Adding new terraform examples

terraform/adb_from_subnet_private_endpoint/README.md

@@ -0,0 +1,53 @@
+# Terraform — Oracle Autonomous Database with Private Endpoint
+
+Creates a VCN, a private subnet, a Network Security Group, and an Autonomous Database (ADB) with a private endpoint. The ADB is only accessible from within the VCN.
+
+## Files
+
+| File | Description |
+|---|---|
+| `main.tf` | ADB resource with private endpoint configuration |
+| `vcn.tf` | VCN, internet gateway, route table, and private subnet |
+| `nsg.tf` | Network Security Group with rules for DB and HTTP traffic |
+| `variables.tf` | All configurable parameters |
+| `outputs.tf` | Values exported after apply |
+| `versions.tf` | Terraform and provider version requirements |
+| `provider.tf` | OCI provider configuration |
+| `terraform.tfvars` | Your actual values |
+
+## Architecture
+
+```
+VCN (10.0.0.0/16)
+└── Private Subnet (10.0.1.0/24)
+    ├── NSG
+    │   ├── Ingress: port 1521-1522 (SQL*Net) from VCN
+    │   ├── Ingress: port 443 (HTTPS) from VCN
+    │   └── Egress: all traffic allowed
+    └── ADB (private endpoint)
+        └── No public IP — accessible only from within the VCN
+```
+
+## Quick Start
+
+```bash
+# 1. Edit terraform.tfvars with your real values
+#    (tenancy_ocid, user_ocid, fingerprint, compartment_ocid, etc.)
+
+# 2. Initialize Terraform
+terraform init
+
+# 3. Review the plan before applying
+terraform plan
+
+# 4. Create all resources
+terraform apply
+```
+
+## NSG Rules
+
+| Direction | Protocol | Port | Source/Destination | Purpose |
+|---|---|---|---|---|
+| Ingress | TCP | 1521-1522 | VCN CIDR | SQL*Net database connections |
+| Ingress | TCP | 443 | VCN CIDR | HTTPS — Database Actions and APEX |
+| Egress | All | All | 0.0.0.0/0 | Outbound traffic |

terraform/adb_from_subnet_private_endpoint/main.tf

@@ -0,0 +1,26 @@
+# ============================================================
+# main.tf — Autonomous Database with private endpoint
+# ============================================================
+
+resource "oci_database_autonomous_database" "adb" {
+  compartment_id           = var.compartment_ocid
+  display_name             = var.adb_display_name
+  db_name                  = var.adb_db_name
+  admin_password           = var.adb_admin_password
+  db_workload              = var.adb_workload_type   # OLTP | DW | AJD | APEX
+  db_version               = var.adb_db_version
+  compute_model            = var.adb_compute_model
+  compute_count            = var.adb_cpu_core_count
+  data_storage_size_in_tbs = var.adb_storage_tbs
+  is_auto_scaling_enabled  = var.adb_auto_scaling
+
+  # ── Private endpoint ──────────────────────────────────────
+  # Removes the public endpoint — access only from within the VCN
+  private_endpoint_label = var.adb_private_endpoint_label
+  subnet_id              = oci_core_subnet.private_subnet.id
+  nsg_ids                = [oci_core_network_security_group.adb_nsg.id]
+
+  # mTLS: false = allows standard TLS connections (more flexible)
+  #        true  = requires client certificate (more secure)
+  is_mtls_connection_required = var.require_mtls
+}

