From ce9f847594ef328a93361b028936e581a3ddd37e Mon Sep 17 00:00:00 2001
From: Andre Correa <andre.correa@oracle.com>
Date: Fri, 20 Sep 2024 16:17:11 -0300
Subject: [PATCH] Release 0.7.0 (#39)

* fix: compartments dependency fixed for LB

* doc: updates

* feat: release tracking

* fix: default security list in subnets when VCN is injected

* fix: doc enhancements for network_dependency usage

* feat: dependencies strongly typed and examples

* fix: ipv6cidr_block type fixed

* fix: is_force_plain_text type rolled back

* fix: network_dependency with all objects, doc updates

* feat: NLB mvp module

* removed references to cis

* updated url

* updated readme

* updated readme

* removed extra files

* Release 0.6.5

* Release 0.6.5

* Release 0.6.6

* Release 0.6.7

* add vtap module

* remove the root level vtap tf file

* update the dependency description

* Added non empty network_dependency check

* add SPEC.md for vtap module

* doc: Updated Readme

* doc: Updated license file

* doc: Added Security file

* doc: Updated Contributing

* chore: link references updated to existing repo

* chore: release notes and version bump

* fix: merge conflicts removed

* Upgrade the Terraform Version to Atleast 1.3

* chore: release notes and release bump

* feat: NFW policy upgrade - initial

* fix: position attr removed

* fix: public ip OCIDs added to output

* network firewall policies refactoring

* typo fix

* provider version update

* fix: added dependency DRGs to SGW route targets

* fix: cross-connect group reference

* feat: module tag updated to ocilz-terraform-module

* chore: release notes and SPECs updated

* doc: updates

* fix networking firewall policies

* still failing, security rules unable to find application and url lists

* feat: standalone NFW example added

* fix: application_lists (application_group resource type) added

* doc: urls updated to new org

* feat: provider version requirement removed

* fix: example updated per new NFW interface

* fix: template file updated per new NFW interface

* add services and service lists

* fix conflicts

* feat: ability to inject an externally managed DNS private view into a managed DNS resolver

* fix: example provider.tf updated

* fix: DNS steering policies must refer to local.one_dimension_processed_vcns (issue 570)

* update firewall example

* fix service list service lookup

* update SPEC.md

* clean up

* update readme and tfvars

* update link

* update README

* doc: README.md file added to example

* chore: release notes and version bump

* chore: typo

---------

Co-authored-by: Rory Nguyen <rory.nguyen@oracle.com>
Co-authored-by: Yupei Yang <yupei.yang@oracle.com>
Co-authored-by: Pablo Alonso <pablo.alonso@oracle.com>
Co-authored-by: Josh Hammer <josh.hammer@oracle.com>
Co-authored-by: vinaykumar-oci <er.vinayk@gmail.com>
---
 README.md                                     |  41 +-
 RELEASE-NOTES.md                              |   6 +
 SPEC.md                                       |   7 +-
 dns.tf                                        |  22 +-
 examples/TransitRouting-DRGHub-NFW/main.tf    |   1 -
 .../network_configuration.auto.tfvars         | 108 +-
 .../TransitRouting-DRGHub-NFW/provider.tf     |   4 +-
 .../TransitRouting-DRGHub-NFW/variables.tf    | 982 +-----------------
 examples/dns-view-injection/README.md         |  24 +
 examples/dns-view-injection/main.tf           |   9 +
 examples/dns-view-injection/provider.tf       |  21 +
 .../terraform.tfvars.template                 |  92 ++
 examples/dns-view-injection/variables.tf      |  22 +
 examples/dns/provider.tf                      |   3 +-
 .../lpg-acceptor/provider.tf                  |   3 +-
 .../lpg-requestor/provider.tf                 |   3 +-
 examples/oci-network-firewall/README.md       |  24 +
 examples/oci-network-firewall/main.tf         |   8 +
 examples/oci-network-firewall/outputs.tf      |   7 +
 examples/oci-network-firewall/provider.tf     |  21 +
 .../terraform.tfvars.template                 | 124 +++
 examples/oci-network-firewall/variables.tf    |  15 +
 examples/oke-examples/flannel/provider.tf     |   3 +-
 examples/oke-examples/native/provider.tf      |   3 +-
 .../rpc-acceptor/provider.tf                  |   3 +-
 .../rpc-requestor/provider.tf                 |   3 +-
 modules/waf/variables.tf                      |   1 -
 network_firewall_policies.tf                  | 351 ++-----
 orm-facade/provider.tf                        |   4 +-
 release.txt                                   |   2 +-
 variables.tf                                  |  92 +-
 31 files changed, 626 insertions(+), 1383 deletions(-)
 create mode 100644 examples/dns-view-injection/README.md
 create mode 100644 examples/dns-view-injection/main.tf
 create mode 100644 examples/dns-view-injection/provider.tf
 create mode 100644 examples/dns-view-injection/terraform.tfvars.template
 create mode 100644 examples/dns-view-injection/variables.tf
 create mode 100644 examples/oci-network-firewall/README.md
 create mode 100644 examples/oci-network-firewall/main.tf
 create mode 100644 examples/oci-network-firewall/outputs.tf
 create mode 100644 examples/oci-network-firewall/provider.tf
 create mode 100644 examples/oci-network-firewall/terraform.tfvars.template
 create mode 100644 examples/oci-network-firewall/variables.tf

diff --git a/README.md b/README.md
index dd30db6..fb25a00 100644
--- a/README.md
+++ b/README.md
@@ -40,12 +40,12 @@ The separation of code and configuration supports DevOps key concepts for operat
 This repository is part of a broader collection of repositories containing modules that help customers align their OCI implementations with the CIS OCI Foundations Benchmark recommendations:
 <br />
 
-- [Identity & Access Management ](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-iam)
-- [Networking](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking) - current repository
-- [Governance](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-governance)
-- [Security](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-security)
-- [Observability & Monitoring](https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-observability)
-- [Secure Workloads](https://github.com/oracle-quickstart/terraform-oci-secure-workloads)
+- [Identity & Access Management ](https://github.com/oci-landing-zones/terraform-oci-modules-iam)
+- [Networking](https://github.com/oci-landing-zones/terraform-oci-modules-networking) - current repository
+- [Governance](https://github.com/oci-landing-zones/terraform-oci-modules-governance)
+- [Security](https://github.com/github.com/oci-landing-zones/terraform-oci-modules-security)
+- [Observability & Monitoring](https://github.com/oci-landing-zones/terraform-oci-modules-observability)
+- [Secure Workloads](https://github.com/oci-landing-zones/terraform-oci-modules-workloads)
 
 The modules in this collection are designed for flexibility, are straightforward to use, and enforce CIS OCI Foundations Benchmark recommendations when possible.
 <br />
@@ -83,32 +83,30 @@ module "terraform-oci-landing-zones-networking" {
 
 For invoking the module remotely, set the module *source* attribute to the networking module repository, as shown:
 ```
-module "terraform-oci-cis-landing-zone-networking" {
-  source = "github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking"
+module "terraform-oci-landing-zone-networking" {
+  source = "github.com/oci-landing-zones/terraform-oci-modules-networking"
   network_configuration = var.network_configuration
 }
 ```
 For referring to a specific module version, append *ref=\<version\>* to the *source* attribute value, as in:
 ```
-  source = "github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking?ref=v0.1.0"
+  source = "github.com/oci-landing-zones/terraform-oci-modules-networking?ref=v0.1.0"
 ```
 
 ### <a name="with-orm">Using the Module with Resource Manager
 
 For an ad-hoc use where you can select your resources, follow these guidelines:
-1. [![Deploy_To_OCI](images/DeployToOCI.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking/archive/refs/heads/main.zip)
+1. [![Deploy_To_OCI](images/DeployToOCI.svg)](https://cloud.oracle.com/resourcemanager/stacks/create?zipUrl=https://github.com/oci-landing-zones/terraform-oci-modules-networking/archive/refs/heads/main.zip)
 2. Accept terms,  wait for the configuration to load. 
 3. Set the working directory to “orm-facade”. 
 4. Set the stack name you prefer.
-5. Set the terraform version to 1.2.x. Click Next. 
-6. Add your json/yaml configuration files. Click Next.
-8. Un-check run apply. Click Create.
+5. Add your JSON/YAML configuration files. Click Next.
+6. Un-check run apply. Click Create.
 
 ## <a name="functioning">Module Functioning
 
 The input parameters for the module can be divided into two categories, for which we recommend to create two different ```*.tfvars.*``` files:
-The input parameters for the module can be divided into two categories, for which we recommend to create two different ```*.tfvars.*``` files:
- 1. OCI REST API authentication information (secrets) - ```terraform.tfvars``` (HCL) or ```terraform.tfvars.json``` (JSON):
+1. OCI REST API authentication information (secrets) - ```terraform.tfvars``` (HCL) or ```terraform.tfvars.json``` (JSON):
     - ```tenancy_ocid```
     - ```user_ocid```
     - ```fingerprint```
@@ -283,7 +281,7 @@ Attributes that support a compartment referring key:
   - *compartment_id*
 
 #### network_dependency (Optional)
-A map of map of objects containing the externally managed network resources this module may depend on. This mechanism allows for the usage of referring keys (instead of OCIDs) in some attributes. The module replaces the keys by the OCIDs provided within *network_dependency* map. Contents of *network_dependency* is typically the output of a client of this module. Within *network_dependency*, VCNs must be indexed with the **vcns** key, DRGs indexed with the **dynamic_routing_gateways** key, DRG attachments indexed with **drg_attachments** key, Local Peering Gateways (LPG) indexed with **local_peering_gateways**, Remote Peering Connections (RPC) indexed with **remote_peering_connections** key. Each VCN, DRG, DRG attachment, LPG and RPC must contain the *id* attribute (to which the actual OCID is assigned). RPCs must also pass the peer region name in the *region_name* attribute.
+A map of map of objects containing the externally managed network resources this module may depend on. This mechanism allows for the usage of referring keys (instead of OCIDs) in some attributes. The module replaces the keys by the OCIDs provided within *network_dependency* map. Contents of *network_dependency* is typically the output of a client of this module. Within *network_dependency*, VCNs must be indexed with the **vcns** key, DRGs indexed with the **dynamic_routing_gateways** key, DRG attachments indexed with **drg_attachments** key, Local Peering Gateways (LPG) indexed with **local_peering_gateways**, Remote Peering Connections (RPC) indexed with **remote_peering_connections** key, DNS Private Views indexed by **dns_private_views**. Each VCN, DRG, DRG attachment, LPG, RPC and DNS Private View must contain the *id* attribute (to which the actual OCID is assigned). RPCs must also pass the peer region name in the *region_name* attribute.
 
 *network_dependency* example:
 ```
@@ -314,9 +312,14 @@ A map of map of objects containing the externally managed network resources this
       "region_name" : "us-ashburn-1"
     }
   }  
+  "dns_private_views" : {  
+    "XYZ-DNS-VIEW" : {
+      "id" : "ocid1.dnsview.oc1.phx.aaaaaaaa...nhq",
+    }
+  }
 } 
 ```
-**Note**: **vcns**, **dynamic_routing_gateways**, **drg_attachments**, **local_peering_gateways**, and **remote_peering_connections** attributes are all optional. They only become mandatory if the *network_configuration* refers to one of these resources through a referring key. Below are the attributes where a referring key is supported:
+**Note**: **vcns**, **dynamic_routing_gateways**, **drg_attachments**, **local_peering_gateways**, **remote_peering_connections** and **dns_private_views** attributes are all optional. They only become mandatory if the *network_configuration* refers to one of these resources through a referring key. Below are the attributes where a referring key is supported:
 
 *network_dependency* attribute | Attribute names in *network_configuration* where the referring key can be utilized
 --------------|-------------
@@ -325,6 +328,7 @@ A map of map of objects containing the externally managed network resources this
 **drg_attachments** | *drg_attachment_key*
 **local_peering_gateways** | *peer_key* in *local_peering_gateways*
 **remote_peering_connections** | *peer_key* in *remote_peering_connections*
+**dns_private_views** | *existing_view_id* in *dns_resolver's* *attached_views*.
 
 #### private_ips_dependency (Optional)
 A map of map of objects containing the externally managed private IP resources this module may depend on. This mechanism allows for the usage of referring keys (instead of OCIDs) in some attributes. The module replaces the keys by the OCIDs provided within *private_ips_dependency* map. Each private IP must contain the **"id"** attribute (to which the actual OCID is assigned), as in the example below:
@@ -379,9 +383,6 @@ See [external-dependency example](./examples/external-dependency/) for a functio
    - [IPSec VPN Examples](examples/edge-connectivity/ipsec-examples/)
       - [Generic OCI IPSec BGP VPN](examples/edge-connectivity/ipsec-examples/generic-OCI-ipsec-bgp-vpn/)    
 - [Local Peering Gateways](examples/local-peering-gateways/)     
-- [Remote Peering Connections](examples/remote-peering-connections/)  
-      - [Generic OCI IPSec BGP VPN](examples/edge-connectivity/ipsec-examples/generic-OCI-ipsec-bgp-vpn/)    
-- [Local Peering Gateways](examples/local-peering-gateways/)     
 - [Remote Peering Connections](examples/remote-peering-connections/)  
 
 ## <a name="related">Related Documentation
diff --git a/RELEASE-NOTES.md b/RELEASE-NOTES.md
index 26a5a47..113020f 100644
--- a/RELEASE-NOTES.md
+++ b/RELEASE-NOTES.md
@@ -1,3 +1,9 @@
+# September 20, 2024 Release Notes - 0.7.0
+
+## Updates
+1. OCI Network Firewall refactored according to updates post Terraform OCI Provider 5.16.0 release. See [oci-network-firewall example](./examples/oci-network-firewall/).
+2. Ability to inject externally managed existing private DNS views into managed DNS resolvers. See [dns-view-injection example](./examples/dns-view-injection/).
+
 # August 28, 2024 Release Notes - 0.6.9
 
