your cloud resources using a virtual firewall

Architecture Diagram

Terraform Provider for Oracle Cloud Infrastructure

The OCI Terraform Provider is now available for automatic download through the Terraform Provider Registry. For more information on how to get started view the documentation and setup guide.


  • Permission to manage the following types of resources in your Oracle Cloud Infrastructure tenancy: vcns, internet-gateways, route-tables, network-security-groups, subnets, and instances.

  • Quota to create the following resources: 2 VCN, 4 subnets, 1 Internet Gateway, 2 route rules, and 4 compute instance.

If you don't have the required permissions and quota, contact your tenancy administrator. See Policy Reference, Service Limits, Compartment Quotas

  • OCID of compartments with Security Zone and without Security Zone enabled

Deploy Using Oracle Resource Manager

  1. Click Deploy to Oracle Cloud

If you aren't already signed in, when prompted, enter the tenancy and user credentials.

  1. Review and accept the terms and conditions.

  2. Select the region where you want to deploy the stack.

  3. Follow the on-screen prompts and instructions to create the stack.

  4. After creating the stack, click Terraform Actions, and select Plan.

  5. Wait for the job to be completed, and review the plan.

    To make any changes, return to the Stack Details page, click Edit Stack, and make the required changes. Then, run the Plan action again.

  6. If no further changes are necessary, return to the Stack Details page, click Terraform Actions, and select Apply.

Deploy Using the Terraform CLI

Clone the Module and initialize

You'll want a local copy of this repo. You can make that with the commands:

git clone
cd terraform-oci-arch-virtual-firewall

You'll need to do some pre-deploy setup. That's all detailed here. Initialize them in terraform.tfvars file and populate with the following information:

# Authentication
tenancy_ocid         = "<tenancy_ocid>"
user_ocid            = "<user_ocid>"
fingerprint          = "<finger_print>"
private_key_path     = "<pem_private_key_path>"

# Region
region = "<oci_region>"

# Compartment
compartment_ocid = "<compartment_ocid>"

NOTE: There are other variables that are assigned default value such as VCN CIDR and others. These can be changed in file


terraform init
terraform plan
terraform apply

Destroy the Deployment

When you no longer need the deployment, you can run this command to destroy it:

terraform destroy