| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| current_user_ocid | OCID of the current user | string |
n/a | yes |
| is_sandbox_mode_enabled | Do you want to run the stack in Sandbox mode? | bool |
n/a | yes |
| parent_compartment_name | Name of the top level / parent compartment | string |
n/a | yes |
| region | the OCI region | string |
n/a | yes |
| tag_cost_center | CostCenter tag value | string |
n/a | yes |
| tag_geo_location | GeoLocation tag value | string |
n/a | yes |
| tenancy_ocid | The OCID of tenancy | string |
n/a | yes |
| vcn_dns_label | VCN DNS Label | string |
n/a | yes |
| administrator_group_name | The name for the administrator group | string |
"Administrators" |
no |
| advanced_logging_option | Enable or Disable VCN flow logs and/or Audit Logs. Select an option between NONE, AUDIT_LOGS, FLOW_LOGS or BOTH. | string |
"BOTH" |
no |
| agent_cis_benchmark_settings_scan_level | Agent benchmarking settings scan level | string |
"STRICT" |
no |
| api_fingerprint | The fingerprint of API | string |
"" |
no |
| api_private_key_path | The local path to the API private key | string |
"" |
no |
| applications_compartment_name | Name of the top level application compartment | string |
"Applications" |
no |
| bastion_client_cidr_block_allow_list | A list of address ranges in CIDR notation that bastion is allowed to connect | list(string) |
[] |
no |
| bastion_subnet_cidr_block | CIDR Block for bastion subnet | string |
"" |
no |
| break_glass_user_email_list | Unique list of break glass user email addresses that do not exist in the tenancy. These users are added to the Administrator group. | list(string) |
[] |
no |
| budget_admin_email_endpoints | List of email addresses for all budget related notifications. | list(string) |
[] |
no |
| budget_alert_rule_message | (Optional if using budget alerts): The alert message for budget alerts. | string |
"Default budget alert" |
no |
| budget_alert_rule_recipients | (Required if using budget alerts): Target email address for budget alerts | string |
"" |
no |
| budget_alert_rule_threshold | (Required if using budget alerts): The target spending threshold for the budget | string |
"" |
no |
| budget_alerting | Set to true to enable budget alerting | bool |
false |
no |
| budget_amount | (Required if using budget alerts): The amount of the budget expressed as a number in the currency of the customer's rate card. | string |
"" |
no |
| budget_notification_description | Details of the budget notification rule | string |
"Events rule to detect when budget resources are created, updated or deleted" |
no |
| budget_notification_display_name | the display name of budget notification rule | string |
"Budget-Change-Notification" |
no |
| budget_topic_name | The name of budget topic | string |
"Budget-Topic" |
no |
| common_infra_compartment_name | Name of the common infrastructure compartment | string |
"Common-Infra" |
no |
| cpe_ip_address | Customer Premises Equipment IP address | string |
"" |
no |
| deploy_global_resources | Whether to deploy global resources, including tenancy level IAM service and Security service (Cloud Guard, VSS, Flow Log). Choose false if extend your Landing Zone to another region. | bool |
true |
no |
| enable_budget_notification_action | Whether or not the budget notification action is currently enabled | bool |
true |
no |
| enable_budget_notification_rule | Whether or not the budget rule is currently enabled | bool |
true |
no |
| enable_iam_notification_action | Whether or not the iam notification action is currently enabled | bool |
true |
no |
| enable_iam_notification_rule | Whether or not the iam rule is currently enabled | bool |
true |
no |
| enable_network_notification_action | Whether or not the network notification action is currently enabled | bool |
true |
no |
| enable_network_notification_rule | Whether or not the network rule is currently enabled | bool |
true |
no |
| external_subnet_ocids | OCIDs of subnets created outside of this stack to be tracked in the VCN Flow Log service | list(string) |
[] |
no |
| fastconnect_provider | Available FastConnect providers: AT&T, Microsoft Azure, Megaport, QTS, CEintro, Cologix, CoreSite, Digitial Realty, EdgeConneX, Epsilon, Equinix, InterCloud, Lumen, Neutrona, OMCS, OracleL2ItegDeployment, OracleL3ItegDeployment, Orange, Verizon, Zayo | string |
"" |
no |
| fastconnect_routing_policy | Available FastConnect routing policies: ORACLE_SERVICE_NETWORK, REGIONAL, MARKET_LEVEL, GLOBAL | list(string) |
[] |
no |
| host_scan_recipe_agent_settings_scan_level | Vulnerability scanning service agent scan level | string |
"STANDARD" |
no |
| host_scan_recipe_port_settings_scan_level | Vulnerability scanning service port scan level | string |
"STANDARD" |
no |
| iam_admin_group_name | The name for the IAM Admin group | string |
"IAM-Admins" |
no |