 ## Updates
diff --git a/SPEC.md b/SPEC.md
index 5e785db..65bca2a 100644
--- a/SPEC.md
+++ b/SPEC.md
@@ -75,10 +75,13 @@
 | [oci_network_firewall_network_firewall_policy.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/network_firewall_network_firewall_policy) | resource |
 | [oci_network_firewall_network_firewall_policy_address_list.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/network_firewall_network_firewall_policy_address_list) | resource |
 | [oci_network_firewall_network_firewall_policy_application.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/network_firewall_network_firewall_policy_application) | resource |
+| [oci_network_firewall_network_firewall_policy_application_group.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/network_firewall_network_firewall_policy_application_group) | resource |
 | [oci_network_firewall_network_firewall_policy_decryption_profile.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/network_firewall_network_firewall_policy_decryption_profile) | resource |
 | [oci_network_firewall_network_firewall_policy_decryption_rule.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/network_firewall_network_firewall_policy_decryption_rule) | resource |
 | [oci_network_firewall_network_firewall_policy_mapped_secret.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/network_firewall_network_firewall_policy_mapped_secret) | resource |
 | [oci_network_firewall_network_firewall_policy_security_rule.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/network_firewall_network_firewall_policy_security_rule) | resource |
+| [oci_network_firewall_network_firewall_policy_service.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/network_firewall_network_firewall_policy_service) | resource |
+| [oci_network_firewall_network_firewall_policy_service_list.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/network_firewall_network_firewall_policy_service_list) | resource |
 | [oci_network_firewall_network_firewall_policy_url_list.these](https://registry.terraform.io/providers/oracle/oci/latest/docs/resources/network_firewall_network_firewall_policy_url_list) | resource |
 | [time_sleep.wait_for_dns_resolver](https://registry.terraform.io/providers/hashicorp/time/latest/docs/resources/sleep) | resource |
 | [oci_core_cpe_device_shapes.cpe_device_shapes](https://registry.terraform.io/providers/oracle/oci/latest/docs/data-sources/core_cpe_device_shapes) | data source |
@@ -99,8 +102,8 @@
 |------|-------------|------|---------|:--------:|
 | <a name="input_compartments_dependency"></a> [compartments\_dependency](#input\_compartments\_dependency) | A map of objects containing the externally managed compartments this module may depend on. All map objects must have the same type and must contain an 'id' attribute of string type set with the compartment OCID. See External Dependencies section in README.md (https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking#ext-dep) for details. | <pre>map(object({<br>    id = string<br>  }))</pre> | `null` | no |
 | <a name="input_module_name"></a> [module\_name](#input\_module\_name) | The module name. | `string` | `"networking"` | no |
-| <a name="input_network_configuration"></a> [network\_configuration](#input\_network\_configuration) | n/a | <pre>object({<br>    default_compartment_id     = optional(string),<br>    default_defined_tags       = optional(map(string)),<br>    default_freeform_tags      = optional(map(string)),<br>    default_enable_cis_checks  = optional(bool),<br>    default_ssh_ports_to_check = optional(list(number)),<br><br>    network_configuration_categories = optional(map(object({<br>      category_compartment_id     = optional(string),<br>      category_defined_tags       = optional(map(string)),<br>      category_freeform_tags      = optional(map(string)),<br>      category_enable_cis_checks  = optional(bool),<br>      category_ssh_ports_to_check = optional(list(number)),<br><br>      vcns = optional(map(object({<br>        compartment_id = optional(string),<br>        display_name   = optional(string),<br>        byoipv6cidr_details = optional(map(object({<br>          byoipv6range_id = string<br>          ipv6cidr_block  = string<br>        })))<br>        ipv6private_cidr_blocks          = optional(list(string)),<br>        is_ipv6enabled                   = optional(bool),<br>        is_oracle_gua_allocation_enabled = optional(bool),<br>        cidr_blocks                      = optional(list(string)),<br>        dns_label                        = optional(string),<br>        block_nat_traffic                = optional(bool),<br>        defined_tags                     = optional(map(string)),<br>        freeform_tags                    = optional(map(string)),<br><br>        default_security_list = optional(object({<br>          compartment_id = optional(string),<br>          defined_tags   = optional(map(string)),<br>          freeform_tags  = optional(map(string)),<br>          ingress_rules = optional(list(object({<br>            stateless    = optional(bool),<br>            protocol     = string,<br>            description  = optional(string),<br>            src          = string,<br>            src_type     = string,<br>            src_port_min = optional(number),<br>            src_port_max = optional(number),<br>            dst_port_min = optional(number),<br>            dst_port_max = optional(number),<br>            icmp_type    = optional(number),<br>            icmp_code    = optional(number)<br>          }))),<br>          egress_rules = optional(list(object({<br>            stateless    = optional(bool),<br>            protocol     = string,<br>            description  = optional(string),<br>            dst          = string,<br>            dst_type     = string,<br>            src_port_min = optional(number),<br>            src_port_max = optional(number),<br>            dst_port_min = optional(number),<br>            dst_port_max = optional(number),<br>            icmp_type    = optional(number),<br>            icmp_code    = optional(number)<br>          })))<br>        }))<br><br>        security_lists = optional(map(object({<br>          compartment_id = optional(string),<br>          defined_tags   = optional(map(string)),<br>          freeform_tags  = optional(map(string)),<br>          display_name   = optional(string),<br>          ingress_rules = optional(list(object({<br>            stateless    = optional(bool),<br>            protocol     = string,<br>            description  = optional(string),<br>            src          = string,<br>            src_type     = string,<br>            src_port_min = optional(number),<br>            src_port_max = optional(number),<br>            dst_port_min = optional(number),<br>            dst_port_max = optional(number),<br>            icmp_type    = optional(number),<br>            icmp_code    = optional(number)<br>          }))),<br>          egress_rules = optional(list(object({<br>            stateless    = optional(bool),<br>            protocol     = string,<br>            description  = optional(string),<br>            dst          = string,<br>            dst_type     = string,<br>            src_port_min = optional(number),<br>            src_port_max = optional(number),<br>            dst_port_min = optional(number),<br>            dst_port_max = optional(number),<br>            icmp_type    = optional(number),<br>            icmp_code    = optional(number)<br>          })))<br>        })))<br><br>        default_route_table = optional(object({<br>          compartment_id = optional(string),<br>          defined_tags   = optional(map(string)),<br>          freeform_tags  = optional(map(string)),<br>          display_name   = optional(string),<br>          route_rules = optional(map(object({<br>            network_entity_id  = optional(string),<br>            network_entity_key = optional(string),<br>            description        = optional(string),<br>            // Supported values:<br>            //    - "a cidr block"<br>            //    - "objectstorage" or "all-services" - only for "SERVICE_CIDR_BLOCK"<br>            destination = optional(string),<br>            // Supported values:<br>            //    - "CIDR_BLOCK"<br>            //    - "SERVICE_CIDR_BLOCK" - only for SGW<br>            destination_type = optional(string),<br>          })))<br>        }))<br><br>        route_tables = optional(map(object({<br>          compartment_id = optional(string),<br>          defined_tags   = optional(map(string)),<br>          freeform_tags  = optional(map(string)),<br>          display_name   = optional(string),<br>          route_rules = optional(map(object({<br>            network_entity_id  = optional(string),<br>            network_entity_key = optional(string),<br>            description        = optional(string),<br>            // Supported values:<br>            //    - "a cidr block"<br>            //    - "objectstorage" or "all-services" - only for "SERVICE_CIDR_BLOCK"<br>            destination = optional(string),<br>            // Supported values:<br>            //    - "CIDR_BLOCK"<br>            //    - "SERVICE_CIDR_BLOCK" - only for SGW<br>            destination_type = optional(string),<br>          })))<br>        })))<br><br>        default_dhcp_options = optional(object({<br>          compartment_id   = optional(string),<br>          display_name     = optional(string),<br>          defined_tags     = optional(map(string)),<br>          freeform_tags    = optional(map(string)),<br>          domain_name_type = optional(string),<br>          options = map(object({<br>            type                = string,<br>            server_type         = optional(string),<br>            custom_dns_servers  = optional(list(string))<br>            search_domain_names = optional(list(string))<br>          }))<br>        }))<br><br>        dhcp_options = optional(map(object({<br>          compartment_id   = optional(string),<br>          display_name     = optional(string),<br>          defined_tags     = optional(map(string)),<br>          freeform_tags    = optional(map(string)),<br>          domain_name_type = optional(string),<br>          options = map(object({<br>            type                = string,<br>            server_type         = optional(string),<br>            custom_dns_servers  = optional(list(string))<br>            search_domain_names = optional(list(string))<br>          }))<br>        })))<br><br>        subnets = optional(map(object({<br>          cidr_block     = string,<br>          compartment_id = optional(string),<br>          #Optional<br>          availability_domain        = optional(string),<br>          defined_tags               = optional(map(string)),<br>          dhcp_options_key           = optional(string),<br>          display_name               = optional(string),<br>          dns_label                  = optional(string),<br>          freeform_tags              = optional(map(string)),<br>          ipv6cidr_block             = optional(string),<br>          ipv6cidr_blocks            = optional(list(string)),<br>          prohibit_internet_ingress  = optional(bool),<br>          prohibit_public_ip_on_vnic = optional(bool),<br>          route_table_key            = optional(string),<br>          security_list_keys         = optional(list(string))<br>        })))<br><br>        network_security_groups = optional(map(object({<br>          compartment_id = optional(string),<br>          display_name   = optional(string),<br>          defined_tags   = optional(map(string))<br>          freeform_tags  = optional(map(string))<br>          ingress_rules = optional(map(object({<br>            description  = optional(string),<br>            protocol     = string,<br>            stateless    = optional(bool),<br>            src          = optional(string),<br>            src_type     = optional(string),<br>            dst_port_min = optional(number),<br>            dst_port_max = optional(number),<br>            src_port_min = optional(number),<br>            src_port_max = optional(number),<br>            icmp_type    = optional(number),<br>            icmp_code    = optional(number)<br>          }))),<br>          egress_rules = optional(map(object({<br>            description  = optional(string),<br>            protocol     = string,<br>            stateless    = optional(bool),<br>            dst          = optional(string),<br>            dst_type     = optional(string),<br>            dst_port_min = optional(number),<br>            dst_port_max = optional(number),<br>            src_port_min = optional(number),<br>            src_port_max = optional(number),<br>            icmp_type    = optional(number),<br>            icmp_code    = optional(number)<br>          })))<br>        })))<br>        dns_resolver = optional(object({<br>          display_name  = optional(string),<br>          defined_tags  = optional(map(string)),<br>          freeform_tags = optional(map(string)),<br>          attached_views = optional(map(object({<br>            compartment_id = optional(string),<br>            display_name   = optional(string),<br>            defined_tags   = optional(map(string)),<br>            freeform_tags  = optional(map(string)),<br>            dns_zones = optional(map(object({<br>              compartment_id = optional(string),<br>              name           = optional(string),<br>              defined_tags   = optional(map(string)),<br>              freeform_tags  = optional(map(string)),<br>              scope          = optional(string),<br>              zone_type      = optional(string),<br>              external_downstreams = optional(list(object({<br>                address  = optional(string),<br>                ports    = optional(string),<br>                tsig_key = optional(string),<br>              }))),<br>              external_masters = optional(list(object({<br>                address  = optional(string),<br>                port     = optional(string),<br>                tsig_key = optional(string),<br>              }))),<br>              dns_records = optional(map(object({<br>                domain         = optional(string),<br>                compartment_id = optional(string),<br>                rtype          = optional(string),<br>                rdata          = optional(string),<br>                ttl            = optional(number),<br>              })))<br>              dns_rrset = optional(map(object({<br>                compartment_id = optional(string)<br>                domain = optional(string),<br>                rtype  = optional(string),<br>                scope  = optional(string),<br>                items = optional(list(object({<br>                  domain = optional(string),<br>                  rdata  = optional(string),<br>                  rtype  = optional(string),<br>                  ttl    = optional(string),<br>                })))<br>              })))<br>              dns_steering_policies = optional(map(object({<br>                compartment_id = optional(string),<br>                domain_name    = optional(string),<br>                display_name   = optional(string),<br>                template       = optional(string),<br>                answers = optional(list(object({<br>                  name        = optional(string),<br>                  rdata       = optional(string),<br>                  rtype       = optional(string),<br>                  is_disabled = optional(bool),<br>                  pool        = optional(string),<br>                }))),<br>                defined_tags            = optional(map(string)),<br>                freeform_tags           = optional(map(string)),<br>                health_check_monitor_id = optional(string)<br>                rules = optional(list(object({<br>                  rule_type = optional(string)<br>                  cases = optional(list(object({<br>                    answer_data = optional(object({<br>                      answer_condition = optional(string)<br>                      should_keep      = optional(string)<br>                      value            = optional(string)<br>                    })),<br>                    case_condition = optional(string),<br>                    count          = optional(number)<br>                  }))),<br>                  default_answer_data = optional(object({<br>                    answer_condition = optional(string),<br>                    should_keep      = optional(bool),<br>                    value            = optional(string),<br>                  })),<br>                  default_count = optional(number),<br>                  description   = optional(string),<br>                }))),<br>                ttl = optional(string),<br>              }))),<br>            }))),<br>          }))),<br>          rules = optional(list(object({<br>            action                    = optional(string),<br>            destination_address       = optional(list(string)),<br>            source_endpoint_name      = optional(string),<br>            client_address_conditions = optional(list(string)),<br>            qname_cover_conditions    = optional(list(string)),<br>          }))),<br>          resolver_endpoints = optional(map(object({<br>            name               = optional(string),<br>            is_forwarding      = optional(string),<br>            is_listening       = optional(string),<br>            subnet             = optional(string),<br>            endpoint_type      = optional(string),<br>            forwarding_address = optional(string),<br>            listening_address  = optional(string),<br>            nsg                = optional(list(string)),<br>          }))),<br>          tsig_keys = optional(map(object({<br>            compartment_id = optional(string),<br>            algorithm      = optional(string),<br>            name           = optional(string),<br>            secret         = optional(string),<br>            defined_tags   = optional(map(string)),<br>            freeform_tags  = optional(map(string)),<br>          }))),<br>        }))<br><br>        vcn_specific_gateways = optional(object({<br>          internet_gateways = optional(map(object({<br>            compartment_id  = optional(string),<br>            enabled         = optional(bool),<br>            defined_tags    = optional(map(string)),<br>            display_name    = optional(string),<br>            freeform_tags   = optional(map(string)),<br>            route_table_key = optional(string)<br>          })))<br><br>          nat_gateways = optional(map(object({<br>            compartment_id  = optional(string),<br>            block_traffic   = optional(bool),<br>            defined_tags    = optional(map(string)),<br>            display_name    = optional(string),<br>            freeform_tags   = optional(map(string)),<br>            public_ip_id    = optional(string),<br>            route_table_key = optional(string)<br>          })))<br><br>          service_gateways = optional(map(object({<br>            compartment_id = optional(string),<br>            // SGW services value:<br>            //       - objectstorage - for object storage access<br>            //       - all-services - for all OCI internal network services access<br>            services        = string,<br>            defined_tags    = optional(map(string)),<br>            display_name    = optional(string),<br>            freeform_tags   = optional(map(string)),<br>            route_table_key = optional(string)<br>          })))<br><br>          local_peering_gateways = optional(map(object({<br>            compartment_id  = optional(string),<br>            defined_tags    = optional(map(string)),<br>            display_name    = optional(string),<br>            freeform_tags   = optional(map(string)),<br>            peer_id         = optional(string),<br>            peer_key        = optional(string),<br>            route_table_key = optional(string)<br>          })))<br>        }))<br>      })))<br><br>      inject_into_existing_vcns = optional(map(object({<br><br>        vcn_id = string,<br><br>        default_security_list = optional(object({<br>          compartment_id = optional(string),<br>          defined_tags   = optional(map(string)),<br>          freeform_tags  = optional(map(string)),<br>          ingress_rules = optional(list(object({<br>            stateless    = optional(bool),<br>            protocol     = string,<br>            description  = optional(string),<br>            src          = string,<br>            src_type     = string,<br>            src_port_min = optional(number),<br>            src_port_max = optional(number),<br>            dst_port_min = optional(number),<br>            dst_port_max = optional(number),<br>            icmp_type    = optional(number),<br>            icmp_code    = optional(number)<br>          }))),<br>          egress_rules = optional(list(object({<br>            stateless    = optional(bool),<br>            protocol     = string,<br>            description  = optional(string),<br>            dst          = string,<br>            dst_type     = string,<br>            src_port_min = optional(number),<br>            src_port_max = optional(number),<br>            dst_port_min = optional(number),<br>            dst_port_max = optional(number),<br>            icmp_type    = optional(number),<br>            icmp_code    = optional(number)<br>          })))<br>        }))<br><br>        security_lists = optional(map(object({<br>          compartment_id = optional(string),<br>          defined_tags   = optional(map(string)),<br>          freeform_tags  = optional(map(string)),<br>          display_name   = optional(string),<br>          ingress_rules = optional(list(object({<br>            stateless    = optional(bool),<br>            protocol     = string,<br>            description  = optional(string),<br>            src          = string,<br>            src_type     = string,<br>            src_port_min = optional(number),<br>            src_port_max = optional(number),<br>            dst_port_min = optional(number),<br>            dst_port_max = optional(number),<br>            icmp_type    = optional(number),<br>            icmp_code    = optional(number)<br>          }))),<br>          egress_rules = optional(list(object({<br>            stateless    = optional(bool),<br>            protocol     = string,<br>            description  = optional(string),<br>            dst          = string,<br>            dst_type     = string,<br>            src_port_min = optional(number),<br>            src_port_max = optional(number),<br>            dst_port_min = optional(number),<br>            dst_port_max = optional(number),<br>            icmp_type    = optional(number),<br>            icmp_code    = optional(number)<br>          })))<br>        })))<br><br>        default_route_table = optional(object({<br>          compartment_id = optional(string),<br>          defined_tags   = optional(map(string)),<br>          freeform_tags  = optional(map(string)),<br>          display_name   = optional(string),<br>          route_rules = optional(map(object({<br>            network_entity_id  = optional(string),<br>            network_entity_key = optional(string),<br>            description        = optional(string),<br>            // Supported values:<br>            //    - "a cidr block"<br>            //    - "objectstorage" or "all-services" - only for "SERVICE_CIDR_BLOCK"<br>            destination = optional(string),<br>            // Supported values:<br>            //    - "CIDR_BLOCK"<br>            //    - "SERVICE_CIDR_BLOCK" - only for SGW<br>            destination_type = optional(string),<br>          })))<br>        }))<br><br>        route_tables = optional(map(object({<br>          compartment_id = optional(string),<br>          defined_tags   = optional(map(string)),<br>          freeform_tags  = optional(map(string)),<br>          display_name   = optional(string),<br>          route_rules = optional(map(object({<br>            network_entity_id  = optional(string),<br>            network_entity_key = optional(string),<br>            description        = optional(string),<br>            // Supported values:<br>            //    - "a cidr block"<br>            //    - "objectstorage" or "all-services" - only for "SERVICE_CIDR_BLOCK"<br>            destination = optional(string),<br>            // Supported values:<br>            //    - "CIDR_BLOCK"<br>            //    - "SERVICE_CIDR_BLOCK" - only for SGW<br>            destination_type = optional(string)<br>          })))<br>        })))<br><br>        default_dhcp_options = optional(object({<br>          compartment_id   = optional(string),<br>          display_name     = optional(string),<br>          defined_tags     = optional(map(string)),<br>          freeform_tags    = optional(map(string)),<br>          domain_name_type = optional(string),<br>          options = map(object({<br>            type                = string,<br>            server_type         = optional(string),<br>            custom_dns_servers  = optional(list(string))<br>            search_domain_names = optional(list(string))<br>          }))<br>        }))<br><br>        dhcp_options = optional(map(object({<br>          compartment_id   = optional(string),<br>          display_name     = optional(string),<br>          defined_tags     = optional(map(string)),<br>          freeform_tags    = optional(map(string)),<br>          domain_name_type = optional(string),<br>          options = map(object({<br>            type                = string,<br>            server_type         = optional(string),<br>            custom_dns_servers  = optional(list(string))<br>            search_domain_names = optional(list(string))<br>          }))<br>        })))<br><br>        subnets = optional(map(object({<br>          cidr_block     = string,<br>          compartment_id = optional(string),<br>          #Optional<br>          availability_domain        = optional(string),<br>          defined_tags               = optional(map(string)),<br>          dhcp_options_id            = optional(string),<br>          dhcp_options_key           = optional(string),<br>          display_name               = optional(string),<br>          dns_label                  = optional(string),<br>          freeform_tags              = optional(map(string)),<br>          ipv6cidr_block             = optional(string),<br>          ipv6cidr_blocks            = optional(list(string)),<br>          prohibit_internet_ingress  = optional(bool),<br>          prohibit_public_ip_on_vnic = optional(bool),<br>          route_table_id             = optional(string),<br>          route_table_key            = optional(string),<br>          security_list_ids          = optional(list(string)),<br>          security_list_keys         = optional(list(string))<br>        })))<br><br>        network_security_groups = optional(map(object({<br>          compartment_id = optional(string),<br>          display_name   = optional(string),<br>          defined_tags   = optional(map(string))<br>          freeform_tags  = optional(map(string))<br>          ingress_rules = optional(map(object({<br>            description  = optional(string),<br>            protocol     = string,<br>            stateless    = optional(bool),<br>            src          = optional(string),<br>            src_type     = optional(string),<br>            dst_port_min = number,<br>            dst_port_max = number,<br>            src_port_min = optional(number),<br>            src_port_max = optional(number),<br>            icmp_type    = optional(number),<br>            icmp_code    = optional(number)<br>          }))),<br>          egress_rules = optional(map(object({<br>            description  = optional(string),<br>            protocol     = string,<br>            stateless    = optional(bool),<br>            dst          = optional(string),<br>            dst_type     = optional(string),<br>            dst_port_min = optional(number),<br>            dst_port_max = optional(number),<br>            src_port_min = optional(number),<br>            src_port_max = optional(number),<br>            icmp_type    = optional(number),<br>            icmp_code    = optional(number)<br>          })))<br>        })))<br><br>        dns_resolver = optional(object({<br>          display_name  = optional(string),<br>          defined_tags  = optional(map(string)),<br>          freeform_tags = optional(map(string)),<br>          attached_views = optional(map(object({<br>            compartment_id = optional(string),<br>            display_name   = optional(string),<br>            defined_tags   = optional(map(string)),<br>            freeform_tags  = optional(map(string)),<br>            dns_zones = optional(map(object({<br>              compartment_id = optional(string),<br>              name           = optional(string),<br>              defined_tags   = optional(map(string)),<br>              freeform_tags  = optional(map(string)),<br>              scope          = optional(string),<br>              zone_type      = optional(string),<br>              external_downstreams = optional(list(object({<br>                address  = optional(string),<br>                ports    = optional(string),<br>                tsig_key = optional(string),<br>              }))),<br>              external_masters = optional(list(object({<br>                address  = optional(string),<br>                port     = optional(string),<br>                tsig_key = optional(string),<br>              }))),<br>              dns_records = optional(map(object({<br>                domain         = optional(string),<br>                compartment_id = optional(string),<br>                rtype          = optional(string),<br>                rdata          = optional(string),<br>                ttl            = optional(string),<br>              })))<br>              dns_rrset = optional(map(object({<br>                domain = optional(string),<br>                rtype  = optional(string),<br>                scope  = optional(string),<br>                items = optional(list(object({<br>                  domain = optional(string),<br>                  rdata  = optional(string),<br>                  rtype  = optional(string),<br>                  ttl    = optional(string),<br>                })))<br>              })))<br>              dns_steering_policies = optional(map(object({<br>                compartment_id = optional(string),<br>                domain_name    = optional(string),<br>                display_name   = optional(string),<br>                template       = optional(string),<br>                answers = optional(list(object({<br>                  name        = optional(string),<br>                  rdata       = optional(string),<br>                  rtype       = optional(string),<br>                  is_disabled = optional(bool),<br>                  pool        = optional(string),<br>                }))),<br>                defined_tags            = optional(map(string)),<br>                freeform_tags           = optional(map(string)),<br>                health_check_monitor_id = optional(string)<br>                rules = optional(list(object({<br>                  rule_type = optional(string)<br>                  cases = optional(list(object({<br>                    answer_data = optional(object({<br>                      answer_condition = optional(string)<br>                      should_keep      = optional(string)<br>                      value            = optional(string)<br>                    })),<br>                    case_condition = optional(string),<br>                    count          = optional(number)<br>                  }))),<br>                  default_answer_data = optional(object({<br>                    answer_condition = optional(string),<br>                    should_keep      = optional(bool),<br>                    value            = optional(string),<br>                  })),<br>                  default_count = optional(number),<br>                  description   = optional(string),<br>                }))),<br>                ttl = optional(string),<br>              }))),<br>            }))),<br>          }))),<br>          rules = optional(list(object({<br>            action                   = optional(string),<br>            destination_address      = optional(string),<br>            source_endpoint_name     = optional(string),<br>            client_address_condition = optional(string),<br>            qname_cover_condtions    = optional(string),<br>          }))),<br>          resolver_endpoints = optional(map(object({<br>            name               = optional(string),<br>            is_forwarding      = optional(bool),<br>            is_listening       = optional(bool),<br>            subnet             = optional(string),<br>            endpoint_type      = optional(string),<br>            forwarding_address = optional(string),<br>            listening_address  = optional(string),<br>            nsg                = optional(string),<br>          }))),<br>          tsig_keys = optional(map(object({<br>            compartment_id = optional(string),<br>            algorithm      = optional(string),<br>            name           = optional(string),<br>            secret         = optional(string),<br>            defined_tags   = optional(map(string)),<br>            freeform_tags  = optional(map(string)),<br>          }))),<br>        }))<br><br>        vcn_specific_gateways = optional(object({<br>          internet_gateways = optional(map(object({<br>            compartment_id  = optional(string),<br>            enabled         = optional(bool),<br>            defined_tags    = optional(map(string)),<br>            display_name    = optional(string),<br>            freeform_tags   = optional(map(string)),<br>            route_table_id  = optional(string),<br>            route_table_key = optional(string)<br>          })))<br><br>          nat_gateways = optional(map(object({<br>            compartment_id  = optional(string),<br>            block_traffic   = optional(bool),<br>            defined_tags    = optional(map(string)),<br>            display_name    = optional(string),<br>            freeform_tags   = optional(map(string)),<br>            public_ip_id    = optional(string),<br>            route_table_id  = optional(string),<br>            route_table_key = optional(string)<br>          })))<br><br>          service_gateways = optional(map(object({<br>            compartment_id = optional(string),<br>            // SGW services value:<br>            //       - objectstorage - for object storage access<br>            //       - all-services - for all OCI internal network services access<br>            services        = string,<br>            defined_tags    = optional(map(string)),<br>            display_name    = optional(string),<br>            freeform_tags   = optional(map(string)),<br>            route_table_id  = optional(string),<br>            route_table_key = optional(string)<br>          })))<br><br>          local_peering_gateways = optional(map(object({<br>            compartment_id  = optional(string),<br>            defined_tags    = optional(map(string)),<br>            display_name    = optional(string),<br>            freeform_tags   = optional(map(string)),<br>            peer_id         = optional(string),<br>            peer_key        = optional(string),<br>            route_table_id  = optional(string),<br>            route_table_key = optional(string)<br>          })))<br>        }))<br>      })))<br><br>      IPs = optional(object({<br><br>        public_ips_pools = optional(map(object({<br>          compartment_id = optional(string),<br>          defined_tags   = optional(map(string)),<br>          display_name   = optional(string),<br>          freeform_tags  = optional(map(string)),<br>        })))<br><br>        public_ips = optional(map(object({<br>          compartment_id     = optional(string),<br>          lifetime           = string,<br>          defined_tags       = optional(map(string)),<br>          display_name       = optional(string),<br>          freeform_tags      = optional(map(string)),<br>          private_ip_id      = optional(string),<br>          public_ip_pool_id  = optional(string),<br>          public_ip_pool_key = optional(string)<br>        })))<br>      }))<br><br><br><br>      non_vcn_specific_gateways = optional(object({<br><br>        dynamic_routing_gateways = optional(map(object({<br>          compartment_id = optional(string),<br>          defined_tags   = optional(map(string)),<br>          display_name   = optional(string),<br>          freeform_tags  = optional(map(string)),<br><br>          remote_peering_connections = optional(map(object({<br>            compartment_id   = optional(string),<br>            defined_tags     = optional(map(string)),<br>            display_name     = optional(string),<br>            freeform_tags    = optional(map(string)),<br>            peer_id          = optional(string),<br>            peer_key         = optional(string),<br>            peer_region_name = optional(string)<br>          })))<br><br>          drg_attachments = optional(map(object({<br>            defined_tags        = optional(map(string)),<br>            display_name        = optional(string),<br>            freeform_tags       = optional(map(string)),<br>            drg_route_table_id  = optional(string),<br>            drg_route_table_key = optional(string),<br>            network_details = optional(object({<br>              attached_resource_id  = optional(string),<br>              attached_resource_key = optional(string),<br>              type                  = string,<br>              route_table_id        = optional(string),<br>              route_table_key       = optional(string),<br>              vcn_route_type        = optional(string)<br>            }))<br>          })))<br><br>          drg_route_tables = optional(map(object({<br>            defined_tags                      = optional(map(string)),<br>            display_name                      = optional(string),<br>            freeform_tags                     = optional(map(string)),<br>            import_drg_route_distribution_id  = optional(string),<br>            import_drg_route_distribution_key = optional(string),<br>            is_ecmp_enabled                   = optional(bool),<br>            route_rules = optional(map(object({<br>              destination                 = string,<br>              destination_type            = string,<br>              next_hop_drg_attachment_id  = optional(string),<br>              next_hop_drg_attachment_key = optional(string),<br>            })))<br>          })))<br><br>          drg_route_distributions = optional(map(object({<br>            distribution_type = string,<br>            defined_tags      = optional(map(string)),<br>            display_name      = optional(string),<br>            freeform_tags     = optional(map(string))<br>            statements = optional(map(object({<br>              action = string,<br>              match_criteria = optional(object({<br>                match_type         = string,<br>                attachment_type    = optional(string),<br>                drg_attachment_id  = optional(string),<br>                drg_attachment_key = optional(string)<br>              }))<br>              priority = optional(number)<br>            })))<br>          })))<br>        })))<br><br>        customer_premises_equipments = optional(map(object({<br>          compartment_id               = optional(string),<br>          ip_address                   = string,<br>          defined_tags                 = optional(map(string)),<br>          display_name                 = optional(string),<br>          freeform_tags                = optional(map(string)),<br>          cpe_device_shape_id          = optional(string),<br>          cpe_device_shape_vendor_name = optional(string)<br>        })))<br><br>        ipsecs = optional(map(object({<br>          compartment_id            = optional(string),<br>          cpe_id                    = optional(string),<br>          cpe_key                   = optional(string),<br>          drg_id                    = optional(string),<br>          drg_key                   = optional(string),<br>          static_routes             = list(string),<br>          cpe_local_identifier      = optional(string),<br>          cpe_local_identifier_type = optional(string),<br>          defined_tags              = optional(map(string)),<br>          display_name              = optional(string),<br>          freeform_tags             = optional(map(string)),<br>          tunnels_management = optional(object({<br>            tunnel_1 = optional(object({<br>              routing = string,<br>              bgp_session_info = optional(object({<br>                customer_bgp_asn      = optional(string),<br>                customer_interface_ip = optional(string),<br>                oracle_interface_ip   = optional(string)<br>              }))<br>              encryption_domain_config = optional(object({<br>                cpe_traffic_selector    = optional(string),<br>                oracle_traffic_selector = optional(string)<br>              }))<br>              shared_secret = optional(string),<br>              ike_version   = optional(string)<br>            })),<br>            tunnel_2 = optional(object({<br>              routing = string,<br>              bgp_session_info = optional(object({<br>                customer_bgp_asn      = optional(string),<br>                customer_interface_ip = optional(string),<br>                oracle_interface_ip   = optional(string)<br>              }))<br>              encryption_domain_config = optional(object({<br>                cpe_traffic_selector    = optional(string),<br>                oracle_traffic_selector = optional(string)<br>              }))<br>              shared_secret = optional(string),<br>              ike_version   = optional(string)<br>            }))<br>          }))<br>        })))<br><br>        fast_connect_virtual_circuits = optional(map(object({<br>          #Required<br>          compartment_id                              = optional(string),<br>          provision_fc_virtual_circuit                = bool,<br>          show_available_fc_virtual_circuit_providers = bool,<br>          type                                        = string,<br>          #Optional<br>          bandwidth_shape_name = optional(string),<br>          bgp_admin_state      = optional(string),<br>          cross_connect_mappings = optional(map(object({<br>            #Optional<br>            bgp_md5auth_key                          = optional(string)<br>            cross_connect_or_cross_connect_group_id  = optional(string)<br>            cross_connect_or_cross_connect_group_key = optional(string)<br>            customer_bgp_peering_ip                  = optional(string)<br>            customer_bgp_peering_ipv6                = optional(string)<br>            oracle_bgp_peering_ip                    = optional(string)<br>            oracle_bgp_peering_ipv6                  = optional(string)<br>            vlan                                     = optional(string)<br>          })))<br>          customer_asn              = optional(string)<br>          defined_tags              = optional(map(string))<br>          display_name              = optional(string)<br>          freeform_tags             = optional(map(string))<br>          ip_mtu                    = optional(number)<br>          is_bfd_enabled            = optional(bool)<br>          gateway_id                = optional(string)<br>          gateway_key               = optional(string)<br>          provider_service_id       = optional(string)<br>          provider_service_key      = optional(string)<br>          provider_service_key_name = optional(string)<br>          public_prefixes = optional(map(object({<br>            #Required<br>            cidr_block = string,<br>          })))<br>          region         = optional(string)<br>          routing_policy = optional(list(string))<br>        })))<br><br>        cross_connect_groups = optional(map(object({<br>          compartment_id          = optional(string),<br>          customer_reference_name = optional(string),<br>          defined_tags            = optional(map(string)),<br>          display_name            = optional(string),<br>          freeform_tags           = optional(map(string)),<br>          cross_connects = optional(map(object({<br>            compartment_id                                = optional(string),<br>            location_name                                 = string,<br>            port_speed_shape_name                         = string,<br>            customer_reference_name                       = optional(string),<br>            defined_tags                                  = optional(map(string))<br>            display_name                                  = optional(string),<br>            far_cross_connect_or_cross_connect_group_id   = optional(string),<br>            far_cross_connect_or_cross_connect_group_key  = optional(string),<br>            freeform_tags                                 = optional(map(string))<br>            near_cross_connect_or_cross_connect_group_id  = optional(string),<br>            near_cross_connect_or_cross_connect_group_key = optional(string),<br>          })))<br>        })))<br><br>        inject_into_existing_drgs = optional(map(object({<br>          drg_id = string,<br><br>          remote_peering_connections = optional(map(object({<br>            compartment_id   = optional(string),<br>            defined_tags     = optional(map(string)),<br>            display_name     = optional(string),<br>            freeform_tags    = optional(map(string)),<br>            peer_id          = optional(string),<br>            peer_key         = optional(string),<br>            peer_region_name = optional(string)<br>          })))<br><br>          drg_attachments = optional(map(object({<br>            defined_tags        = optional(map(string)),<br>            display_name        = optional(string),<br>            freeform_tags       = optional(map(string)),<br>            drg_route_table_id  = optional(string),<br>            drg_route_table_key = optional(string),<br>            network_details = optional(object({<br>              attached_resource_id  = optional(string),<br>              attached_resource_key = optional(string),<br>              type                  = string,<br>              route_table_id        = optional(string),<br>              route_table_key       = optional(string),<br>              vcn_route_type        = optional(string)<br>            }))<br>          })))<br><br>          drg_route_tables = optional(map(object({<br>            defined_tags                      = optional(map(string)),<br>            display_name                      = optional(string),<br>            freeform_tags                     = optional(map(string)),<br>            import_drg_route_distribution_id  = optional(string),<br>            import_drg_route_distribution_key = optional(string),<br>            is_ecmp_enabled                   = optional(bool),<br>            route_rules = optional(map(object({<br>              destination                 = string,<br>              destination_type            = string,<br>              next_hop_drg_attachment_id  = optional(string),<br>              next_hop_drg_attachment_key = optional(string),<br>            })))<br>          })))<br><br>          drg_route_distributions = optional(map(object({<br>            distribution_type = string,<br>            defined_tags      = optional(map(string)),<br>            display_name      = optional(string),<br>            freeform_tags     = optional(map(string))<br>            statements = optional(map(object({<br>              action = string,<br>              match_criteria = optional(object({<br>                match_type         = string,<br>                attachment_type    = optional(string),<br>                drg_attachment_id  = optional(string),<br>                drg_attachment_key = optional(string)<br>              }))<br>              priority = number<br>            })))<br>          })))<br>        })))<br><br>        network_firewalls_configuration = optional(object({<br>          network_firewalls = optional(map(object({<br>            availability_domain         = optional(number),<br>            compartment_id              = optional(string),<br>            defined_tags                = optional(map(string)),<br>            display_name                = optional(string),<br>            freeform_tags               = optional(map(string)),<br>            ipv4address                 = optional(string),<br>            ipv6address                 = optional(string),<br>            network_security_group_ids  = optional(list(string)),<br>            network_security_group_keys = optional(list(string)),<br>            subnet_id                   = optional(string),<br>            subnet_key                  = optional(string),<br>            network_firewall_policy_id  = optional(string),<br>            network_firewall_policy_key = optional(string)<br>          }))),<br><br>          network_firewall_policies = optional(map(object({<br>            compartment_id = optional(string),<br>            defined_tags   = optional(map(string)),<br>            display_name   = optional(string),<br>            freeform_tags  = optional(map(string)),<br>            # application_lists = optional(map(object({<br>            #   application_list_name = string,<br>            #   application_values = map(object({<br>            #     type         = string,<br>            #     icmp_type    = optional(string),<br>            #     icmp_code    = optional(string),<br>            #     minimum_port = optional(number),<br>            #     maximum_port = optional(number)<br>            #   }))<br>            # })))<br>            applications = optional(map(object({<br>              name      = string,<br>              type      = string,<br>              icmp_type = optional(string),<br>              icmp_code = optional(string),<br>            })))<br>            decryption_profiles = optional(map(object({<br>              type                                  = string, # Valid values: "SSL_FORWARD_PROXY", "SSL_INBOUND_INSPECTION"<br>              name                                  = string,<br>              is_out_of_capacity_blocked            = optional(bool),<br>              is_unsupported_cipher_blocked         = optional(bool),<br>              is_unsupported_version_blocked        = optional(bool),<br>              are_certificate_extensions_restricted = optional(bool), # Applicable only when type = "SSL_FORWARD_PROXY"<br>              is_auto_include_alt_name              = optional(bool), # Applicable only when type = "SSL_FORWARD_PROXY"<br>              is_expired_certificate_blocked        = optional(bool), # Applicable only when type = "SSL_FORWARD_PROXY"<br>              is_revocation_status_timeout_blocked  = optional(bool), # Applicable only when type = "SSL_FORWARD_PROXY"<br>              is_unknown_revocation_status_blocked  = optional(bool), # Applicable only when type = "SSL_FORWARD_PROXY"<br>              is_untrusted_issuer_blocked           = optional(bool)  # Applicable only when type = "SSL_FORWARD_PROXY"<br>            })))<br>            ip_address_lists = optional(map(object({<br>              name = string,<br>              type = string, # Valid values: "FQND", "IP"<br>              addresses = list(string)<br>            })))<br>            decryption_rules = optional(map(object({<br>              name                  = string,<br>              action                = string,<br>              decryption_profile_id = optional(string),<br>              secret                = optional(string),<br>              destination_ip_address_list = optional(string),<br>              source_ip_address_list      = optional(string)<br>            })))<br>            mapped_secrets = optional(map(object({<br>              name            = string,<br>              type            = string, # Valid values: SSL_FORWARD_PROXY, SSL_INBOUND_INSPECTION<br>              source          = string, # Valid value: OCI_VAULT<br>              vault_secret_id = string,<br>              version_number  = string,<br>            })))<br>            security_rules = optional(map(object({<br>              action              = string, # Valid values: ALLOW,DROP,REJECT,INSPECT<br>              name                = string,<br>              application         = optional(list(string)),<br>              destination_address = optional(list(string)),<br>              service             = optional(list(string)),<br>              source_address      = optional(list(string)),<br>              url                 = optional(list(string)),<br>              inspection          = optional(string), # This is only applicable if action is INSPECT<br>              after_rule          = optional(string),<br>              before_rule         = optional(string)<br>            })))<br>            url_lists = optional(map(object({<br>              name    = string,<br>              pattern = string,<br>              type    = string # Valid value: SIMPLE<br>            })))<br>          })))<br>        }))<br><br>        l7_load_balancers = optional(map(object({<br>          compartment_id              = optional(string),<br>          display_name                = string,<br>          shape                       = string,<br>          subnet_ids                  = list(string),<br>          subnet_keys                 = list(string),<br>          defined_tags                = optional(map(string)),<br>          freeform_tags               = optional(map(string)),<br>          ip_mode                     = optional(string),<br>          is_private                  = optional(bool),<br>          network_security_group_ids  = optional(list(string)),<br>          network_security_group_keys = optional(list(string)),<br>          reserved_ips_ids            = optional(list(string)),<br>          reserved_ips_keys           = optional(list(string))<br>          shape_details = optional(object({<br>            maximum_bandwidth_in_mbps = number,<br>            minimum_bandwidth_in_mbps = number<br>          }))<br>          backend_sets = optional(map(object({<br>            health_checker = object({<br>              protocol            = string,<br>              interval_ms         = number,<br>              is_force_plain_text = bool,<br>              port                = number,<br>              response_body_regex = optional(string),<br>              retries             = number,<br>              return_code         = number,<br>              timeout_in_millis   = number,<br>              url_path            = optional(string)<br>            })<br>            name   = string,<br>            policy = string,<br>            lb_cookie_session_persistence_configuration = optional(object({<br>              cookie_name        = optional(string),<br>              disable_fallback   = optional(bool),<br>              domain             = optional(string),<br>              is_http_only       = optional(bool),<br>              is_secure          = optional(bool),<br>              max_age_in_seconds = optional(number),<br>              path               = optional(string),<br>            }))<br>            session_persistence_configuration = optional(object({<br>              cookie_name      = string,<br>              disable_fallback = optional(bool)<br>            }))<br>            ssl_configuration = optional(object({<br>              certificate_ids                    = optional(list(string)),<br>              certificate_keys                   = optional(list(string)),<br>              certificate_name                   = optional(string),<br>              cipher_suite_name                  = optional(string),<br>              protocols                          = optional(list(string)),<br>              server_order_preference            = optional(string),<br>              trusted_certificate_authority_ids  = optional(list(string)),<br>              trusted_certificate_authority_keys = optional(list(string)),<br>              verify_depth                       = optional(number),<br>              verify_peer_certificate            = optional(bool),<br>            }))<br>            backends = optional(map(object({<br>              ip_address = string,<br>              port       = number,<br>              backup     = optional(bool),<br>              drain      = optional(bool),<br>              offline    = optional(bool),<br>              weight     = optional(number)<br>            })))<br>          })))<br>          cipher_suites = optional(map(object({<br>            ciphers = list(string),<br>            name    = string<br>          })))<br>          path_route_sets = optional(map(object({<br>            name = string,<br>            path_routes = map(object({<br>              backend_set_key = string,<br>              path            = string,<br>              path_match_type = object({<br>                match_type = string<br>              })<br>            }))<br>          })))<br>          host_names = optional(map(object({<br>            hostname = string,<br>            name     = string<br>          })))<br>          routing_policies = optional(map(object({<br>            condition_language_version = string,<br>            name                       = string,<br>            rules = map(object({<br>              actions = map(object({<br>                backend_set_key = string,<br>                name            = string,<br>              }))<br>              condition = string,<br>              name      = string<br>            }))<br>          })))<br>          rule_sets = optional(map(object({<br>            name = string,<br>            items = map(object({<br>              action                         = string,<br>              allowed_methods                = optional(list(string)),<br>              are_invalid_characters_allowed = optional(bool),<br>              conditions = optional(map(object({<br>                attribute_name  = string,<br>                attribute_value = string,<br>                operator        = optional(string)<br>              })))<br>              description                  = optional(string),<br>              header                       = optional(string),<br>              http_large_header_size_in_kb = optional(number),<br>              prefix                       = optional(string),<br>              redirect_uri = optional(object({<br>                host     = optional(string, )<br>                path     = optional(string),<br>                port     = optional(number),<br>                protocol = optional(string),<br>                query    = optional(string)<br>              }))<br>              response_code = optional(number)<br>              status_code   = optional(number),<br>              suffix        = optional(string),<br>              value         = optional(string)<br>            }))<br>          })))<br>          certificates = optional(map(object({<br>            #Required<br>            certificate_name = string,<br>            #Optional<br>            ca_certificate     = optional(string),<br>            passphrase         = optional(string),<br>            private_key        = optional(string),<br>            public_certificate = optional(string)<br>          })))<br>          listeners = optional(map(object({<br>            default_backend_set_key = string,<br>            name                    = string,<br>            port                    = string,<br>            protocol                = string,<br>            connection_configuration = optional(object({<br>              idle_timeout_in_seconds            = number,<br>              backend_tcp_proxy_protocol_version = optional(string)<br>            }))<br>            hostname_keys      = optional(list(string)),<br>            path_route_set_key = optional(string),<br>            routing_policy_key = optional(string),<br>            rule_set_keys      = optional(list(string)),<br>            ssl_configuration = optional(object({<br>              certificate_key                   = optional(string),<br>              certificate_ids                   = optional(list(string)),<br>              cipher_suite_key                  = optional(string),<br>              protocols                         = optional(list(string)),<br>              server_order_preference           = optional(string),<br>              trusted_certificate_authority_ids = optional(list(string)),<br>              verify_depth                      = optional(number),<br>              verify_peer_certificate           = optional(bool)<br>            }))<br>          })))<br>        })))<br>      }))<br>      }<br>    )))<br>  })</pre> | n/a | yes |
