|
1 | 1 | # Customizing the landing zone topology |
2 | 2 |
|
3 | | -## Overview of the landing-zone customization options |
4 | | - |
5 | | -The Landing Zone module is designed to enable both lightweight and deep |
6 | | -customizations of the VPC topology, inclusive of all associated |
7 | | -services that are deployed to make the VPC topology compliant. In a nutshell, there are |
8 | | -two ways the topology can be customized: |
9 | | -1. By using Terraform input variables. The module exposes over 70 input |
10 | | - variables that can be used to tweaks aspects of the VPC topology |
11 | | - that is deployed. See them as "knobs" that you can turn to slightly |
12 | | - adjust the desired VPC topology. |
13 | | -2. By using a json definition, which enables deeper and |
14 | | - broader types of customizations. The Landing Zone module accepts a json input in the form of a file or through a string containing a json definition. Using a json definition, you can fully |
15 | | - customize all aspects of the topology, beyond the use of the |
16 | | - Terraform input variables. |
17 | | - |
18 | | -## Defining our custom topology with a json definition |
19 | | - |
20 | | -In this lab, we are going to use the json-based approach to define a |
21 | | -topology that matches the manual steps followed in lab 1 of the |
22 | | -lab. Starting from the definition for the standard VSI landing zone pattern as a starting point, we make the following customizations: |
23 | | -- Expose one of the VSI in the management VPC through a public floating IP -- this is our "jump box". |
24 | | -- Add a public VPC load balancer serving public http traffic and distribiting requests to the VSIs in the workload VPC |
25 | | -- All necessary adjustments to the network ACL and security group to accommodate inbound and outbound traffic to the management jump box (ssh access) and the workload (http). |
26 | | - |
27 | | -### Creating the json definition |
28 | | - |
29 | | -There are three ways to produce a json definition that codify the desired |
30 | | -topology -- ranked by order of complexity: |
31 | | -1. The first way is to use the Graphical User Inferface tool provided |
32 | | - at |
33 | | - <https://slz-gui.15z7evpngrsf.us-south.codeengine.appdomain.cloud/> |
34 | | - to guide your through a step-by-step documented wizard leading to |
35 | | - the produce a valid JSON file. The GUI tool also allows you to |
36 | | - import an existing json file and start customizations from there. |
37 | | -  |
38 | | -2. The second way is to start making customization through the |
39 | | - terraform input variable. The Landing Zone module has got one output |
40 | | - named "config" that contains a JSON definition that includes the |
41 | | - customizations made through the terraform input variables. From that |
42 | | - point, you can make further customization manually or through the |
43 | | - GUI tool mentioned above. |
44 | | -3. The third way is to start from a copy of the json definition of one |
45 | | - of the 4 patterns provided out-of-the-box with the Landing Zone |
46 | | - module [here](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/tree/main/patterns) |
47 | | - . For example, the JSON file for the standard VSI-based Landing Zone |
48 | | - is located under the [vsi directory](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/blob/main/patterns/vsi/override.json). From that point, make customization to the copy of that JSON file |
49 | | - either through the GUI or manually. |
50 | | - |
51 | | -### Creating the json definition |
52 | | - |
53 | | -In this lab, we provide the JSON file containing those customizations |
54 | | -[here](https://github.com/IBM/infra-to-app-with-landing-zone/blob/main/custom-slz/override.tftpl) . |
55 | | - |
56 | | -?> _TODO_ ensure the gui is updated before the lab |
57 | | - |
58 | | -You may take a few moment to explore the content of the provided json definition: |
59 | | - 1. Import the json definition in the Graphical User Inferface tool provided at <https://slz-gui.15z7evpngrsf.us-south.codeengine.appdomain.cloud/>. |
60 | | - 2. Click the Import JSON button and copy paste the content of the JSON definition. |
61 | | -  |
62 | | - 3. After import, you can use the GUI to explore the various facet of the topology using the right-hand menu. Of particular interest in the scope of the customizations are the [VPC Access control](https://slz-gui.15z7evpngrsf.us-south.codeengine.appdomain.cloud/nacls), [Security Groups](https://slz-gui.15z7evpngrsf.us-south.codeengine.appdomain.cloud/securityGroups), and [Virtual Server Instances](https://slz-gui.15z7evpngrsf.us-south.codeengine.appdomain.cloud/vsi) sections. |
| 3 | +## Two ways to customize |
63 | 4 |
|
| 5 | +The landing zone module is designed to enable both lightweight and deep customizations of the VPC topology, including all the services that are deployed to make the VPC topology compliant. |
64 | 6 |
|
| 7 | +In a nutshell, you can customize the topology in two ways: |
| 8 | + |
| 9 | +- By using Terraform input variables. |
| 10 | + |
| 11 | + The module accepts more than 70 input variables that you can use to tweak the VPC topology. Consider the input variables as "knobs" that you can turn to adjust the topology. |
| 12 | +- By passing a JSON string value to the `override.json` variable. |
| 13 | + |
| 14 | + The override file enables deeper and broader types of customizations. By using a JSON file, you can fully customize aspects of the topology beyond what you can achieve with Terraform input variables. |
| 15 | + |
| 16 | +## Defining our custom topology with a JSON definition |
| 17 | + |
| 18 | +In this lab, you use the JSON override file to define a topology that matches the manual steps that you followed in the lab 1. |
| 19 | + |
| 20 | +As a refresher, here's what you did in lab 1: |
| 21 | + |
| 22 | +- Created a VPC-topology based on the standard SLZ pattern. |
| 23 | +- Exposed one VSI in the management VPC through a public floating IP address (our "jump box"). |
| 24 | +- Exposed one VSI in the workload VPC behind a public load balancer. |
| 25 | +- Made the necessary adjustments to the network ACL and security group to accommodate inbound and outbound traffic to the management jump box and the workload. |
| 26 | + |
| 27 | +### Creating the JSON definition |
| 28 | + |
| 29 | +You can create a JSON file that codifies the topology that you want in one of three ways. The following list orders the methods from least complex to most complex: |
| 30 | + |
| 31 | +- Use the [secure landing zone wizard](https://slz-gui.15z7evpngrsf.us-south.codeengine.appdomain.cloud/) to produce a valid JSON file. |
| 32 | + |
| 33 | + The wizard also supports importing an existing JSON file and start from there. |
| 34 | + |
| 35 | +  |
| 36 | +- Customize the definition through a Terraform input variable. |
| 37 | + |
| 38 | + The landing zone module produces an output that is named `config`. The `config` output contains a JSON definition with all the customizations that are made through the Terraform input variables. You can start with this output and make more customizations, either manually or through the wizard in the previous method. |
| 39 | +- The third way is to start from a copy of the JSON definition in one of the four [patterns](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/tree/main/patterns) that are provided with the landing zone module. |
| 40 | + |
| 41 | + For example, the JSON file for the standard VSI-based landing zone is located under the [vsi](https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone/blob/main/patterns/vsi/override.json) directory. You can customize a copy of that JSON pattern file either manually or through the wizard. |
| 42 | + |
| 43 | +### Creating the JSON definition |
| 44 | + |
| 45 | +For this lab, use the customized JSON file at https://github.com/IBM/infra-to-app-with-landing-zone/blob/main/custom-slz/override.tftpl. |
0 commit comments