This template deploys a landing zone for a pre-existing non-Default identity domain using OCI Core Landing Zone configuration. The landing zone also deploys the groups and dynamic groups for the existing domain in this template.
Please see other templates available for CIS compliant landing zones with custom configurations.
This template has the following parameters set:
| Variable Name | Description | Value |
|---|---|---|
| service_label | A unique identifier to prefix the resources | existingID |
| network_admin_email_endpoints | List of email addresses that receive notifications for networking related events. | ["[email protected]"] |
| security_admin_email_endpoints | List of email addresses that receive notifications for security related events. | ["[email protected]"] |
| enable_cloud_guard | When true, OCI Cloud Guard Service is enabled. Set to false if it's been already enabled through other means. | false |
| identity_domain_option | Option to use the default identity domain, create a new identity domain or use custom identity domain. Value to use: Default Domain, New Identity Domain, Use Custom Identity Domain | "Use Custom Identity Domain" |
| custom_id_domain_ocid | Replace with your identity domain OCID. | ["your_domain_ocid"] |
| deploy_custom_domain_groups | Deploy custom identity domain groups and dynamic groups. | true |
| customize_iam | Whether Landing Zone IAM settings are to be customized. | true |
For a detailed description of all variables that can be used, see the Variables documentation.
This template can be deployed using OCI Resource Manager Service (RMS) or Terraform CLI:
By clicking the button below, you are redirected to an OCI RMS Stack with variables pre-assigned for deployment.
You are required to review/adjust the following variable settings:
- Make sure to pick an OCI region for deployment.
- Provide real email addresses for Network Admin Email Endpoints and Security Admin Email Endpoints fields.
- Uncheck Enable Cloud Guard Service option in case it is already enabled in your tenancy.
Everything else is optional.
With the stack created, perform a Plan, followed by an Apply using RMS UI.
- Rename file main.tf.template to main.tf.
- Provide/review the variable assignments in main.tf.
- In this folder, execute the typical Terraform workflow:
- $ terraform init
- $ terraform plan
- $ terraform apply