oci_core_subnet
This resource provides the Subnet resource in Oracle Cloud Infrastructure Core service.
Creates a new subnet in the specified VCN. You can’t change the size of the subnet after creation, so it’s important to think about the size of subnets you need before creating them. For more information, see VCNs and Subnets. For information on the number of subnets you can have in a VCN, see Service Limits.
For the purposes of access control, you must provide the OCID of the compartment where you want the subnet to reside. Notice that the subnet doesn’t have to be in the same compartment as the VCN, route tables, or other Networking Service components. If you’re not sure which compartment to use, put the subnet in the same compartment as the VCN. For more information about compartments and access control, see Overview of the IAM Service. For information about OCIDs, see Resource Identifiers.
You may optionally associate a route table with the subnet. If you don’t, the subnet will use the VCN’s default route table. For more information about route tables, see Route Tables.
You may optionally associate a security list with the subnet. If you don’t, the subnet will use the VCN’s default security list. For more information about security lists, see Security Lists.
You may optionally associate a set of DHCP options with the subnet. If you don’t, the subnet will use the VCN’s default set. For more information about DHCP options, see DHCP Options.
You may optionally specify a display name for the subnet, otherwise a default is provided. It does not have to be unique, and you can change it. Avoid entering confidential information.
You can also add a DNS label for the subnet, which is required if you want the Internet and VCN Resolver to resolve hostnames for instances in the subnet. For more information, see DNS in Your Virtual Cloud Network.
Example Usage
resource "oci_core_subnet" "test_subnet" {
#Required
cidr_block = var.subnet_cidr_block
compartment_id = var.compartment_id
vcn_id = oci_core_vcn.test_vcn.id
#Optional
availability_domain = var.subnet_availability_domain
defined_tags = {"Operations.CostCenter"= "42"}
dhcp_options_id = oci_core_dhcp_options.test_dhcp_options.id
display_name = var.subnet_display_name
dns_label = var.subnet_dns_label
freeform_tags = {"Department"= "Finance"}
ipv6cidr_block = var.subnet_ipv6cidr_block
ipv6cidr_blocks = var.subnet_ipv6cidr_blocks
prohibit_internet_ingress = var.subnet_prohibit_internet_ingress
prohibit_public_ip_on_vnic = var.subnet_prohibit_public_ip_on_vnic
route_table_id = oci_core_route_table.test_route_table.id
security_list_ids = var.subnet_security_list_ids
}
Argument Reference
The following arguments are supported:
availability_domain- (Optional) Controls whether the subnet is regional or specific to an availability domain. Oracle recommends creating regional subnets because they’re more flexible and make it easier to implement failover across availability domains. Originally, AD-specific subnets were the only kind available to use.To create a regional subnet, omit this attribute. Then any resources later created in this subnet (such as a Compute instance) can be created in any availability domain in the region.
To instead create an AD-specific subnet, set this attribute to the availability domain you want this subnet to be in. Then any resources later created in this subnet can only be created in that availability domain.
Example:
Uocm:PHX-AD-1cidr_block- (Required) (Updatable) The CIDR IP address range of the subnet. The CIDR must maintain the following rules -a. The CIDR block is valid and correctly formatted. b. The new range is within one of the parent VCN ranges.
Example:
10.0.1.0/24compartment_id- (Required) (Updatable) The OCID of the compartment to contain the subnet.defined_tags- (Optional) (Updatable) Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:{"Operations.CostCenter": "42"}dhcp_options_id- (Optional) (Updatable) The OCID of the set of DHCP options the subnet will use. If you don’t provide a value, the subnet uses the VCN’s default set of DHCP options.display_name- (Optional) (Updatable) A user-friendly name. Does not have to be unique, and it’s changeable. Avoid entering confidential information.dns_label- (Optional) A DNS label for the subnet, used in conjunction with the VNIC’s hostname and VCN’s DNS label to form a fully qualified domain name (FQDN) for each VNIC within this subnet (for example,bminstance1.subnet123.vcn1.oraclevcn.com). Must be an alphanumeric string that begins with a letter and is unique within the VCN. The value cannot be changed.This value must be set if you want to use the Internet and VCN Resolver to resolve the hostnames of instances in the subnet. It can only be set if the VCN itself was created with a DNS label.
For more information, see DNS in Your Virtual Cloud Network.
Example:
subnet123freeform_tags- (Optional) (Updatable) Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:{"Department": "Finance"}ipv6cidr_block- (Optional) (Updatable) Use this to enable IPv6 addressing for this subnet. The VCN must be enabled for IPv6. You can’t change this subnet characteristic later. All subnets are /64 in size. The subnet portion of the IPv6 address is the fourth hextet from the left (1111 in the following example).For important details about IPv6 addressing in a VCN, see IPv6 Addresses.
Example:
2001:0db8:0123:1111::/64ipv6cidr_blocks- (Optional) (Updatable) The list of all IPv6 prefixes (Oracle allocated IPv6 GUA, ULA or private IPv6 prefixes, BYOIPv6 prefixes) for the subnet that meets the following criteria:- The prefixes must be valid.
- Multiple prefixes must not overlap each other or the on-premises network prefix.
