This module manages Oracle Cloud Infrastructure (OCI) Subnets. A subnet is a subdivision of a Virtual Cloud Network (VCN) that contains a contiguous range of IP addresses. Subnets enable you to group related resources and apply network policies at a granular level.
Key concepts:
- Hierarchical relationship: VCN → Subnet → Resources
- Public vs Private subnets: Controlled by
prohibit_public_ip_on_vnicparameter - Route Tables: Control traffic routing between subnets and to external networks
- Security Lists: Stateful firewall rules at the subnet level
- Network Security Groups (NSG): Stateful firewall rules at the instance level
- Regional vs AD-specific: Subnets can be regional or tied to a specific Availability Domain
- CIDR rules: Subnet CIDR must be within VCN CIDR and not overlap with other subnets
- DNS integration: DNS labels enable FQDN resolution for instances
Important considerations:
- Each subnet must have a unique CIDR block within its VCN
- Subnets can be associated with route tables and security lists
- Network Security Groups provide additional security at the instance level
- Regional subnets span all Availability Domains in the region
- AD-specific subnets are tied to a single Availability Domain
This document provides examples of how to use the subnet module.
module "subnet" {
source = "github.com/hadenlabs/terraform-oci//modules/subnet"
compartment_id = "ocid1.compartment.oc1..example"
vcn_id = "ocid1.vcn.oc1..example"
cidr_block = "10.0.1.0/24"
display_name = "my-subnet"
module_enabled = true
}module "public_subnet" {
source = "github.com/hadenlabs/terraform-oci//modules/subnet"
compartment_id = "ocid1.compartment.oc1..example"
vcn_id = "ocid1.vcn.oc1..example"
cidr_block = "10.0.2.0/24"
display_name = "public-subnet"
prohibit_public_ip_on_vnic = false # Allow public IPs
module_enabled = true
}module "private_subnet" {
source = "github.com/hadenlabs/terraform-oci//modules/subnet"
compartment_id = "ocid1.compartment.oc1..example"
vcn_id = "ocid1.vcn.oc1..example"
cidr_block = "10.0.3.0/24"
display_name = "private-subnet"
prohibit_public_ip_on_vnic = true # Prohibit public IPs (default)
module_enabled = true
}module "subnet_with_route_table" {
source = "github.com/hadenlabs/terraform-oci//modules/subnet"
compartment_id = "ocid1.compartment.oc1..example"
vcn_id = "ocid1.vcn.oc1..example"
cidr_block = "10.0.4.0/24"
display_name = "subnet-with-route"
route_table_id = "ocid1.routetable.oc1..example"
module_enabled = true
}module "subnet_with_security_lists" {
source = "github.com/hadenlabs/terraform-oci//modules/subnet"
compartment_id = "ocid1.compartment.oc1..example"
vcn_id = "ocid1.vcn.oc1..example"
cidr_block = "10.0.5.0/24"
display_name = "subnet-with-security"
security_list_ids = [
"ocid1.securitylist.oc1..example1",
"ocid1.securitylist.oc1..example2"
]
module_enabled = true
}module "subnet_with_dns" {
source = "github.com/hadenlabs/terraform-oci//modules/subnet"
compartment_id = "ocid1.compartment.oc1..example"
vcn_id = "ocid1.vcn.oc1..example"
cidr_block = "10.0.6.0/24"
display_name = "dns-subnet"
dns_label = "appsubnet"
module_enabled = true
}module "subnet_for_compute" {
source = "github.com/hadenlabs/terraform-oci//modules/subnet"
compartment_id = "ocid1.compartment.oc1..example"
vcn_id = "ocid1.vcn.oc1..example"
cidr_block = "10.0.7.0/24"
display_name = "compute-subnet"
module_enabled = true
}
module "compute_instance" {
source = "github.com/hadenlabs/terraform-oci//modules/compute"
compartment_id = "ocid1.compartment.oc1..example"
availability_domain = "us-ashburn-1"
shape = "VM.Standard.E4.Flex"
subnet_id = module.subnet_for_compute.subnet_id # Using subnet output
display_name = "my-instance"
image_id = "ocid1.image.oc1..example"
ssh_public_key = "ssh-rsa AAAAB3NzaC1yc2E..."
