Previous part three on creating VCN can be found from here.

Now let’s start with basics. What are IGW and NAT GW.

Internet Gateway (IGW) in OCI is the connection point which routes your VCN traffic from and to public Internet depending on what traffic you allow through your security lists. If you use an IGW that means your subnet is a public one.

NAT Gateway (Network Address Translation) routes traffic outside to public internet from your private subnet. Let’s say you want to download patches or have a interface requiring data from public internet and you need to run your services on private subnet, then NAT GW is a good choice for you.

Both services are configured with high availability so you don’t need to do any further configuration except the usual setup. Both can be used only for traffic which originates from your VCN.

OCI documentation has also typical networking scenarios described which touches routing and other components I haven’t touched yet in this series but it gives good info on what you need on different cases. You can read it from here.

Terraform

At this point we have Compartment and VCN deployed which are required to create these resources.

I will add following lines to main.tf.

//Create NAT GW so private subnet will have access to Internet

resource "oci_core_nat_gateway" "CreateNatGateway" {
  compartment_id = "${oci_identity_compartment.CreateCompartment.id}"
  vcn_id         = "${oci_core_virtual_network.CreateVCN.id}"
  block_traffic  = "${var.nat_gateway_block_traffic}"
  display_name   = "${var.nat_gateway_display_name}"
}

//Create Internet Gateway for Public subnet

resource "oci_core_internet_gateway" "CreateIGW" {
  compartment_id = "${oci_identity_compartment.CreateCompartment.id}"
  enabled        = "${var.internet_gateway_enabled}"
  vcn_id         = "${oci_core_virtual_network.CreateVCN.id}"
  display_name   = "${var.internet_gateway_display_name}"
}

I’ve highlighted the use of previously created resources and usage of their OCID’s. In addition to those both resources just need variable for their name and if they are enabled or not (or block traffic).

In variables.tf I have:

// NAT GW VARIABLES
variable "nat_gateway_display_name" {
  default = "NatGateway"
} // Name for the NAT GW

variable "nat_gateway_block_traffic" {
  default = "false"
} // Is NAT GW active or not

// INTERNET GW VARIABLES

variable "internet_gateway_display_name" {
  default = "InternetGateway"
} // Name for the IGW

variable "internet_gateway_enabled" {
  default = "true"
} // Is IGW enabled or not

Next step is to run terraform, I’ve already executed terraform plan and see it adds two resources on top of existing configuration.

PS C:\git\OCI\terraform-templates\examples\builddemo> terraform.exe apply
oci_identity_compartment.CreateCompartment: Refreshing state... (ID: ocid1.compartment.oc1..aaaaaaaav43jwd5o...xxxxx)
oci_core_virtual_network.CreateVCN: Refreshing state... (ID: ocid1.vcn.oc1.eu-frankfurt-1.aaaaaaaar2...xxxxx)

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + oci_core_internet_gateway.CreateIGW
      id:              <computed>
      compartment_id:  "ocid1.compartment.oc1..xxxxx"
      display_name:    "InternetGateway"
      enabled:         "true"
      freeform_tags.%: <computed>
      state:           <computed>
      time_created:    <computed>
      time_modified:   <computed>
      vcn_id:          "ocid1.vcn.oc1.eu-frankfurt-1.xxxxx"

  + oci_core_nat_gateway.CreateNatGateway
      id:              <computed>
      block_traffic:   "false"
      compartment_id:  "ocid1.compartment.oc1..xxxxx"
      display_name:    "NatGateway"
      freeform_tags.%: <computed>
      nat_ip:          <computed>
      state:           <computed>
      time_created:    <computed>
      vcn_id:          "ocid1.vcn.oc1.eu-frankfurt-1.xxxxx"


Plan: 2 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

oci_core_internet_gateway.CreateIGW: Creating...
  compartment_id:  "" => "ocid1.compartment.oc1..xxxxx"
  display_name:    "" => "InternetGateway"
  enabled:         "" => "true"
  freeform_tags.%: "" => "<computed>"
  state:           "" => "<computed>"
  time_created:    "" => "<computed>"
  time_modified:   "" => "<computed>"
  vcn_id:          "" => "ocid1.vcn.oc1.eu-frankfurt-1.xxxxx"
oci_core_nat_gateway.CreateNatGateway: Creating...
  block_traffic:   "" => "false"
  compartment_id:  "" => "ocid1.compartment.oc1..xxxxx"
  display_name:    "" => "NatGateway"
  freeform_tags.%: "" => "<computed>"
  nat_ip:          "" => "<computed>"
  state:           "" => "<computed>"
  time_created:    "" => "<computed>"
  vcn_id:          "" => "ocid1.vcn.oc1.eu-frankfurt-1.xxxxx"
oci_core_internet_gateway.CreateIGW: Creation complete after 1s (ID: ocid1.internetgateway.oc1.eu-frankfurt-...xxxxx)
oci_core_nat_gateway.CreateNatGateway: Creation complete after 2s (ID: ocid1.natgateway.oc1.eu-frankfurt-1.aaa...xxxxx)

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.

I’ve highlighted the part where Terraform refreshes the state of already created resources. Rest is business as usual and it creates our two new resources in a matter of few seconds.

Now we have IGW and NAT GW available. Next we need to create route tables where we will assign these and finally the route tables will be assigned to subnets so traffic gets routed correctly.

Leave a Reply

Your email address will not be published. Required fields are marked *