You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
| <aname="input_access_tags"></a> [access\_tags](#input\_access\_tags)| A list of access tags to apply to the VPC resources created by the module. For more information, see https://cloud.ibm.com/docs/account?topic=account-access-tags-tutorial.|`list(string)`|`[]`| no |
180
-
| <aname="input_address_prefixes"></a> [address\_prefixes](#input\_address\_prefixes)| OPTIONAL - IP range that will be defined for the VPC for a certain location. Use only with manual address prefixes | <pre>object({<br> zone-1 = optional(list(string))<br> zone-2 = optional(list(string))<br> zone-3 = optional(list(string))<br> })</pre> | <pre>{<br> "zone-1": null,<br> "zone-2": null,<br> "zone-3": null<br>}</pre> | no |
180
+
| <aname="input_address_prefixes"></a> [address\_prefixes](#input\_address\_prefixes)| OPTIONAL - IP range that will be defined for the VPC for a certain location. Use only with manual address prefixes | <pre>object({<br/> zone-1 = optional(list(string))<br/> zone-2 = optional(list(string))<br/> zone-3 = optional(list(string))<br/> })</pre> | <pre>{<br/> "zone-1": null,<br/> "zone-2": null,<br/> "zone-3": null<br/>}</pre> | no |
181
181
| <aname="input_classic_access"></a> [classic\_access](#input\_classic\_access)| OPTIONAL - Classic Access to the VPC |`bool`|`false`| no |
182
182
| <aname="input_clean_default_sg_acl"></a> [clean\_default\_sg\_acl](#input\_clean\_default\_sg\_acl)| Remove all rules from the default VPC security group and VPC ACL (less permissive) |`bool`|`false`| no |
183
183
| <aname="input_create_authorization_policy_vpc_to_cos"></a> [create\_authorization\_policy\_vpc\_to\_cos](#input\_create\_authorization\_policy\_vpc\_to\_cos)| Create authorisation policy for VPC to access COS. Set as false if authorization policy exists already |`bool`|`false`| no |
@@ -198,31 +198,31 @@ To attach access management tags to resources in this module, you need the follo
198
198
| <aname="input_existing_cos_instance_guid"></a> [existing\_cos\_instance\_guid](#input\_existing\_cos\_instance\_guid)| GUID of the COS instance to create Flow log collector |`string`|`null`| no |
199
199
| <aname="input_existing_dns_instance_id"></a> [existing\_dns\_instance\_id](#input\_existing\_dns\_instance\_id)| Id of an existing dns instance in which the custom resolver is created. Only relevant if enable\_hub is set to true. |`string`|`null`| no |
200
200
| <aname="input_existing_storage_bucket_name"></a> [existing\_storage\_bucket\_name](#input\_existing\_storage\_bucket\_name)| Name of the COS bucket to collect VPC flow logs |`string`|`null`| no |
201
-
| <aname="input_existing_subnets"></a> [existing\_subnets](#input\_existing\_subnets)| The detail of the existing subnets and required mappings to other resources. Required if 'create\_subnets' is false. | <pre>list(object({<br> id = string<br> public_gateway = optional(bool, false)<br> }))</pre> |`[]`| no |
201
+
| <aname="input_existing_subnets"></a> [existing\_subnets](#input\_existing\_subnets)| The detail of the existing subnets and required mappings to other resources. Required if 'create\_subnets' is false. | <pre>list(object({<br/> id = string<br/> public_gateway = optional(bool, false)<br/> }))</pre> |`[]`| no |
202
202
| <aname="input_existing_vpc_id"></a> [existing\_vpc\_id](#input\_existing\_vpc\_id)| The ID of the existing vpc. Required if 'create\_vpc' is false. |`string`|`null`| no |
203
203
| <aname="input_hub_account_id"></a> [hub\_account\_id](#input\_hub\_account\_id)| ID of the hub account for DNS resolution, required if 'skip\_spoke\_auth\_policy' is false. |`string`|`null`| no |