terraform/adb_from_subnet_private_endpoint/nsg.tf

@@ -0,0 +1,60 @@
+# ============================================================
+# nsg.tf — Network Security Group for the ADB private endpoint
+# ============================================================
+
+# ── NSG ───────────────────────────────────────────────────────
+resource "oci_core_network_security_group" "adb_nsg" {
+  compartment_id = var.compartment_ocid
+  vcn_id         = oci_core_vcn.vcn.id
+  display_name   = var.nsg_display_name
+}
+
+# ── Ingress: SQL*Net / database connections (port 1521) ───────
+resource "oci_core_network_security_group_security_rule" "ingress_sqlnet" {
+  network_security_group_id = oci_core_network_security_group.adb_nsg.id
+  direction                 = "INGRESS"
+  protocol                  = "6" # TCP
+
+  source      = var.vcn_cidr
+  source_type = "CIDR_BLOCK"
+
+  tcp_options {
+    destination_port_range {
+      min = 1521
+      max = 1522
+    }
+  }
+
+  description = "Allow SQL*Net database connections from within the VCN"
+}
+
+# ── Ingress: HTTPS / Database Actions and APEX (port 443) ────
+resource "oci_core_network_security_group_security_rule" "ingress_https" {
+  network_security_group_id = oci_core_network_security_group.adb_nsg.id
+  direction                 = "INGRESS"
+  protocol                  = "6" # TCP
+
+  source      = var.vcn_cidr
+  source_type = "CIDR_BLOCK"
+
+  tcp_options {
+    destination_port_range {
+      min = 443
+      max = 443
+    }
+  }
+
+  description = "Allow HTTPS traffic for Database Actions and APEX console"
+}
+
+# ── Egress: allow all outbound traffic ────────────────────────
+resource "oci_core_network_security_group_security_rule" "egress_all" {
+  network_security_group_id = oci_core_network_security_group.adb_nsg.id
+  direction                 = "EGRESS"
+  protocol                  = "all"
+
+  destination      = "0.0.0.0/0"
+  destination_type = "CIDR_BLOCK"
+
+  description = "Allow all outbound traffic"
+}

terraform/adb_from_subnet_private_endpoint/outputs.tf

@@ -0,0 +1,30 @@
+# ============================================================
+# outputs.tf — Values exported after apply
+# ============================================================
+
+# ── VCN ──────────────────────────────────────────────────────
+output "vcn_id" {
+  description = "OCID of the created VCN"
+  value       = oci_core_vcn.vcn.id
+}
+
+output "subnet_id" {
+  description = "OCID of the private subnet"
+  value       = oci_core_subnet.private_subnet.id
+}
+
+output "nsg_id" {
+  description = "OCID of the Network Security Group"
+  value       = oci_core_network_security_group.adb_nsg.id
+}
+
+# ── ADB ───────────────────────────────────────────────────────
+output "adb_id" {
+  description = "OCID of the created Autonomous Database"
+  value       = oci_database_autonomous_database.adb.id
+}
+
+output "adb_private_endpoint" {
+  description = "Private endpoint IP address of the ADB"
+  value       = oci_database_autonomous_database.adb.private_endpoint_ip
+}

terraform/adb_from_subnet_private_endpoint/provider.tf

@@ -0,0 +1,7 @@
+provider "oci" {
+  tenancy_ocid     = var.tenancy_ocid
+  user_ocid        = var.user_ocid
+  fingerprint      = var.fingerprint
+  private_key_path = var.private_key_path
+  region           = var.region
+}

terraform/adb_from_subnet_private_endpoint/terraform.tfvars

@@ -0,0 +1,35 @@
+# ── OCI Credentials ──────────────────────────────────────────
+tenancy_ocid     = ""
+user_ocid        = ""
+fingerprint      = ""
+private_key_path = ""
+region           = "us-ashburn-1"
+
+compartment_ocid = ""
+
+# ── VCN ──────────────────────────────────────────────────────
+vcn_display_name = ""
+vcn_cidr         = "10.0.0.0/16"
+vcn_dns_label    = ""
+
+# ── Subnet ────────────────────────────────────────────────────
+subnet_display_name = ""
+subnet_cidr         = "10.0.1.0/24"
+subnet_dns_label    = ""
+
+# ── NSG ───────────────────────────────────────────────────────
+nsg_display_name = ""
+
+# ── ADB Configuration ─────────────────────────────────────────
+adb_display_name           = ""
+adb_db_name                = ""
+adb_admin_password         = ""
+adb_workload_type          = "DW"   # OLTP=ATP | DW=ADW | AJD=JSON | APEX
+adb_db_version             = "26ai"
+adb_cpu_core_count         = 2
+adb_storage_tbs            = 1
+adb_auto_scaling           = false
+adb_private_endpoint_label = "adbprivate"
+
+# ── Security ──────────────────────────────────────────────────
+require_mtls = false