-| <a name="input_network_dependency"></a> [network\_dependency](#input\_network\_dependency) | An object containing the externally managed network resources this module may depend on. Supported resources are 'vcns', 'dynamic\_routing\_gateways', 'drg\_attachments', 'local\_peering\_gateways', and 'remote\_peering\_connections', represented as map of objects. Each object, when defined, must have an 'id' attribute of string type set with the VCN, DRG OCID, DRG Attachment OCID, Local Peering Gateway OCID or Remote Peering Connection OCID. 'remote\_peering\_connections' must also pass the peer region name in the region\_name attribute. See External Dependencies section in README.md (https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking#ext-dep) for details. | <pre>object({<br>    vcns = optional(map(object({<br>      id = string # the VCN OCID<br>    })))<br>    dynamic_routing_gateways = optional(map(object({<br>      id = string # the DRG OCID<br>    })))<br>    drg_attachments = optional(map(object({<br>      id = string # the DRG attachment OCID<br>    })))<br>    local_peering_gateways = optional(map(object({<br>      id = string # the LPG OCID<br>    })))<br>    remote_peering_connections = optional(map(object({<br>      id = string # the peer RPC OCID<br>      region_name = string # the peer RPC region name<br>    })))<br>  })</pre> | `null` | no |
+| <a name="input_network_configuration"></a> [network\_configuration](#input\_network\_configuration) | n/a | <pre>object({<br>    default_compartment_id     = optional(string),<br>    default_defined_tags       = optional(map(string)),<br>    default_freeform_tags      = optional(map(string)),<br>    default_enable_cis_checks  = optional(bool),<br>    default_ssh_ports_to_check = optional(list(number)),<br><br>    network_configuration_categories = optional(map(object({<br>      category_compartment_id     = optional(string),<br>      category_defined_tags       = optional(map(string)),<br>      category_freeform_tags      = optional(map(string)),<br>      category_enable_cis_checks  = optional(bool),<br>      category_ssh_ports_to_check = optional(list(number)),<br><br>      vcns = optional(map(object({<br>        compartment_id = optional(string),<br>        display_name   = optional(string),<br>        byoipv6cidr_details = optional(map(object({<br>          byoipv6range_id = string<br>          ipv6cidr_block  = string<br>        })))<br>        ipv6private_cidr_blocks          = optional(list(string)),<br>        is_ipv6enabled                   = optional(bool),<br>        is_oracle_gua_allocation_enabled = optional(bool),<br>        cidr_blocks                      = optional(list(string)),<br>        dns_label                        = optional(string),<br>        block_nat_traffic                = optional(bool),<br>        defined_tags                     = optional(map(string)),<br>        freeform_tags                    = optional(map(string)),<br><br>        default_security_list = optional(object({<br>          compartment_id = optional(string),<br>          defined_tags   = optional(map(string)),<br>          freeform_tags  = optional(map(string)),<br>          ingress_rules = optional(list(object({<br>            stateless    = optional(bool),<br>            protocol     = string,<br>            description  = optional(string),<br>            src          = string,<br>            src_type     = string,<br>            src_port_min = optional(number),<br>            src_port_max = optional(number),<br>            dst_port_min = optional(number),<br>            dst_port_max = optional(number),<br>            icmp_type    = optional(number),<br>            icmp_code    = optional(number)<br>          }))),<br>          egress_rules = optional(list(object({<br>            stateless    = optional(bool),<br>            protocol     = string,<br>            description  = optional(string),<br>            dst          = string,<br>            dst_type     = string,<br>            src_port_min = optional(number),<br>            src_port_max = optional(number),<br>            dst_port_min = optional(number),<br>            dst_port_max = optional(number),<br>            icmp_type    = optional(number),<br>            icmp_code    = optional(number)<br>          })))<br>        }))<br><br>        security_lists = optional(map(object({<br>          compartment_id = optional(string),<br>          defined_tags   = optional(map(string)),<br>          freeform_tags  = optional(map(string)),<br>          display_name   = optional(string),<br>          ingress_rules = optional(list(object({<br>            stateless    = optional(bool),<br>            protocol     = string,<br>            description  = optional(string),<br>            src          = string,<br>            src_type     = string,<br>            src_port_min = optional(number),<br>            src_port_max = optional(number),<br>            dst_port_min = optional(number),<br>            dst_port_max = optional(number),<br>            icmp_type    = optional(number),<br>            icmp_code    = optional(number)<br>          }))),<br>          egress_rules = optional(list(object({<br>            stateless    = optional(bool),<br>            protocol     = string,<br>            description  = optional(string),<br>            dst          = string,<br>            dst_type     = string,<br>            src_port_min = optional(number),<br>            src_port_max = optional(number),<br>            dst_port_min = optional(number),<br>            dst_port_max = optional(number),<br>            icmp_type    = optional(number),<br>            icmp_code    = optional(number)<br>          })))<br>        })))<br><br>        default_route_table = optional(object({<br>          compartment_id = optional(string),<br>          defined_tags   = optional(map(string)),<br>          freeform_tags  = optional(map(string)),<br>          display_name   = optional(string),<br>          route_rules = optional(map(object({<br>            network_entity_id  = optional(string),<br>            network_entity_key = optional(string),<br>            description        = optional(string),<br>            // Supported values:<br>            //    - "a cidr block"<br>            //    - "objectstorage" or "all-services" - only for "SERVICE_CIDR_BLOCK"<br>            destination = optional(string),<br>            // Supported values:<br>            //    - "CIDR_BLOCK"<br>            //    - "SERVICE_CIDR_BLOCK" - only for SGW<br>            destination_type = optional(string),<br>          })))<br>        }))<br><br>        route_tables = optional(map(object({<br>          compartment_id = optional(string),<br>          defined_tags   = optional(map(string)),<br>          freeform_tags  = optional(map(string)),<br>          display_name   = optional(string),<br>          route_rules = optional(map(object({<br>            network_entity_id  = optional(string),<br>            network_entity_key = optional(string),<br>            description        = optional(string),<br>            // Supported values:<br>            //    - "a cidr block"<br>            //    - "objectstorage" or "all-services" - only for "SERVICE_CIDR_BLOCK"<br>            destination = optional(string),<br>            // Supported values:<br>            //    - "CIDR_BLOCK"<br>            //    - "SERVICE_CIDR_BLOCK" - only for SGW<br>            destination_type = optional(string),<br>          })))<br>        })))<br><br>        default_dhcp_options = optional(object({<br>          compartment_id   = optional(string),<br>          display_name     = optional(string),<br>          defined_tags     = optional(map(string)),<br>          freeform_tags    = optional(map(string)),<br>          domain_name_type = optional(string),<br>          options = map(object({<br>            type                = string,<br>            server_type         = optional(string),<br>            custom_dns_servers  = optional(list(string))<br>            search_domain_names = optional(list(string))<br>          }))<br>        }))<br><br>        dhcp_options = optional(map(object({<br>          compartment_id   = optional(string),<br>          display_name     = optional(string),<br>          defined_tags     = optional(map(string)),<br>          freeform_tags    = optional(map(string)),<br>          domain_name_type = optional(string),<br>          options = map(object({<br>            type                = string,<br>            server_type         = optional(string),<br>            custom_dns_servers  = optional(list(string))<br>            search_domain_names = optional(list(string))<br>          }))<br>        })))<br><br>        subnets = optional(map(object({<br>          cidr_block     = string,<br>          compartment_id = optional(string),<br>          #Optional<br>          availability_domain        = optional(string),<br>          defined_tags               = optional(map(string)),<br>          dhcp_options_key           = optional(string),<br>          display_name               = optional(string),<br>          dns_label                  = optional(string),<br>          freeform_tags              = optional(map(string)),<br>          ipv6cidr_block             = optional(string),<br>          ipv6cidr_blocks            = optional(list(string)),<br>          prohibit_internet_ingress  = optional(bool),<br>          prohibit_public_ip_on_vnic = optional(bool),<br>          route_table_key            = optional(string),<br>          security_list_keys         = optional(list(string))<br>        })))<br><br>        network_security_groups = optional(map(object({<br>          compartment_id = optional(string),<br>          display_name   = optional(string),<br>          defined_tags   = optional(map(string))<br>          freeform_tags  = optional(map(string))<br>          ingress_rules = optional(map(object({<br>            description  = optional(string),<br>            protocol     = string,<br>            stateless    = optional(bool),<br>            src          = optional(string),<br>            src_type     = optional(string),<br>            dst_port_min = optional(number),<br>            dst_port_max = optional(number),<br>            src_port_min = optional(number),<br>            src_port_max = optional(number),<br>            icmp_type    = optional(number),<br>            icmp_code    = optional(number)<br>          }))),<br>          egress_rules = optional(map(object({<br>            description  = optional(string),<br>            protocol     = string,<br>            stateless    = optional(bool),<br>            dst          = optional(string),<br>            dst_type     = optional(string),<br>            dst_port_min = optional(number),<br>            dst_port_max = optional(number),<br>            src_port_min = optional(number),<br>            src_port_max = optional(number),<br>            icmp_type    = optional(number),<br>            icmp_code    = optional(number)<br>          })))<br>        })))<br>        dns_resolver = optional(object({<br>          display_name  = optional(string),<br>          defined_tags  = optional(map(string)),<br>          freeform_tags = optional(map(string)),<br>          attached_views = optional(map(object({<br>            existing_view_id = optional(string) # an existing externally managed view. Assign either this attribute or the others for having this module managing the view.<br>            compartment_id = optional(string),<br>            display_name   = optional(string),<br>            defined_tags   = optional(map(string)),<br>            freeform_tags  = optional(map(string)),<br>            dns_zones = optional(map(object({<br>              compartment_id = optional(string),<br>              name           = optional(string),<br>              defined_tags   = optional(map(string)),<br>              freeform_tags  = optional(map(string)),<br>              scope          = optional(string),<br>              zone_type      = optional(string),<br>              external_downstreams = optional(list(object({<br>                address  = optional(string),<br>                ports    = optional(string),<br>                tsig_key = optional(string),<br>              }))),<br>              external_masters = optional(list(object({<br>                address  = optional(string),<br>                port     = optional(string),<br>                tsig_key = optional(string),<br>              }))),<br>              dns_records = optional(map(object({<br>                domain         = optional(string),<br>                compartment_id = optional(string),<br>                rtype          = optional(string),<br>                rdata          = optional(string),<br>                ttl            = optional(number),<br>              })))<br>              dns_rrset = optional(map(object({<br>                compartment_id = optional(string)<br>                domain = optional(string),<br>                rtype  = optional(string),<br>                scope  = optional(string),<br>                items = optional(list(object({<br>                  domain = optional(string),<br>                  rdata  = optional(string),<br>                  rtype  = optional(string),<br>                  ttl    = optional(string),<br>                })))<br>              })))<br>              dns_steering_policies = optional(map(object({<br>                compartment_id = optional(string),<br>                domain_name    = optional(string),<br>                display_name   = optional(string),<br>                template       = optional(string),<br>                answers = optional(list(object({<br>                  name        = optional(string),<br>                  rdata       = optional(string),<br>                  rtype       = optional(string),<br>                  is_disabled = optional(bool),<br>                  pool        = optional(string),<br>                }))),<br>                defined_tags            = optional(map(string)),<br>                freeform_tags           = optional(map(string)),<br>                health_check_monitor_id = optional(string)<br>                rules = optional(list(object({<br>                  rule_type = optional(string)<br>                  cases = optional(list(object({<br>                    answer_data = optional(object({<br>                      answer_condition = optional(string)<br>                      should_keep      = optional(string)<br>                      value            = optional(string)<br>                    })),<br>                    case_condition = optional(string),<br>                    count          = optional(number)<br>                  }))),<br>                  default_answer_data = optional(object({<br>                    answer_condition = optional(string),<br>                    should_keep      = optional(bool),<br>                    value            = optional(string),<br>                  })),<br>                  default_count = optional(number),<br>                  description   = optional(string),<br>                }))),<br>                ttl = optional(string),<br>              }))),<br>            }))),<br>          }))),<br>          rules = optional(list(object({<br>            action                    = optional(string),<br>            destination_address       = optional(list(string)),<br>            source_endpoint_name      = optional(string),<br>            client_address_conditions = optional(list(string)),<br>            qname_cover_conditions    = optional(list(string)),<br>          }))),<br>          resolver_endpoints = optional(map(object({<br>            name               = optional(string),<br>            is_forwarding      = optional(string),<br>            is_listening       = optional(string),<br>            subnet             = optional(string),<br>            endpoint_type      = optional(string),<br>            forwarding_address = optional(string),<br>            listening_address  = optional(string),<br>            nsg                = optional(list(string)),<br>          }))),<br>          tsig_keys = optional(map(object({<br>            compartment_id = optional(string),<br>            algorithm      = optional(string),<br>            name           = optional(string),<br>            secret         = optional(string),<br>            defined_tags   = optional(map(string)),<br>            freeform_tags  = optional(map(string)),<br>          }))),<br>        }))<br><br>        vcn_specific_gateways = optional(object({<br>          internet_gateways = optional(map(object({<br>            compartment_id  = optional(string),<br>            enabled         = optional(bool),<br>            defined_tags    = optional(map(string)),<br>            display_name    = optional(string),<br>            freeform_tags   = optional(map(string)),<br>            route_table_key = optional(string)<br>          })))<br><br>          nat_gateways = optional(map(object({<br>            compartment_id  = optional(string),<br>            block_traffic   = optional(bool),<br>            defined_tags    = optional(map(string)),<br>            display_name    = optional(string),<br>            freeform_tags   = optional(map(string)),<br>            public_ip_id    = optional(string),<br>            route_table_key = optional(string)<br>          })))<br><br>          service_gateways = optional(map(object({<br>            compartment_id = optional(string),<br>            // SGW services value:<br>            //       - objectstorage - for object storage access<br>            //       - all-services - for all OCI internal network services access<br>            services        = string,<br>            defined_tags    = optional(map(string)),<br>            display_name    = optional(string),<br>            freeform_tags   = optional(map(string)),<br>            route_table_key = optional(string)<br>          })))<br><br>          local_peering_gateways = optional(map(object({<br>            compartment_id  = optional(string),<br>            defined_tags    = optional(map(string)),<br>            display_name    = optional(string),<br>            freeform_tags   = optional(map(string)),<br>            peer_id         = optional(string),<br>            peer_key        = optional(string),<br>            route_table_key = optional(string)<br>          })))<br>        }))<br>      })))<br><br>      inject_into_existing_vcns = optional(map(object({<br><br>        vcn_id = string,<br><br>        default_security_list = optional(object({<br>          compartment_id = optional(string),<br>          defined_tags   = optional(map(string)),<br>          freeform_tags  = optional(map(string)),<br>          ingress_rules = optional(list(object({<br>            stateless    = optional(bool),<br>            protocol     = string,<br>            description  = optional(string),<br>            src          = string,<br>            src_type     = string,<br>            src_port_min = optional(number),<br>            src_port_max = optional(number),<br>            dst_port_min = optional(number),<br>            dst_port_max = optional(number),<br>            icmp_type    = optional(number),<br>            icmp_code    = optional(number)<br>          }))),<br>          egress_rules = optional(list(object({<br>            stateless    = optional(bool),<br>            protocol     = string,<br>            description  = optional(string),<br>            dst          = string,<br>            dst_type     = string,<br>            src_port_min = optional(number),<br>            src_port_max = optional(number),<br>            dst_port_min = optional(number),<br>            dst_port_max = optional(number),<br>            icmp_type    = optional(number),<br>            icmp_code    = optional(number)<br>          })))<br>        }))<br><br>        security_lists = optional(map(object({<br>          compartment_id = optional(string),<br>          defined_tags   = optional(map(string)),<br>          freeform_tags  = optional(map(string)),<br>          display_name   = optional(string),<br>          ingress_rules = optional(list(object({<br>            stateless    = optional(bool),<br>            protocol     = string,<br>            description  = optional(string),<br>            src          = string,<br>            src_type     = string,<br>            src_port_min = optional(number),<br>            src_port_max = optional(number),<br>            dst_port_min = optional(number),<br>            dst_port_max = optional(number),<br>            icmp_type    = optional(number),<br>            icmp_code    = optional(number)<br>          }))),<br>          egress_rules = optional(list(object({<br>            stateless    = optional(bool),<br>            protocol     = string,<br>            description  = optional(string),<br>            dst          = string,<br>            dst_type     = string,<br>            src_port_min = optional(number),<br>            src_port_max = optional(number),<br>            dst_port_min = optional(number),<br>            dst_port_max = optional(number),<br>            icmp_type    = optional(number),<br>            icmp_code    = optional(number)<br>          })))<br>        })))<br><br>        default_route_table = optional(object({<br>          compartment_id = optional(string),<br>          defined_tags   = optional(map(string)),<br>          freeform_tags  = optional(map(string)),<br>          display_name   = optional(string),<br>          route_rules = optional(map(object({<br>            network_entity_id  = optional(string),<br>            network_entity_key = optional(string),<br>            description        = optional(string),<br>            // Supported values:<br>            //    - "a cidr block"<br>            //    - "objectstorage" or "all-services" - only for "SERVICE_CIDR_BLOCK"<br>            destination = optional(string),<br>            // Supported values:<br>            //    - "CIDR_BLOCK"<br>            //    - "SERVICE_CIDR_BLOCK" - only for SGW<br>            destination_type = optional(string),<br>          })))<br>        }))<br><br>        route_tables = optional(map(object({<br>          compartment_id = optional(string),<br>          defined_tags   = optional(map(string)),<br>          freeform_tags  = optional(map(string)),<br>          display_name   = optional(string),<br>          route_rules = optional(map(object({<br>            network_entity_id  = optional(string),<br>            network_entity_key = optional(string),<br>            description        = optional(string),<br>            // Supported values:<br>            //    - "a cidr block"<br>            //    - "objectstorage" or "all-services" - only for "SERVICE_CIDR_BLOCK"<br>            destination = optional(string),<br>            // Supported values:<br>            //    - "CIDR_BLOCK"<br>            //    - "SERVICE_CIDR_BLOCK" - only for SGW<br>            destination_type = optional(string)<br>          })))<br>        })))<br><br>        default_dhcp_options = optional(object({<br>          compartment_id   = optional(string),<br>          display_name     = optional(string),<br>          defined_tags     = optional(map(string)),<br>          freeform_tags    = optional(map(string)),<br>          domain_name_type = optional(string),<br>          options = map(object({<br>            type                = string,<br>            server_type         = optional(string),<br>            custom_dns_servers  = optional(list(string))<br>            search_domain_names = optional(list(string))<br>          }))<br>        }))<br><br>        dhcp_options = optional(map(object({<br>          compartment_id   = optional(string),<br>          display_name     = optional(string),<br>          defined_tags     = optional(map(string)),<br>          freeform_tags    = optional(map(string)),<br>          domain_name_type = optional(string),<br>          options = map(object({<br>            type                = string,<br>            server_type         = optional(string),<br>            custom_dns_servers  = optional(list(string))<br>            search_domain_names = optional(list(string))<br>          }))<br>        })))<br><br>        subnets = optional(map(object({<br>          cidr_block     = string,<br>          compartment_id = optional(string),<br>          #Optional<br>          availability_domain        = optional(string),<br>          defined_tags               = optional(map(string)),<br>          dhcp_options_id            = optional(string),<br>          dhcp_options_key           = optional(string),<br>          display_name               = optional(string),<br>          dns_label                  = optional(string),<br>          freeform_tags              = optional(map(string)),<br>          ipv6cidr_block             = optional(string),<br>          ipv6cidr_blocks            = optional(list(string)),<br>          prohibit_internet_ingress  = optional(bool),<br>          prohibit_public_ip_on_vnic = optional(bool),<br>          route_table_id             = optional(string),<br>          route_table_key            = optional(string),<br>          security_list_ids          = optional(list(string)),<br>          security_list_keys         = optional(list(string))<br>        })))<br><br>        network_security_groups = optional(map(object({<br>          compartment_id = optional(string),<br>          display_name   = optional(string),<br>          defined_tags   = optional(map(string))<br>          freeform_tags  = optional(map(string))<br>          ingress_rules = optional(map(object({<br>            description  = optional(string),<br>            protocol     = string,<br>            stateless    = optional(bool),<br>            src          = optional(string),<br>            src_type     = optional(string),<br>            dst_port_min = number,<br>            dst_port_max = number,<br>            src_port_min = optional(number),<br>            src_port_max = optional(number),<br>            icmp_type    = optional(number),<br>            icmp_code    = optional(number)<br>          }))),<br>          egress_rules = optional(map(object({<br>            description  = optional(string),<br>            protocol     = string,<br>            stateless    = optional(bool),<br>            dst          = optional(string),<br>            dst_type     = optional(string),<br>            dst_port_min = optional(number),<br>            dst_port_max = optional(number),<br>            src_port_min = optional(number),<br>            src_port_max = optional(number),<br>            icmp_type    = optional(number),<br>            icmp_code    = optional(number)<br>          })))<br>        })))<br><br>        dns_resolver = optional(object({<br>          display_name  = optional(string),<br>          defined_tags  = optional(map(string)),<br>          freeform_tags = optional(map(string)),<br>          attached_views = optional(map(object({<br>            compartment_id = optional(string),<br>            display_name   = optional(string),<br>            defined_tags   = optional(map(string)),<br>            freeform_tags  = optional(map(string)),<br>            dns_zones = optional(map(object({<br>              compartment_id = optional(string),<br>              name           = optional(string),<br>              defined_tags   = optional(map(string)),<br>              freeform_tags  = optional(map(string)),<br>              scope          = optional(string),<br>              zone_type      = optional(string),<br>              external_downstreams = optional(list(object({<br>                address  = optional(string),<br>                ports    = optional(string),<br>                tsig_key = optional(string),<br>              }))),<br>              external_masters = optional(list(object({<br>                address  = optional(string),<br>                port     = optional(string),<br>                tsig_key = optional(string),<br>              }))),<br>              dns_records = optional(map(object({<br>                domain         = optional(string),<br>                compartment_id = optional(string),<br>                rtype          = optional(string),<br>                rdata          = optional(string),<br>                ttl            = optional(string),<br>              })))<br>              dns_rrset = optional(map(object({<br>                domain = optional(string),<br>                rtype  = optional(string),<br>                scope  = optional(string),<br>                items = optional(list(object({<br>                  domain = optional(string),<br>                  rdata  = optional(string),<br>                  rtype  = optional(string),<br>                  ttl    = optional(string),<br>                })))<br>              })))<br>              dns_steering_policies = optional(map(object({<br>                compartment_id = optional(string),<br>                domain_name    = optional(string),<br>                display_name   = optional(string),<br>                template       = optional(string),<br>                answers = optional(list(object({<br>                  name        = optional(string),<br>                  rdata       = optional(string),<br>                  rtype       = optional(string),<br>                  is_disabled = optional(bool),<br>                  pool        = optional(string),<br>                }))),<br>                defined_tags            = optional(map(string)),<br>                freeform_tags           = optional(map(string)),<br>                health_check_monitor_id = optional(string)<br>                rules = optional(list(object({<br>                  rule_type = optional(string)<br>                  cases = optional(list(object({<br>                    answer_data = optional(object({<br>                      answer_condition = optional(string)<br>                      should_keep      = optional(string)<br>                      value            = optional(string)<br>                    })),<br>                    case_condition = optional(string),<br>                    count          = optional(number)<br>                  }))),<br>                  default_answer_data = optional(object({<br>                    answer_condition = optional(string),<br>                    should_keep      = optional(bool),<br>                    value            = optional(string),<br>                  })),<br>                  default_count = optional(number),<br>                  description   = optional(string),<br>                }))),<br>                ttl = optional(string),<br>              }))),<br>            }))),<br>          }))),<br>          rules = optional(list(object({<br>            action                   = optional(string),<br>            destination_address      = optional(string),<br>            source_endpoint_name     = optional(string),<br>            client_address_condition = optional(string),<br>            qname_cover_condtions    = optional(string),<br>          }))),<br>          resolver_endpoints = optional(map(object({<br>            name               = optional(string),<br>            is_forwarding      = optional(bool),<br>            is_listening       = optional(bool),<br>            subnet             = optional(string),<br>            endpoint_type      = optional(string),<br>            forwarding_address = optional(string),<br>            listening_address  = optional(string),<br>            nsg                = optional(string),<br>          }))),<br>          tsig_keys = optional(map(object({<br>            compartment_id = optional(string),<br>            algorithm      = optional(string),<br>            name           = optional(string),<br>            secret         = optional(string),<br>            defined_tags   = optional(map(string)),<br>            freeform_tags  = optional(map(string)),<br>          }))),<br>        }))<br><br>        vcn_specific_gateways = optional(object({<br>          internet_gateways = optional(map(object({<br>            compartment_id  = optional(string),<br>            enabled         = optional(bool),<br>            defined_tags    = optional(map(string)),<br>            display_name    = optional(string),<br>            freeform_tags   = optional(map(string)),<br>            route_table_id  = optional(string),<br>            route_table_key = optional(string)<br>          })))<br><br>          nat_gateways = optional(map(object({<br>            compartment_id  = optional(string),<br>            block_traffic   = optional(bool),<br>            defined_tags    = optional(map(string)),<br>            display_name    = optional(string),<br>            freeform_tags   = optional(map(string)),<br>            public_ip_id    = optional(string),<br>            route_table_id  = optional(string),<br>            route_table_key = optional(string)<br>          })))<br><br>          service_gateways = optional(map(object({<br>            compartment_id = optional(string),<br>            // SGW services value:<br>            //       - objectstorage - for object storage access<br>            //       - all-services - for all OCI internal network services access<br>            services        = string,<br>            defined_tags    = optional(map(string)),<br>            display_name    = optional(string),<br>            freeform_tags   = optional(map(string)),<br>            route_table_id  = optional(string),<br>            route_table_key = optional(string)<br>          })))<br><br>          local_peering_gateways = optional(map(object({<br>            compartment_id  = optional(string),<br>            defined_tags    = optional(map(string)),<br>            display_name    = optional(string),<br>            freeform_tags   = optional(map(string)),<br>            peer_id         = optional(string),<br>            peer_key        = optional(string),<br>            route_table_id  = optional(string),<br>            route_table_key = optional(string)<br>          })))<br>        }))<br>      })))<br><br>      IPs = optional(object({<br><br>        public_ips_pools = optional(map(object({<br>          compartment_id = optional(string),<br>          defined_tags   = optional(map(string)),<br>          display_name   = optional(string),<br>          freeform_tags  = optional(map(string)),<br>        })))<br><br>        public_ips = optional(map(object({<br>          compartment_id     = optional(string),<br>          lifetime           = string,<br>          defined_tags       = optional(map(string)),<br>          display_name       = optional(string),<br>          freeform_tags      = optional(map(string)),<br>          private_ip_id      = optional(string),<br>          public_ip_pool_id  = optional(string),<br>          public_ip_pool_key = optional(string)<br>        })))<br>      }))<br><br><br><br>      non_vcn_specific_gateways = optional(object({<br><br>        dynamic_routing_gateways = optional(map(object({<br>          compartment_id = optional(string),<br>          defined_tags   = optional(map(string)),<br>          display_name   = optional(string),<br>          freeform_tags  = optional(map(string)),<br><br>          remote_peering_connections = optional(map(object({<br>            compartment_id   = optional(string),<br>            defined_tags     = optional(map(string)),<br>            display_name     = optional(string),<br>            freeform_tags    = optional(map(string)),<br>            peer_id          = optional(string),<br>            peer_key         = optional(string),<br>            peer_region_name = optional(string)<br>          })))<br><br>          drg_attachments = optional(map(object({<br>            defined_tags        = optional(map(string)),<br>            display_name        = optional(string),<br>            freeform_tags       = optional(map(string)),<br>            drg_route_table_id  = optional(string),<br>            drg_route_table_key = optional(string),<br>            network_details = optional(object({<br>              attached_resource_id  = optional(string),<br>              attached_resource_key = optional(string),<br>              type                  = string,<br>              route_table_id        = optional(string),<br>              route_table_key       = optional(string),<br>              vcn_route_type        = optional(string)<br>            }))<br>          })))<br><br>          drg_route_tables = optional(map(object({<br>            defined_tags                      = optional(map(string)),<br>            display_name                      = optional(string),<br>            freeform_tags                     = optional(map(string)),<br>            import_drg_route_distribution_id  = optional(string),<br>            import_drg_route_distribution_key = optional(string),<br>            is_ecmp_enabled                   = optional(bool),<br>            route_rules = optional(map(object({<br>              destination                 = string,<br>              destination_type            = string,<br>              next_hop_drg_attachment_id  = optional(string),<br>              next_hop_drg_attachment_key = optional(string),<br>            })))<br>          })))<br><br>          drg_route_distributions = optional(map(object({<br>            distribution_type = string,<br>            defined_tags      = optional(map(string)),<br>            display_name      = optional(string),<br>            freeform_tags     = optional(map(string))<br>            statements = optional(map(object({<br>              action = string,<br>              match_criteria = optional(object({<br>                match_type         = string,<br>                attachment_type    = optional(string),<br>                drg_attachment_id  = optional(string),<br>                drg_attachment_key = optional(string)<br>              }))<br>              priority = optional(number)<br>            })))<br>          })))<br>        })))<br><br>        customer_premises_equipments = optional(map(object({<br>          compartment_id               = optional(string),<br>          ip_address                   = string,<br>          defined_tags                 = optional(map(string)),<br>          display_name                 = optional(string),<br>          freeform_tags                = optional(map(string)),<br>          cpe_device_shape_id          = optional(string),<br>          cpe_device_shape_vendor_name = optional(string)<br>        })))<br><br>        ipsecs = optional(map(object({<br>          compartment_id            = optional(string),<br>          cpe_id                    = optional(string),<br>          cpe_key                   = optional(string),<br>          drg_id                    = optional(string),<br>          drg_key                   = optional(string),<br>          static_routes             = list(string),<br>          cpe_local_identifier      = optional(string),<br>          cpe_local_identifier_type = optional(string),<br>          defined_tags              = optional(map(string)),<br>          display_name              = optional(string),<br>          freeform_tags             = optional(map(string)),<br>          tunnels_management = optional(object({<br>            tunnel_1 = optional(object({<br>              routing = string,<br>              bgp_session_info = optional(object({<br>                customer_bgp_asn      = optional(string),<br>                customer_interface_ip = optional(string),<br>                oracle_interface_ip   = optional(string)<br>              }))<br>              encryption_domain_config = optional(object({<br>                cpe_traffic_selector    = optional(string),<br>                oracle_traffic_selector = optional(string)<br>              }))<br>              shared_secret = optional(string),<br>              ike_version   = optional(string)<br>            })),<br>            tunnel_2 = optional(object({<br>              routing = string,<br>              bgp_session_info = optional(object({<br>                customer_bgp_asn      = optional(string),<br>                customer_interface_ip = optional(string),<br>                oracle_interface_ip   = optional(string)<br>              }))<br>              encryption_domain_config = optional(object({<br>                cpe_traffic_selector    = optional(string),<br>                oracle_traffic_selector = optional(string)<br>              }))<br>              shared_secret = optional(string),<br>              ike_version   = optional(string)<br>            }))<br>          }))<br>        })))<br><br>        fast_connect_virtual_circuits = optional(map(object({<br>          #Required<br>          compartment_id                              = optional(string),<br>          provision_fc_virtual_circuit                = bool,<br>          show_available_fc_virtual_circuit_providers = bool,<br>          type                                        = string,<br>          #Optional<br>          bandwidth_shape_name = optional(string),<br>          bgp_admin_state      = optional(string),<br>          cross_connect_mappings = optional(map(object({<br>            #Optional<br>            bgp_md5auth_key                          = optional(string)<br>            cross_connect_or_cross_connect_group_id  = optional(string)<br>            cross_connect_or_cross_connect_group_key = optional(string)<br>            customer_bgp_peering_ip                  = optional(string)<br>            customer_bgp_peering_ipv6                = optional(string)<br>            oracle_bgp_peering_ip                    = optional(string)<br>            oracle_bgp_peering_ipv6                  = optional(string)<br>            vlan                                     = optional(string)<br>          })))<br>          customer_asn              = optional(string)<br>          defined_tags              = optional(map(string))<br>          display_name              = optional(string)<br>          freeform_tags             = optional(map(string))<br>          ip_mtu                    = optional(number)<br>          is_bfd_enabled            = optional(bool)<br>          gateway_id                = optional(string)<br>          gateway_key               = optional(string)<br>          provider_service_id       = optional(string)<br>          provider_service_key      = optional(string)<br>          provider_service_key_name = optional(string)<br>          public_prefixes = optional(map(object({<br>            #Required<br>            cidr_block = string,<br>          })))<br>          region         = optional(string)<br>          routing_policy = optional(list(string))<br>        })))<br><br>        cross_connect_groups = optional(map(object({<br>          compartment_id          = optional(string),<br>          customer_reference_name = optional(string),<br>          defined_tags            = optional(map(string)),<br>          display_name            = optional(string),<br>          freeform_tags           = optional(map(string)),<br>          cross_connects = optional(map(object({<br>            compartment_id                                = optional(string),<br>            location_name                                 = string,<br>            port_speed_shape_name                         = string,<br>            customer_reference_name                       = optional(string),<br>            defined_tags                                  = optional(map(string))<br>            display_name                                  = optional(string),<br>            far_cross_connect_or_cross_connect_group_id   = optional(string),<br>            far_cross_connect_or_cross_connect_group_key  = optional(string),<br>            freeform_tags                                 = optional(map(string))<br>            near_cross_connect_or_cross_connect_group_id  = optional(string),<br>            near_cross_connect_or_cross_connect_group_key = optional(string),<br>          })))<br>        })))<br><br>        inject_into_existing_drgs = optional(map(object({<br>          drg_id = string,<br><br>          remote_peering_connections = optional(map(object({<br>            compartment_id   = optional(string),<br>            defined_tags     = optional(map(string)),<br>            display_name     = optional(string),<br>            freeform_tags    = optional(map(string)),<br>            peer_id          = optional(string),<br>            peer_key         = optional(string),<br>            peer_region_name = optional(string)<br>          })))<br><br>          drg_attachments = optional(map(object({<br>            defined_tags        = optional(map(string)),<br>            display_name        = optional(string),<br>            freeform_tags       = optional(map(string)),<br>            drg_route_table_id  = optional(string),<br>            drg_route_table_key = optional(string),<br>            network_details = optional(object({<br>              attached_resource_id  = optional(string),<br>              attached_resource_key = optional(string),<br>              type                  = string,<br>              route_table_id        = optional(string),<br>              route_table_key       = optional(string),<br>              vcn_route_type        = optional(string)<br>            }))<br>          })))<br><br>          drg_route_tables = optional(map(object({<br>            defined_tags                      = optional(map(string)),<br>            display_name                      = optional(string),<br>            freeform_tags                     = optional(map(string)),<br>            import_drg_route_distribution_id  = optional(string),<br>            import_drg_route_distribution_key = optional(string),<br>            is_ecmp_enabled                   = optional(bool),<br>            route_rules = optional(map(object({<br>              destination                 = string,<br>              destination_type            = string,<br>              next_hop_drg_attachment_id  = optional(string),<br>              next_hop_drg_attachment_key = optional(string),<br>            })))<br>          })))<br><br>          drg_route_distributions = optional(map(object({<br>            distribution_type = string,<br>            defined_tags      = optional(map(string)),<br>            display_name      = optional(string),<br>            freeform_tags     = optional(map(string))<br>            statements = optional(map(object({<br>              action = string,<br>              match_criteria = optional(object({<br>                match_type         = string,<br>                attachment_type    = optional(string),<br>                drg_attachment_id  = optional(string),<br>                drg_attachment_key = optional(string)<br>              }))<br>              priority = number<br>            })))<br>          })))<br>        })))<br><br>        network_firewalls_configuration = optional(object({<br>          network_firewalls = optional(map(object({<br>            availability_domain         = optional(number),<br>            compartment_id              = optional(string),<br>            defined_tags                = optional(map(string)),<br>            display_name                = optional(string),<br>            freeform_tags               = optional(map(string)),<br>            ipv4address                 = optional(string),<br>            ipv6address                 = optional(string),<br>            network_security_group_ids  = optional(list(string)),<br>            network_security_group_keys = optional(list(string)),<br>            subnet_id                   = optional(string),<br>            subnet_key                  = optional(string),<br>            network_firewall_policy_id  = optional(string),<br>            network_firewall_policy_key = optional(string)<br>          }))),<br><br>          network_firewall_policies = optional(map(object({<br>            compartment_id = optional(string),<br>            defined_tags   = optional(map(string)),<br>            display_name   = optional(string),<br>            freeform_tags  = optional(map(string)),<br>            services = optional(map(object({<br>              name = string<br>              type = optional(string) # Valid values: "TCP_SERVICE" or "UDP_SERVICE"<br>              minimum_port = number<br>              maximum_port = optional(number)<br>            })))<br>            service_lists = optional(map(object({<br>              name     = string<br>              services = list(string)<br>            })))<br>            applications = optional(map(object({<br>              name      = string,<br>              type      = string,<br>              icmp_type = number,<br>              icmp_code = optional(number),<br>            })))<br>            application_lists = optional(map(object({<br>              name = string,<br>              applications = list(string)<br>            }))),<br>            mapped_secrets = optional(map(object({<br>              name            = string,<br>              type            = string, # Valid values: SSL_FORWARD_PROXY, SSL_INBOUND_INSPECTION<br>              source          = string, # Valid value: OCI_VAULT<br>              vault_secret_id = string,<br>              version_number  = string,<br>            }))),<br>            decryption_profiles = optional(map(object({<br>              type                                  = string, # Valid values: "SSL_FORWARD_PROXY", "SSL_INBOUND_INSPECTION"<br>              name                                  = string,<br>              is_out_of_capacity_blocked            = optional(bool),<br>              is_unsupported_cipher_blocked         = optional(bool),<br>              is_unsupported_version_blocked        = optional(bool),<br>              are_certificate_extensions_restricted = optional(bool), # Applicable only when type = "SSL_FORWARD_PROXY"<br>              is_auto_include_alt_name              = optional(bool), # Applicable only when type = "SSL_FORWARD_PROXY"<br>              is_expired_certificate_blocked        = optional(bool), # Applicable only when type = "SSL_FORWARD_PROXY"<br>              is_revocation_status_timeout_blocked  = optional(bool), # Applicable only when type = "SSL_FORWARD_PROXY"<br>              is_unknown_revocation_status_blocked  = optional(bool), # Applicable only when type = "SSL_FORWARD_PROXY"<br>              is_untrusted_issuer_blocked           = optional(bool)  # Applicable only when type = "SSL_FORWARD_PROXY"<br>            }))),<br>            decryption_rules = optional(map(object({<br>              name                        = string,<br>              action                      = string,<br>              decryption_profile_id       = optional(string),<br>              secret                      = optional(string),<br>              source_ip_address_list      = optional(string),<br>              destination_ip_address_list = optional(string)<br>            }))),<br>            address_lists = optional(map(object({<br>              name = string,<br>              type = string, # Valid values: "FQND", "IP"<br>              addresses = list(string)<br>            })))<br>            url_lists = optional(map(object({<br>              name    = string,<br>              pattern = string,<br>              type    = string # Valid value: SIMPLE<br>            }))),<br>            security_rules = optional(map(object({<br>              action = string, # Valid values: ALLOW,DROP,REJECT,INSPECT<br>              name   = string,<br>              application_lists         = optional(list(string)),<br>              destination_address_lists = optional(list(string)),<br>              service_lists             = optional(list(string)),<br>              source_address_lists      = optional(list(string)),<br>              url_lists                 = optional(list(string)),<br>              inspection  = optional(string), # This is only applicable if action is INSPECT<br>              after_rule  = optional(string),<br>              before_rule = optional(string)<br>            })))<br>          })))<br>        }))<br><br>        l7_load_balancers = optional(map(object({<br>          compartment_id              = optional(string),<br>          display_name                = string,<br>          shape                       = string,<br>          subnet_ids                  = list(string),<br>          subnet_keys                 = list(string),<br>          defined_tags                = optional(map(string)),<br>          freeform_tags               = optional(map(string)),<br>          ip_mode                     = optional(string),<br>          is_private                  = optional(bool),<br>          network_security_group_ids  = optional(list(string)),<br>          network_security_group_keys = optional(list(string)),<br>          reserved_ips_ids            = optional(list(string)),<br>          reserved_ips_keys           = optional(list(string))<br>          shape_details = optional(object({<br>            maximum_bandwidth_in_mbps = number,<br>            minimum_bandwidth_in_mbps = number<br>          }))<br>          backend_sets = optional(map(object({<br>            health_checker = object({<br>              protocol            = string,<br>              interval_ms         = number,<br>              is_force_plain_text = bool,<br>              port                = number,<br>              response_body_regex = optional(string),<br>              retries             = number,<br>              return_code         = number,<br>              timeout_in_millis   = number,<br>              url_path            = optional(string)<br>            })<br>            name   = string,<br>            policy = string,<br>            lb_cookie_session_persistence_configuration = optional(object({<br>              cookie_name        = optional(string),<br>              disable_fallback   = optional(bool),<br>              domain             = optional(string),<br>              is_http_only       = optional(bool),<br>              is_secure          = optional(bool),<br>              max_age_in_seconds = optional(number),<br>              path               = optional(string),<br>            }))<br>            session_persistence_configuration = optional(object({<br>              cookie_name      = string,<br>              disable_fallback = optional(bool)<br>            }))<br>            ssl_configuration = optional(object({<br>              certificate_ids                    = optional(list(string)),<br>              certificate_keys                   = optional(list(string)),<br>              certificate_name                   = optional(string),<br>              cipher_suite_name                  = optional(string),<br>              protocols                          = optional(list(string)),<br>              server_order_preference            = optional(string),<br>              trusted_certificate_authority_ids  = optional(list(string)),<br>              trusted_certificate_authority_keys = optional(list(string)),<br>              verify_depth                       = optional(number),<br>              verify_peer_certificate            = optional(bool),<br>            }))<br>            backends = optional(map(object({<br>              ip_address = string,<br>              port       = number,<br>              backup     = optional(bool),<br>              drain      = optional(bool),<br>              offline    = optional(bool),<br>              weight     = optional(number)<br>            })))<br>          })))<br>          cipher_suites = optional(map(object({<br>            ciphers = list(string),<br>            name    = string<br>          })))<br>          path_route_sets = optional(map(object({<br>            name = string,<br>            path_routes = map(object({<br>              backend_set_key = string,<br>              path            = string,<br>              path_match_type = object({<br>                match_type = string<br>              })<br>            }))<br>          })))<br>          host_names = optional(map(object({<br>            hostname = string,<br>            name     = string<br>          })))<br>          routing_policies = optional(map(object({<br>            condition_language_version = string,<br>            name                       = string,<br>            rules = map(object({<br>              actions = map(object({<br>                backend_set_key = string,<br>                name            = string,<br>              }))<br>              condition = string,<br>              name      = string<br>            }))<br>          })))<br>          rule_sets = optional(map(object({<br>            name = string,<br>            items = map(object({<br>              action                         = string,<br>              allowed_methods                = optional(list(string)),<br>              are_invalid_characters_allowed = optional(bool),<br>              conditions = optional(map(object({<br>                attribute_name  = string,<br>                attribute_value = string,<br>                operator        = optional(string)<br>              })))<br>              description                  = optional(string),<br>              header                       = optional(string),<br>              http_large_header_size_in_kb = optional(number),<br>              prefix                       = optional(string),<br>              redirect_uri = optional(object({<br>                host     = optional(string, )<br>                path     = optional(string),<br>                port     = optional(number),<br>                protocol = optional(string),<br>                query    = optional(string)<br>              }))<br>              response_code = optional(number)<br>              status_code   = optional(number),<br>              suffix        = optional(string),<br>              value         = optional(string)<br>            }))<br>          })))<br>          certificates = optional(map(object({<br>            #Required<br>            certificate_name = string,<br>            #Optional<br>            ca_certificate     = optional(string),<br>            passphrase         = optional(string),<br>            private_key        = optional(string),<br>            public_certificate = optional(string)<br>          })))<br>          listeners = optional(map(object({<br>            default_backend_set_key = string,<br>            name                    = string,<br>            port                    = string,<br>            protocol                = string,<br>            connection_configuration = optional(object({<br>              idle_timeout_in_seconds            = number,<br>              backend_tcp_proxy_protocol_version = optional(string)<br>            }))<br>            hostname_keys      = optional(list(string)),<br>            path_route_set_key = optional(string),<br>            routing_policy_key = optional(string),<br>            rule_set_keys      = optional(list(string)),<br>            ssl_configuration = optional(object({<br>              certificate_key                   = optional(string),<br>              certificate_ids                   = optional(list(string)),<br>              cipher_suite_key                  = optional(string),<br>              protocols                         = optional(list(string)),<br>              server_order_preference           = optional(string),<br>              trusted_certificate_authority_ids = optional(list(string)),<br>              verify_depth                      = optional(number),<br>              verify_peer_certificate           = optional(bool)<br>            }))<br>          })))<br>        })))<br>      }))<br>      }<br>    )))<br>  })</pre> | n/a | yes |
+| <a name="input_network_dependency"></a> [network\_dependency](#input\_network\_dependency) | An object containing the externally managed network resources this module may depend on. Supported resources are 'vcns', 'dynamic\_routing\_gateways', 'drg\_attachments', 'local\_peering\_gateways', 'remote\_peering\_connections', and 'dns\_private\_views', represented as map of objects. Each object, when defined, must have an 'id' attribute of string type set with the VCN, DRG OCID, DRG Attachment OCID, Local Peering Gateway OCID or Remote Peering Connection OCID. 'remote\_peering\_connections' must also pass the peer region name in the region\_name attribute. See External Dependencies section in README.md (https://github.com/oci-landing-zones/terraform-oci-modules-networking#ext-dep) for details. | <pre>object({<br>    vcns = optional(map(object({<br>      id = string # the VCN OCID<br>    })))<br>    dynamic_routing_gateways = optional(map(object({<br>      id = string # the DRG OCID<br>    })))<br>    drg_attachments = optional(map(object({<br>      id = string # the DRG attachment OCID<br>    })))<br>    local_peering_gateways = optional(map(object({<br>      id = string # the LPG OCID<br>    })))<br>    remote_peering_connections = optional(map(object({<br>      id = string # the peer RPC OCID<br>      region_name = string # the peer RPC region name<br>    })))<br>    dns_private_views = optional(map(object({<br>      id = string # the DNS private view OCID<br>    })))<br>  })</pre> | `null` | no |
 | <a name="input_private_ips_dependency"></a> [private\_ips\_dependency](#input\_private\_ips\_dependency) | An object containing the externally managed Private IP resources this module may depend on. All map objects must have the same type and must contain an 'id' attribute of string type set with the Private IP OCID. See External Dependencies section in README.md (https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking#ext-dep) for details. | <pre>map(object({<br>    id = string<br>  }))</pre> | `null` | no |
 