204
204
| <aname="input_hub_vpc_crn"></a> [hub\_vpc\_crn](#input\_hub\_vpc\_crn)| Indicates the crn of the hub VPC for DNS resolution. See https://cloud.ibm.com/docs/vpc?topic=vpc-hub-spoke-model. Mutually exclusive with hub\_vpc\_id. |`string`|`null`| no |
205
205
| <aname="input_hub_vpc_id"></a> [hub\_vpc\_id](#input\_hub\_vpc\_id)| Indicates the id of the hub VPC for DNS resolution. See https://cloud.ibm.com/docs/vpc?topic=vpc-hub-spoke-model. Mutually exclusive with hub\_vpc\_crn. |`string`|`null`| no |
206
206
| <aname="input_is_flow_log_collector_active"></a> [is\_flow\_log\_collector\_active](#input\_is\_flow\_log\_collector\_active)| Indicates whether the collector is active. If false, this collector is created in inactive mode. |`bool`|`true`| no |
207
-
| <aname="input_manual_servers"></a> [manual\_servers](#input\_manual\_servers)| The DNS server addresses to use for the VPC, replacing any existing servers. All the entries must either have a unique zone\_affinity, or not have a zone\_affinity. | <pre>list(object({<br> address = string<br> zone_affinity = optional(string)<br> }))</pre> |`[]`| no |
207
+
| <aname="input_manual_servers"></a> [manual\_servers](#input\_manual\_servers)| The DNS server addresses to use for the VPC, replacing any existing servers. All the entries must either have a unique zone\_affinity, or not have a zone\_affinity. | <pre>list(object({<br/> address = string<br/> zone_affinity = optional(string)<br/> }))</pre> |`[]`| no |
208
208
| <aname="input_name"></a> [name](#input\_name)| Used for the naming of the VPC (if create\_vpc is set to true), as well as in the naming for any resources created inside the VPC (unless using one of the optional variables for explicit control over naming). |`string`| n/a | yes |
209
-
| <a name="input_network_acls"></a> [network\_acls](#input\_network\_acls) | The list of ACLs to create. Provide at least one rule for each ACL. | <pre>list(<br> object({<br> name = string<br> add_ibm_cloud_internal_rules = optional(bool)<br> add_vpc_connectivity_rules = optional(bool)<br> prepend_ibm_rules = optional(bool)<br> rules = list(<br> object({<br> name = string<br> action = string<br> destination = string<br> direction = string<br> source = string<br> tcp = optional(<br> object({<br> port_max = optional(number)<br> port_min = optional(number)<br> source_port_max = optional(number)<br> source_port_min = optional(number)<br> })<br> )<br> udp = optional(<br> object({<br> port_max = optional(number)<br> port_min = optional(number)<br> source_port_max = optional(number)<br> source_port_min = optional(number)<br> })<br> )<br> icmp = optional(<br> object({<br> type = optional(number)<br> code = optional(number)<br> })<br> )<br> })<br> )<br> })<br> )</pre> | <pre>[<br> {<br> "add_ibm_cloud_internal_rules": true,<br> "add_vpc_connectivity_rules": true,<br> "name": "vpc-acl",<br> "prepend_ibm_rules": true,<br> "rules": []<br> }<br>]</pre> | no |
210
-
| <aname="input_network_cidrs"></a> [network\_cidrs](#input\_network\_cidrs)| List of Network CIDRs for the VPC. This is used to manage network ACL rules for cluster provisioning. |`list(string)`| <pre>[<br> "10.0.0.0/8"<br>]</pre> | no |
209
+