module_enabled = true
}module "conditional_subnet" {
source = "github.com/hadenlabs/terraform-oci//modules/subnet"
compartment_id = "ocid1.compartment.oc1..example"
vcn_id = "ocid1.vcn.oc1..example"
cidr_block = "10.0.8.0/24"
display_name = "conditional-subnet"
# Enable subnet only in production environment
module_enabled = var.environment == "production"
}module "subnet_with_tags" {
source = "github.com/hadenlabs/terraform-oci//modules/subnet"
compartment_id = "ocid1.compartment.oc1..example"
vcn_id = "ocid1.vcn.oc1..example"
cidr_block = "10.0.9.0/24"
display_name = "tagged-subnet"
freeform_tags = {
Environment = "Production"
Department = "Engineering"
Project = "Terraform-OCI"
}
defined_tags = {
"Oracle-Tags.CreatedBy" = "terraform"
"Oracle-Tags.CreatedOn" = "2024-01-01"
}
module_enabled = true
}module "ad_specific_subnet" {
source = "github.com/hadenlabs/terraform-oci//modules/subnet"
compartment_id = "ocid1.compartment.oc1..example"
vcn_id = "ocid1.vcn.oc1..example"
cidr_block = "10.0.10.0/24"
display_name = "ad-subnet"
availability_domain = "us-ashburn-1-AD-1" # Specific AD
module_enabled = true
}module "complete_subnet" {
source = "github.com/hadenlabs/terraform-oci//modules/subnet"
compartment_id = "ocid1.compartment.oc1..example"
vcn_id = "ocid1.vcn.oc1..example"
cidr_block = "10.0.11.0/24"
display_name = "complete-subnet"
availability_domain = "us-ashburn-1-AD-1"
route_table_id = "ocid1.routetable.oc1..example"
security_list_ids = ["ocid1.securitylist.oc1..example"]
prohibit_public_ip_on_vnic = false
dns_label = "complete"
freeform_tags = {
Environment = "Development"
Owner = "DevOps"
}
defined_tags = {
"Oracle-Tags.CreatedBy" = "terraform-module"
}
module_enabled = true
}| Name | Version |
|---|---|
| terraform | >= 1.0.0 |
| oci | >= 4.67.3 |
| Name | Version |
|---|---|
| oci | 8.3.0 |
No modules.
| Name | Type |
|---|---|
| oci_core_subnet.this | resource |
| oci_identity_availability_domains.this | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| availability_domain | The availability domain for the subnet. If not specified, the subnet will be regional. | string |
null |
no |
| cidr_block | The CIDR block for the subnet. Must be a valid CIDR within the VCN's CIDR range and not overlap with other subnets in the same VCN. | string |
n/a | yes |
| compartment_id | The OCID of the compartment | string |
n/a | yes |
| defined_tags | Defined tags for the subnet | map(string) |
{} |
no |
| display_name | The display name of the subnet | string |
n/a | yes |
| dns_label | A DNS label for the subnet, used in conjunction with the VNIC's hostname and VCN's DNS label to form a fully qualified domain name (FQDN) for instances in this subnet | string |
null |
no |
| freeform_tags | Freeform tags for the subnet | map(string) |
{} |
no |
| module_enabled | (Optional) Whether to create resources within the module or not. Default is true. | bool |
true |
no |
| prohibit_public_ip_on_vnic | Whether to prohibit public IP addresses on VNICs in this subnet. Set to true for private subnets, false for public subnets. | bool |
true |
no |
| route_table_id | The OCID of the route table to associate with the subnet | string |
null |
no |
| security_list_ids | List of security list OCIDs to associate with the subnet | list(string) |
[] |
no |
| vcn_id | The OCID of the VCN | string |
n/a | yes |
| Name | Description |
|---|---|
| availability_domain | The availability domain of the subnet |
| cidr_block | The CIDR block of the subnet |
| compartment_id | The OCID of the compartment containing the subnet |
| defined_tags | The defined tags of the subnet |
| display_name | The display name of the subnet |
| dns_label | The DNS label of the subnet |
| freeform_tags | The freeform tags of the subnet |
| module_enabled | (Optional) Whether to create resources within the module or not. Default is true. |
| prohibit_public_ip_on_vnic | Whether public IP addresses are prohibited on VNICs in this subnet |
| route_table_id | The OCID of the route table associated with the subnet |
| security_list_ids | List of security list OCIDs associated with the subnet |
| state | The current state of the subnet |
| subnet_id | The OCID of the created subnet |
| time_created | The date and time the subnet was created |
| vcn_id | The OCID of the VCN containing the subnet |
| virtual_router_ip | The IP address of the virtual router for the subnet |
| virtual_router_mac | The MAC address of the virtual router for the subnet |
File a GitHub issue.
See Contributing.
This Module follows the principles of Semantic Versioning (SemVer).
Using the given version number of MAJOR.MINOR.PATCH, we apply the following constructs:
- Use the
MAJORversion for incompatible changes. - Use the
MINORversion when adding functionality in a backwards compatible manner. - Use the
PATCHversion when introducing backwards compatible bug fixes.
- In the context of initial development, backwards compatibility in versions
0.0.zis not guaranteed whenzis increased. (Initial development) - In the context of pre-release, backwards compatibility in versions
0.y.zis not guaranteed whenyis increased. (Pre-release)
Copyright © 2018-2026 Hadenlabs
All other trademarks referenced herein are the property of their respective owners.
The code and styles are licensed under the LGPL-3.0 license See project license..