oracle-devrel
diff --git a/‎landing-zones/README.md
Lines changed: 17 additions & 16 deletions b/‎landing-zones/README.md
Lines changed: 17 additions & 16 deletions
diff --git a/‎landing-zones/commons/EMEA_LandingZonesSpecialists_ExecOverview.pdf
-1.93 MB b/‎landing-zones/commons/EMEA_LandingZonesSpecialists_ExecOverview.pdf
-1.93 MB
diff --git a/‎landing-zones/commons/lz_solution_definition.md
Lines changed: 12 additions & 41 deletions b/‎landing-zones/commons/lz_solution_definition.md
Lines changed: 12 additions & 41 deletions
diff --git a/‎landing-zones/commons/oci_landingzones_iac.md
Lines changed: 105 additions & 0 deletions b/‎landing-zones/commons/oci_landingzones_iac.md
Lines changed: 105 additions & 0 deletions
@@ -1,4 +1,4 @@
-# **OCI Landing Zone Framework**
+# **OCI Landing Zones**
 
 &nbsp; 
 
@@ -12,29 +12,30 @@ The LZF was created by the EMEA Landing Zone Specialists, collaborating with wor
 
 | APPROACH  |  OBJECTIVE | DESCRIPTION | 
 |---|---|---|
-| <a href="/landing-zones/standard_landing_zones/standard_landing_zones.md" ><img src="images/slz.jpg" alt= “” width="500" height=""></a>  | **Basic Workloads** | **Prescribed** and **ready to use** solutions with a **guided setup** and  **IaC**. This is the  recommended approach for initial landing zone deployments covering the **most-common workload scenarios**.  | 
-| <a href="workload_landing_zones/workload_landing_zones.md" ><img src="images/wlz.jpg" alt= “” width="500" height=""> </a>  | **Specific Workloads** | A set of landing zones extension ready for specific **workloads**. Each flavour has a **design** with **IaC configurations** ready to be deployed. Examples are EBS, ExaCC, OCVS, OIC, OKE, CCC, etc. |  
-| <a href="tailored_landing_zones/tailored_landing_zones.md" ><img src="images/tlz.jpg" alt= “” width="500" height=""> </a>  | **All Workloads** | An approach to solve **specific requirements** when the standard is not enough. These LZs run with **configuration-as-code** and are used to scale/bridge with existing **operating models**, complying with fine-grained **segregations of duties**, strong **network isolation**, and heterogeneous **workloads**.  |  
-
+| <a href="/landing-zones/standard_landing_zones/readme.md"><img src="images/slz.jpg" alt= “” width="500" height=""></a>  | **Best Practices</br>3 Shapes** | **Three standard shapes/models** for different organization scopes, **ready to use** with **design blueprints** and  **IaC configurations**. Use these models directly or tailor them to your needs.  | 
+| <a href="tailored_landing_zones/readme.md" ><img src="images/tlz.jpg" alt= “” width="500" height=""> </a>  | **Tailored Design </br> Any Shape** | An approach to solve **specific requirements** when the standard models are not enough. A tailored model has **dedicated design views** to match requirements and an IaC runtime. This approach is commonly used to bridge **existing customer practices** in other CSPs. |  
+| <a href="workload_extensions/readme.md" ><img src="images/wext.jpg" alt= “” width="500" height=""> </a>  | **Workload Ready</br>Plug & Play** | **Complement your landing zone** with extensions ready for **specific workloads**. Each flavor has a **design** with **IaC configurations** ready to be deployed on top of standard or tailored landing zones. Examples are EBS, ExaCC, OCVS, OIC, OKE, CCC, etc. |  
 
 &nbsp; 
 