 ## Outputs
diff --git a/dns.tf b/dns.tf
index 4cd7741..13c85e1 100644
--- a/dns.tf
+++ b/dns.tf
@@ -77,8 +77,7 @@ locals {
           display_name   = view_value.display_name
           defined_tags   = view_value.defined_tags
           freeform_tags  = view_value.freeform_tags
-        }
-
+        } if view_value.existing_view_id == null
       ] : [] : []
     ]) : flat_attached_views.view_key => flat_attached_views
   } : {}
@@ -101,6 +100,7 @@ locals {
             external_downstreams = zone_value.external_downstreams != null ? zone_value.external_downstreams : []
             external_masters     = zone_value.external_masters != null ? zone_value.external_masters : []
             zone_type            = zone_value.zone_type
+            view_id              = view_value.existing_view_id
           }
         ] : []
       ] : [] : []
@@ -109,7 +109,7 @@ locals {
 
   one_dimension_dns_steering_policies = local.one_dimension_processed_vcns != null ? {
     for flat_dns_steering_policies in flatten([
-      for vcn_key, vcn_value in local.one_dimension_processed_existing_vcns :
+      for vcn_key, vcn_value in local.one_dimension_processed_vcns :
       vcn_value.dns_resolver != null ? vcn_value.dns_resolver.attached_views != null ? [
         for view_key, view_value in vcn_value.dns_resolver.attached_views :
         view_value.dns_zones != null ? [
@@ -169,13 +169,11 @@ data "oci_core_vcn_dns_resolver_association" "dns_resolvers" {
 
