release-0.1.0

.gitignore

@@ -0,0 +1,15 @@
+**/*.tfstate*
+**/*.out
+**/.terraform/*
+**/.terraform.*
+**/.DS_Store
+**/crash.log
+**/*.pem
+**/terraform_*.tfvars*
+**/*.auto.tfvars
+**/*.pptx
+**/*.json
+marketplace-images/**/*.txt
+platform-images/**/*.txt
+userdata
+mounting-block-volumes.txt

README.md

@@ -0,0 +1,42 @@
+# OCI Secure Workload Modules
+
+![Landing Zone logo](./landing_zone_300.png)
+
+This repository contains Terraform modules for managing workload resources in OCI (Oracle Cloud Infrastructure). By workload we mean resources that are typically deployed within a landing zone, and may trigger OCI consumption. By secure we mean they are designed to cover the key security features available in the OCI platform. When appropriate, the modules align with CIS OCI Foundations Benchmark recommendations.
+
+The following modules are available:
+- [CIS Compute & Storage](./cis-compute-storage/)
+- OKE (Container Engine for Kubernetes) - soon
+- Databases - soon
+
+Helper modules:
+- [Platform Images](./platform-images/) - aids in finding OCI Platform images. Use it to obtain image information for provisioning a Compute instance.
+- [Marketplace Images](./marketplace-images/) - aids in finding OCI Marketplace images. Use it to obtain image information for provisioning a Compute instance.
+
+Within each module you find an *examples* folder. Each example is a fully runnable Terraform configuration that you can quickly test and put to use by modifying the input data according to your own needs.  
+
+## CIS OCI Foundations Benchmark Modules Collection
+
+This repository is part of a broader collection of repositories containing modules that help customers align their OCI implementations with the CIS OCI Foundations Benchmark recommendations:
+- [Identity & Access Management](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-iam)
+- [Networking](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking)
+- [Governance](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-governance)
+- [Security](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-security)
+- [Observability & Monitoring](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-observability)
+
+The modules in this collection are designed for flexibility, are straightforward to use, and enforce CIS OCI Foundations Benchmark recommendations when possible.
+
+Using these modules does not require a user extensive knowledge of Terraform or OCI resource types usage. Users declare a JSON object describing the OCI resources according to each module’s specification and minimal Terraform code to invoke the modules. The modules generate outputs that can be consumed by other modules as inputs, allowing for the creation of independently managed operational stacks to automate your entire OCI infrastructure.
+
+## Contributing
+See [CONTRIBUTING.md](./CONTRIBUTING.md).
+
+## License
+Copyright (c) 2023, Oracle and/or its affiliates.
+
+Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+See [LICENSE](./LICENSE) for more details.
+
+## Known Issues
+None.

RELEASE-NOTES.md

@@ -0,0 +1,36 @@
+# September 22, 2023 Release Notes - 0.1.0
+
+## Added
+1. [Initial Release](#0-1-0-initial)
+
+### <a name="0-1-0-initial">Initial Release</a>
+Modules for Compute, Storage, Plaform Images and Marketplace Images
+
+#### [Compute](./cis-compute-storage/)
+- CIS profile level drives data at rest encryption configuration.
+- Boot volumes encryption with customer managed keys from OCI Vault service.
+- In-transit encryption for boot volumes and attached block volumes.
+- Data in-use encryption for platform images ([Confidential computing](https://docs.oracle.com/en-us/iaas/Content/Compute/References/confidential_compute.htm)).
+- [Shielded instances](https://docs.oracle.com/en-us/iaas/Content/Compute/References/shielded-instances.htm).
+- Boot volumes backup with Oracle managed policies.
+- [Cloud Agent Plugins](https://docs.oracle.com/en-us/iaas/Content/Compute/Tasks/manage-plugins.htm).
+
+#### [Block Volumes](./cis-compute-storage/)
+- CIS profile level drives data at rest encryption configuration.
+- Data at rest encryption with customer managed keys from OCI Vault service.
+- In-transit encryption for attached Compute instances.
+- Cross-region replication for strong cyber resilience posture.
+- Backups with Oracle managed policies.
+- [Shareable block volume attachments](https://docs.oracle.com/en-us/iaas/Content/Block/Tasks/attachingvolumetomultipleinstances.htm).
+
+#### [File Storage](./cis-compute-storage/)
+- CIS profile level drives data at rest encryption configuration.
+- Data at rest encryption with customer managed keys from OCI Vault service.
+- Cross-region replication for strong cyber resilience posture.
+- Backups with custom snapshot policies.
+
+#### [Platform Images](./platform-images/)
+- Aids in finding OCI Platform images.
+
+#### [Marketplace Images](./marketplace-images/)
+- Aids in finding OCI Marketplace images.