Series – Get your database running with Terraform part 2: Compartments

Read part 1 from here.

What we need first is a compartment where we will create our resources. Using compartments is a way to isolate and separate access to your resources within your tenancy.

In this example we will create only one compartment where we will have all our resources. If you have larger setup with more users you might want to think separating resources based on their usage and who can manage them.

Nowadays you can also use nested compartments which is handy for managing even larger team / user base with different access levels.

One additional new feature for compartments is that you can delete them too. Earlier you could only rename them (even though the current functionality will just change status to deleted and append random string in the name..).

If you want to go further with compartment setup it’s good to go through policies and how they can control on access within compartments as in case non-administrator user will always need a policy assigned to ones group to access the compartment.

Read more on compartments from here and about policies from here.

Terraform

The following files main.tf and variables.tf will already contain the lines we added in the part 1.

When creating the resource I will need only three variables:

  • Compartment_id – Parent compartment for your new compartment
  • Name – Name for your compartment
  • Description – Self explanatory

If I create compartment on tenancy level then I will submit tenancy_ocid for the resource creation. Remember this already exists as a variable which we did setup on part 1!

In the main.tf I have defined the resource:

resource "oci_identity_compartment" "CreateCompartment" {
  #Required variables
  compartment_id = "${var.tenancy_ocid}"
  description    = "${var.compartment_description}"
  name           = "${var.compartment_name}"
}

Optionally you could define also tags for your resource but in these examples I have not included them.

And in the variables.tf I have set the required values:

// COMPARTMENT VARIABLES
variable "compartment_name" {
  default = "MyCompartment"
} // Name for the compartment

variable "compartment_description" {
  default = "This compartment holds all the DEMO resources"
} // Description for the compartment

Creation

Now I’m ready to create the compartment using files we have applied changes to.

As usual we will run the following: terraform init, terraform plan and terraform apply from the folder where the files are located.

Init will be run to initialize Terraform provider and any modules we would reference. Plan is run so you can see what the execution will do and finally apply will be run to apply the resource.

PS C:\builddemo> terraform.exe plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + oci_identity_compartment.CreateCompartment
      id:              <computed>
      compartment_id:  "ocid1.tenancy.oc1..xxxxxxxxxxxxxxxxxxxxxxa"
      description:     "This compartment holds all the DEMO resources"
      freeform_tags.%: <computed>
      inactive_state:  <computed>
      is_accessible:   <computed>
      name:            "MyCompartment"
      state:           <computed>
      time_created:    <computed>
      time_modified:   <computed>


Plan: 1 to add, 0 to change, 0 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

PS C:\builddemo> terraform.exe apply

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  + oci_identity_compartment.CreateCompartment
      id:              <computed>
      compartment_id:  "ocid1.tenancy.oc1..xxxxxxxxx...xxxxxxxxxxxxa"
      description:     "This compartment holds all the DEMO resources"
      freeform_tags.%: <computed>
      inactive_state:  <computed>
      is_accessible:   <computed>
      name:            "MyCompartment"
      state:           <computed>
      time_created:    <computed>
      time_modified:   <computed>


Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

oci_identity_compartment.CreateCompartment: Creating...
  compartment_id:  "" => "ocid1.tenancy.oc1..xxxxxxxxxxxxxxxxxa"
  description:     "" => "This compartment holds all the DEMO resources"
  freeform_tags.%: "" => "<computed>"
  inactive_state:  "" => "<computed>"
  is_accessible:   "" => "<computed>"
  name:            "" => "MyCompartment"
  state:           "" => "<computed>"
  time_created:    "" => "<computed>"
  time_modified:   "" => "<computed>"
oci_identity_compartment.CreateCompartment: Creation complete after 1s (ID: ocid1.compartment.oc1..xxxxxxxxx...xxxxxxxxxxxxa)

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Now we have created the compartment where we will place all our resources and are ready to move on creating Virtual Cloud Network (VCN).

Simo

View Comments

Recent Posts

Connecting to Autonomous Database Running on Google Cloud

Last time I showed how to provision Autonomous Database Serverless (ADB-S) on Google Cloud. This…

1 month ago

Can you believe it? Provisioning Autonomous Database in GCP!

I bet few years back folks didn't expect that by 2024 we would be able…

2 months ago

IP Address Insights with CLI

My previous post on IP Address Insights I mentioned it wasn't yet available with CLI…

6 months ago

Thoughts on Oracle Database@Azure

This will NOT be a technical walkthrough on Oracle Database@Azure but rather my opinions and…

6 months ago

OCI Vulnerability Scanning Setup

Many times when you work for someone, they already have their own vulnerability scanning throughout…

6 months ago

OCI IP Address Insights

Recently OCI announced small but VERY useful service, IP Address Insights. Why this matters? I've…

6 months ago