 resource "oci_dns_view" "these" {
   for_each = local.one_dimension_dns_views
-
-  compartment_id = each.value.compartment_id
-
-  display_name  = each.value.display_name
-  scope         = "PRIVATE"
-  defined_tags  = each.value.defined_tags
-  freeform_tags = each.value.freeform_tags
+    compartment_id = each.value.compartment_id
+    display_name  = each.value.display_name
+    scope         = "PRIVATE"
+    defined_tags  = each.value.defined_tags
+    freeform_tags = each.value.freeform_tags
 }
 
 
@@ -186,7 +184,7 @@ resource "oci_dns_zone" "these" {
   scope          = each.value.scope
   zone_type      = each.value.zone_type
 
-  view_id = each.value.view_key != null ? oci_dns_view.these[each.value.view_key].id : null
+  view_id = each.value.view_key != null ? (contains(keys(oci_dns_view.these),each.value.view_key) ? oci_dns_view.these[each.value.view_key].id : (length(regexall("^ocid1.*$", each.value.view_id)) > 0 ? each.value.view_id : var.network_dependency["dns_private_views"][each.value.view_id].id)) : null
 
   dynamic "external_downstreams" {
     for_each = each.value.external_downstreams
@@ -274,7 +272,7 @@ resource "oci_dns_resolver" "these" {
     for_each = each.value.attached_views
     iterator = views
     content {
-      view_id = oci_dns_view.these[views.key].id
+      view_id = views.key != null ? (contains(keys(oci_dns_view.these),views.key) ? oci_dns_view.these[views.key].id : (length(regexall("^ocid1.*$", views.value.existing_view_id)) > 0 ? views.value.existing_view_id : var.network_dependency["dns_private_views"][views.value.existing_view_id].id)) : null
     }
   }
   defined_tags  = each.value.defined_tags
diff --git a/examples/TransitRouting-DRGHub-NFW/main.tf b/examples/TransitRouting-DRGHub-NFW/main.tf
index 8dbda6c..01a76a2 100644
--- a/examples/TransitRouting-DRGHub-NFW/main.tf
+++ b/examples/TransitRouting-DRGHub-NFW/main.tf
@@ -9,7 +9,6 @@
 
 module "terraform_oci_networking" {
   source = "../../"
-
   network_configuration = var.network_configuration
 }
 
diff --git a/examples/TransitRouting-DRGHub-NFW/network_configuration.auto.tfvars b/examples/TransitRouting-DRGHub-NFW/network_configuration.auto.tfvars
index 8f769c3..1643a31 100644
--- a/examples/TransitRouting-DRGHub-NFW/network_configuration.auto.tfvars
+++ b/examples/TransitRouting-DRGHub-NFW/network_configuration.auto.tfvars
@@ -8,7 +8,7 @@
 # ####################################################################################################### #
 
 network_configuration = {
-  default_compartment_id = "ocid1.compartment.oc1....."
+  default_compartment_id    = "ocid1.compartment.oc1....."
   default_freeform_tags = {
     "vision-environment" = "vision"
   }
@@ -300,81 +300,61 @@ network_configuration = {
               display_name                = "hub_nfw"
               subnet_key                  = "SUBNET-H-KEY"
               ipv4address                 = "10.0.0.10"
-              network_firewall_policy_key = "HUB-NFW-POLICY-KEY"
+              network_firewall_policy_key = "HUB-NFW-POLICY"
             }
           }
           network_firewall_policies = {
-            HUB-NFW-POLICY-KEY = {
-              display_name = "hub_nfw_policy"
+            HUB-NFW-POLICY = {
+              display_name = "hubnfw-policy"
+              applications = {
+                HUBNFW-APP-1 = {
+                  name      = "hubnfw-app-1"
+                  type      = "ICMP"
+                  icmp_type = "128"
+                }
+              }
               application_lists = {
-                hubnfw_app_list_1 = {
-                  application_list_name = "hubnfw_app_list_1"
-                  application_values = {
-                    hubnfw_app_list_1_1 = {
-                      type         = "TCP"
-                      minimum_port = 80
-                      maximum_port = 8080
-                    }
-                  }
+                HUBNFW-APP-LIST = {
+                  name = "hubnfw-app-list"
+                  applications = ["HUBNFW-APP-1"]
                 }
               }
-
-              ip_address_lists = {
-                hubnfw_ip_list = {
-                  ip_address_list_name  = "hubnfw_ip_list"
-                  ip_address_list_value = ["10.0.0.1"]
+              address_lists = {
+                HUBNFW-IP-LIST = {
+                  name      = "hubnfw-ip-list"
+                  addresses = ["10.0.0.1"]
+                  type      = "IP"
                 }
               }
-              security_rules = {
-                SecurityRuleA = {
-                  action = "ALLOW"
-                  name   = "SecurityRuleA"
-                  conditions = {
-                    prd_cond1_A = {
-                      applications = []
-                      destinations = ["hubnfw_ip_list"]
-                      sources      = []
-                      urls         = ["hubnfw_policy_url_1"]
-                    }
-                  }
+              url_lists = {
+                HUBNFW-URL-1 = {
+                  name    = "hubnfw-url-1",
+                  type    = "SIMPLE"
+                  pattern = "www.oracle.com"
                 }
-
-                SecurityRuleB = {
-                  action     = "INSPECT"
-                  inspection = "INTRUSION_DETECTION"
-                  name       = "SecurityRuleB"
-                  conditions = {
-                    prd_cond1_B = {
-                      applications = ["hubnfw_app_list_1"]
-                      destinations = []
-                      sources      = ["hubnfw_ip_list"]
-                      urls         = ["hubnfw_policy_url_1"]
-                    }
-                  }
+                HUBNFW-URL-2 = {
+                  name    = "hubnfw-url-2",
+                  type    = "SIMPLE"
+                  pattern = "www.google.com"
                 }
               }
-              url_lists = {
-                hubnfw_policy_url_1 = {
-                  url_list_name = "hubnfw_policy_url_1",
-                  url_list_values = {
-                    hubnfw_policy_url_1_1 = {
-                      type    = "SIMPLE"
-                      pattern = "www.oracle.com"
-                    }
-                    hubnfw_policy_url_1_2 = {
-                      type    = "SIMPLE"
-                      pattern = "www.google.com"
-                    }
-                  }
+              security_rules = {
+                SECURITY-RULE-A = {
+                  action              = "ALLOW"
+                  name                = "security-rule-a"
+                  application_lists         = []
+                  destination_address_lists = ["HUBNFW-IP-LIST"]
+                  source_address_lists      = []
+                  url_lists                 = ["HUBNFW-URL-1"]
                 }
-                hubnfw_policy_url_2 = {
-                  url_list_name = "hubnfw_policy_url_2",
-                  url_list_values = {
-                    hubnfw_policy_url_2_1 = {
-                      type    = "SIMPLE"
-                      pattern = "www.facebook.com"
-                    }
-                  }
+                SECURITY-RULE-B = {
+                  action              = "INSPECT"
+                  inspection          = "INTRUSION_DETECTION"
+                  name                = "security-rule-b"
+                  application         = ["HUBNFW-APP-LIST"]
+                  destination_address = []
+                  source_address      = ["HUBNFW-IP-LIST"]
+                  url_lists           = ["HUBNFW-URL-2"]
                 }
               }
             }
diff --git a/examples/TransitRouting-DRGHub-NFW/provider.tf b/examples/TransitRouting-DRGHub-NFW/provider.tf
index ed17fc6..564b449 100644
--- a/examples/TransitRouting-DRGHub-NFW/provider.tf
+++ b/examples/TransitRouting-DRGHub-NFW/provider.tf
@@ -21,9 +21,7 @@ terraform {
 
   required_providers {
     oci = {
-      source                = "oracle/oci"
-      version               = "<= 5.16.0"
-      configuration_aliases = [oci]
+      source = "oracle/oci"
     }
   }
 } 
\ No newline at end of file
diff --git a/examples/TransitRouting-DRGHub-NFW/variables.tf b/examples/TransitRouting-DRGHub-NFW/variables.tf
index 3f98647..4cbeae1 100644
--- a/examples/TransitRouting-DRGHub-NFW/variables.tf
+++ b/examples/TransitRouting-DRGHub-NFW/variables.tf
@@ -11,986 +11,6 @@ variable "private_key_password" {}
 variable "region" {}
 