| <a name="input_network_acls"></a> [network\_acls](#input\_network\_acls) | The list of ACLs to create. Provide at least one rule for each ACL. | <pre>list(<br/> object({<br/> name = string<br/> add_ibm_cloud_internal_rules = optional(bool)<br/> add_vpc_connectivity_rules = optional(bool)<br/> prepend_ibm_rules = optional(bool)<br/> rules = list(<br/> object({<br/> name = string<br/> action = string<br/> destination = string<br/> direction = string<br/> source = string<br/> tcp = optional(<br/> object({<br/> port_max = optional(number)<br/> port_min = optional(number)<br/> source_port_max = optional(number)<br/> source_port_min = optional(number)<br/> })<br/> )<br/> udp = optional(<br/> object({<br/> port_max = optional(number)<br/> port_min = optional(number)<br/> source_port_max = optional(number)<br/> source_port_min = optional(number)<br/> })<br/> )<br/> icmp = optional(<br/> object({<br/> type = optional(number)<br/> code = optional(number)<br/> })<br/> )<br/> })<br/> )<br/> })<br/> )</pre> | <pre>[<br/> {<br/> "add_ibm_cloud_internal_rules": true,<br/> "add_vpc_connectivity_rules": true,<br/> "name": "vpc-acl",<br/> "prepend_ibm_rules": true,<br/> "rules": []<br/> }<br/>]</pre> | no |
210
+
| <aname="input_network_cidrs"></a> [network\_cidrs](#input\_network\_cidrs)| List of Network CIDRs for the VPC. This is used to manage network ACL rules for cluster provisioning. |`list(string)`| <pre>[<br/> "10.0.0.0/8"<br/>]</pre> | no |
211
211
| <aname="input_prefix"></a> [prefix](#input\_prefix)| The value that you would like to prefix to the name of the resources provisioned by this module. Explicitly set to null if you do not wish to use a prefix. This value is ignored if using one of the optional variables for explicit control over naming. |`string`|`null`| no |
212
212
| <aname="input_public_gateway_name"></a> [public\_gateway\_name](#input\_public\_gateway\_name)| The name to give the provisioned VPC public gateways. If not set, the module generates a name based on the `prefix` and `name` variables. |`string`|`null`| no |
213
213
| <aname="input_region"></a> [region](#input\_region)| The region to which to deploy the VPC |`string`| n/a | yes |
214
214
| <aname="input_resolver_type"></a> [resolver\_type](#input\_resolver\_type)| Resolver type. Can be system or manual. For delegated resolver type, see the update\_delegated\_resolver variable instead. |`string`|`null`| no |
215
215
| <aname="input_resource_group_id"></a> [resource\_group\_id](#input\_resource\_group\_id)| The resource group ID where the VPC to be created |`string`| n/a | yes |
216
-
| <aname="input_routes"></a> [routes](#input\_routes)| OPTIONAL - Allows you to specify the next hop for packets based on their destination address | <pre>list(<br> object({<br> name = string<br> route_direct_link_ingress = optional(bool)<br> route_transit_gateway_ingress = optional(bool)<br> route_vpc_zone_ingress = optional(bool)<br> routes = optional(<br> list(<br> object({<br> action = optional(string)<br> zone = number<br> destination = string<br> next_hop = string<br> })<br> ))<br> })<br> )</pre> |`[]`| no |
216
+
| <aname="input_routes"></a> [routes](#input\_routes)| OPTIONAL - Allows you to specify the next hop for packets based on their destination address | <pre>list(<br/> object({<br/> name = string<br/> route_direct_link_ingress = optional(bool)<br/> route_transit_gateway_ingress = optional(bool)<br/> route_vpc_zone_ingress = optional(bool)<br/> routes = optional(<br/> list(<br/> object({<br/> action = optional(string)<br/> zone = number<br/> destination = string<br/> next_hop = string<br/> })<br/> ))<br/> })<br/> )</pre> |`[]`| no |
217
217
| <aname="input_routing_table_name"></a> [routing\_table\_name](#input\_routing\_table\_name)| The name to give the provisioned routing tables. If not set, the module generates a name based on the `prefix` and `name` variables. |`string`|`null`| no |