| iam_notification_description | Details of the iam notification rule | string |
"Events rule to detect when IAM resources are created, updated or deleted" |
no |
| iam_notification_display_name | the display name of iam notification rule | string |
"Iam-Change-Notification" |
no |
| ip_sec_connection_static_routes | IPSec connection static routes | list(string) |
[] |
no |
| is_cloud_guard_enabled | the status of the Cloud Guard tenant (ENABLED if true or DISABLED if false) | bool |
true |
no |
| is_shared_services_subnet_enabled | Do you want to provision a private shared services subnet? | bool |
true |
no |
| is_vulnerability_scanning_service_enabled | the status of the vulnerability scanning service | bool |
true |
no |
| key_id | Encryption key OCID for security admin policy and audit bucket | string |
"PLACEHOLDER" |
no |
| network_admin_email_endpoints | List of email addresses for all network related notifications. | list(string) |
[] |
no |
| network_admin_group_name | The name for the network administrator group name | string |
"Virtual-Network-Admins" |
no |
| network_compartment_name | Name of the top level network compartment | string |
"Network" |
no |
| network_notification_description | Details of the network notification rule | string |
"Events rule to detect when network resources are created, updated or deleted" |
no |
| network_notification_display_name | the display name of network notification rule | string |
"Network-Change-Notification" |
no |
| network_topic_name | The name of network topic | string |
"Network-Topic" |
no |
| notification_action_description | The details of the action | string |
"Sends notification via ONS" |
no |
| notification_action_type | The action to perform if the condition in the rule matches an event. Available options: ONS, OSS, FAAS | string |
"ONS" |
no |
| ops_admin_group_name | The name for the Ops Admin group | string |
"Ops-Admins" |
no |
| platform_admin_group_name | The name for the Platform Admin group | string |
"Platform-Admins" |
no |
| provider_service_key_name | The provider service key that the provider gives you when you set up a virtual circuit connection from the provider to OCI | string |
"" |
no |
| retention_rule_duration_time_amount | “Please note this feature is irreversible after 14 days. Please review (and/or) unlock the retention rule before it is locked permanently. By enabling this feature, logs will be archived in an immutable storage with locked retention rule avoiding object modification and deletion. After the rule is locked, only increase in the retention is allowed” |
string |
1 |
no |
| security_admin_email_endpoints | List of email addresses for all security related notifications. | list(string) |
[] |
no |
| security_admins_group_name | The name of the security admin group | string |
"Security-Admins" |
no |
| security_compartment_name | Name of the top level security compartment | string |
"Security" |
no |
| security_topic_name | The name of security topic | string |
"Security-Topic" |
no |
| shared_service_subnet_cidr_block | Shared Service Subnet CIDR Block | string |
"" |
no |
| shared_service_subnet_dns_label | Shared Service Subnet DNS Label | string |
"" |
no |
| subscription_protocol | The protocol used for the subscription | string |
"EMAIL" |
no |
| use_fastconnect_drg | Do you want to deploy the fastconnect connectivity option? (true/false) | bool |
false |
no |
| use_ipsec_drg | Do you want to deploy the ipsec connectivity option? (true/false) | bool |
false |
no |
| vault_id | Vault OCID for security admin policy | string |
"PLACEHOLDER" |
no |
| vcn_cidr_block | Primary VCN CIDR Block | string |
"10.0.0.0/16" |
no |
| virtual_circuit_bandwidth_shape | The provisioned data rate of the connection | string |
"" |
no |
| virtual_circuit_cross_connect_mappings_customer_bgp_peering_ip | This is the BGP IPv4 address of the customer's router | string |
"" |
no |
| virtual_circuit_cross_connect_mappings_customer_secondary_bgp_peering_ip | This is the secondary BGP IPv4 address of the customer's router | string |
"" |
no |
| virtual_circuit_cross_connect_mappings_oracle_bgp_peering_ip | IPv4 address for Oracle's end of the BGP session | string |
"" |
no |
| virtual_circuit_cross_connect_mappings_oracle_secondary_bgp_peering_ip | Secondary IPv4 address for Oracle's end of the BGP session | string |
"" |
no |
| virtual_circuit_customer_asn | The BGP ASN of the network at the other end of the BGP session from Oracle | number |
0 |
no |
| vss_scan_schedule | Vulnerability scanning service scan schedule | string |
"DAILY" |
no |
| Name | Description |
|---|---|
| compartments_map | Map of the compartments ocids |
| more_info_url | For more information, please see the Cloud Adoption Framework - Technical Implementation |
| nat_gateway_id | NAT Gateway ocid |
| subnet_map | Subnet list mapped to display name |
| vcn_id | VCN ocid |