IBM Cloud VPC Landing Zone (Lite)
VPC with subnets, public gateways, ACLs, and security groups following IBM SLZ patterns.
Verification
Plan-validatedPassed: module logic verified on a mocked plan — inputs, validation rules, conditional creation and outputs resolve (no real provider, no cloud).
Conformance
- Static validation (fmt · validate · tflint)
- Security scan clean (Checkov)
- Plan tests (mocked: validation rules · outputs)
Provenance
- SHA-256 checksum
- Signature (pending)
Functional
- Live test pending (no cloud run yet)
Last verified 2026-06-28 · how we verify
Documentation
ibm-vpc-landing
IBM Cloud VPC Landing Zone (Lite) — a VPC with subnets, public gateways,
ACLs, and security groups following IBM Secure Landing Zone patterns. Works
with Terraform and OpenTofu (>= 1.6), IBM Cloud provider >= 2.0, < 3.0.
Secure defaults:
- Manual address-prefix management — only the ranges you declare exist
- A deny-by-default network ACL attached to every subnet (only VPC-internal traffic inbound and all traffic outbound; the internet-wide stateless ephemeral inbound allowance is off by default and must be opted into)
- Public gateways created only for zones whose subnets opt in
- A workload security group with zero inbound exposure until you declare
tcp_ingress_rules(intra-group traffic optional, outbound open)
Requirements
- Terraform or OpenTofu
>= 1.6 IBM-Cloud/ibmprovider>= 2.0, < 3.0- An IBM Cloud API key with VPC Infrastructure Services access
Verification
Static-validated (fmt, validate, tflint). Live apply/destroy testing pending cloud sandbox availability — see catalog status.
License
Commercial — IaC Bazaar EULA. © IaC Bazaar. Original work (not derived from a third-party module).
Usage code & full reference unlock after purchase
The complete copy-paste usage, the full input/output reference, and operational notes ship with your licence — shown here and bundled in the download.
- Usage
- Inputs
- Outputs
- Notes