+
 If you're **starting with OCI landing zones**:
-1. Start with a **standard** landing zone as they're full of best practices. If it needs adjustments or **extensions on top** of the prescribed design, customize it by code or manually. 
-2. If you have a **specific target workload** that is available as a **workload landing zone**, use it directly. If it's not available, talk to us or use the tailored approach to set up your extensions.
-3. If your design is very **customized**, requiring **structural changes** to a standard landing zone (IAM or Network), and/or you need a **highly scalable operating model**, use the **tailored** approach to create your solution.
+1. Start with [**Standard Landing Zones**](/landing-zones/standard_landing_zones/readme.md) as they're full of best practices. There are [**three models/shapes**](/landing-zones/standard_landing_zones/readme.md#2-what-are-the-models-available) available for different scopes, we'll help you find the best fit [**here**](/landing-zones/standard_landing_zones/readme.md#3-decide-on-the-model-to-use).
+2. If your design is very **customized**, requiring **structural changes** to a standard landing zone (IAM or Network), and/or you need a **highly scalable operating model**, use the [**Tailored Landing Zones**](/landing-zones/tailored_landing_zones/readme.md) approach to create your solution.
+3. Complementary, if you have a **specific target workload** that is available as [**Workload Extensions**](/landing-zones/workload_extensions/readme.md), use it directly on top of your landing zone. If it's not available, feel free to reach out to us or use the tailored approach to set up your extensions.
+
 
 &nbsp; 
 
 The following **assets** are also available to improve the OCI landing experience:
-1. **Overview**: [Executive Overview of the Available Approaches](/landing-zones/commons/EMEA_LandingZonesSpecialists_ExecOverview.pdf)
-2. **Solution Definition**: [Creating a Landing Zone Solution Definition (**SDD**)](/landing-zones/commons/lz_solution_definition.md)
-3. **Workloads**: [How an OCI Workload Landing Zone Looks Like (**OCI EBS LZ**)](https://github.com/oracle-quickstart/terraform-oci-open-lz/tree/master/examples/oci-ebs-lz)
-4. **Tailored**: [How an OCI Tailored Landing Zone Looks Like (**OCI Open LZ**)](https://github.com/oracle-quickstart/terraform-oci-open-lz)
-5. **Learn**: [How to Design and Configure Landing Zones (**OCI Learn LZ**)](https://github.com/oracle-quickstart/terraform-oci-open-lz/tree/master/examples/oci-learn-lz)
-6. **Naming**: [Resource Naming Conventions for OCI](/landing-zones/commons/resource_naming_conventions.md)
-7. **Identity**: [OCI User Identity Management](/landing-zones/commons/user_identity_management.md)
-8. **Budgets**: [OCI Budgets and Tagging Recommendations](/landing-zones/commons/budgets_and_tagging.md)
+1. **Landing Zones**: [How a Complete OCI Landing Zone Looks Like (**OCI Open LZ**)](https://github.com/oracle-quickstart/terraform-oci-open-lz/tree/master/design)
+2. **Workloads Extensions**: [How an OCI Workload Extensions Looks Like (**OCI EBS LZ**)](https://github.com/oracle-quickstart/terraform-oci-open-lz/tree/master/examples/oci-ebs-lz)
+3. **Infrastructure-as-Code (IaC)**: [The Configurable IaC approach to OCI Landing Zones **(CIS Modules)**](/landing-zones/commons/oci_landingzones_iac.md).
+4. **Learn/DIY**: [How to Design and Configure OCI Landing Zones (**OCI Learn LZ**)](https://github.com/oracle-quickstart/terraform-oci-open-lz/tree/master/examples/oci-learn-lz)
+5. **Naming Conventions**: [Resource Naming Conventions for OCI](/landing-zones/commons/resource_naming_conventions.md)
+6. **Identity**: [OCI User Identity Management](/landing-zones/commons/user_identity_management.md)
+7. **Budgets**: [OCI Budgets and Tagging Recommendations](/landing-zones/commons/budgets_and_tagging.md)
+8. **Solution Definition**: [Creating a Landing Zone Solution Definition (**SDD**)](/landing-zones/commons/lz_solution_definition.md)
 
 
 &nbsp; 
 
@@ -4,9 +4,8 @@
 
 [1. Introduction](#1-introduction) </br>
 [2. Design Considerations](#1-design-considerations--decisions)</br>
-[3. Landing Zone Approach](#3-landing-zone-zone-approach) </br>
-[4. Standard Landing Zones](#4-standard-landing-zones) </br>
-[5. Tailored Landing Zones](#5-tailored-landing-zones)
+[3. How to Start](#3-landing-zone-zone-approach) </br>
+
 
 &nbsp; 
 
@@ -66,56 +65,28 @@ The following table presents the recommended operational topics to review in the
 &nbsp; 
 
 
-## **3. Landing Zone Zone Approach**
+## **3. How to Start**
 
-There are two types of landing zone approaches to consider:
 
+Find in the table below a summary of the two approaches for OCI Landing Zones.
 
