Terraform
Sample config for deploying a VM on Oracle Cloud
# FILE = compartment.tf
resource "oci_identity_compartment" "tf_compartment" {
# The parent compartment is usually the tenancy itself
compartment_id = var.tenancy_ocid
name = var.compartment_name
description = "Terraform-managed compartment"
enable_delete = true
}
# FILE = compute.tf
data "oci_core_images" "oracle_linux" {
compartment_id = var.tenancy_ocid # FIX: was tf_compartment.id — unknown during plan
operating_system = "Oracle Linux"
operating_system_version = "8"
shape = "VM.Standard.E2.1.Micro"
sort_by = "TIMECREATED"
sort_order = "DESC"
}
resource "oci_core_instance" "free_vm" {
compartment_id = oci_identity_compartment.tf_compartment.id
availability_domain = data.oci_identity_availability_domains.ads.availability_domains[1].name
shape = "VM.Standard.E2.1.Micro"
create_vnic_details {
subnet_id = oci_core_subnet.subnet.id
assign_public_ip = true
}
source_details {
source_type = "image"
source_id = data.oci_core_images.oracle_linux.images[0].id
}
metadata = {
ssh_authorized_keys = var.ssh_public_key
}
display_name = "FreeTierVM"
}
# FILE = data.tf
data "oci_identity_availability_domains" "ads" {
compartment_id = var.tenancy_ocid
}
# FILE = iam_policy.tf
resource "oci_identity_policy" "tf_compartment_policy" {
compartment_id = var.tenancy_ocid
name = "tf-learner-policy"
description = "Allow tf user to manage resources in tf compartment"
statements = [
"Allow any-user to manage all-resources in compartment ${oci_identity_compartment.tf_compartment.name} where request.user.id = '${var.user_ocid}'"
]
}
# FILE = network.tf
resource "oci_core_virtual_network" "vcn" {
compartment_id = oci_identity_compartment.tf_compartment.id
display_name = "tf-vcn"
cidr_block = "10.0.0.0/16"
dns_label = "tfvcn" # FIX: added for DNS resolution
}
# FIX: internet gateway required for public internet access
resource "oci_core_internet_gateway" "igw" {
compartment_id = oci_identity_compartment.tf_compartment.id
vcn_id = oci_core_virtual_network.vcn.id
display_name = "tf-igw"
enabled = true
}
# FIX: route table needed to route traffic through the IGW
resource "oci_core_route_table" "public_rt" {
compartment_id = oci_identity_compartment.tf_compartment.id
vcn_id = oci_core_virtual_network.vcn.id
display_name = "tf-public-rt"
route_rules {
network_entity_id = oci_core_internet_gateway.igw.id
destination = "0.0.0.0/0"
destination_type = "CIDR_BLOCK"
}
}
resource "oci_core_subnet" "subnet" {
compartment_id = oci_identity_compartment.tf_compartment.id
vcn_id = oci_core_virtual_network.vcn.id
display_name = "tf-subnet"
cidr_block = "10.0.1.0/24"
route_table_id = oci_core_route_table.public_rt.id # FIX: wired to route table
dns_label = "tfsubnet" # FIX: added for DNS resolution
prohibit_public_ip_on_vnic = false
}
# FILE = outputs.tf
output "instance_public_ip" {
value = oci_core_instance.free_vm.public_ip
}
output "compartment_ocid" {
value = oci_identity_compartment.tf_compartment.id
}
# FILE = provider.tf
terraform {
required_providers {
oci = {
source = "oracle/oci"
version = "~> 8.4"
}
}
}
provider "oci" {
auth = "APIKey"
tenancy_ocid = var.tenancy_ocid
user_ocid = var.user_ocid
fingerprint = var.fingerprint
private_key_path = var.private_key_path
region = var.region
}
# FILE = variables.tf
variable "tenancy_ocid" {
description = "The OCID of the tenancy."
}
variable "user_ocid" {
description = "The OCID of the user."
}
variable "fingerprint" {
description = "API key fingerprint."
}
variable "private_key_path" {
description = "Path to the API private key."
}
variable "region" {
description = "OCI region."
default = "us-ashburn-1"
}
variable "compartment_name" {
description = "The name for the new compartment."
default = "tf-managed-compartment"
}
variable "ssh_public_key" {
description = "The SSH public key for VM access."
}
Was this page helpful?
Last updated 1 day ago
Built with Documentation.AI