The terraform code in this folder expands an existing CIS Landing Zone deployment. It does this by adding one or more workload compartment(s) in the AppDev compartment and, optionally, the associated OCI IAM groups, dynamic groups, and OCI IAM policies to manage OCI resources in the workload compartment.
| Variable Name | Description | Required | Default Value |
|---|---|---|---|
| region | The tenancy region identifier where the Terraform should provision the resources. | Yes | None |
| service_label | A label used as a prefix for naming resources. | Yes | None |
| enable_compartments_delete | Determines whether compartments are physically deleted upon destroy. | No | false |
| existing_lz_enclosing_compartment_ocid | The enclosing/parent compartment utilized in the CIS Landing Zone deployment you want to add workload(s) to. | Yes | None |
| existing_lz_security_compartment_ocid | The existing Security compartment created by your CIS Landing Zone deployment you want to add workload(s) to. | Yes | None |
| existing_lz_network_compartment_ocid | The existing Network compartment created by your CIS Landing Zone deployment you want to add workload(s) to. | Yes | None |
| existing_lz_appdev_compartment_ocid | The existing AppDev compartment created by your CIS Landing Zone deployment where the workload compartments will be created. | Yes | None |
| workload_names | List of workload names, each workload will get a compartment created in the AppDev Compartment. The names must be unique within the AppDev compartment. | Yes | None |
| create_workload_groups_and_policies | If true an OCI IAM group and corresponding policies will be created to align to the workload compartment group created. | No | true |
| create_workload_dynamic_groups_and_policies | If true a dynamic group and corresponding policies will be created to align to the workload compartment group created. | No | true |
If you are logged into your OCI tenancy, the button will take you directly to OCI Resource Manager where you can proceed to deploy. If you are not logged, the button takes you to Oracle Cloud initial page where you must enter your tenancy name and login to OCI.- Under **Working directory select the directory ending with generic_workload_compartment
- Click Next
- Enter the required variables
- Click Next
- Click Next
- Click Apply
- Enter required variables from input.auto.tfvars
- terraform init
- terraform plan
- terraforom apply
This repository uses a module which is part of a broader collection of repositories containing modules that help customers align their OCI implementations with the CIS OCI Foundations Benchmark recommendations:
- Identity & Access Management - current repository
- Networking
- Governance
- Security
- Observability & Monitoring
The modules in this collection are designed for flexibility, are straightforward to use, and enforce CIS OCI Foundations Benchmark recommendations when possible.
See CONTRIBUTING.md.
Copyright (c) 2023, Oracle and/or its affiliates.
Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
See LICENSE for more details.
None.