Previous part three on creating VCN can be found from here.
Now let’s start with basics. What are IGW and NAT GW.
Internet Gateway (IGW) in OCI is the connection point which routes your VCN traffic from and to public Internet depending on what traffic you allow through your security lists. If you use an IGW that means your subnet is a public one.
NAT Gateway (Network Address Translation) routes traffic outside to public internet from your private subnet. Let’s say you want to download patches or have a interface requiring data from public internet and you need to run your services on private subnet, then NAT GW is a good choice for you.
Both services are configured with high availability so you don’t need to do any further configuration except the usual setup. Both can be used only for traffic which originates from your VCN.
OCI documentation has also typical networking scenarios described which touches routing and other components I haven’t touched yet in this series but it gives good info on what you need on different cases. You can read it from here.
At this point we have Compartment and VCN deployed which are required to create these resources.
I will add following lines to main.tf.
//Create NAT GW so private subnet will have access to Internet
resource "oci_core_nat_gateway" "CreateNatGateway" {
compartment_id = "${oci_identity_compartment.CreateCompartment.id}"
vcn_id = "${oci_core_virtual_network.CreateVCN.id}"
block_traffic = "${var.nat_gateway_block_traffic}"
display_name = "${var.nat_gateway_display_name}"
}
//Create Internet Gateway for Public subnet
resource "oci_core_internet_gateway" "CreateIGW" {
compartment_id = "${oci_identity_compartment.CreateCompartment.id}"
enabled = "${var.internet_gateway_enabled}"
vcn_id = "${oci_core_virtual_network.CreateVCN.id}"
display_name = "${var.internet_gateway_display_name}"
}
I’ve highlighted the use of previously created resources and usage of their OCID’s. In addition to those both resources just need variable for their name and if they are enabled or not (or block traffic).
In variables.tf I have:
// NAT GW VARIABLES
variable "nat_gateway_display_name" {
default = "NatGateway"
} // Name for the NAT GW
variable "nat_gateway_block_traffic" {
default = "false"
} // Is NAT GW active or not
// INTERNET GW VARIABLES
variable "internet_gateway_display_name" {
default = "InternetGateway"
} // Name for the IGW
variable "internet_gateway_enabled" {
default = "true"
} // Is IGW enabled or not
Next step is to run terraform, I’ve already executed terraform plan and see it adds two resources on top of existing configuration.
PS C:\git\OCI\terraform-templates\examples\builddemo> terraform.exe apply
oci_identity_compartment.CreateCompartment: Refreshing state... (ID: ocid1.compartment.oc1..aaaaaaaav43jwd5o...xxxxx)
oci_core_virtual_network.CreateVCN: Refreshing state... (ID: ocid1.vcn.oc1.eu-frankfurt-1.aaaaaaaar2...xxxxx)
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
+ oci_core_internet_gateway.CreateIGW
id: <computed>
compartment_id: "ocid1.compartment.oc1..xxxxx"
display_name: "InternetGateway"
enabled: "true"
freeform_tags.%: <computed>
state: <computed>
time_created: <computed>
time_modified: <computed>
vcn_id: "ocid1.vcn.oc1.eu-frankfurt-1.xxxxx"
+ oci_core_nat_gateway.CreateNatGateway
id: <computed>
block_traffic: "false"
compartment_id: "ocid1.compartment.oc1..xxxxx"
display_name: "NatGateway"
freeform_tags.%: <computed>
nat_ip: <computed>
state: <computed>
time_created: <computed>
vcn_id: "ocid1.vcn.oc1.eu-frankfurt-1.xxxxx"
Plan: 2 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
oci_core_internet_gateway.CreateIGW: Creating...
compartment_id: "" => "ocid1.compartment.oc1..xxxxx"
display_name: "" => "InternetGateway"
enabled: "" => "true"
freeform_tags.%: "" => "<computed>"
state: "" => "<computed>"
time_created: "" => "<computed>"
time_modified: "" => "<computed>"
vcn_id: "" => "ocid1.vcn.oc1.eu-frankfurt-1.xxxxx"
oci_core_nat_gateway.CreateNatGateway: Creating...
block_traffic: "" => "false"
compartment_id: "" => "ocid1.compartment.oc1..xxxxx"
display_name: "" => "NatGateway"
freeform_tags.%: "" => "<computed>"
nat_ip: "" => "<computed>"
state: "" => "<computed>"
time_created: "" => "<computed>"
vcn_id: "" => "ocid1.vcn.oc1.eu-frankfurt-1.xxxxx"
oci_core_internet_gateway.CreateIGW: Creation complete after 1s (ID: ocid1.internetgateway.oc1.eu-frankfurt-...xxxxx)
oci_core_nat_gateway.CreateNatGateway: Creation complete after 2s (ID: ocid1.natgateway.oc1.eu-frankfurt-1.aaa...xxxxx)
Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
I’ve highlighted the part where Terraform refreshes the state of already created resources. Rest is business as usual and it creates our two new resources in a matter of few seconds.
Now we have IGW and NAT GW available. Next we need to create route tables where we will assign these and finally the route tables will be assigned to subnets so traffic gets routed correctly.
Last time I showed how to provision Autonomous Database Serverless (ADB-S) on Google Cloud. This…
I bet few years back folks didn't expect that by 2024 we would be able…
This will NOT be a technical walkthrough on Oracle Database@Azure but rather my opinions and…
Recently OCI announced small but VERY useful service, IP Address Insights. Why this matters? I've…
View Comments
HI ,
Thank you . This was very informative .
Would you have an idea of how Oracle prices these network components ?
Ive been doing some research and the pricing calculator always seems to consider only the network utilization but I dont see a cost for the usage for each individual components like NAT Gateways .
NAT and IGW gateways are not separately priced AFAIK so you only pay for the traffic (if any). So makes calculations lot easier!