-| APPROACH  |  DESCRIPTION | 
-|---|---|
-| [**Standard Landing Zones**](/landing-zones/standard_landing_zones/standard_landing_zones.md) | **Prescribed** and **ready to use** solutions with a **guided setup** and  **IaC**. This is the recommended approach for initial landing zone deployments covering the most common workload scenarios.  | 
-| [**Tailored Landing Zones**](/landing-zones/tailored_landing_zones/tailored_landing_zones.md) | An approach to solve **specific requirements** when the standard is not enough. These LZs run with **configuration-as-code** and are used to scale/bridge with existing **operating models**, complying with fine-grained **segregations of duties**, strong **network isolation**, and heterogeneous **workloads**.  | 
 
-&nbsp; 
 
-The **guidance** we recommend to follow is very simple:
+| APPROACH  |  OBJECTIVE | DESCRIPTION | 
+|---|---|---|
+|  [**Standard Landing Zones**](/landing-zones/standard_landing_zones/readme.md) | **Best Practices</br>3 Shapes** | **Three standard shapes/models** for different organization scopes, **ready to use** with **design blueprints** and  **IaC configurations**. Use these models directly or tailor them to your needs.  | 
+| [**Tailored Landing Zones**](/landing-zones/tailored_landing_zones/readme.md)  | **Tailored Design </br> Any Shape** | An approach to solve **specific requirements** when the standard models are not enough. A tailored model has **dedicated design views** to match requirements and an IaC runtime. This approach is commonly used to bridge **existing customer practices** in other CSPs. |  
 
-- If you're **starting** with OCI landing zones use a **standard landing zone** as they're full of best practices. If it needs adjustments or **extensions** on top of the prescribed design, customize it by code or manually. This approach is described in [next section](#4-standard-landing-zones).
-- If your [**requirements** are very **specific/detailed**](/landing-zones/tailored_landing_zones/tailored_landing_zones.md#1-what-are-tailored-landing-zones), or they imply structural changes to a standard landing zone, and/or you need a highly scalable operating model, **use the tailored approach** described in   [section 5](#5-tailored-landing-zones). 
 
 &nbsp; 
 
-
-## **4. Standard Landing Zones**
-
-
-| TOPIC  |  DESCRIPTION | 
-|---|---|
-| **APPROACH** | [Standard Landing Zones](/landing-zones/standard_landing_zones/standard_landing_zones.md) |
-| **SOLUTION** | [CIS Landing Zone](/landing-zones/standard_landing_zones/cis_lz_v2/cis_landing_zone_v2.md). CIS 1.2 [certified](https://www.cisecurity.org/partner/oracle) since september 2023. |
-| **SECURITY SCOPE** | Covers all topics in [section 2.1](#21-security).
-| **NETWORK SCOPE** | Covers all topics in [section 2.2](#22-network) exept ND.04 DNS.
-| **OPERATIONS SCOPE** | Covers OD.02 Tooling in [section 2.3](#23-operations). Note that standards landing zones normally have very simple and centralized operating models, and might not require the remaining elements. 
-| **RUNTIME** | Use the solution link for complete guidance on the **configuration** and **deployment** of this solution.
-| **EXTENSIONS** | **- Design**: For guidande on **extending** this **solution design** with OCI resources on top of the standard model review the [section 4](/landing-zones/standard_landing_zones/cis_lz_v2/cis_landing_zone_v2.md#4-extend-the-solution) of the CIS LZ solution. </br>**- Deployment/Run with IaC**: An alternative to add-ons on the solution v2 code base is using of the [CIS Landing Zone Enhanced Modules](https://www.ateam-oracle.com/post/cis-landing-zone-enhanced-modules), to **configure** the resources templates with *json/hcl* terraform native interfaces. | 
+The general recommendation when **starting with OCI landing zones** is:
+1. Start with [**Standard Landing Zones**](/landing-zones/standard_landing_zones/readme.md) as they're full of best practices. There are [**three models/shapes**](/landing-zones/standard_landing_zones/readme.md#2-what-are-the-models-available) available for different scopes, we'll help you find the best fit [**here**](/landing-zones/standard_landing_zones/readme.md#3-decide-on-the-model-to-use).
+2. If your design is very **customized**, requiring **structural changes** to a standard landing zone (IAM or Network), and/or you need a **highly scalable operating model**, use the [**Tailored Landing Zones**](/landing-zones/tailored_landing_zones/readme.md) approach to create your solution.
+3. Complementary, if you have a **specific target workload** that is available as [**Workload Extensions**](/landing-zones/workload_extensions/readme.md), use it directly on top of your landing zone. If it's not available, be free to reach out to us or use the tailored approach to set up your extensions.
 