terraform/adb_from_subnet_private_endpoint/variables.tf

@@ -0,0 +1,151 @@
+# ============================================================
+# variables.tf — Configurable parameters
+# ============================================================
+
+# ── OCI Credentials ──────────────────────────────────────────
+variable "tenancy_ocid" {
+  description = "OCID of the Oracle Cloud tenancy"
+  type        = string
+}
+
+variable "user_ocid" {
+  description = "OCID of the OCI user"
+  type        = string
+}
+
+variable "fingerprint" {
+  description = "Fingerprint of the user's API key"
+  type        = string
+}
+
+variable "private_key_path" {
+  description = "Path to the private key file (.pem)"
+  type        = string
+}
+
+variable "region" {
+  description = "OCI region where the resources will be created"
+  type        = string
+  default     = "us-ashburn-1"
+}
+
+variable "compartment_ocid" {
+  description = "OCID of the compartment where resources will be created"
+  type        = string
+}
+
+# ── VCN ──────────────────────────────────────────────────────
+variable "vcn_display_name" {
+  description = "Display name for the VCN"
+  type        = string
+  default     = "adb-vcn"
+}
+
+variable "vcn_cidr" {
+  description = "CIDR block for the VCN"
+  type        = string
+  default     = "10.0.0.0/16"
+}
+
+variable "vcn_dns_label" {
+  description = "DNS label for the VCN (lowercase letters and numbers only)"
+  type        = string
+  default     = "adbvcn"
+}
+
+# ── Subnet ────────────────────────────────────────────────────
+variable "subnet_display_name" {
+  description = "Display name for the private subnet"
+  type        = string
+  default     = "adb-private-subnet"
+}
+
+variable "subnet_cidr" {
+  description = "CIDR block for the private subnet (must be within the VCN CIDR)"
+  type        = string
+  default     = "10.0.1.0/24"
+}
+
+variable "subnet_dns_label" {
+  description = "DNS label for the subnet (lowercase letters and numbers only)"
+  type        = string
+  default     = "adbsubnet"
+}
+
+# ── NSG ───────────────────────────────────────────────────────
+variable "nsg_display_name" {
+  description = "Display name for the Network Security Group"
+  type        = string
+  default     = "adb-nsg"
+}
+
+# ── ADB Configuration ─────────────────────────────────────────
+variable "adb_display_name" {
+  description = "Display name in the OCI console"
+  type        = string
+}
+
+variable "adb_db_name" {
+  description = "Technical database name (letters/numbers only, max 14 chars)"
+  type        = string
+}
+
+variable "adb_admin_password" {
+  description = "ADMIN user password (min 12 chars, uppercase, number and symbol required)"
+  type        = string
+  sensitive   = true
+}
+
+variable "adb_workload_type" {
+  description = "Workload type: OLTP (ATP), DW (ADW), AJD (JSON), APEX"
+  type        = string
+  default     = "OLTP"
+
+  validation {
+    condition     = contains(["OLTP", "DW", "AJD", "APEX"], var.adb_workload_type)
+    error_message = "Must be one of: OLTP, DW, AJD, APEX."
+  }
+}
+
+variable "adb_db_version" {
+  description = "Oracle database version"
+  type        = string
+  default     = "26ai"
+}
+
+variable "adb_compute_model" {
+  description = "Compute model for the ADB (ECPU is required for new databases)"
+  type        = string
+  default     = "ECPU"
+}
+
+variable "adb_cpu_core_count" {
+  description = "Number of ECPUs (minimum 2 in ECPU model)"
+  type        = number
+  default     = 2
+}
+
+variable "adb_storage_tbs" {
+  description = "Storage in terabytes (minimum 1)"
+  type        = number
+  default     = 1
+}
+
+variable "adb_auto_scaling" {
+  description = "Enable ECPU auto-scaling (up to 3x the configured value)"
+  type        = bool
+  default     = false
+}
+
+variable "adb_private_endpoint_label" {
+  description = "Label for the ADB private endpoint (used as DNS hostname within the VCN)"
+  type        = string
+  default     = "adbprivate"
+}
+
+# ── Connection security ───────────────────────────────────────
+variable "require_mtls" {
+  description = "Require mutual TLS authentication (mTLS). false = standard TLS"
+  type        = bool
+  default     = false
+}