OCI: An argument named "subnet_id" is not expected here

Terraform Providers
1

Hi ,

I am trying to add Ingress rule by creating security list in OCI for subnet .

But i am unable to security list for subnet as i see below error.

====
on main.tf line 29, in resource “oci_core_security_list” “testinstance”:
29: subnet = var.subnet_ocid

An argument named “subnet” is not expected here.

Code as below:

resource “oci_core_security_list” “test” {
compartment_id = var.compartment_ocid
vcn_id = var.vcn_id
subnet = var.subnet_ocid
// allow outbound traffic on a port range
egress_security_rules {
description = “outbound”
destination = format("%s/16", oci_core_instance.testinstance.public_ip)
protocol = “all”
stateless = true

}

// allow inbound traffic from a specific port
ingress_security_rules {
protocol = “all”
source = format("%s/32", oci_core_instance.testinstance.public_ip)
stateless = true
}

I am able to create security list and ingress rule for VCN with below code:

resource “oci_core_security_list” “testinstance” {
compartment_id = var.compartment_ocid
vcn_id = var.vcn_id
// allow outbound traffic on a port range
egress_security_rules {
description = “outbound”
destination = format("%s/16", oci_core_instance.testinstance.public_ip)
protocol = “all”
stateless = true

}

// allow inbound traffic from a specific port
ingress_security_rules {
protocol = “all”
source = format("%s/16", oci_core_instance.testinstance.public_ip)
stateless = true
}

Please guide me here.

Thanks in advance!

2

Security lists don’t have a subnet_id attribute:
https://registry.terraform.io/providers/hashicorp/oci/latest/docs/resources/core_security_list
You attach it to a subnet in the subnet resource security_list_ids
https://registry.terraform.io/providers/hashicorp/oci/latest/docs/resources/core_subnet

3

Thank you @twmcelroy for sharing the URL.

I had tried adding Security list OCID to oci_core_subnet and I got below error

===
Error: Incorrect attribute value type

on main.tf line 56, in resource “oci_core_subnet” “test_subnet”:
56: security_list_ids = var.subnet_security_list_ids
|----------------
| var.subnet_security_list_ids is “ocid1.securitylist.aaaaaaaada2p4se3rlu2vmtg4w7ilcevjd7ju4754ulxwm52vdi”

I am new to Terraform and It will be very helpful if you share an example code on how to attach the security list created using oci_core_security_list to the existing subnet.

Please share the example code.

thanks in Advance!

4

Ya oracle has not documented it well. It should be an array. Generally if you see a variable like ids for the oracle provider, it will be an array of strings
security_list_ids = [ocid1, ocid2, ocid3] or what is better is you doing
security_list_ids = [oci_core_security_list.mylist1.id, oci_core_security_list.mylist2.id]

Most of my stuff is modularized so i dont have an example at the ready but here is from my subnet module

resource “oci_core_subnet” “this” {
#Required
cidr_block = var.subnet_cidr_block
compartment_id = var.subnet_compartment_id
vcn_id = var.vcn_id

#Optional
availability_domain = var.subnet_availability_domain 
defined_tags = var.subnet_defined_tags
dhcp_options_id = var.subnet_dhcp_options_id 
display_name = var.subnet_display_name
dns_label = var.subnet_dns_label 
freeform_tags = var.subnet_freeform_tags
ipv6cidr_block = var.subnet_ipv6cidr_block
prohibit_public_ip_on_vnic = var.private_subnet
//route_table_id = var.subnet_route_table_id
security_list_ids = [data.oci_core_vcn.attach_vcn.default_security_list_id, var.subnet_add_security_list_ids, oci_core_security_list.this.id]

}

So you can see I attach the subnets with an array. You can choose the put the route_table_id in there as well (just 1 string, since only 1 route table allowed). I was getting some cycle errors where it would be dependent on something else so I always create the route table and then use the route table attachment resource to attach it to the subnet.

Feel free to ask any other question. Always happy to help someone on OCI!

5

Hi @twmcelroy

I did try the shared option but did not add the security list.

We have options in UI to Add security lists for the subnet. I am trying to achieve this using terraform.

Please can you guide how to proceed with this?

Thank you very much for your guidance.

6

Can I see the code that you have used for the subnet resource and the security list resource? That will help me pinpoint the error.

7

Hi @twmcelroy

Please find my main.tf file as below.

====
resource “oci_core_instance” “testing” {
availability_domain = var.adid
compartment_id = var.compartment_ocid
display_name = “vm”
shape = var.instance_shape

source_details {
source_type = “image”
source_id = var.instance_image_ocid
}

create_vnic_details {
subnet_id = var.subnet_ocid
display_name = “vnic”
assign_public_ip = true
}

timeouts {
create = “20m”
}

}

resource “oci_core_security_list” “testing” {
compartment_id = var.compartment_ocid
vcn_id = var.vcn_id
display_name = “test”
egress_security_rules {
destination = format("%s/32", oci_core_instance.testing.public_ip)
protocol = “all”
stateless = true

}

ingress_security_rules {
protocol = “all”
source = format("%s/32", oci_core_instance.testing.public_ip)
stateless = true
}

}

resource “oci_core_subnet” “ts_subnet” {
cidr_block = “10.0.0.0/16”
compartment_id = var.compartment_ocid
vcn_id = var.vcn_id
security_list_ids = [oci_core_security_list.testing.id]

}

Please check and guide me where I am wrong and let me know if any changes to the script.

Thanks in Advance!

8

and what is your output for terraform init, terraform plan and terraform apply