Prepare to Provision the Infrastructure Resources
Install Terraform and generate the required keys to create the infrastructure resources in Oracle Cloud.
Before You Begin
Before you begin creating resources in Oracle Cloud Infrastructure, ensure that you have the following:
-
Credentials for an Oracle Cloud tenancy.
- A compartment, with permission to create and manage resources in it.
-
A computer that has the following software and access to the internet:
-
A utility to generate API signing keys.
Most UNIX-like systems have
openssl
. On Windows, you can use Git Bash. -
A utility to generate SSH key pairs.
Most UNIX-like systems have
ssh-keygen
. On Windows, you can use PuTTY. -
A web browser.
-
-
Basic knowledge of Terraform.
At a minimum, read the introduction at https://www.terraform.io/intro/.
Install Terragrunt
Terragrunt is a third-party tool to apply and manage Terraform modules efficiently. Instead of applying the modules individually using Terraform, you can deploy the resources defined in all the modules, in the correct sequence, by using a single Terragrunt operation.
Note:
If you install Terragrunt on Linux or macOS by usingbrew
, then Terraform is installed automatically as one of the dependencies. You don't need to install Terraform.
Install Terraform
On UNIX-like or Linux systems, including Oracle Linux, you can install Terraform by downloading and extracting the Terraform package for your operating system.
Generate an API Signing Key
To enable Terraform to authenticate with Oracle Cloud Infrastructure, you must provide an RSA key in the privacy-enhanced mail (PEM) format. This key is not the same as the SSH key that you use to access your compute instances.
OpenSSL
to generate the API signing key.
Upload the API Signing Key
After you generate an API signing key, upload the public key for the appropriate user in Oracle Cloud Infrastructure.
Generate an SSH Key Pair for the Bastion Host
An SSH key pair is used to enable secure access to instances. You generate an key pair on your local host. The Terraform modules then add the public key to the bastion host. When you connect to the bastion host, you provide the private key to authenticate access.
Generate an SSH Key Pair for the Private Instances
A bastion host enables SSH forwarding to the instances that don’t have public IP addresses. To access such private instances securely through the bastion host, you use an SSH key pair. As a security best practice, this key pair should not be the same as the key pair that you use for the bastion host.