 variable "network_configuration" {
-  type = object({
-    default_compartment_id     = optional(string),
-    default_defined_tags       = optional(map(string)),
-    default_freeform_tags      = optional(map(string)),
-    default_enable_cis_checks  = optional(bool),
-    default_ssh_ports_to_check = optional(list(number)),
-
-    network_configuration_categories = optional(map(object({
-      category_compartment_id     = optional(string),
-      category_defined_tags       = optional(map(string)),
-      category_freeform_tags      = optional(map(string)),
-      category_enable_cis_checks  = optional(bool),
-      category_ssh_ports_to_check = optional(list(number)),
-
-      vcns = optional(map(object({
-        compartment_id = optional(string),
-        display_name   = optional(string),
-        byoipv6cidr_details = optional(map(object({
-          byoipv6range_id = string
-          ipv6cidr_block  = string
-        })))
-        ipv6private_cidr_blocks          = optional(list(string)),
-        is_ipv6enabled                   = optional(bool),
-        is_oracle_gua_allocation_enabled = optional(bool),
-        cidr_blocks                      = optional(list(string)),
-        dns_label                        = optional(string),
-        block_nat_traffic                = optional(bool),
-        defined_tags                     = optional(map(string)),
-        freeform_tags                    = optional(map(string)),
-
-        default_security_list = optional(object({
-          compartment_id = optional(string),
-          defined_tags   = optional(map(string)),
-          freeform_tags  = optional(map(string)),
-          ingress_rules = optional(list(object({
-            stateless    = optional(bool),
-            protocol     = string,
-            description  = optional(string),
-            src          = string,
-            src_type     = string,
-            src_port_min = optional(number),
-            src_port_max = optional(number),
-            dst_port_min = optional(number),
-            dst_port_max = optional(number),
-            icmp_type    = optional(number),
-            icmp_code    = optional(number)
-          }))),
-          egress_rules = optional(list(object({
-            stateless    = optional(bool),
-            protocol     = string,
-            description  = optional(string),
-            dst          = string,
-            dst_type     = string,
-            src_port_min = optional(number),
-            src_port_max = optional(number),
-            dst_port_min = optional(number),
-            dst_port_max = optional(number),
-            icmp_type    = optional(number),
-            icmp_code    = optional(number)
-          })))
-        }))
-
-        security_lists = optional(map(object({
-          compartment_id = optional(string),
-          defined_tags   = optional(map(string)),
-          freeform_tags  = optional(map(string)),
-          display_name   = optional(string),
-          ingress_rules = optional(list(object({
-            stateless    = optional(bool),
-            protocol     = string,
-            description  = optional(string),
-            src          = string,
-            src_type     = string,
-            src_port_min = optional(number),
-            src_port_max = optional(number),
-            dst_port_min = optional(number),
-            dst_port_max = optional(number),
-            icmp_type    = optional(number),
-            icmp_code    = optional(number)
-          }))),
-          egress_rules = optional(list(object({
-            stateless    = optional(bool),
-            protocol     = string,
-            description  = optional(string),
-            dst          = string,
-            dst_type     = string,
-            src_port_min = optional(number),
-            src_port_max = optional(number),
-            dst_port_min = optional(number),
-            dst_port_max = optional(number),
-            icmp_type    = optional(number),
-            icmp_code    = optional(number)
-          })))
-        })))
-
-        default_route_table = optional(object({
-          compartment_id = optional(string),
-          defined_tags   = optional(map(string)),
-          freeform_tags  = optional(map(string)),
-          display_name   = optional(string),
-          route_rules = optional(map(object({
-            network_entity_id  = optional(string),
-            network_entity_key = optional(string),
-            description        = optional(string),
-            destination        = optional(string),
-            destination_type   = optional(string)
-          })))
-        }))
-
-        route_tables = optional(map(object({
-          compartment_id = optional(string),
-          defined_tags   = optional(map(string)),
-          freeform_tags  = optional(map(string)),
-          display_name   = optional(string),
-          route_rules = optional(map(object({
-            network_entity_id  = optional(string),
-            network_entity_key = optional(string),
-            description        = optional(string),
-            destination        = optional(string),
-            destination_type   = optional(string)
-          })))
-        })))
-
-        default_dhcp_options = optional(object({
-          compartment_id   = optional(string),
-          display_name     = optional(string),
-          defined_tags     = optional(map(string)),
-          freeform_tags    = optional(map(string)),
-          domain_name_type = optional(string),
-          options = map(object({
-            type                = string,
-            server_type         = optional(string),
-            custom_dns_servers  = optional(list(string))
-            search_domain_names = optional(list(string))
-          }))
-        }))
-
-        dhcp_options = optional(map(object({
-          compartment_id   = optional(string),
-          display_name     = optional(string),
-          defined_tags     = optional(map(string)),
-          freeform_tags    = optional(map(string)),
-          domain_name_type = optional(string),
-          options = map(object({
-            type                = string,
-            server_type         = optional(string),
-            custom_dns_servers  = optional(list(string))
-            search_domain_names = optional(list(string))
-          }))
-        })))
-
-        subnets = optional(map(object({
-          cidr_block     = string,
-          compartment_id = optional(string),
-          #Optional
-          availability_domain        = optional(string),
-          defined_tags               = optional(map(string)),
-          dhcp_options_key           = optional(string),
-          display_name               = optional(string),
-          dns_label                  = optional(string),
-          freeform_tags              = optional(map(string)),
-          ipv6cidr_block             = optional(string),
-          ipv6cidr_blocks            = optional(list(string)),
-          prohibit_internet_ingress  = optional(bool),
-          prohibit_public_ip_on_vnic = optional(bool),
-          route_table_key            = optional(string),
-          security_list_keys         = optional(list(string))
-        })))
-
-        network_security_groups = optional(map(object({
-          compartment_id = optional(string),
-          display_name   = optional(string),
-          defined_tags   = optional(map(string))
-          freeform_tags  = optional(map(string))
-          ingress_rules = optional(map(object({
-            description  = optional(string),
-            protocol     = string,
-            stateless    = optional(bool),
-            src          = optional(string),
-            src_type     = optional(string),
-            dst_port_min = number,
-            dst_port_max = number,
-            src_port_min = optional(number),
-            src_port_max = optional(number),
-            icmp_type    = optional(number),
-            icmp_code    = optional(number)
-          }))),
-          egress_rules = optional(map(object({
-            description  = optional(string),
-            protocol     = string,
-            stateless    = optional(bool),
-            dst          = optional(string),
-            dst_type     = optional(string),
-            dst_port_min = optional(number),
-            dst_port_max = optional(number),
-            src_port_min = optional(number),
-            src_port_max = optional(number),
-            icmp_type    = optional(number),
-            icmp_code    = optional(number)
-          })))
-        })))
-
-        vcn_specific_gateways = optional(object({
-          internet_gateways = optional(map(object({
-            compartment_id  = optional(string),
-            enabled         = optional(bool),
-            defined_tags    = optional(map(string)),
-            display_name    = optional(string),
-            freeform_tags   = optional(map(string)),
-            route_table_key = optional(string)
-          })))
-
-          nat_gateways = optional(map(object({
-            compartment_id  = optional(string),
-            block_traffic   = optional(bool),
-            defined_tags    = optional(map(string)),
-            display_name    = optional(string),
-            freeform_tags   = optional(map(string)),
-            public_ip_id    = optional(string),
-            route_table_key = optional(string)
-          })))
-
-          service_gateways = optional(map(object({
-            compartment_id  = optional(string),
-            services        = string,
-            defined_tags    = optional(map(string)),
-            display_name    = optional(string),
-            freeform_tags   = optional(map(string)),
-            route_table_key = optional(string)
-          })))
-
-          local_peering_gateways = optional(map(object({
-            compartment_id  = optional(string),
-            defined_tags    = optional(map(string)),
-            display_name    = optional(string),
-            freeform_tags   = optional(map(string)),
-            peer_id         = optional(string),
-            peer_key        = optional(string),
-            route_table_key = optional(string)
-          })))
-        }))
-      })))
-
-      inject_into_existing_vcns = optional(map(object({
-
-        vcn_id = string,
-
-        default_security_list = optional(object({
-          compartment_id = optional(string),
-          defined_tags   = optional(map(string)),
-          freeform_tags  = optional(map(string)),
-          ingress_rules = optional(list(object({
-            stateless    = optional(bool),
-            protocol     = string,
-            description  = optional(string),
-            src          = string,
-            src_type     = string,
-            src_port_min = optional(number),
-            src_port_max = optional(number),
-            dst_port_min = optional(number),
-            dst_port_max = optional(number),
-            icmp_type    = optional(number),
-            icmp_code    = optional(number)
-          }))),
-          egress_rules = optional(list(object({
-            stateless    = optional(bool),
-            protocol     = string,
-            description  = optional(string),
-            dst          = string,
-            dst_type     = string,
-            src_port_min = optional(number),
-            src_port_max = optional(number),
-            dst_port_min = optional(number),
-            dst_port_max = optional(number),
-            icmp_type    = optional(number),
-            icmp_code    = optional(number)
-          })))
-        }))
-
-        security_lists = optional(map(object({
-          compartment_id = optional(string),
-          defined_tags   = optional(map(string)),
-          freeform_tags  = optional(map(string)),
-          display_name   = optional(string),
-          ingress_rules = optional(list(object({
-            stateless    = optional(bool),
-            protocol     = string,
-            description  = optional(string),
-            src          = string,
-            src_type     = string,
-            src_port_min = optional(number),
-            src_port_max = optional(number),
-            dst_port_min = optional(number),
-            dst_port_max = optional(number),
-            icmp_type    = optional(number),
-            icmp_code    = optional(number)
-          }))),
-          egress_rules = optional(list(object({
-            stateless    = optional(bool),
-            protocol     = string,
-            description  = optional(string),
-            dst          = string,
-            dst_type     = string,
-            src_port_min = optional(number),
-            src_port_max = optional(number),
-            dst_port_min = optional(number),
-            dst_port_max = optional(number),
-            icmp_type    = optional(number),
-            icmp_code    = optional(number)
-          })))
-        })))
-
-        default_route_table = optional(object({
-          compartment_id = optional(string),
-          defined_tags   = optional(map(string)),
-          freeform_tags  = optional(map(string)),
-          display_name   = optional(string),
-          route_rules = optional(map(object({
-            network_entity_id  = optional(string),
-            network_entity_key = optional(string),
-            description        = optional(string),
-            destination        = optional(string),
-            destination_type   = optional(string)
-          })))
-        }))
-
-        route_tables = optional(map(object({
-          compartment_id = optional(string),
-          defined_tags   = optional(map(string)),
-          freeform_tags  = optional(map(string)),
-          display_name   = optional(string),
-          route_rules = optional(map(object({
-            network_entity_id  = optional(string),
-            network_entity_key = optional(string),
-            description        = optional(string),
-            destination        = optional(string),
-            destination_type   = optional(string)
-          })))
-        })))
-
-        default_dhcp_options = optional(object({
-          compartment_id   = optional(string),
-          display_name     = optional(string),
-          defined_tags     = optional(map(string)),
-          freeform_tags    = optional(map(string)),
-          domain_name_type = optional(string),
-          options = map(object({
-            type                = string,
-            server_type         = optional(string),
-            custom_dns_servers  = optional(list(string))
-            search_domain_names = optional(list(string))
-          }))
-        }))
-
-        dhcp_options = optional(map(object({
-          compartment_id   = optional(string),
-          display_name     = optional(string),
-          defined_tags     = optional(map(string)),
-          freeform_tags    = optional(map(string)),
-          domain_name_type = optional(string),
-          options = map(object({
-            type                = string,
-            server_type         = optional(string),
-            custom_dns_servers  = optional(list(string))
-            search_domain_names = optional(list(string))
-          }))
-        })))
-
-        subnets = optional(map(object({
-          cidr_block     = string,
-          compartment_id = optional(string),
-          #Optional
-          availability_domain        = optional(string),
-          defined_tags               = optional(map(string)),
-          dhcp_options_id            = optional(string),
-          dhcp_options_key           = optional(string),
-          display_name               = optional(string),
-          dns_label                  = optional(string),
-          freeform_tags              = optional(map(string)),
-          ipv6cidr_block             = optional(string),
-          ipv6cidr_blocks            = optional(list(string)),
-          prohibit_internet_ingress  = optional(bool),
-          prohibit_public_ip_on_vnic = optional(bool),
-          route_table_id             = optional(string),
-          route_table_key            = optional(string),
-          security_list_ids          = optional(list(string)),
-          security_list_keys         = optional(list(string))
-        })))
-
-        network_security_groups = optional(map(object({
-          compartment_id = optional(string),
-          display_name   = optional(string),
-          defined_tags   = optional(map(string))
-          freeform_tags  = optional(map(string))
-          ingress_rules = optional(map(object({
-            description  = optional(string),
-            protocol     = string,
-            stateless    = optional(bool),
-            src          = optional(string),
-            src_type     = optional(string),
-            dst_port_min = number,
-            dst_port_max = number,
-            src_port_min = optional(number),
-            src_port_max = optional(number),
-            icmp_type    = optional(number),
-            icmp_code    = optional(number)
-          }))),
-          egress_rules = optional(map(object({
-            description  = optional(string),
-            protocol     = string,
-            stateless    = optional(bool),
-            dst          = optional(string),
-            dst_type     = optional(string),
-            dst_port_min = optional(number),
-            dst_port_max = optional(number),
-            src_port_min = optional(number),
-            src_port_max = optional(number),
-            icmp_type    = optional(number),
-            icmp_code    = optional(number)
-          })))
-        })))
-
-        vcn_specific_gateways = optional(object({
-          internet_gateways = optional(map(object({
-            compartment_id  = optional(string),
-            enabled         = optional(bool),
-            defined_tags    = optional(map(string)),
-            display_name    = optional(string),
-            freeform_tags   = optional(map(string)),
-            route_table_id  = optional(string),
-            route_table_key = optional(string)
-          })))
-
-          nat_gateways = optional(map(object({
-            compartment_id  = optional(string),
-            block_traffic   = optional(bool),
-            defined_tags    = optional(map(string)),
-            display_name    = optional(string),
-            freeform_tags   = optional(map(string)),
-            public_ip_id    = optional(string),
-            route_table_id  = optional(string),
-            route_table_key = optional(string)
-          })))
-
-          service_gateways = optional(map(object({
-            compartment_id  = optional(string),
-            services        = string,
-            defined_tags    = optional(map(string)),
-            display_name    = optional(string),
-            freeform_tags   = optional(map(string)),
-            route_table_id  = optional(string),
-            route_table_key = optional(string)
-          })))
-
-          local_peering_gateways = optional(map(object({
-            compartment_id  = optional(string),
-            defined_tags    = optional(map(string)),
-            display_name    = optional(string),
-            freeform_tags   = optional(map(string)),
-            peer_id         = optional(string),
-            peer_key        = optional(string),
-            route_table_id  = optional(string),
-            route_table_key = optional(string)
-          })))
-        }))
-      })))
-
-      IPs = optional(object({
-
-        public_ips_pools = optional(map(object({
-          compartment_id = optional(string),
-          defined_tags   = optional(map(string)),
-          display_name   = optional(string),
-          freeform_tags  = optional(map(string)),
-        })))
-
-        public_ips = optional(map(object({
-          compartment_id     = optional(string),
-          lifetime           = string,
-          defined_tags       = optional(map(string)),
-          display_name       = optional(string),
-          freeform_tags      = optional(map(string)),
-          private_ip_id      = optional(string),
-          public_ip_pool_id  = optional(string),
-          public_ip_pool_key = optional(string)
-        })))
-      }))
-
-
-
-      non_vcn_specific_gateways = optional(object({
-
-        dynamic_routing_gateways = optional(map(object({
-          compartment_id = optional(string),
-          defined_tags   = optional(map(string)),
-          display_name   = optional(string),
-          freeform_tags  = optional(map(string)),
-
-          remote_peering_connections = optional(map(object({
-            compartment_id   = optional(string),
-            defined_tags     = optional(map(string)),
-            display_name     = optional(string),
-            freeform_tags    = optional(map(string)),
-            peer_id          = optional(string),
-            peer_key         = optional(string),
-            peer_region_name = optional(string)
-          })))
-
-          drg_attachments = optional(map(object({
-            defined_tags        = optional(map(string)),
-            display_name        = optional(string),
-            freeform_tags       = optional(map(string)),
-            drg_route_table_id  = optional(string),
-            drg_route_table_key = optional(string),
-            network_details = optional(object({
-              attached_resource_id  = optional(string),
-              attached_resource_key = optional(string),
-              type                  = string,
-              route_table_id        = optional(string),
-              route_table_key       = optional(string),
-              vcn_route_type        = optional(string)
-            }))
-          })))
-
-          drg_route_tables = optional(map(object({
-            defined_tags                      = optional(map(string)),
-            display_name                      = optional(string),
-            freeform_tags                     = optional(map(string)),
-            import_drg_route_distribution_id  = optional(string),
-            import_drg_route_distribution_key = optional(string),
-            is_ecmp_enabled                   = optional(bool),
-            route_rules = optional(map(object({
-              destination                 = string,
-              destination_type            = string,
-              next_hop_drg_attachment_id  = optional(string),
-              next_hop_drg_attachment_key = optional(string),
-            })))
-          })))
-
-          drg_route_distributions = optional(map(object({
-            distribution_type = string,
-            defined_tags      = optional(map(string)),
-            display_name      = optional(string),
-            freeform_tags     = optional(map(string))
-            statements = optional(map(object({
-              action = string,
-              match_criteria = optional(object({
-                match_type         = string,
-                attachment_type    = optional(string),
-                drg_attachment_id  = optional(string),
-                drg_attachment_key = optional(string)
-              }))
-              priority = optional(number)
-            })))
-          })))
-        })))
-
-        customer_premises_equipments = optional(map(object({
-          compartment_id               = optional(string),
-          ip_address                   = string,
-          defined_tags                 = optional(map(string)),
-          display_name                 = optional(string),
-          freeform_tags                = optional(map(string)),
-          cpe_device_shape_id          = optional(string),
-          cpe_device_shape_vendor_name = optional(string)
-        })))
-
-        ipsecs = optional(map(object({
-          compartment_id            = optional(string),
-          cpe_id                    = optional(string),
-          cpe_key                   = optional(string),
-          drg_id                    = optional(string),
-          drg_key                   = optional(string),
-          static_routes             = list(string),
-          cpe_local_identifier      = optional(string),
-          cpe_local_identifier_type = optional(string),
-          defined_tags              = optional(map(string)),
-          display_name              = optional(string),
-          freeform_tags             = optional(map(string)),
-          tunnels_management = optional(object({
-            tunnel_1 = optional(object({
-              routing = string,
-              bgp_session_info = optional(object({
-                customer_bgp_asn      = optional(string),
-                customer_interface_ip = optional(string),
-                oracle_interface_ip   = optional(string)
-              }))
-              encryption_domain_config = optional(object({
-                cpe_traffic_selector    = optional(string),
-                oracle_traffic_selector = optional(string)
-              }))
-              shared_secret = optional(string),
-              ike_version   = optional(string)
-            })),
-            tunnel_2 = optional(object({
-              routing = string,
-              bgp_session_info = optional(object({
-                customer_bgp_asn      = optional(string),
-                customer_interface_ip = optional(string),
-                oracle_interface_ip   = optional(string)
-              }))
-              encryption_domain_config = optional(object({
-                cpe_traffic_selector    = optional(string),
-                oracle_traffic_selector = optional(string)
-              }))
-              shared_secret = optional(string),
-              ike_version   = optional(string)
-            }))
-          }))
-        })))
-
-        fast_connect_virtual_circuits = optional(map(object({
-          #Required
-          compartment_id                              = optional(string),
-          provision_fc_virtual_circuit                = bool,
-          show_available_fc_virtual_circuit_providers = bool,
-          type                                        = string,
-          #Optional
-          bandwidth_shape_name = optional(string),
-          bgp_admin_state      = optional(string),
-          cross_connect_mappings = optional(map(object({
-            #Optional
-            bgp_md5auth_key                          = optional(string)
-            cross_connect_or_cross_connect_group_id  = optional(string)
-            cross_connect_or_cross_connect_group_key = optional(string)
-            customer_bgp_peering_ip                  = optional(string)
-            customer_bgp_peering_ipv6                = optional(string)
-            oracle_bgp_peering_ip                    = optional(string)
-            oracle_bgp_peering_ipv6                  = optional(string)
-            vlan                                     = optional(string)
-          })))
-          customer_asn              = optional(string)
-          defined_tags              = optional(map(string))
-          display_name              = optional(string)
-          freeform_tags             = optional(map(string))
-          ip_mtu                    = optional(number)
-          is_bfd_enabled            = optional(bool)
-          gateway_id                = optional(string)
-          gateway_key               = optional(string)
-          provider_service_id       = optional(string)
-          provider_service_key      = optional(string)
-          provider_service_key_name = optional(string)
-          public_prefixes = optional(map(object({
-            #Required
-            cidr_block = string,
-          })))
-          region         = optional(string)
-          routing_policy = optional(list(string))
-        })))
-
-        cross_connect_groups = optional(map(object({
-          compartment_id          = optional(string),
-          customer_reference_name = optional(string),
-          defined_tags            = optional(map(string)),
-          display_name            = optional(string),
-          freeform_tags           = optional(map(string)),
-          cross_connects = optional(map(object({
-            compartment_id                                = optional(string),
-            location_name                                 = string,
-            port_speed_shape_name                         = string,
-            customer_reference_name                       = optional(string),
-            defined_tags                                  = optional(map(string))
-            display_name                                  = optional(string),
-            far_cross_connect_or_cross_connect_group_id   = optional(string),
-            far_cross_connect_or_cross_connect_group_key  = optional(string),
-            freeform_tags                                 = optional(map(string))
-            near_cross_connect_or_cross_connect_group_id  = optional(string),
-            near_cross_connect_or_cross_connect_group_key = optional(string),
-          })))
-        })))
-
-        inject_into_existing_drgs = optional(map(object({
-          drg_id = string,
-
-          remote_peering_connections = optional(map(object({
-            compartment_id   = optional(string),
-            defined_tags     = optional(map(string)),
-            display_name     = optional(string),
-            freeform_tags    = optional(map(string)),
-            peer_id          = optional(string),
-            peer_key         = optional(string),
-            peer_region_name = optional(string)
-          })))
-
-          drg_attachments = optional(map(object({
-            defined_tags        = optional(map(string)),
-            display_name        = optional(string),
-            freeform_tags       = optional(map(string)),
-            drg_route_table_id  = optional(string),
-            drg_route_table_key = optional(string),
-            network_details = optional(object({
-              attached_resource_id  = optional(string),
-              attached_resource_key = optional(string),
-              type                  = string,
-              route_table_id        = optional(string),
-              route_table_key       = optional(string),
-              vcn_route_type        = optional(string)
-            }))
-          })))
-
-          drg_route_tables = optional(map(object({
-            defined_tags                      = optional(map(string)),
-            display_name                      = optional(string),
-            freeform_tags                     = optional(map(string)),
-            import_drg_route_distribution_id  = optional(string),
-            import_drg_route_distribution_key = optional(string),
-            is_ecmp_enabled                   = optional(bool),
-            route_rules = optional(map(object({
-              destination                 = string,
-              destination_type            = string,
-              next_hop_drg_attachment_id  = optional(string),
-              next_hop_drg_attachment_key = optional(string),
-            })))
-          })))
-
-          drg_route_distributions = optional(map(object({
-            distribution_type = string,
-            defined_tags      = optional(map(string)),
-            display_name      = optional(string),
-            freeform_tags     = optional(map(string))
-            statements = optional(map(object({
-              action = string,
-              match_criteria = optional(object({
-                match_type         = string,
-                attachment_type    = optional(string),
-                drg_attachment_id  = optional(string),
-                drg_attachment_key = optional(string)
-              }))
-              priority = number
-            })))
-          })))
-        })))
-
-        network_firewalls_configuration = optional(object({
-          network_firewalls = optional(map(object({
-            availability_domain         = optional(number),
-            compartment_id              = optional(string),
-            defined_tags                = optional(map(string)),
-            display_name                = optional(string),
-            freeform_tags               = optional(map(string)),
-            ipv4address                 = optional(string),
-            ipv6address                 = optional(string),
-            network_security_group_ids  = optional(list(string)),
-            network_security_group_keys = optional(list(string)),
-            subnet_id                   = optional(string),
-            subnet_key                  = optional(string),
-            network_firewall_policy_id  = optional(string),
-            network_firewall_policy_key = optional(string)
-          }))),
-
-          network_firewall_policies = optional(map(object({
-            compartment_id = optional(string),
-            defined_tags   = optional(map(string)),
-            display_name   = optional(string),
-            freeform_tags  = optional(map(string)),
-            application_lists = optional(map(object({
-              application_list_name = string,
-              application_values = map(object({
-                type         = string,
-                icmp_type    = optional(string),
-                icmp_code    = optional(string),
-                minimum_port = optional(number),
-                maximum_port = optional(number)
-              }))
-            })))
-            decryption_profiles = optional(map(object({
-              is_out_of_capacity_blocked            = bool,
-              is_unsupported_cipher_blocked         = bool,
-              is_unsupported_version_blocked        = bool,
-              type                                  = string,
-              key                                   = string,
-              are_certificate_extensions_restricted = optional(bool),
-              is_auto_include_alt_name              = optional(bool),
-              is_expired_certificate_blocked        = optional(bool),
-              is_revocation_status_timeout_blocked  = optional(bool),
-              is_unknown_revocation_status_blocked  = optional(bool),
-              is_untrusted_issuer_blocked           = optional(bool)
-            })))
-            decryption_rules = optional(map(object({
-              action             = string,
-              name               = string,
-              decryption_profile = optional(string),
-              secret             = optional(string),
-              conditions = map(object({
-                destinations = optional(list(string)),
-                sources      = optional(list(string))
-              }))
-            })))
-            ip_address_lists = optional(map(object({
-              ip_address_list_name  = string,
-              ip_address_list_value = list(string)
-            })))
-            mapped_secrets = optional(map(object({
-              key             = optional(string),
-              type            = string,
-              vault_secret_id = string,
-              version_number  = string,
-            })))
-            security_rules = optional(map(object({
-              action     = string,
-              inspection = optional(string),
-              name       = string
-              conditions = map(object({
-                applications = optional(list(string)),
-                destinations = optional(list(string)),
-                sources      = optional(list(string)),
-                urls         = optional(list(string))
-              }))
-            })))
-            url_lists = optional(map(object({
-              url_list_name = string,
-              url_list_values = map(object({
-                type    = string,
-                pattern = string
-              }))
-            })))
-          })))
-        }))
-
-        l7_load_balancers = optional(map(object({
-          compartment_id              = optional(string),
-          display_name                = string,
-          shape                       = string,
-          subnet_ids                  = list(string),
-          subnet_keys                 = list(string),
-          defined_tags                = optional(map(string)),
-          freeform_tags               = optional(map(string)),
-          ip_mode                     = optional(string),
-          is_private                  = optional(bool),
-          network_security_group_ids  = optional(list(string)),
-          network_security_group_keys = optional(list(string)),
-          reserved_ips_ids            = optional(list(string)),
-          reserved_ips_keys           = optional(list(string))
-          shape_details = optional(object({
-            maximum_bandwidth_in_mbps = number,
-            minimum_bandwidth_in_mbps = number
-          }))
-          backend_sets = optional(map(object({
-            health_checker = object({
-              protocol            = string,
-              interval_ms         = number,
-              is_force_plain_text = bool,
-              port                = number,
-              response_body_regex = optional(string),
-              retries             = number,
-              return_code         = number,
-              timeout_in_millis   = number,
-              url_path            = optional(string)
-            })
-            name   = string,
-            policy = string,
-            lb_cookie_session_persistence_configuration = optional(object({
-              cookie_name        = optional(string),
-              disable_fallback   = optional(bool),
-              domain             = optional(string),
-              is_http_only       = optional(bool),
-              is_secure          = optional(bool),
-              max_age_in_seconds = optional(number),
-              path               = optional(string),
-            }))
-            session_persistence_configuration = optional(object({
-              cookie_name      = string,
-              disable_fallback = optional(bool)
-            }))
-            ssl_configuration = optional(object({
-              certificate_ids                    = optional(list(string)),
-              certificate_keys                   = optional(list(string)),
-              certificate_name                   = optional(string),
-              cipher_suite_name                  = optional(string),
-              protocols                          = optional(list(string)),
-              server_order_preference            = optional(string),
-              trusted_certificate_authority_ids  = optional(list(string)),
-              trusted_certificate_authority_keys = optional(list(string)),
-              verify_depth                       = optional(number),
-              verify_peer_certificate            = optional(bool),
-            }))
-            backends = optional(map(object({
-              ip_address = string,
-              port       = number,
-              backup     = optional(bool),
-              drain      = optional(bool),
-              offline    = optional(bool),
-              weight     = optional(number)
-            })))
-          })))
-          cipher_suites = optional(map(object({
-            ciphers = list(string),
-            name    = string
-          })))
-          path_route_sets = optional(map(object({
-            name = string,
-            path_routes = map(object({
-              backend_set_key = string,
-              path            = string,
-              path_match_type = object({
-                match_type = string
-              })
-            }))
-          })))
-          host_names = optional(map(object({
-            hostname = string,
-            name     = string
-          })))
-          routing_policies = optional(map(object({
-            condition_language_version = string,
-            name                       = string,
-            rules = map(object({
-              actions = map(object({
-                backend_set_key = string,
-                name            = string,
-              }))
-              condition = string,
-              name      = string
-            }))
-          })))
-          rule_sets = optional(map(object({
-            name = string,
-            items = map(object({
-              action                         = string,
-              allowed_methods                = optional(list(string)),
-              are_invalid_characters_allowed = optional(bool),
-              conditions = optional(map(object({
-                attribute_name  = string,
-                attribute_value = string,
-                operator        = optional(string)
-              })))
-              description                  = optional(string),
-              header                       = optional(string),
-              http_large_header_size_in_kb = optional(number),
-              prefix                       = optional(string),
-              redirect_uri = optional(object({
-                host     = optional(string, )
-                path     = optional(string),
-                port     = optional(number),
-                protocol = optional(string),
-                query    = optional(string)
-              }))
-              response_code = optional(number)
-              status_code   = optional(number),
-              suffix        = optional(string),
-              value         = optional(string)
-            }))
-          })))
-          certificates = optional(map(object({
-            #Required
-            certificate_name = string,
-            #Optional
-            ca_certificate     = optional(string),
-            passphrase         = optional(string),
-            private_key        = optional(string),
-            public_certificate = optional(string)
-          })))
-          listeners = optional(map(object({
-            default_backend_set_key = string,
-            name                    = string,
-            port                    = string,
-            protocol                = string,
-            connection_configuration = optional(object({
-              idle_timeout_in_seconds            = number,
-              backend_tcp_proxy_protocol_version = optional(string)
-            }))
-            hostname_keys      = optional(list(string)),
-            path_route_set_key = optional(string),
-            routing_policy_key = optional(string),
-            rule_set_keys      = optional(list(string)),
-            ssl_configuration = optional(object({
-              certificate_key                   = optional(string),
-              certificate_ids                   = optional(list(string)),
-              cipher_suite_key                  = optional(string),
-              protocols                         = optional(list(string)),
-              server_order_preference           = optional(string),
-              trusted_certificate_authority_ids = optional(list(string)),
-              verify_depth                      = optional(number),
-              verify_peer_certificate           = optional(bool)
-            }))
-          })))
-        })))
-      }))
-      }
-    )))
-  })
+  type = any
 }
 
