Terraform version:
❯ terraform version
Terraform v1.7.4
on darwin_arm64
+ provider registry.terraform.io/hashicorp/null v3.1.0
+ provider registry.terraform.io/oracle/oci v5.30.0
Successfully deployed compartments, VCNs, subnets, DRG and route tables. Attempting to create Drg Attachments to my VCNs to with the following code block:
# DRG Attachement
resource "oci_core_drg_attachment" "drg" {
for_each = data.oci_core_subnets.drg_subnets
drg_id = oci_core_drg.drg.id
display_name = "${local.project_name}-${title(each.key)}-DRG-Attachment"
drg_route_table_id = oci_core_drg_route_table.default.id
vcn_id = oci_core_vcn.vcn[each.key].id
network_details {
id = each.key
type = "VCN"
vcn_route_type = "DRG_ROUTE"
}
defined_tags = local.default_tags
}
Terraform plan validates my expected results:
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following
symbols:
+ create
Terraform will perform the following actions:
# oci_core_drg_attachment.drg["Dev"] will be created
+ resource "oci_core_drg_attachment" "drg" {
+ compartment_id = (known after apply)
+ defined_tags = {
+ "Gantta-Sandbox.Environment" = "Sandbox"
+ "Gantta-Sandbox.Project" = "Gantta"
}
+ display_name = "Gantta-Dev-DRG-Attachment"
+ drg_id = "ocid1.drg.oc1.iad.aaaaaaaadyaesclbjexq2bp5rsluz2i4op5vausb7r6wbzn6iu4zbl6n7vaa"
+ drg_route_table_id = "ocid1.drgroutetable.oc1.iad.aaaaaaaaqbii76qrjsi3lixw7isiaw53pkod4hdyrfgotilkebvhsdxelcuq"
+ export_drg_route_distribution_id = (known after apply)
+ freeform_tags = (known after apply)
+ id = (known after apply)
+ is_cross_tenancy = (known after apply)
+ route_table_id = (known after apply)
+ state = (known after apply)
+ time_created = (known after apply)
+ vcn_id = "ocid1.vcn.oc1.iad.<REDACTED>"
+ network_details {
+ id = "Dev"
+ ids = (known after apply)
+ ipsec_connection_id = (known after apply)
+ route_table_id = (known after apply)
+ transport_attachment_id = (known after apply)
+ transport_only_mode = (known after apply)
+ type = "VCN"
+ vcn_route_type = "DRG_ROUTE"
}
}
.....
Results in the following error message:
│ Error: 404-NotAuthorizedOrNotFound, Authorization failed or requested resource not found.
│ Suggestion: Either the resource has been deleted or service Core Drg Attachment need policy to access this resource. Policy reference: https://docs.oracle.com/en-us/iaas/Content/Identity/Reference/policyreference.htm
│ Documentation: https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/core_drg_attachment
│ API Reference: https://docs.oracle.com/iaas/api/#/en/iaas/20160918/DrgAttachment/CreateDrgAttachment
│ Request Target: POST https://iaas.us-ashburn-1.oraclecloud.com/20160918/drgAttachments
│ Provider version: 5.30.0, released on 2024-02-21. This provider is 2 Update(s) behind to current.
│ Service: Core Drg Attachment
│ Operation Name: CreateDrgAttachment
│ OPC request ID: 15fb60b726334bdf7f3983608b7fdda5/2CC6AF0F56AC51DC1E752BD61974758A/DF632A8CBE944265456521A26FE1C5F3
│
│
│ with oci_core_drg_attachment.drg["Dev"],
│ on vcn_drg_attach.tf line 44, in resource "oci_core_drg_attachment" "drg":
│ 44: resource "oci_core_drg_attachment" "drg" {
│
When I encountered this error message previously, my account was bumping up against default OCI service limit quotas, however I don't see any such limits associated with Drg attachments.
I'm also struggling to find any relevant IAM policy that I can add as I haven't found any related docs to allow Core Drg Attchments service to manage virtual-network-family resources.
Any tips or other settings to check would be helpful.