DRG Hub & Spoke Connectivity

oci-drg-hub

Status: static-validated, live-test pending. This module ships under live-test quarantine — it passes tofu fmt, tofu validate and tflint, but a real apply → verify → destroy has not yet run (no OCI cloud sandbox available). Promotion to a full live-tested artifact follows when a sandbox exists.

Dynamic Routing Gateway as a hub-and-spoke connectivity fabric: one DRG with VCN spoke attachments, custom DRG route tables, route distributions, optional remote peering (cross-region / cross-tenancy), and Site-to-Site VPN (IPSec) attach points to on-prem CPE devices. Works with Terraform and OpenTofu (>= 1.6), OCI provider >= 8.0, < 9.0.

Secure / deliberate defaults:

• VCN attachments bind to an explicit custom DRG route table when one is named, so transit routing is intentional rather than the auto-generated default.
• IPSec connections require static_routes (the on-prem prefixes) — no wildcard transit is implied; you advertise exactly what you mean to.
• Remote Peering Connections are created un-peered; you peer them deliberately (peering is a cross-tenancy trust decision, not a default).
• The DRG and its attachments create no public exposure; the DRG itself is free.

Requirements

• Terraform or OpenTofu >= 1.6
• Provider oracle/oci >= 8.0, < 9.0

Verification

Static-validated (fmt, validate, tflint). Live apply/destroy testing pending cloud sandbox availability — see catalog status.

License

Commercial — LicenseRef-IaCBazaar-Commercial.