diff --git a/examples/dns-view-injection/README.md b/examples/dns-view-injection/README.md
new file mode 100644
index 0000000..b4c0168
--- /dev/null
+++ b/examples/dns-view-injection/README.md
@@ -0,0 +1,24 @@
+# OCI Private DNS View Injection Example
+
+## Description
+
+This example shows how to inject na existing private DNS view to a DNS resolver managed by the [terraform-oci-landing-zones-networking](../..) module.
+
+It directly injects the existing private DNS view OCID into the *attached_view*'s *existing_view_id* attribute. 
+
+Optionally, it could also inject a key within *dns_private_views* attribute of *network_dependency* variable. 
+
+## Using this example
+1. Rename *terraform.tfvars.template* to *terraform.tfvars*.
+
+2. Within *terraform.tfvars*, provide tenancy connectivity information and adjust the input variables, by making the appropriate substitutions:
+    - Replace \<REPLACE-BY-\*\> placeholder with appropriate value.
+
+Refer to [Networking module README.md](../../README.md) for overall attributes usage.
+
+3. In this folder, run the typical Terraform workflow:
+```
+terraform init
+terraform plan -out plan.out
+terraform apply plan.out
+```
\ No newline at end of file
diff --git a/examples/dns-view-injection/main.tf b/examples/dns-view-injection/main.tf
new file mode 100644
index 0000000..11041d1
--- /dev/null
+++ b/examples/dns-view-injection/main.tf
@@ -0,0 +1,9 @@
+# Copyright (c) 2023, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+module "dns_view_injection" {
+  source = "../../"
+  network_configuration = var.network_configuration
+  network_dependency    = var.network_dependency
+}
+
diff --git a/examples/dns-view-injection/provider.tf b/examples/dns-view-injection/provider.tf
new file mode 100644
index 0000000..f11d1ce
--- /dev/null
+++ b/examples/dns-view-injection/provider.tf
@@ -0,0 +1,21 @@
+# Copyright (c) 2023, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+provider "oci" {
+  region               = var.region
+  tenancy_ocid         = var.tenancy_ocid
+  user_ocid            = var.user_ocid
+  fingerprint          = var.fingerprint
+  private_key_path     = var.private_key_path
+  private_key_password = var.private_key_password
+}
+
+terraform {
+  required_version = ">= 1.3.0"
+
+  required_providers {
+    oci = {
+      source = "oracle/oci"
+    }
+  }
+}
\ No newline at end of file
diff --git a/examples/dns-view-injection/terraform.tfvars.template b/examples/dns-view-injection/terraform.tfvars.template
new file mode 100644
index 0000000..2755be7
--- /dev/null
+++ b/examples/dns-view-injection/terraform.tfvars.template
@@ -0,0 +1,92 @@
+# Copyright (c) 2023, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+tenancy_ocid         = "<REPLACE-BY-TENANCY-OCID>"
+user_ocid            = "<REPLACE-BY-USER-OCID>"
+fingerprint          = "<REPLACE-BY-USER-FINGERPRINT>"
+private_key_path     = "<REPLACE-BY-PATH-TO-USER-PRIVATE-KEY-FILE>"
+private_key_password = ""
+region               = "<REPLACE-BY-REGION-NAME>"
+
+
+network_configuration = {
+  default_compartment_id = "<REPLACE-BY-COMPARTMENT-OCID>"
+  network_configuration_categories = {
+    DNS-VIEW-INJECTION = {
+      
+      vcns = {
+        MY-VCN = {
+          display_name                     = "dns-view-injection-vcn"
+          is_ipv6enabled                   = false
+          is_oracle_gua_allocation_enabled = false
+          cidr_blocks                      = ["10.0.0.0/24"],
+          dns_label                        = "dnsvcn"
+          is_create_igw                    = false
+          is_attach_drg                    = false
+          block_nat_traffic                = false
+          
+          subnets = {
+            MY-SUBNET = {
+              cidr_block                 = "10.0.0.0/24"
+              display_name               = "dns-view-injection-subnet"
+              dns_label                  = "dnssubnet"
+              prohibit_internet_ingress  = true
+            }
+          }
+
+          dns_resolver = {
+            display_name = "custom-dns-resolver"
+            attached_views = {
+              DNS-VIEW-1 = {
+                existing_view_id = "<REPLACE-BY-DNS-VIEW-OCID-OR-KEY>" # This is the injected DNS view. It can be either an OCID or a key within 'dns_private_views' attribute of 'network_dependency' variable (see commented out snippet down below).
+              }
+            }
+            rules = [
+              {
+                action                 = "FORWARD"
+                destination_address    = ["10.0.2.128"]
+                source_endpoint_name   = "CUSTOM-RESOLVER-ENDPOINT"
+                qname_cover_conditions = ["internal.example.com"]
+
+              },
+              {
+                action                    = "FORWARD"
+                client_address_conditions = ["192.168.1.0/24"]
+                destination_address       = ["10.0.2.128"]
+                source_endpoint_name      = "CUSTOM-RESOLVER-ENDPOINT"
+
+              }
+            ]
+            resolver_endpoints = {
+              CUSTOM-RESOLVER-ENDPOINT = {
+                enpoint_type       = "VNIC"
+                is_forwarding      = "true"
+                is_listening       = "false"
+                forwarding_address = "10.0.0.32"
+                name               = "custom_resolver_endpoint"
+                subnet             = "MY-SUBNET"
+              }
+            }
+            tsig_keys = {
+              MY-TSIG = {
+                algorithm = "hmac-sha1"
+                name      = "my-tsig"
+                secret    = "welcome1"
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
+
+/*
+network_dependency = {
+  dns_private_views = {
+    EXTERNALLY-MANAGED-VIEW = {
+      id = "ocid1.dnsview.oc1.....snhq"
+    }   
+  }
+}
+*/
\ No newline at end of file
diff --git a/examples/dns-view-injection/variables.tf b/examples/dns-view-injection/variables.tf
new file mode 100644
index 0000000..15ff0d1
--- /dev/null
+++ b/examples/dns-view-injection/variables.tf
@@ -0,0 +1,22 @@
+# Copyright (c) 2023, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+# tenancy details
+variable "tenancy_ocid" {}
+variable "user_ocid" {}
+variable "fingerprint" {}
+variable "private_key_path" {}
+variable "private_key_password" {}
+variable "region" {}
+
+variable "network_configuration" {
+  type = any
+}
+
+variable "network_dependency" {
+  description = "An object containing the externally managed network resources this module may depend on. Supported resources are 'vcns', 'dynamic_routing_gateways', 'drg_attachments', 'local_peering_gateways', 'remote_peering_connections', and 'dns_private_views', represented as map of objects. Each object, when defined, must have an 'id' attribute of string type set with the VCN, DRG OCID, DRG Attachment OCID, Local Peering Gateway OCID or Remote Peering Connection OCID. 'remote_peering_connections' must also pass the peer region name in the region_name attribute. See External Dependencies section in README.md (https://github.com/oci-landing-zones/terraform-oci-modules-networking#ext-dep) for details."
+  type = any
+  default = null
+}
+
+
diff --git a/examples/dns/provider.tf b/examples/dns/provider.tf
index 46db25f..ab2f1ba 100644
--- a/examples/dns/provider.tf
+++ b/examples/dns/provider.tf
@@ -21,8 +21,7 @@ terraform {
 
   required_providers {
     oci = {
-      source                = "oracle/oci"
-      configuration_aliases = [oci]
+      source = "oracle/oci"
     }
   }
 }
\ No newline at end of file
diff --git a/examples/local-peering-gateways/lpg-acceptor/provider.tf b/examples/local-peering-gateways/lpg-acceptor/provider.tf
index d9084cb..47dc64c 100644
--- a/examples/local-peering-gateways/lpg-acceptor/provider.tf
+++ b/examples/local-peering-gateways/lpg-acceptor/provider.tf
@@ -15,8 +15,7 @@ terraform {
 
   required_providers {
     oci = {
-      source                = "oracle/oci"
-      configuration_aliases = [oci]
+      source = "oracle/oci"
     }
   }
 } 
\ No newline at end of file
diff --git a/examples/local-peering-gateways/lpg-requestor/provider.tf b/examples/local-peering-gateways/lpg-requestor/provider.tf
index d9084cb..47dc64c 100644
--- a/examples/local-peering-gateways/lpg-requestor/provider.tf
+++ b/examples/local-peering-gateways/lpg-requestor/provider.tf
@@ -15,8 +15,7 @@ terraform {
 
   required_providers {
     oci = {
-      source                = "oracle/oci"
-      configuration_aliases = [oci]
+      source = "oracle/oci"
     }
   }
 } 
\ No newline at end of file
diff --git a/examples/oci-network-firewall/README.md b/examples/oci-network-firewall/README.md
new file mode 100644
index 0000000..f5ec4fe
--- /dev/null
+++ b/examples/oci-network-firewall/README.md
@@ -0,0 +1,24 @@
+# OCI Network Firewall Example
+
+## Description
+
+This example implements the network firewall policy in the use case described in https://www.ateam-oracle.com/post/oci-network-firewall---concepts-and-deployment. The complete routing scenario is not implemented.
+
+Note that the IP addresses for the Internet hosts are fictitious, so please update them appropriately.
+
+For detailed description of the ```terraform-oci-landing-zones-networking``` networking core module please refer to the core module specific [README.md](../../README.md) and [SPEC.md](../../SPEC.md).
+
+## Using this example
+1. Rename *terraform.tfvars.template* to *terraform.tfvars*.
+
+2. Within *terraform.tfvars*, provide tenancy connectivity information and adjust the input variables, by making the appropriate substitutions:
+    - Replace \<REPLACE-BY-\*\> placeholder with appropriate value.
+
+Refer to [Networking module README.md](https://github.com/oci-landing-zones/terraform-oci-modules-networking/blob/main/README.md) for overall attributes usage.
+
+3. In this folder, run the typical Terraform workflow:
+```
+terraform init
+terraform plan -out plan.out
+terraform apply plan.out
+```
diff --git a/examples/oci-network-firewall/main.tf b/examples/oci-network-firewall/main.tf
new file mode 100644
index 0000000..b15104a
--- /dev/null
+++ b/examples/oci-network-firewall/main.tf
@@ -0,0 +1,8 @@
+# Copyright (c) 2023, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+module "terraform_oci_networking" {
+  source = "../../"
+  network_configuration = var.network_configuration
+}
+
diff --git a/examples/oci-network-firewall/outputs.tf b/examples/oci-network-firewall/outputs.tf
new file mode 100644
index 0000000..1a85f5c
--- /dev/null
+++ b/examples/oci-network-firewall/outputs.tf
@@ -0,0 +1,7 @@
+# Copyright (c) 2023, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+output "provisioned_networking_resources" {
+  description = "Provisioned networking resources"
+  value       = module.terraform_oci_networking.provisioned_networking_resources
+}
\ No newline at end of file
diff --git a/examples/oci-network-firewall/provider.tf b/examples/oci-network-firewall/provider.tf
new file mode 100644
index 0000000..02fba69
--- /dev/null
+++ b/examples/oci-network-firewall/provider.tf
@@ -0,0 +1,21 @@
+# Copyright (c) 2023, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+provider "oci" {
+  region               = var.region
+  tenancy_ocid         = var.tenancy_ocid
+  user_ocid            = var.user_ocid
+  fingerprint          = var.fingerprint
+  private_key_path     = var.private_key_path
+  private_key_password = var.private_key_password
+}
+
+terraform {
+  required_version = ">= 1.3.0"
+
+  required_providers {
+    oci = {
+      source = "oracle/oci"
+    }
+  }
+} 
\ No newline at end of file
diff --git a/examples/oci-network-firewall/terraform.tfvars.template b/examples/oci-network-firewall/terraform.tfvars.template
new file mode 100644
index 0000000..46fbdad
--- /dev/null
+++ b/examples/oci-network-firewall/terraform.tfvars.template
@@ -0,0 +1,124 @@
+# Copyright (c) 2024, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+tenancy_ocid         = "<REPLACE-BY-TENANCY-OCID>"
+user_ocid            = "<REPLACE-BY-USER-OCID>"
+fingerprint          = "<REPLACE-BY-USER-FINGERPRINT>"
+private_key_path     = "<REPLACE-BY-PATH-TO-USER-PRIVATE-KEY-FILE>"
+private_key_password = ""
+region               = "<REPLACE-BY-REGION-NAME>"
+
+network_configuration = {
+  default_compartment_id           = "<REPLACE-BY-COMPARTMENT-OCID>"
+  network_configuration_categories = {
+    FIREWALL = {
+      vcns = {
+        FIREWALL-VCN = {
+          display_name                     = "firewall-vcn"
+          is_ipv6enabled                   = false
+          is_oracle_gua_allocation_enabled = false
+          cidr_blocks                      = ["192.168.0.0/24"],
+          dns_label                        = "firewallvcn"
+          is_create_igw                    = false
+          is_attach_drg                    = false
+          block_nat_traffic                = false
+
+          subnets = {
+            FIREWALL-SUBNET = {
+              cidr_block                = "192.168.0.16/28"
+              display_name              = "firewall-subnet"
+              dns_label                 = "firewallsubnet"
+              ipv6cidr_blocks           = []
+              prohibit_internet_ingress = true
+            }
+          }
+        }
+      }
+      non_vcn_specific_gateways = {
+        network_firewalls_configuration = {
+          network_firewalls = {
+            NFW = {
+              display_name                = "nfw"
+              subnet_key                  = "FIREWALL-SUBNET"
+              ipv4address                 = "192.168.0.20"
+              network_firewall_policy_key = "NFW-POLICY"
+            }
+          }
+          network_firewall_policies = {
+            NFW-POLICY = {
+              display_name = "nfw-policy"
+              applications = {
+                ICMP = {
+                  name      = "ICMP"
+                  type      = "ICMP"
+                  icmp_type = 8
+                  icmp_code = 0
+                }
+              }
+              application_lists = {
+                ICMP-LIST = {
+                  name         = "ICMP-Application-List"
+                  applications = ["ICMP"]
+                }
+              }
+              services = {
+                SSH = {
+                  name         = "SSH"
+                  type         = "TCP_SERVICE"
+                  minimum_port = 22
+                  maximum_port = 22
+                }
+              }
+              service_lists = {
+                SSH-LIST = {
+                  name     = "SSH-Service-List"
+                  services = ["SSH"]
+                }
+              }
+              address_lists = {
+                ADDRESS-LIST-PERMIT = {
+                  name      = "IP-Address-List-Permit"
+                  type      = "IP"
+                  addresses = ["150.136.212.20/32"]
+                },
+                ADDRESS-LIST-DENY = {
+                  name      = "IP-Address-List-Deny"
+                  type      = "IP"
+                  addresses = ["192.9.241.52/32"]
+                },
+                ADDRESS-LIST-VCN-HOSTS = {
+                  name      = "IP-Address-List-VCN-Hosts"
+                  type      = "IP"
+                  addresses = ["192.168.0.10/32"]
+                }
+              }
+              security_rules = {
+                ICMP-PERMIT-RULE = {
+                  action                    = "ALLOW"
+                  name                      = "ICMP-Permit"
+                  application_lists         = ["ICMP-LIST"]
+                  source_address_lists      = ["ADDRESS-LIST-PERMIT"]
+                  destination_address_lists = ["ADDRESS-LIST-VCN-HOSTS"]
+                }
+                SSH-PERMIT-RULE = {
+                  action                    = "ALLOW"
+                  name                      = "SSH-Permit"
+                  servicen_lists            = ["SSH-LIST"]
+                  source_address_lists      = ["ADDRESS-LIST-PERMIT"]
+                  destination_address_lists = ["ADDRESS-LIST-VCN-HOSTS"]
+                }
+                DENY-RULE = {
+                  action                    = "DROP"
+                  name                      = "Deny"
+                  application_lists         = []
+                  source_address_lists      = ["ADDRESS-LIST-DENY"]
+                  destination_address_lists = ["ADDRESS-LIST-VCN-HOSTS"]
+                }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/examples/oci-network-firewall/variables.tf b/examples/oci-network-firewall/variables.tf
new file mode 100644
index 0000000..e6c31d0
--- /dev/null
+++ b/examples/oci-network-firewall/variables.tf
@@ -0,0 +1,15 @@
+# Copyright (c) 2023, Oracle and/or its affiliates.
+# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl.
+
+# tenancy details
+variable "tenancy_ocid" {}
+variable "user_ocid" {}
+variable "fingerprint" {}
+variable "private_key_path" {}
+variable "private_key_password" {}
+variable "region" {}
+
+variable "network_configuration" {
+  type = any
+}
+
diff --git a/examples/oke-examples/flannel/provider.tf b/examples/oke-examples/flannel/provider.tf
index c94a697..f36f035 100644
--- a/examples/oke-examples/flannel/provider.tf
+++ b/examples/oke-examples/flannel/provider.tf
@@ -15,8 +15,7 @@ terraform {
   required_version = ">= 1.3.0"
   required_providers {
     oci = {
-      source                = "oracle/oci"
-      configuration_aliases = [oci]
+      source = "oracle/oci"
     }
   }
 }
diff --git a/examples/oke-examples/native/provider.tf b/examples/oke-examples/native/provider.tf
index 11cb25c..8b3ce99 100644
--- a/examples/oke-examples/native/provider.tf
+++ b/examples/oke-examples/native/provider.tf
@@ -13,8 +13,7 @@ terraform {
   required_version = ">= 1.3.0"
   required_providers {
     oci = {
-      source                = "oracle/oci"
-      configuration_aliases = [oci]
+      source = "oracle/oci"
     }
   }
 } 
diff --git a/examples/remote-peering-connections/rpc-acceptor/provider.tf b/examples/remote-peering-connections/rpc-acceptor/provider.tf
index d9084cb..47dc64c 100644
--- a/examples/remote-peering-connections/rpc-acceptor/provider.tf
+++ b/examples/remote-peering-connections/rpc-acceptor/provider.tf
@@ -15,8 +15,7 @@ terraform {
 
   required_providers {
     oci = {
-      source                = "oracle/oci"
-      configuration_aliases = [oci]
+      source = "oracle/oci"
     }
   }
 } 
\ No newline at end of file
diff --git a/examples/remote-peering-connections/rpc-requestor/provider.tf b/examples/remote-peering-connections/rpc-requestor/provider.tf
index d9084cb..47dc64c 100644
--- a/examples/remote-peering-connections/rpc-requestor/provider.tf
+++ b/examples/remote-peering-connections/rpc-requestor/provider.tf
@@ -15,8 +15,7 @@ terraform {
 
   required_providers {
     oci = {
-      source                = "oracle/oci"
-      configuration_aliases = [oci]
+      source = "oracle/oci"
     }
   }
 } 
\ No newline at end of file
diff --git a/modules/waf/variables.tf b/modules/waf/variables.tf
index 4f82c6f..065e022 100644
--- a/modules/waf/variables.tf
+++ b/modules/waf/variables.tf
@@ -13,7 +13,6 @@ variable "waf_configuration" {
     waf = map(object({
       display_name            = optional(string)
       defined_tags            = optional(map(string))
-      defined_tags            = optional(map(string))
       freeform_tags           = optional(map(string))
       backend_type            = string
       compartment_id          = optional(string)
diff --git a/network_firewall_policies.tf b/network_firewall_policies.tf
index c12c2c4..e46041a 100644
--- a/network_firewall_policies.tf
+++ b/network_firewall_policies.tf
@@ -21,18 +21,45 @@ locals {
           display_name                   = nfwp_value.display_name
           freeform_tags                  = nfwp_value.freeform_tags
           applications                   = nfwp_value.applications
+          application_lists              = nfwp_value.application_lists
           decryption_profiles            = nfwp_value.decryption_profiles
           decryption_rules               = nfwp_value.decryption_rules
-          ip_address_lists               = nfwp_value.ip_address_lists
+          address_lists                  = nfwp_value.address_lists
           mapped_secrets                 = nfwp_value.mapped_secrets
           security_rules                 = nfwp_value.security_rules
           url_lists                      = nfwp_value.url_lists
+          services                       = nfwp_value.services
+          service_lists                  = nfwp_value.service_lists
           nfwp_key                       = nfwp_key
         }
       ] : [] : [] : []
     ]) : flat_nfwp.nfwp_key => flat_nfwp
   } : null
 