 &nbsp; 
 
-## **5. Tailored Landing Zones**
-
-
-| TOPIC  |  DESCRIPTION | 
-|---|---|
-| **APPROACH** | [Tailored Landing Zones](/landing-zones/tailored_landing_zones/tailored_landing_zones.md)  |
-| **SOLUTION** | Use the [OCI Open LZ Blueprint](https://github.com/oracle-quickstart/terraform-oci-open-lz) to tailor your landing zone. There are also complementar [models](https://github.com/oracle-quickstart/terraform-oci-open-lz/blob/master/design/models/readme.md) for initial discussions. This solution uses CIS 1.2 compliant Terraform modules.|
-| **SECURITY SCOPE** | Covers all topics in [section 2.1](#21-security).
-| **NETWORK SCOPE** | Covers all topics in [section 2.2](#22-network).
-| **OPERATIONS SCOPE** | Covers all topics in [section 2.3](#23-operations) except OD.04 Integrations.
-| **RUNTIME** | - In terms of **deployment** and **running** your landing zone design, we recommend the use of the **[CIS Landing Zone Enhanced Modules](https://www.ateam-oracle.com/post/cis-landing-zone-enhanced-modules)**, to **configure** the resources with *json/hcl* terraform native interfaces. </br> - Note the [**OCI Open LZ Blueprint**](https://github.com/oracle-quickstart/terraform-oci-open-lz) also presents the **Runtime View** of the design, with IaC configurations for each operation scenario, using these same [modules](https://www.ateam-oracle.com/post/cis-landing-zone-enhanced-modules).
-| **EXTENSIONS** | Any extension is a new operation scenario and follows the same process and cloud operating model of all other scenarios. Refer to the **OCI Open LZ** [**Runtime View**](https://github.com/oracle-quickstart/terraform-oci-open-lz/blob/master/examples/oci-open-lz/readme.md) for examples and the [**Operations View**](https://github.com/oracle-quickstart/terraform-oci-open-lz/blob/master/design/OCI_Open_LZ.pdf) for more details on the cloud operating model.| 
-
-
-&nbsp; 
 
 &nbsp; 
 
