This repository contains a template for creating a new IBM Cloud MZR VPC. It is intended to be used as a starting point for new projects.
There are currently three versions of this template based on branch:
Contains a single MZR VPC with a public gateway, subnet, security group and flowlogs collector.
Contains a single MZR VPC with a public gateway, subnet, security group, flowlogs collector and a bastion host.
Major WIP: This branch is currently a work in progress and is not yet ready for use.
Contains 2 MZR VPCs (workload and management) with public gateways, subnets, security groups, a flowlogs collector and a bastion host. The 2 VPCs are connected using a Transit Gateway.
| Name | Type | Branch | Description |
|---|---|---|---|
| Resource Group | ibm_resource_group | all branches |
Resource group for all deployed resources. If an existing Resource Group is not specified, a new one will be created. |
| Workload VPC | ibm_is_vpc | all branches |
Workload VPC with address prefixes, public gateways, and subnets in each regional zone. |
| Management VPC | ibm_is_vpc | landing-zone only |
Management VPC with address prefixes, public gateways, and subnets in each regional zone. |
| Frontend Security Group | ibm_is_security_group | all branches |
Frontend Security group allowing tcp/80, tcp/443, tcp/22 and icmp inbound and dns udp/53 outbound. |
| Bastion Host | ibm_is_instance | bastion only |
An IBM Cloud compute host to act as a Bastion for the VPC. |
| VPC SSH Key | ibm_is_ssh_key | all branches |
An SSH key that will be added to the region and any deployed hosts. If an existing key is not specified, a new one will be created. |
| VPC Flowlogs Collector | ibm_is_flow_log_collector | all branches |
VPC Flow Logs Collector for subnets in each zone. |
| Cloud Object Storage | ibm_resource_instance | all branches |
Cloud Object Storage instance. If an existing instance is not specified, a new one will be created. |
| Cloud Object Storage Bucket | ibm_cos_bucket | all branches |
Cloud Object Storage bucket for Flow Logs. |
| IAM Service Authorization | ibm_iam_authorization_policy | all branches |
IAM Service Authorization for the VPC Flow Logs Collector to write to Object Storage instance. |
| VPC VPN Gateway | ibm_is_vpn_gateway | landing-zone only |
Site-to-Site VPN Gateway. |
| Transit Gateway | ibm_is_vpn_gateway | landing-zone only |
Transit Gateway to interconnect the workload and management VPCs. |
See Wiki for usage instructions.