218
-
| <aname="input_security_group_rules"></a> [security\_group\_rules](#input\_security\_group\_rules)| A list of security group rules to be added to the default vpc security group (default empty) | <pre>list(<br> object({<br> name = string<br> direction = string<br> remote = string<br> tcp = optional(<br> object({<br> port_max = optional(number)<br> port_min = optional(number)<br> })<br> )<br> udp = optional(<br> object({<br> port_max = optional(number)<br> port_min = optional(number)<br> })<br> )<br> icmp = optional(<br> object({<br> type = optional(number)<br> code = optional(number)<br> })<br> )<br> })<br> )</pre> |`[]`| no |
218
+
| <aname="input_security_group_rules"></a> [security\_group\_rules](#input\_security\_group\_rules)| A list of security group rules to be added to the default vpc security group (default empty) | <pre>list(<br/> object({<br/> name = string<br/> direction = string<br/> remote = string<br/> tcp = optional(<br/> object({<br/> port_max = optional(number)<br/> port_min = optional(number)<br/> })<br/> )<br/> udp = optional(<br/> object({<br/> port_max = optional(number)<br/> port_min = optional(number)<br/> })<br/> )<br/> icmp = optional(<br/> object({<br/> type = optional(number)<br/> code = optional(number)<br/> })<br/> )<br/> })<br/> )</pre> |`[]`| no |
219
219
| <aname="input_skip_custom_resolver_hub_creation"></a> [skip\_custom\_resolver\_hub\_creation](#input\_skip\_custom\_resolver\_hub\_creation)| Indicates whether to skip the configuration of a custom resolver in the hub VPC. Only relevant if enable\_hub is set to true. |`bool`|`false`| no |
220
220
| <aname="input_skip_spoke_auth_policy"></a> [skip\_spoke\_auth\_policy](#input\_skip\_spoke\_auth\_policy)| Set to true to skip the creation of an authorization policy between the DNS resolution spoke and hub, only enable this if a policy already exists between these two VPCs. See https://cloud.ibm.com/docs/vpc?topic=vpc-vpe-dns-sharing-s2s-auth&interface=ui for more details. |`bool`|`false`| no |
221
-
| <a name="input_subnets"></a> [subnets](#input\_subnets) | List of subnets for the vpc. For each item in each array, a subnet will be created. Items can be either CIDR blocks or total ipv4 addressess. Public gateways will be enabled only in zones where a gateway has been created | <pre>object({<br> zone-1 = list(object({<br> name = string<br> cidr = string<br> public_gateway = optional(bool)<br> acl_name = string<br> no_addr_prefix = optional(bool, false) # do not automatically add address prefix for subnet, overrides other conditions if set to true<br> }))<br> zone-2 = optional(list(object({<br> name = string<br> cidr = string<br> public_gateway = optional(bool)<br> acl_name = string<br> no_addr_prefix = optional(bool, false) # do not automatically add address prefix for subnet, overrides other conditions if set to true<br> })))<br> zone-3 = optional(list(object({<br> name = string<br> cidr = string<br> public_gateway = optional(bool)<br> acl_name = string<br> no_addr_prefix = optional(bool, false) # do not automatically add address prefix for subnet, overrides other conditions if set to true<br> })))<br> })</pre> | <pre>{<br> "zone-1": [<br> {<br> "acl_name": "vpc-acl",<br> "cidr": "10.10.10.0/24",<br> "name": "subnet-a",<br> "no_addr_prefix": false,<br> "public_gateway": true<br> }<br> ],<br> "zone-2": [<br> {<br> "acl_name": "vpc-acl",<br> "cidr": "10.20.10.0/24",<br> "name": "subnet-b",<br> "no_addr_prefix": false,<br> "public_gateway": true<br> }<br> ],<br> "zone-3": [<br> {<br> "acl_name": "vpc-acl",<br> "cidr": "10.30.10.0/24",<br> "name": "subnet-c",<br> "no_addr_prefix": false,<br> "public_gateway": false<br> }<br> ]<br>}</pre> | no |
