Deploying the OCI Landing Zone into the UK Sovereign Cloud (OC4) 🇬🇧

If you are unsure what the OCI UK Sovereign Cloud in, please check this out.

This week I’ve been helping a customer to deploy an OCI Landing Zone (the One Operating Entity variant) to their tenancy using Terraform, we ran into a couple of issues that I wanted to document and hopefully help others.

This is caused by two of the Terraform input configuration files having some hardcoded references to the OCI Commercial Cloud (OC1) rather than the UK Sovereign Cloud (OC4), which need to be updated for the configuration to apply correctly – otherwise the terraform apply command will fail.

Issue 1 ❌ – oci_open_lz_one-oe_iam.auto.tfvars.json has references to the services highlighted in the screenshot below:

To resolve this, replace Fssoc1Prod, objectstorage-eu-frankfurt-1 with Fssoc4Prod, objectstorage-uk-gov-london-1

The file should then look like this:

Issue 2 ❌ – oci_open_lz_one-oe_security_cisl1.auto.tfvars.json has 40 references to Security Policies using their actual OCIDs from OC1 – Commercial (see examples below):

The easiest way to fix this is by doing a find and replace of all instances of .oc1.. replacing this with .oc4..

Which should then look something like this:

Note❗️- If you are using the CIS2 version of this configuration file instead of the CIS1 version (as I used) you will also need to make these changes.

That’s it!