 
@@ -0,0 +1,105 @@
+# **OCI Landing Zones - Infrastructure As Code**
+
+
+**Table of Contents**
+
+[1. Approach (What)](#1-approach)</br>
+[2. Architecture (How)](#2-the-runtime-architecture)</br>
+[3. Modules Engine (Where to Start)](#3-the-iac-engine)</br>
+
+&nbsp; 
+
+## 1.  Approach 
+
+To simplify and reduce overall efforts on OCI Landing Zones creation, deployment, and operations, we moved from classic Terraform programmatic/coded Landing Zones to **completely declarative IaC Landing Zones**. In other words, for [**Standard Landing Zones**](../standard_landing_zones/readme.md), [**Tailored Landing Zones**](../tailored_landing_zones/readme.md), and [**Workload Extensions**](../workload_extensions/readme.md), all OCI core resources are human-readable configuration files (json or yaml) - with zero coding needs.
+
+&nbsp; 
+
+<img src="../images/iac_1.png" alt= “” width="500" height="value">
+
+&nbsp; 
+
+By using this approach, in terms of IaC, all OCI Landing Zones share the following principles:
+
+1. **Runnable Design**: All OCI Landing Zones designs or workload extensions are translatable into declarative runnable IaC configurations.
+2. **Configurable**: All OCI Landing Zones are purely declarative with **IaC Configurations** - and not code.
+3. **One Engine**: All OCI Landing Zones use **one common Terraform engine**.
+
+
+
+&nbsp; 
+
+Several benefits can be achieved with this approach, such as:
+- **Reduced efforts** from our customers and partners as they will not spend time coding or time enabling their operations teams in deep terraform skills.
+- **Reduced time-to-value** or **time-to-production** from our customers and partners, as workloads can land earlier in OCI.
+- **Simpler provisioning and change** operations and fewer errors with human-readable files. Cloud operations teams don't require coding skills.
+- **Security with separation of duties** as the IaC developers do not interact with real configurations and cloud operations don't access code. 
+- **Eliminate waste/rework** by reinventing the wheel with new Terraform modules.
+- **A Scalable and secure operating model** can be used based on GitOps, where Git is the source of truth for any cloud operation. Versioning configuration files in repositories also provides a great audit capability.
+
+&nbsp; 
+
+## 2. The Runtime Architecture 
+
+The diagram below presents the runtime architecture following a top-down flow, from design to configuration, and from configuration to the creation of OCI resources.
+
+&nbsp; 
+
+<img src="../images/iac_2.jpg" alt= “” width="800" height="value">
+
+&nbsp; 
+
+
+
+1. **The first layer** presents the **design** elements for the [Standard Landing Zones](../standard_landing_zones/readme.md), [Tailored Landing Zones](../tailored_landing_zones/readme.md), and [Workload Extensions](../workload_extensions/readme.md).
+2. **The second layer** (green) presents the IaC Configurations for all the design elements of the layer above. All designs are translated into declarative configurations.
+3. **The third layer** (grey) presents the **tooling** used to run the **configurations** (green) against one set of **modules** (yellow). Note all the terraform modules available including the orchestration on top of core resources. Any automation tool, or even a manual command, can provide this execution.
+4. **In the last layer**, it's possible to see the **OCI resources** instantiated by the Terraform modules in the previous layer.
+
+&nbsp; 
+
+The next diagram depicts the key capabilities/benefits enabled by each building block. The design strategy towards standard and tailored landing zones and workload extension, followed by the "**everything configured**" and the "**one single-engine**" principles, are key to **simplifying OCI onboarding and running experience**.
+
+&nbsp; 
+
+<img src="../images/iac_3.jpg" alt= “” width="800" height="value">
+
+&nbsp; 
+
+
+
+## 3. The IaC Engine 
+
+
+The following Git repositories contain the Terraform engine that enables the IaC Configurable approach. For a high-level overview please refer to [OCI CIS Enhanced Modules](https://www.ateam-oracle.com/post/cis-landing-zone-enhanced-modules).
+
+&nbsp; 
+
+| REPOSITORY  |  OBJECTIVE | GIT | 
+|---|---|---|
+| **Landing Zone Orchestrator** | Simplifies operations by providing the ability to relate several resource types from all the other modules into one consolidated operation (i.e., one plan/apply). | [View](https://github.com/oracle-quickstart/terraform-oci-landing-zones-orchestrator ) |
+| **Identity and Access Management** | Provides the ability to configure Compartments, Groups, Policies, Dynamic Groups, etc. | [View](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-iam) |
+| **Networking** | Provides the ability to configure all OCI Core Network Resources (e.g., VCNs, Subnets, Route tables, Security Lists, Network Security Groups, Gateways, etc.).  | [View](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking) |
+| **Security** | Provides the ability to configure OCI Security Resources (e.g., Cloud Guard, VSS, Security Zones, Vaults, etc.).  | [View](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-security) |
+| **Observability** | Provides the ability to configure OCI monitoring resources (e.g., Logging, Events, Alarms, Notifications, etc.).  | [View](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-security) |
+| **Governance** | Provides the ability to configure OCI Tagging.  | [View](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-observability)
+
+
+
+&nbsp; 
+
+For **unitary examples** of usage please review the examples on each repository. 
+
+For **complete end-to-end examples** using the orchestrator and several other modules please refer to the [OCI Open LZ Blueprint](https://github.com/oracle-quickstart/terraform-oci-open-lz/tree/master/design) and [Runtime View](https://github.com/oracle-quickstart/terraform-oci-open-lz/tree/master/design#6-runtime-view).
+
+
+&nbsp; 
+&nbsp; 
+
+# License
+
+Copyright (c) 2024 Oracle and/or its affiliates.
+
+Licensed under the Universal Permissive License (UPL), Version 1.0.
+
+See [LICENSE](https://github.com/oracle-devrel/technology-engineering/blob/main/LICENSE) for more details.