Back
Basic OCI Internet Gateway Terraform architecture diagram

OCI Internet Gateway with Terraform — VCN, Subnet, Route Tables & Security Lists (2025 Edition)

When you’re just starting with OCI networking and Terraform, understanding how to correctly configure an Internet Gateway is absolutely essential.
In this post, we’ll walk through a real oci internet gateway terraform example — building a basic Virtual Cloud Network (VCN) with a single public subnet, Internet Gateway, route tables, security lists and a simple web server.

👉 This exact scenario corresponds to Lesson 1 of my Flagship OCI Infrastructure Automation Course.
You can find the Terraform code for this lesson on GitHub here:
➡️ network.tf — Lesson 1

🌐 Creating a VCN with Terraform

Before deploying an Internet Gateway, we need to define a VCN (Virtual Cloud Network). Below is a minimal example of the VCN resource definition in Terraform:

resource "oci_core_virtual_network" "FoggyKitchenVCN" {
  cidr_block     = var.VCN_CIDR
  dns_label      = "FoggyKitchenVCN"
  compartment_id = oci_identity_compartment.FoggyKitchenCompartment.id
  display_name   = "FoggyKitchenVCN"
}

🖼 Architecture Overview

We define a single VCN with CIDR 10.0.0.0/16 and deploy one public subnet in AD1. An Internet Gateway provides both inbound and outbound connectivity. A single compute instance is provisioned inside this subnet, assigned a public IP address, and made reachable from the Internet through proper route rules and security lists.

This is the starting point for any OCI network topology. Before you can introduce NAT Gateways, Load Balancers or Bastion Hosts, you need a basic foundation with a properly configured Internet Gateway. That’s why this example is often the very first step in any oci internet gateway terraform project.

From a routing perspective, all outbound traffic from the public subnet goes through the Internet Gateway, thanks to the route table rule pointing to 0.0.0.0/0. Inbound traffic for protocols like SSH, HTTP and HTTPS is allowed by Security Lists, making the compute instance fully reachable over the Internet. This is a minimal but complete setup for deploying your first public-facing workload in OCI using Terraform.

Basic OCI Internet Gateway Terraform architecture diagram

Figure 1. Basic architecture showing OCI Internet Gateway, VCN, subnet and public web server

🚀 Deploying an OCI Internet Gateway with Terraform

The Internet Gateway allows resources in your public subnets to communicate directly with the Internet. This is a key component of any oci internet gateway terraform setup.

resource "oci_core_internet_gateway" "FoggyKitchenInternetGateway" {
  compartment_id = oci_identity_compartment.FoggyKitchenCompartment.id
  display_name   = "FoggyKitchenInternetGateway"
  vcn_id         = oci_core_virtual_network.FoggyKitchenVCN.id
}

Once the Internet Gateway is defined, you can reference it in your route tables to send traffic to the Internet.

🧱 Configuring Subnets and Route Tables

We’ll now define a public subnet within AD1 and associate it with a route table that points outbound traffic to the Internet Gateway:

resource "oci_core_subnet" "FoggyKitchenWebSubnet" {
  availability_domain = var.ADs[0]
  cidr_block          = "10.0.1.0/24"
  display_name        = "FoggyKitchenWebSubnet"
  dns_label           = "FoggyKitchenN1"
  compartment_id      = oci_identity_compartment.FoggyKitchenCompartment.id
  vcn_id              = oci_core_virtual_network.FoggyKitchenVCN.id
  route_table_id      = oci_core_route_table.FoggyKitchenRouteTable1.id
  dhcp_options_id     = oci_core_dhcp_options.FoggyKitchenDhcpOptions1.id
  security_list_ids   = [
    oci_core_security_list.FoggyKitchenSSHSecurityList.id,
    oci_core_security_list.FoggyKitchenHTTPSecurityList.id
  ]
}

resource "oci_core_route_table" "FoggyKitchenRouteTable1" {
  compartment_id = oci_identity_compartment.FoggyKitchenCompartment.id
  vcn_id         = oci_core_virtual_network.FoggyKitchenVCN.id
  display_name   = "FoggyKitchenRouteTable1"

  route_rules {
    destination       = "0.0.0.0/0"
    destination_type  = "CIDR_BLOCK"
    network_entity_id = oci_core_internet_gateway.FoggyKitchenInternetGateway.id
  }
}

The 0.0.0.0/0 destination ensures that all outbound traffic from this subnet flows through the Internet Gateway.

