Editar recursos en Oracle Cloud Infrastructure (OCI) con Terraform
- Francisco Javier Huete
- Ia c , Cloud
- August 28, 2025
Índice
En un post anterior se mostraba cómo crear un recurso de tipo VCN (virtual cloud network o red virtual en la nube) en Oracle Cloud Infrastructure (OCI) usando Terraform. Pero este tipo de recurso, por sí solo no tiene ninguna utilidad. Así que en esta entrada se muestra cómo añadir una subred a la VCN y cómo modificarla posteriormente.
Añadir recursos a la configuración
Para añadir recursos a una configuración de Terraform simplemente es necesario añadir un nuevo bloque de tipo resource a la configuración. Es recomendable organizar los diferentes recursos en ficheros de configuración separados para mantener el orden y la organización de la infraestructura que se describe en el proyecto. Sin embargo, en este caso, como se trata de una configuración muy sencilla y todos los recursos creados están relacionados con la red se sigue trabajando en el mismo fichero main.tf que en el post anterior.
terraform {
required_providers {
oci = {
source = "oracle/oci"
version = "7.15.0"
}
}
}
provider "oci" {
region = "eu-madrid-1"
auth = "SecurityToken"
config_file_profile = "terraform-tutorial"
}
resource "oci_core_vcn" "mi_vcn" {
dns_label = "mivcn"
cidr_block = "172.22.0.0/16"
compartment_id = "<OCID del compartimento>"
display_name = "Mi VCN"
}
resource "oci_core_subnet" "private_subnet" {
vcn_id = oci_core_vcn.mi_vcn.id
cidr_block = "172.22.0.0/24"
compartment_id = "<OCID del compartimento>"
display_name = "Private Subnet"
prohibit_public_ip_on_vnic = true
dns_label = "privatesubnet"
}
En este caso, con el último bloque del fichero de configuración se crea un nuevo recurso de tipo subnet a la VCN previamente existente. Crear el recurso es tan sencillo como ejecutar un terraform plan:
❯ terraform plan
oci_core_vcn.mi_vcn: Refreshing state... [id=<OCID de la VCN>]
Terraform used the selected providers to generate the following execution plan.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# oci_core_subnet.private_subnet will be created
+ resource "oci_core_subnet" "private_subnet" {
+ availability_domain = (known after apply)
+ cidr_block = "172.22.0.0/24"
+ compartment_id = "<OCID del compartimento>"
+ defined_tags = (known after apply)
+ dhcp_options_id = (known after apply)
+ display_name = "Private Subnet"
+ dns_label = "privatesubnet"
+ freeform_tags = (known after apply)
+ id = (known after apply)
+ ipv6cidr_block = (known after apply)
+ ipv6cidr_blocks = (known after apply)
+ ipv6virtual_router_ip = (known after apply)
+ prohibit_internet_ingress = (known after apply)
+ prohibit_public_ip_on_vnic = true
+ route_table_id = (known after apply)
+ security_list_ids = (known after apply)
+ state = (known after apply)
+ subnet_domain_name = (known after apply)
+ time_created = (known after apply)
+ vcn_id = "OCID de la VCN"
+ virtual_router_ip = (known after apply)
+ virtual_router_mac = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
───────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
La ejecución de este comando muestra los recursos que se van a crear cuando el plan se aplique. Si se alinean con los objetivos perseguidos, entonces, se puede proceder a aplicar el plan con terraform apply:
❯ terraform apply
oci_core_vcn.mi_vcn: Refreshing state... [id=<OCID de la VCN>]
Terraform used the selected providers to generate the following execution plan.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# oci_core_subnet.private_subnet will be created
+ resource "oci_core_subnet" "private_subnet" {
+ availability_domain = (known after apply)
+ cidr_block = "172.22.0.0/24"
+ compartment_id = "<OCID del compartimento>"
+ defined_tags = (known after apply)
+ dhcp_options_id = (known after apply)
+ display_name = "Private Subnet"
+ dns_label = "privatesubnet"
+ freeform_tags = (known after apply)
+ id = (known after apply)
+ ipv6cidr_block = (known after apply)
+ ipv6cidr_blocks = (known after apply)
+ ipv6virtual_router_ip = (known after apply)
+ prohibit_internet_ingress = (known after apply)
+ prohibit_public_ip_on_vnic = true
+ route_table_id = (known after apply)
+ security_list_ids = (known after apply)
+ state = (known after apply)
+ subnet_domain_name = (known after apply)
+ time_created = (known after apply)
+ vcn_id = "<OCID de la VCN>"
+ virtual_router_ip = (known after apply)
+ virtual_router_mac = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
oci_core_subnet.private_subnet: Creating...
oci_core_subnet.private_subnet: Creation complete after 4s [id=<OCID de la subred>]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Tras aplicar la configuración, la nueva subred se crea en el compartimento indicado de OCI.