221
+
| <a name="input_subnets"></a> [subnets](#input\_subnets) | List of subnets for the vpc. For each item in each array, a subnet will be created. Items can be either CIDR blocks or total ipv4 addressess. Public gateways will be enabled only in zones where a gateway has been created | <pre>object({<br/> zone-1 = list(object({<br/> name = string<br/> cidr = string<br/> public_gateway = optional(bool)<br/> acl_name = string<br/> no_addr_prefix = optional(bool, false) # do not automatically add address prefix for subnet, overrides other conditions if set to true<br/> }))<br/> zone-2 = optional(list(object({<br/> name = string<br/> cidr = string<br/> public_gateway = optional(bool)<br/> acl_name = string<br/> no_addr_prefix = optional(bool, false) # do not automatically add address prefix for subnet, overrides other conditions if set to true<br/> })))<br/> zone-3 = optional(list(object({<br/> name = string<br/> cidr = string<br/> public_gateway = optional(bool)<br/> acl_name = string<br/> no_addr_prefix = optional(bool, false) # do not automatically add address prefix for subnet, overrides other conditions if set to true<br/> })))<br/> })</pre> | <pre>{<br/> "zone-1": [<br/> {<br/> "acl_name": "vpc-acl",<br/> "cidr": "10.10.10.0/24",<br/> "name": "subnet-a",<br/> "no_addr_prefix": false,<br/> "public_gateway": true<br/> }<br/> ],<br/> "zone-2": [<br/> {<br/> "acl_name": "vpc-acl",<br/> "cidr": "10.20.10.0/24",<br/> "name": "subnet-b",<br/> "no_addr_prefix": false,<br/> "public_gateway": true<br/> }<br/> ],<br/> "zone-3": [<br/> {<br/> "acl_name": "vpc-acl",<br/> "cidr": "10.30.10.0/24",<br/> "name": "subnet-c",<br/> "no_addr_prefix": false,<br/> "public_gateway": false<br/> }<br/> ]<br/>}</pre> | no |
222
222
| <aname="input_tags"></a> [tags](#input\_tags)| List of Tags for the resource created |`list(string)`|`null`| no |
223
223
| <aname="input_update_delegated_resolver"></a> [update\_delegated\_resolver](#input\_update\_delegated\_resolver)| If set to true, and if the vpc is configured to be a spoke for DNS resolution (enable\_hub\_vpc\_crn or enable\_hub\_vpc\_id set), then the spoke VPC resolver will be updated to a delegated resolver. |`bool`|`false`| no |
224
224
| <aname="input_use_existing_dns_instance"></a> [use\_existing\_dns\_instance](#input\_use\_existing\_dns\_instance)| Whether to use an existing dns instance. If true, existing\_dns\_instance\_id must be set. |`bool`|`false`| no |
225
-
| <aname="input_use_public_gateways"></a> [use\_public\_gateways](#input\_use\_public\_gateways)| Create a public gateway in any of the three zones with `true`. | <pre>object({<br> zone-1 = optional(bool)<br> zone-2 = optional(bool)<br> zone-3 = optional(bool)<br> })</pre> | <pre>{<br> "zone-1": true,<br> "zone-2": false,<br> "zone-3": false<br>}</pre> | no |
225
+
| <aname="input_use_public_gateways"></a> [use\_public\_gateways](#input\_use\_public\_gateways)| Create a public gateway in any of the three zones with `true`. | <pre>object({<br/> zone-1 = optional(bool)<br/> zone-2 = optional(bool)<br/> zone-3 = optional(bool)<br/> })</pre> | <pre>{<br/> "zone-1": true,<br/> "zone-2": false,<br/> "zone-3": false<br/>}</pre> | no |
226
226
| <aname="input_vpc_flow_logs_name"></a> [vpc\_flow\_logs\_name](#input\_vpc\_flow\_logs\_name)| The name to give the provisioned VPC flow logs. If not set, the module generates a name based on the `prefix` and `name` variables. |`string`|`null`| no |
0 commit comments