🔐 Security Lists and the First Web Server

For security, we define Security Lists to allow inbound SSH (22), HTTP (80) and HTTPS (443) traffic. Example:

resource "oci_core_security_list" "FoggyKitchenHTTPSecurityList" {
  compartment_id = oci_identity_compartment.FoggyKitchenCompartment.id
  display_name   = "FoggyKitchenHTTPSecurityList"
  vcn_id         = oci_core_virtual_network.FoggyKitchenVCN.id

  egress_security_rules = [{
    protocol    = "6"
    destination = "0.0.0.0/0"
  }]

  ingress_security_rules = [
    {
      tcp_options {
        max = 80
        min = 80
      }
      protocol = "6"
      source   = "0.0.0.0/0"
    },
    {
      protocol = "6"
      source   = var.VCN_CIDR
    }
  ]
}

Finally, we can launch a simple public web server in this subnet:

resource "oci_core_instance" "FoggyKitchenWebserver1" {
  availability_domain = var.ADs[0]
  compartment_id      = oci_identity_compartment.FoggyKitchenCompartment.id
  display_name        = "FoggyKitchenWebServer1"
  shape               = var.Shapes[0]
  subnet_id           = oci_core_subnet.FoggyKitchenWebSubnet.id

  source_details {
    source_type = "image"
    source_id   = var.Images[0]
  }

  metadata {
    ssh_authorized_keys = file(var.public_key_oci)
  }

  create_vnic_details {
    subnet_id        = oci_core_subnet.FoggyKitchenWebSubnet.id
    assign_public_ip = true
  }
}

At this point, you have a fully functional, minimal OCI network — VCN, Internet Gateway, route tables, subnet, security lists, and a VM exposed to the Internet 🚀

📝 Full Code Reference

👉 network.tf — Lesson 1
📚 Flagship OCI Infrastructure Automation Course

This example is a perfect entry point before you move on to NAT Gateway, Load Balancer, Bastion Hosts and Private DNS.

🎓 Continue Learning

This simple OCI Internet Gateway Terraform scenario is the perfect foundation for more advanced topologies like NAT Gateway, Bastion Hosts, and Load Balancers.

If you want to automate your entire OCI infrastructure with Terraform, including NAT Gateway, Load Balancer, Bastion Hosts and more advanced networking topologies — check out my flagship training: 👉 Terraforming OCI – Flagship Course

Take Your OCI Networking Skills to the Next Level 🚀

You’ve just built your first OCI Internet Gateway with Terraform — now it’s time to move on to NAT Gateways, Load Balancers, Bastion Hosts, Private DNS and more.
In my flagship course, you’ll automate the entire OCI network step by step, using real production scenarios.

Start the Full Course

🔒 Lifetime • ⏱️ Self-paced • 🧪 Real labs

Check also other courses:​

How to automate Oracle Cloud Infrastructure with Terraform/OpenTofu (2025 Edition) Read More
User Avatar
Martin Linxfeld

How to automate Oracle Cloud Infrastructure with Terraform/OpenTofu (2025 Edition)

User Avatar
Martin Linxfeld
63
189
students
$99.99
OCI Resource Manager Fundamentals (2024 Edition) Read More
User Avatar
Martin Linxfeld

OCI Resource Manager Fundamentals (2024 Edition)

User Avatar
Martin Linxfeld
5
73
students
$49.99
OCI Autonomous Database Serverless with Terraform (2024 Edition) Read More
User Avatar
Martin Linxfeld

OCI Autonomous Database Serverless with Terraform (2024 Edition)

User Avatar
Martin Linxfeld
11
66
students
$99.99
OCI DevOps Terraform Course – Learn CI/CD Automation on Oracle Cloud (2023) Read More
User Avatar
Martin Linxfeld

OCI DevOps Terraform Course – Learn CI/CD Automation on Oracle Cloud (2023)

User Avatar
Martin Linxfeld
8
52
students
$99.99

Tag:, , , , ,

Martin Linxfeld

    1 Comment

Leave A Reply

🚀 Take Full Control of Your Cloud Journey

Start with the flagship course — automate Oracle Cloud Infrastructure with Terraform/OpenTofu.
💡 Gain hands-on expertise in IaC from zero to production.
⚡ Learn real-world architectures you can reuse instantly.

👉 Explore the Flagship Course