OCI Open LZ – One-OE Blueprint – One-Stack Deployment
| OPERATION | OP.00 One-Stack Deployment |
TARGET RESOURCES  |
This operation creates a One-OE Landing Zone in one execution with the following resources: - One Landing Zone Environment (production). - Network Hub A. - Three Workload Environments (prod, uat, dev) and related Spoke Networks. - Setups a strong security posture with Security Zones and Cloud Guard. - Setups monitoring with Events, Alarms Logging, and Notifications. - One sample Project and a sample Platform areas. For more details on the resources being created refer to the documentation and the drawio. |
INPUT CONFIGURATIONS  +  |
IAM Configuration as input to the OCI Landing Zone IAM module. Network Configuration as input to the OCI Landing Zone Network module. Security Configuration as input to the OCI Landing Zone Security module. Observability Configurations as input to the OCI Landing Zone Observability module. |
| DEPLOY WITH ORM - STEP #1  |
 And follow these steps: 1. Accept terms, wait for the configuration to load. 2. Set the working directory to “rms-facade”. 3. Set the stack name you prefer. 4. Set the terraform version to 1.2.x. Click Next. 5. Accept the default files. Click Next. Optionally, replace with your json/yaml config files. 6. Un-check run apply. Click Create. |
| POST DEPLOYMENT - STEP #2 |
This is an optional step to be executed once Step 1 Stack and all landing zone elements are created. This step requires the update the previous ORM stack json configuration files in order to add extra Security Zones Recipes (3, 4, and 5) and Network Flow Logs. This update can be executed in one step by replacing both files as described below. Security Zones: - Use the configuration oci_open_lz_one-oe_security_addon_sz345.auto.tfvars.json to extend the base configuration with additional Security Zone targets to apply Recipes in the shared network compartment, the production shared network compartment, and project 1 example. As the compartment hierarchy goes deeper the Security Zones are more restrictive. - Note that this update action is not in the base stack red due to limitations with terraform dependency grapth while creating these resources. These will be merged once these limitations are solved. Observability - Flow Logs: - Use the configuration oci_open_lz_one-oe_observability_addon_flowlogs.auto.tfvars.json to create the VCN and Subnets flow logs. - Note that by default, the VCN and Subnet flows logs are not deployed. The first 10 gigabytes of log storage are free every month. The configuration creates a log group for the shared network and each shared network environment, where it would create logs for every VCN and subnet within the VCNs. It would depend on how much traffic is generated in your VCNs/Subnets to overpass the free log storage that you get every month. |
Review the known issues for any difficulties and feel free to contact us.
Copyright (c) 2024 Oracle and/or its affiliates.
Licensed under the Universal Permissive License (UPL), Version 1.0.
See LICENSE for more details.