❯ oci network subnet list --profile terraform-tutorial --auth security_token --compartment-id <OCID del compartimento>
{
"data": [
{
"availability-domain": null,
"cidr-block": "172.22.0.0/24",
"compartment-id": "<OCID del compartimento>",
"defined-tags": {
"Oracle-Tags": {
"CreatedBy": "default/fjhuete",
"CreatedOn": "2025-08-22T15:36:51.582Z"
}
},
"dhcp-options-id": "<OCID del recurso>",
"display-name": "Private Subnet",
"dns-label": "privatesubnet",
"freeform-tags": {},
"id": "<OCID de la subred>",
"ipv6-cidr-block": null,
"ipv6-cidr-blocks": null,
"ipv6-virtual-router-ip": null,
"lifecycle-state": "AVAILABLE",
"prohibit-internet-ingress": true,
"prohibit-public-ip-on-vnic": true,
"route-table-id": "<OCID del recurso>",
"security-list-ids": [
"<OCID del recurso>"
],
"subnet-domain-name": "privatesubnet.mivcn.oraclevcn.com",
"time-created": "2025-08-22T15:36:51.612000+00:00",
"vcn-id": "<OCID del recurso>",
"virtual-router-ip": "172.22.0.1",
"virtual-router-mac": "00:00:17:D1:34:5F"
}
]
}
Modificar recursos con Terraform
El proceso para modificar alguno de los recursos creados es bastante sencillo. Simplemente hay que modificar la definición del recurso en la configuración y volver a aplicar el plan de nuevo. En el mejor de los casos, el recurso permitirá ediciones y modificaciones en calienta y Terraform simplemente aplicará ese cambio. En el peor de los casos, el recurso no admitirá el cambio configurado y, por tanto, Terraform deberá eliminarlo y crearlo de nuevo. Este es uno de los motivos por el que es importante usar terraform plan antes de terraform apply, ya que el primer comando indica cuando un recurso se puede modificar o cuando, en cambio, es necesario eliminarlo y volverlo a crear.
En este ejemplo, la modificación consiste en cambiar el nombre o display_name de la subred. Para ello, sólo hay que cambiar este valor en el fichero de configuración main.tf.
terraform {
required_providers {
oci = {
source = "oracle/oci"
version = "7.15.0"
}
}
}
provider "oci" {
region = "eu-madrid-1"
auth = "SecurityToken"
config_file_profile = "terraform-tutorial"
}
resource "oci_core_vcn" "mi_vcn" {
dns_label = "mivcn"
cidr_block = "172.22.0.0/16"
compartment_id = "<OCID del compartimento>"
display_name = "Mi VCN"
}
resource "oci_core_subnet" "private_subnet" {
vcn_id = oci_core_vcn.mi_vcn.id
cidr_block = "172.22.0.0/24"
compartment_id = "<OCID del compartimento>"
display_name = "Subred Privada"
prohibit_public_ip_on_vnic = true
dns_label = "privatesubnet"
}
Al planear la ejecución de la configuración, Terraform avisa de que este valor se modificará en la infraestructura de OCI al aplicar el plan:
❯ terraform plan
oci_core_vcn.mi_vcn: Refreshing state... [id=<OCID de la VCN>]
oci_core_subnet.private_subnet: Refreshing state... [id=<OCID de la subred>]
Terraform used the selected providers to generate the following execution plan.
Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# oci_core_subnet.private_subnet will be updated in-place
~ resource "oci_core_subnet" "private_subnet" {
~ display_name = "Private Subnet" -> "Subred Privada"
id = "<OCID de la subred>"
# (17 unchanged attributes hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
───────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
Como se ve, la actualización se produce “in-place” y, por tanto, no requiere eliminar el recurso. Por tanto, a continuación, se puede aplicar el plan:
❯ terraform apply
oci_core_vcn.mi_vcn: Refreshing state... [id=<OCID de la VCN>]
oci_core_subnet.private_subnet: Refreshing state... [id=<OCID de la subred>]
Terraform used the selected providers to generate the following execution plan.
Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# oci_core_subnet.private_subnet will be updated in-place
~ resource "oci_core_subnet" "private_subnet" {
~ display_name = "Private Subnet" -> "Subred Privada"
id = "<OCID de la subred>"
# (17 unchanged attributes hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
oci_core_subnet.private_subnet: Modifying... [id=<OCID de la subred>]
oci_core_subnet.private_subnet: Modifications complete after 1s [id=<OCID de la subred>]
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
Tras aplicar esta modificación, el nombre del recurso cambia en la infraestructura de OCI:
❯ oci network subnet list --profile terraform-tutorial --auth security_token --compartment-id <OCID del compartimento>
{
"data": [
{
"availability-domain": null,
"cidr-block": "172.22.0.0/24",
"compartment-id": "<OCID del compartimento>",
"defined-tags": {
"Oracle-Tags": {
"CreatedBy": "default/fjhuete",
"CreatedOn": "2025-08-22T15:36:51.582Z"
}
},
"dhcp-options-id": "<OCID del recurso>",
"display-name": "Subred Privada",
"dns-label": "privatesubnet",
"freeform-tags": {},
"id": "<OCID de la subred>",
"ipv6-cidr-block": null,
"ipv6-cidr-blocks": null,
"ipv6-virtual-router-ip": null,
"lifecycle-state": "AVAILABLE",
"prohibit-internet-ingress": true,
"prohibit-public-ip-on-vnic": true,
"route-table-id": "<OCID del recurso>",
"security-list-ids": [
"<OCID del recurso>"
],
"subnet-domain-name": "privatesubnet.mivcn.oraclevcn.com",
"time-created": "2025-08-22T15:36:51.612000+00:00",
"vcn-id": "<OCID de la VCN>",
"virtual-router-ip": "172.22.0.1",
"virtual-router-mac": "00:00:17:D1:34:5F"
}
]
}