terraform-ibm-modules · ocofaigh · Oct 21, 2024 · Aug 29, 2024 · Aug 29, 2024 · Sep 4, 2024
@@ -3,7 +3,7 @@
     "files": "go.sum|^.secrets.baseline$",
     "lines": null
   },
-  "generated_at": "2023-12-19T10:03:18Z",
+  "generated_at": "2024-08-29T15:52:09Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"

@@ -33,6 +33,7 @@ This module creates the following IBM Cloud&reg; Virtual Private Cloud (VPC) net
     * [Hub and Spoke VPC with manual DNS resolver Example](./examples/hub-spoke-manual-resolver)
     * [Landing Zone example](./examples/landing_zone)
     * [No Prefix Example](./examples/no-prefix)
+    * [Specific Zone Only Example](./examples/specific-zone-only)
 * [Contributing](#contributing)
 <!-- END OVERVIEW HOOK -->
 

@@ -0,0 +1,8 @@
+# Specific Zone Only Example
+
+A simple example to provision a Secure Landing Zone (SLZ) Virtual Private Cloud (VPC) in a specific zone other than Zone 1. Also, shows how to use public gateways with a specific zone. In this example Zone 2 is used. A network ACL is specifically defined to allow all internet traffic.
+
+The following resources are provisioned by this example:
+
+* A new resource group, if an existing one is not passed in.
+* An IBM Virtual Private Cloud (VPC) with a publicly exposed subnet.
@@ -0,0 +1,62 @@
+##############################################################################
+# Resource Group
+##############################################################################
+
+module "resource_group" {
+  source  = "terraform-ibm-modules/resource-group/ibm"
+  version = "1.1.6"
+  # if an existing resource group is not set (null) create a new one using prefix
+  resource_group_name          = var.resource_group == null ? "${var.prefix}-resource-group" : null
+  existing_resource_group_name = var.resource_group
+}
+
+#############################################################################
+# Provision VPC
+#############################################################################
+
+module "slz_vpc" {
+  source            = "../../"
+  resource_group_id = module.resource_group.resource_group_id
+  region            = var.region
+  name              = var.name
+  prefix            = var.prefix
+  tags              = var.resource_tags
+  subnets = {
+    zone-1 = []
+    zone-2 = [
+      {
+        name           = "subnet-a"
+        cidr           = "10.10.10.0/24"
+        public_gateway = true
+        acl_name       = "my-acl"
+      }
+    ]
+  }
+  use_public_gateways = {
+    zone-1 = false
+    zone-2 = true
+    zone-3 = false
+  }
+  network_acls = [{
+    name                         = "my-acl"
+    add_ibm_cloud_internal_rules = false
+    add_vpc_connectivity_rules   = false
+    prepend_ibm_rules            = false
+    rules = [{
+      name        = "inbound"
+      action      = "allow"
+      source      = "0.0.0.0/0"
+      destination = "0.0.0.0/0"
+      direction   = "inbound"
+      },
+      {
+        name        = "outbound"
+        action      = "allow"
+        source      = "0.0.0.0/0"
+        destination = "0.0.0.0/0"
+        direction   = "outbound"
+      }
+    ]
+    }
+  ]
+}
@@ -0,0 +1,33 @@
+##############################################################################
+# Outputs
+##############################################################################
+
+output "vpc_id" {
+  value       = module.slz_vpc.vpc_id
+  description = "VPC id"
+}
+
+output "vpc_crn" {
+  value       = module.slz_vpc.vpc_crn
+  description = "VPC crn"
+}
+
+output "network_acls" {
+  value       = module.slz_vpc.network_acls
+  description = "VPC network ACLs"
+}
+
+output "public_gateways" {
+  value       = module.slz_vpc.public_gateways
+  description = "VPC public gateways"
+}
+
+output "subnet_zone_list" {
+  value       = module.slz_vpc.subnet_zone_list
+  description = "VPC subnet zone list"
+}
+
+output "subnet_detail_map" {
+  value       = module.slz_vpc.subnet_detail_map
+  description = "VPC subnet detail map"
+}
@@ -0,0 +1,4 @@
+provider "ibm" {
+  ibmcloud_api_key = var.ibmcloud_api_key
+  region           = var.region
+}
@@ -0,0 +1,35 @@
+variable "ibmcloud_api_key" {
+  description = "APIkey that's associated with the account to provision resources to"
+  type        = string
+  sensitive   = true
+}
+
+variable "region" {
+  description = "The region to which to deploy the VPC"
+  type        = string
+  default     = "us-south"
+}
+
+variable "prefix" {
+  description = "The prefix that you would like to append to your resources"
+  type        = string
+  default     = "basic-slz-vpc"
+}
+
+variable "name" {
+  description = "The name of the vpc"
+  type        = string
+  default     = "vpc"
+}
+
+variable "resource_group" {
+  type        = string
+  description = "An existing resource group name to use for this example, if unset a new resource group will be created"
+  default     = null
+}
+
+variable "resource_tags" {
+  description = "List of Tags for the resource created"
+  type        = list(string)
+  default     = null
+}
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.3.0"
+  required_providers {
+    # Pin to the lowest provider version of the range defined in the main module's version.tf to ensure lowest version still works
+    ibm = {
+      source  = "IBM-Cloud/ibm"
+      version = "1.59.0"
+    }
+  }
+}
@@ -39,3 +39,18 @@ func TestRunHubAndSpokeDelegatedExample(t *testing.T) {
 	assert.Nil(t, err, "This should not have errored")
 	assert.NotNil(t, output, "Expected some output")
 }
+
+func TestRunSpecificZoneExample(t *testing.T) {
+	t.Parallel()
+
+	options := testhelper.TestOptionsDefaultWithVars(&testhelper.TestOptions{
+		Testing:       t,
+		TerraformDir:  specificZoneExampleTerraformDir,
+		Prefix:        "spec-zone-slz",
+		ResourceGroup: resourceGroup,
+	})
+
+	output, err := options.RunTestConsistency()
+	assert.Nil(t, err, "This should not have errored")
+	assert.NotNil(t, output, "Expected some output")
+}
@@ -23,6 +23,7 @@ const defaultExampleTerraformDir = "examples/default"
 const landingZoneExampleTerraformDir = "examples/landing_zone"
 const hubAndSpokeDelegatedExampleTerraformDir = "examples/hub-spoke-delegated-resolver"
 const existingVPCExampleTerraformDir = "examples/existing_vpc"
+const specificZoneExampleTerraformDir = "examples/specific-zone-only"
 const noprefixExampleTerraformDir = "examples/no-prefix"
 const resourceGroup = "geretain-test-resources"