oci-cis-landingzone-quickstart

oci-cis-landingzone-quickstart copied to clipboard

Error while deploying

5

Encountering error below when i execute apply 

meresey

Error launching running the Landing zone with a preconfig.

1

Hello we are constantly getting permission issues when running the landing zone as a non admin. We ran the pre-config, in the root compartment before running the main config. After...

nishanbrown

I deployed the Hub/Spoke configuration with DMZ. I would have expected the DMZ indoor route table to include a route rule that goes through the NAT gateway. I found that...

gillfimj

Value for undeclared variable

1

During the terrfaform plan step, received the warning, "The root module does not declare a variable named "subnets_name"". This is due to the mismatch between the variable name in the...

gillfimj

Error: 400-InvalidParameter, Service {Fssoc15Prod} does not exist.

2

Warning: Experimental feature "module_variable_optional_attrs" is active on .terraform/modules/lz_compartments/compartments/providers.tf line 11, in terraform: 11: experiments = [module_variable_optional_attrs] Experimental features are subject to breaking changes in future minor or patch releases, based...

mshimul

1.14 fails to recognize wildcard in policy

1

My policies for storage admins do not allow to delete using the following constructs: _allow group storage-admins to manage file-family in compartment xyz where request.permission != /*DELETE*/_ or _allow group...

hslange

The creation of a bastion-nsg is confusing because you can't attach an NSG to a Bastion service private endpoint AFAICT

1

Using the v2 Landing Zone, I see there is a bastion-nsg created and the rules allow egress to the other NSGs (app-nsg, db-nsg, lbr-nsg). And the app-nsg, db-nsg, lbr-nsg NSGs...

LanceBraswell

Warning: Experimental feature "module_variable_optional_attrs" is active on .terraform/modules/lz_access_governance_policies/policies/providers.tf line 14, in terraform: 14: experiments = [module_variable_optional_attrs] Experimental features are subject to breaking changes in future minor or patch releases, based...

mshimul

False Alarm for IdP - "Ensure a notification is configured for Identity Provider changes"

2

We have ran the CIS Compliance script and received the non-compliance alert: "Ensure a notification is configured for Identity Provider changes" with recommendation to create the Event Rule for Identity...

ydolbnev

CIS check 4.13 says: _Ensure VCN flow logging is enabled for all subnets_ In our implementation is build using the modules from [terraform-oci-modules-observability](https://github.com/oci-landing-zones/terraform-oci-modules-observability) We create VCN flow logs for an...

hslange