- The number of prefixes must not exceed the limit of IPv6 prefixes allowed to a subnet.
prohibit_internet_ingress- (Optional) Whether to disallow ingress internet traffic to VNICs within this subnet. Defaults to false.For IPv6, if
prohibitInternetIngressis set totrue, internet access is not allowed for any IPv6s assigned to VNICs in the subnet. Otherwise, ingress internet traffic is allowed by default.prohibitPublicIpOnVnicwill be set to the value ofprohibitInternetIngressto dictate IPv4 behavior in this subnet. Only one or the other flag should be specified.Example:
trueprohibit_public_ip_on_vnic- (Optional) Whether VNICs within this subnet can have public IP addresses. Defaults to false, which means VNICs created in this subnet will automatically be assigned public IP addresses unless specified otherwise during instance launch or VNIC creation (with theassignPublicIpflag in CreateVnicDetails). IfprohibitPublicIpOnVnicis set to true, VNICs created in this subnet cannot have public IP addresses (that is, it’s a private subnet).If you intend to use an IPv6 prefix, you should use the flag
prohibitInternetIngressto specify ingress internet traffic behavior of the subnet.Example:
trueroute_table_id- (Optional) (Updatable) The OCID of the route table the subnet will use. If you don’t provide a value, the subnet uses the VCN’s default route table.security_list_ids- (Optional) (Updatable) The OCIDs of the security list or lists the subnet will use. If you don’t provide a value, the subnet uses the VCN’s default security list. Remember that security lists are associated with the subnet, but the rules are applied to the individual VNICs in the subnet.vcn_id- (Required) The OCID of the VCN to contain the subnet.
** IMPORTANT ** Any change to a property that does not support update will force the destruction and recreation of the resource with the new property values
Attributes Reference
The following attributes are exported:
availability_domain- The subnet’s availability domain. This attribute will be null if this is a regional subnet instead of an AD-specific subnet. Oracle recommends creating regional subnets. Example:Uocm:PHX-AD-1cidr_block- The subnet’s CIDR block. Example:10.0.1.0/24compartment_id- The OCID of the compartment containing the subnet.defined_tags- Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags. Example:{"Operations.CostCenter": "42"}dhcp_options_id- The OCID of the set of DHCP options that the subnet uses.display_name- A user-friendly name. Does not have to be unique, and it’s changeable. Avoid entering confidential information.dns_label- A DNS label for the subnet, used in conjunction with the VNIC’s hostname and VCN’s DNS label to form a fully qualified domain name (FQDN) for each VNIC within this subnet (for example,bminstance1.subnet123.vcn1.oraclevcn.com). Must be an alphanumeric string that begins with a letter and is unique within the VCN. The value cannot be changed.The absence of this parameter means the Internet and VCN Resolver will not resolve hostnames of instances in this subnet.
For more information, see DNS in Your Virtual Cloud Network.
Example:
subnet123freeform_tags- Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags. Example:{"Department": "Finance"}id- The subnet’s Oracle ID (OCID).ipv6cidr_block- For an IPv6-enabled subnet, this is the IPv6 prefix for the subnet’s IP address space. The subnet size is always /64. See IPv6 Addresses. Example:2001:0db8:0123:1111::/64ipv6cidr_blocks- The list of all IPv6 prefixes (Oracle allocated IPv6 GUA, ULA or private IPv6 prefixes, BYOIPv6 prefixes) for the subnet.ipv6virtual_router_ip- For an IPv6-enabled subnet, this is the IPv6 address of the virtual router. Example:2001:0db8:0123:1111:89ab:cdef:1234:5678prohibit_internet_ingress- Whether to disallow ingress internet traffic to VNICs within this subnet. Defaults to false.For IPV4,
prohibitInternetIngressbehaves similarly toprohibitPublicIpOnVnic. If it is set to false, VNICs created in this subnet will automatically be assigned public IP addresses unless specified otherwise during instance launch or VNIC creation (with theassignPublicIpflag in CreateVnicDetails). IfprohibitInternetIngressis set to true, VNICs created in this subnet cannot have public IP addresses (that is, it’s a privatesubnet).For IPv6, if
prohibitInternetIngressis set totrue, internet access is not allowed for any IPv6s assigned to VNICs in the subnet. Otherwise, ingress internet traffic is allowed by default.Example:
trueprohibit_public_ip_on_vnic- Whether VNICs within this subnet can have public IP addresses. Defaults to false, which means VNICs created in this subnet will automatically be assigned public IP addresses unless specified otherwise during instance launch or VNIC creation (with theassignPublicIpflag in CreateVnicDetails). IfprohibitPublicIpOnVnicis set to true, VNICs created in this subnet cannot have public IP addresses (that is, it’s a private subnet). Example:trueroute_table_id- The OCID of the route table that the subnet uses.security_list_ids- The OCIDs of the security list or lists that the subnet uses. Remember that security lists are associated with the subnet, but the rules are applied to the individual VNICs in the subnet.state- The subnet’s current state.subnet_domain_name- The subnet’s domain name, which consists of the subnet’s DNS label, the VCN’s DNS label, and theoraclevcn.comdomain.For more information, see DNS in Your Virtual Cloud Network.
Example:
subnet123.vcn1.oraclevcn.comtime_created- The date and time the subnet was created, in the format defined by RFC3339. Example:2016-08-25T21:10:29.600Zvcn_id- The OCID of the VCN the subnet is in.virtual_router_ip- The IP address of the virtual router. Example:10.0.14.1virtual_router_mac- The MAC address of the virtual router. Example:00:00:00:00:00:01
Timeouts
The timeouts block allows you to specify timeouts for certain operations:
* create - (Defaults to 20 minutes), when creating the Subnet
* update - (Defaults to 20 minutes), when updating the Subnet
* delete - (Defaults to 20 minutes), when destroying the Subnet
Import
Subnets can be imported using the id, e.g.
$ terraform import oci_core_subnet.test_subnet "id"