+  nfw_policy_services = flatten([
+    for policy_key, policy_value in coalesce(local.one_dimension_processed_nfw_policies,{}) : [
+      for service_key, service_value in (coalesce(policy_value.services,{})) : {
+        key        = "${policy_key}.${service_key}"
+        policy_key = policy_key
+        name       = service_value.name
+        type       = service_value.type
+        minimum_port  = service_value.minimum_port
+        maximum_port  = service_value.maximum_port
+      }
+    ]
+  ])
+
+  nfw_policy_service_lists = flatten([
+    for policy_key, policy_value in coalesce(local.one_dimension_processed_nfw_policies,{}) : [
+      for serv_key, serv_value in (coalesce(policy_value.service_lists,{})) : {
+        key        = "${policy_key}.${serv_key}"
+        policy_key = policy_key
+        name       = serv_value.name
+        services   = serv_value.services
+      }
+    ]
+  ])
+
   nfw_policy_applications = flatten([
     for policy_key, policy_value in coalesce(local.one_dimension_processed_nfw_policies,{}) : [
       for app_key, app_value in (coalesce(policy_value.applications,{})) : {
@@ -46,6 +73,17 @@ locals {
     ]
   ])
 
+  nfw_policy_application_lists = flatten([
+    for policy_key, policy_value in coalesce(local.one_dimension_processed_nfw_policies,{}) : [
+      for applist_key, applist_value in (coalesce(policy_value.application_lists,{})) : {
+        key        = "${policy_key}.${applist_key}"
+        policy_key = policy_key
+        name       = applist_value.name
+        apps       = applist_value.applications
+      }
+    ]
+  ])
+
   nfw_policy_decryption_profiles = flatten([
     for policy_key, policy_value in coalesce(local.one_dimension_processed_nfw_policies,{}) : [
       for prof_key, prof_value in (coalesce(policy_value.decryption_profiles,{})) : {
@@ -68,7 +106,7 @@ locals {
 
   nfw_policy_address_lists = flatten([
     for policy_key, policy_value in coalesce(local.one_dimension_processed_nfw_policies,{}) : [
-      for add_key, add_value in (coalesce(policy_value.ip_address_lists,{})) : {
+      for add_key, add_value in (coalesce(policy_value.address_lists,{})) : {
         key        = "${policy_key}.${add_key}"
         policy_key = policy_key
         name       = add_value.name
@@ -96,7 +134,7 @@ locals {
   nfw_policy_mapped_secrets = flatten([
     for policy_key, policy_value in coalesce(local.one_dimension_processed_nfw_policies,{}) : [
       for secret_key, secret_value in (coalesce(policy_value.mapped_secrets,{})) : {
-        key = "${policy_key}.${secret_value}"
+        key = "${policy_key}.${secret_key}"
         policy_key = policy_key
         name = secret_value.name
         source = secret_value.source
@@ -110,7 +148,7 @@ locals {
   nfw_policy_url_lists = flatten([
     for policy_key, policy_value in coalesce(local.one_dimension_processed_nfw_policies,{}) : [
       for url_key, url_value in (coalesce(policy_value.url_lists,{})) : {
-        key = "${policy_key}.${url_value}"
+        key = "${policy_key}.${url_key}"
         policy_key = policy_key
         name = url_value.name
         pattern = url_value.pattern
@@ -122,18 +160,18 @@ locals {
   nfw_policy_security_rules = flatten([
     for policy_key, policy_value in coalesce(local.one_dimension_processed_nfw_policies,{}) : [
       for security_key, security_value in (coalesce(policy_value.security_rules,{})) : {
-        key                 = "${policy_key}.${security_value}"
-        policy_key          = policy_key
-        action              = security_value.action
-        name                = security_value.name
-        application         = security_value.application
-        destination_address = security_value.destination_address
-        service             = security_value.service
-        source_address      = security_value.source_address
-        url                 = security_value.url
-        inspection          = security_value.inspection
-        after_rule          = security_value.after_rule
-        before_rule         = security_value.before_rule
+        key                       = "${policy_key}.${security_key}"
+        policy_key                = policy_key
+        action                    = security_value.action
+        name                      = security_value.name
+        application_lists         = security_value.application_lists
+        destination_address_lists = security_value.destination_address_lists
+        service_lists             = security_value.service_lists
+        source_address_lists      = security_value.source_address_lists
+        url_lists                 = security_value.url_lists
+        inspection                = security_value.inspection
+        after_rule                = security_value.after_rule
+        before_rule               = security_value.before_rule
       }
     ]
   ])
@@ -148,7 +186,7 @@ locals {
       display_name                   = nfw_pol_value.display_name
       freeform_tags                  = nfw_pol_value.freeform_tags
       id                             = nfw_pol_value.id
-      #ip_address_lists               = nfw_pol_value.ip_address_lists
+      #address_lists               = nfw_pol_value.address_lists
       #is_firewall_attached           = nfw_pol_value.is_firewall_attached
       lifecycle_details              = nfw_pol_value.lifecycle_details
       #mapped_secrets                 = nfw_pol_value.mapped_secrets
@@ -174,6 +212,34 @@ resource "oci_network_firewall_network_firewall_policy" "these" {
     freeform_tags  = merge(local.cislz_module_tag, each.value.freeform_tags)
 }
 
+resource "oci_network_firewall_network_firewall_policy_service" "these" {
+  for_each = { for v in local.nfw_policy_services : v.key => {
+    policy_key = v.policy_key
+    name       = v.name
+    type       = v.type
+    minimum_port  = v.minimum_port
+    maximum_port  = v.maximum_port
+  } }
+  network_firewall_policy_id = oci_network_firewall_network_firewall_policy.these[each.value.policy_key].id
+  name      = each.value.name
+  type      = each.value.type
+  port_ranges {
+    minimum_port = each.value.minimum_port
+    maximum_port = each.value.maximum_port
+  }
+}
+
+resource "oci_network_firewall_network_firewall_policy_service_list" "these" {
+  for_each = { for v in local.nfw_policy_service_lists : v.key => {
+    policy_key = v.policy_key
+    name       = v.name
+    services   = v.services
+  } }
+  network_firewall_policy_id = oci_network_firewall_network_firewall_policy.these[each.value.policy_key].id
+  name      = each.value.name
+  services  = [for service in each.value.services : oci_network_firewall_network_firewall_policy_service.these["${each.value.policy_key}.${service}"].name]
+}
+
 resource "oci_network_firewall_network_firewall_policy_application" "these" {
   for_each = { for v in local.nfw_policy_applications : v.key => {
                                                             policy_key = v.policy_key
@@ -189,6 +255,17 @@ resource "oci_network_firewall_network_firewall_policy_application" "these" {
     icmp_code = each.value.icmp_code
 }
 
+resource "oci_network_firewall_network_firewall_policy_application_group" "these" {
+  for_each = { for v in local.nfw_policy_application_lists : v.key => {
+                                                            policy_key = v.policy_key
+                                                            name       = v.name
+                                                            apps       = v.apps
+                                                          } }
+    network_firewall_policy_id = oci_network_firewall_network_firewall_policy.these[each.value.policy_key].id
+    name      = each.value.name
+    apps      = [for app in each.value.apps : oci_network_firewall_network_firewall_policy_application.these["${each.value.policy_key}.${app}"].name]
+}
+
 resource "oci_network_firewall_network_firewall_policy_decryption_profile" "these" {
   for_each = { for v in local.nfw_policy_decryption_profiles : v.key => {
                                                             policy_key = v.policy_key
@@ -282,24 +359,24 @@ resource "oci_network_firewall_network_firewall_policy_url_list" "these" {
   network_firewall_policy_id = oci_network_firewall_network_firewall_policy.these[each.value.policy_key].id
   urls {
     pattern = each.value.pattern
-    type = each.value.tyep
+    type = each.value.type
   }
 }
 
 resource "oci_network_firewall_network_firewall_policy_security_rule" "these" {
   for_each = {
     for v in local.nfw_policy_security_rules : v.key => {
-                                                          policy_key          = v.policy_key
-                                                          action              = v.action
-                                                          name                = v.name
-                                                          application         = v.application
-                                                          destination_address = v.destination_address
-                                                          service             = v.service
-                                                          source_address      = v.source_address
-                                                          url                 = v.url
-                                                          inspection          = v.inspection
-                                                          after_rule          = v.after_rule
-                                                          before_rule         = v.before_rule
+                                                          policy_key                = v.policy_key
+                                                          action                    = v.action
+                                                          name                      = v.name
+                                                          application_lists         = v.application_lists
+                                                          destination_address_lists = v.destination_address_lists
+                                                          service_lists             = v.service_lists
+                                                          source_address_lists      = v.source_address_lists
+                                                          url_lists                 = v.url_lists
+                                                          inspection                = v.inspection
+                                                          after_rule                = v.after_rule
+                                                          before_rule               = v.before_rule
                                                         }}
   lifecycle {
     ignore_changes = [position]
@@ -308,12 +385,12 @@ resource "oci_network_firewall_network_firewall_policy_security_rule" "these" {
   action = each.value.action
   name = each.value.name
   condition {
-    application = each.value.application
-    destination_address = each.value.destination_address
-    service = each.value.service
-    source_address = each.value.source_address
-    url = each.value.url
-  }
+    application         = each.value.application_lists != null ? [for app_list in each.value.application_lists: oci_network_firewall_network_firewall_policy_application_group.these["${each.value.policy_key}.${app_list}"].name ] : null
+    destination_address = each.value.destination_address_lists != null ? [for dest_list in each.value.destination_address_lists: oci_network_firewall_network_firewall_policy_address_list.these["${each.value.policy_key}.${dest_list}"].name ] : null
+    source_address      = each.value.source_address_lists != null ? [for source_list in each.value.source_address_lists: oci_network_firewall_network_firewall_policy_address_list.these["${each.value.policy_key}.${source_list}"].name ] : null
+    url                 = each.value.url_lists != null ? [for url_list in each.value.url_lists: oci_network_firewall_network_firewall_policy_url_list.these["${each.value.policy_key}.${url_list}"].name ] : null
+    service             = each.value.service_lists != null ? [for service_list in each.value.service_lists: oci_network_firewall_network_firewall_policy_service_list.these["${each.value.policy_key}.${service_list}"].name ] : null
+}
   network_firewall_policy_id = oci_network_firewall_network_firewall_policy.these[each.value.policy_key].id
 
   #Optional
@@ -325,207 +402,3 @@ resource "oci_network_firewall_network_firewall_policy_security_rule" "these" {
     before_rule = each.value.before_rule
   }
 }
-
-/* resource "oci_network_firewall_network_firewall_policy" "these" {
-
-  for_each = local.one_dimension_processed_nfw_policies != null ? length(local.one_dimension_processed_nfw_policies) > 0 ? local.one_dimension_processed_nfw_policies : {} : {}
-
-  compartment_id = each.value.compartment_id != null ? (length(regexall("^ocid1.*$", each.value.compartment_id)) > 0 ? each.value.compartment_id : var.compartments_dependency[each.value.compartment_id].id) : null
-  defined_tags   = each.value.defined_tags
-  display_name   = each.value.display_name
-  freeform_tags  = merge(local.cislz_module_tag, each.value.freeform_tags)
-
-  dynamic "application_lists" {
-    for_each = each.value.application_lists != null ? length(each.value.application_lists) > 0 ? [
-      for app_list_key, app_list_value in each.value.application_lists : {
-        application_list_name = app_list_value.application_list_name
-        application_values    = app_list_value.application_values
-    }] : [] : []
-    iterator = application_list
-
-    content {
-      application_list_name = application_list.value.application_list_name
-
-      dynamic "application_values" {
-        for_each = application_list.value.application_values != null ? application_list.value.application_values != null ? [
-          for app_value_key, app_value_value in application_list.value.application_values : {
-            type         = app_value_value.type
-            icmp_type    = app_value_value.icmp_type
-            icmp_code    = app_value_value.icmp_code
-            minimum_port = app_value_value.minimum_port
-            maximum_port = app_value_value.maximum_port
-        }] : [] : []
-        iterator = application_value
-
-        content {
-          type         = application_value.value.type
-          icmp_type    = application_value.value.icmp_type
-          icmp_code    = application_value.value.icmp_code
-          minimum_port = application_value.value.minimum_port
-          maximum_port = application_value.value.maximum_port
-        }
-      }
-    }
-  }
-
-  dynamic "decryption_profiles" {
-    for_each = each.value.decryption_profiles != null ? length(each.value.decryption_profiles) > 0 ? [
-      for d_profile_key, d_profile_value in each.value.decryption_profiles : {
-        is_out_of_capacity_blocked     = d_profile_value.is_out_of_capacity_blocked
-        is_unsupported_cipher_blocked  = d_profile_value.is_unsupported_cipher_blocked
-        is_unsupported_version_blocked = d_profile_value.is_unsupported_version_blocked
-        type                           = d_profile_value.type
-        key                            = d_profile_value.key
-        #Optional
-        are_certificate_extensions_restricted = d_profile_value.are_certificate_extensions_restricted
-        is_auto_include_alt_name              = d_profile_value.is_auto_include_alt_name
-        is_expired_certificate_blocked        = d_profile_value.is_expired_certificate_blocked
-        is_revocation_status_timeout_blocked  = d_profile_value.is_revocation_status_timeout_blocked
-        is_unknown_revocation_status_blocked  = d_profile_value.is_unknown_revocation_status_blocked
-        is_untrusted_issuer_blocked           = d_profile_value.is_untrusted_issuer_blocked
-    }] : [] : []
-    iterator = decryption_profile
-
-    content {
-      is_out_of_capacity_blocked     = decryption_profile.value.is_out_of_capacity_blocked
-      is_unsupported_cipher_blocked  = decryption_profile.value.is_unsupported_cipher_blocked
-      is_unsupported_version_blocked = decryption_profile.value.is_unsupported_version_blocked
-      type                           = decryption_profile.value.type
-      key                            = decryption_profile.value.key
-
-      #Optional
-      are_certificate_extensions_restricted = decryption_profile.value.are_certificate_extensions_restricted
-      is_auto_include_alt_name              = decryption_profile.value.is_auto_include_alt_name
-      is_expired_certificate_blocked        = decryption_profile.value.is_expired_certificate_blocked
-      is_revocation_status_timeout_blocked  = decryption_profile.value.is_revocation_status_timeout_blocked
-      is_unknown_revocation_status_blocked  = decryption_profile.value.is_unknown_revocation_status_blocked
-      is_untrusted_issuer_blocked           = decryption_profile.value.is_untrusted_issuer_blocked
-    }
-  }
-
-
-  dynamic "decryption_rules" {
-    for_each = each.value.decryption_rules != null ? length(each.value.decryption_rules) > 0 ? [
-      for d_rule_key, d_rule_value in each.value.decryption_rules : {
-        action             = d_rule_value.action
-        name               = d_rule_value.name
-        decryption_profile = d_rule_value.decryption_profile
-        secret             = d_rule_value.secret
-        conditions         = d_rule_value.conditions
-    }] : [] : []
-    iterator = decryption_rule
-
-    content {
-      action             = decryption_rule.value.action
-      name               = decryption_rule.value.name
-      decryption_profile = decryption_rule.value.decryption_profile
-      secret             = decryption_rule.value.secret
-      dynamic "condition" {
-        for_each = decryption_rule.value != null ? length(decryption_rule.value) > 0 ? [
-          for cond_key, cond_value in decryption_rule.value.conditions : {
-            destinations = cond_value.destinations
-            sources      = cond_value.sources
-        }] : [] : []
-        iterator = cond
-        content {
-          destinations = cond.value.destinations
-          sources      = cond.value.sources
-        }
-      }
-    }
-  }
-
-  dynamic "ip_address_lists" {
-    for_each = each.value.ip_address_lists != null ? length(each.value.ip_address_lists) > 0 ? [
-      for ipa_list_key, ipa_list_value in each.value.ip_address_lists : {
-        ip_address_list_name  = ipa_list_value.ip_address_list_name
-        ip_address_list_value = ipa_list_value.ip_address_list_value
-    }] : [] : []
-    iterator = ip_address_list
-
-    content {
-      ip_address_list_name  = ip_address_list.value.ip_address_list_name
-      ip_address_list_value = ip_address_list.value.ip_address_list_value
-    }
-  }
-
-  dynamic "mapped_secrets" {
-    for_each = each.value.mapped_secrets != null ? length(each.value.mapped_secrets) > 0 ? [
-      for ms_key, ms_value in each.value.mapped_secrets : {
-        key             = ms_value.key
-        type            = ms_value.type
-        vault_secret_id = ms_value.vault_secret_id
-        version_number  = ms_value.version_number
-    }] : [] : []
-    iterator = mapped_secret
-
-    content {
-      type            = mapped_secret.value.type
-      key             = mapped_secret.value.key
-      vault_secret_id = mapped_secret.value.vault_secret_id
-      version_number  = mapped_secret.value.version_number
-    }
-  }
-
-  dynamic "security_rules" {
-    for_each = each.value.security_rules != null ? length(each.value.security_rules) > 0 ? [
-      for sr_key, sr_value in each.value.security_rules : {
-        action     = sr_value.action
-        conditions = sr_value.conditions
-        name       = sr_value.name
-        inspection = sr_value.inspection
-    }] : [] : []
-    iterator = security_rule
-
-    content {
-      action     = security_rule.value.action
-      name       = security_rule.value.name
-      inspection = security_rule.value.inspection
-
-      dynamic "condition" {
-        for_each = security_rule.value.conditions != null ? security_rule.value.conditions != null ? [
-          for cond_key, cond_value in security_rule.value.conditions : {
-            applications = cond_value.applications
-            destinations = cond_value.destinations
-            sources      = cond_value.sources
-            urls         = cond_value.urls
-        }] : [] : []
-        iterator = condition
-
-        content {
-          applications = condition.value.applications
-          destinations = condition.value.destinations
-          sources      = condition.value.sources
-          urls         = condition.value.urls
-        }
-      }
-    }
-  }
-
-  dynamic "url_lists" {
-    for_each = each.value.url_lists != null ? length(each.value.url_lists) > 0 ? [
-      for urll in each.value.url_lists : {
-        url_list_name   = urll.url_list_name
-        url_list_values = urll.url_list_values
-    }] : [] : []
-    iterator = url_list
-
-    content {
-      url_list_name = url_list.value.url_list_name
-
-      dynamic "url_list_values" {
-        for_each = url_list.value.url_list_values != null ? length(url_list.value.url_list_values) > 0 ? [
-          for urllv in url_list.value.url_list_values : {
-            type    = urllv.type
-            pattern = urllv.pattern
-        }] : [] : []
-        iterator = url_list_value
-
-        content {
-          type    = url_list_value.value.type
-          pattern = url_list_value.value.pattern
-        }
-      }
-    }
-  }
-} */
diff --git a/orm-facade/provider.tf b/orm-facade/provider.tf
index ed17fc6..564b449 100644
--- a/orm-facade/provider.tf
+++ b/orm-facade/provider.tf
@@ -21,9 +21,7 @@ terraform {
 
   required_providers {
     oci = {
-      source                = "oracle/oci"
-      version               = "<= 5.16.0"
-      configuration_aliases = [oci]
+      source = "oracle/oci"
     }
   }
 } 
\ No newline at end of file
diff --git a/release.txt b/release.txt
index 1864002..bcaffe1 100644
--- a/release.txt
+++ b/release.txt
@@ -1 +1 @@
-0.6.9
\ No newline at end of file
+0.7.0
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index 84452c4..0da2c12 100644
--- a/variables.tf
+++ b/variables.tf
@@ -227,6 +227,7 @@ variable "network_configuration" {
           defined_tags  = optional(map(string)),
           freeform_tags = optional(map(string)),
           attached_views = optional(map(object({
+            existing_view_id = optional(string) # an existing externally managed view. Assign either this attribute or the others for having this module managing the view.
             compartment_id = optional(string),
             display_name   = optional(string),
             defined_tags   = optional(map(string)),
@@ -1012,22 +1013,33 @@ variable "network_configuration" {
             defined_tags   = optional(map(string)),
             display_name   = optional(string),
             freeform_tags  = optional(map(string)),
-            # application_lists = optional(map(object({
-            #   application_list_name = string,
-            #   application_values = map(object({
-            #     type         = string,
-            #     icmp_type    = optional(string),
-            #     icmp_code    = optional(string),
-            #     minimum_port = optional(number),
-            #     maximum_port = optional(number)
-            #   }))
-            # })))
+            services = optional(map(object({
+              name = string
+              type = optional(string) # Valid values: "TCP_SERVICE" or "UDP_SERVICE"
+              minimum_port = number
+              maximum_port = optional(number)
+            })))
+            service_lists = optional(map(object({
+              name     = string
+              services = list(string)
+            })))
             applications = optional(map(object({
               name      = string,
               type      = string,
-              icmp_type = optional(string),
-              icmp_code = optional(string),
+              icmp_type = number,
+              icmp_code = optional(number),
             })))
+            application_lists = optional(map(object({
+              name = string,
+              applications = list(string)
+            }))),
+            mapped_secrets = optional(map(object({
+              name            = string,
+              type            = string, # Valid values: SSL_FORWARD_PROXY, SSL_INBOUND_INSPECTION
+              source          = string, # Valid value: OCI_VAULT
+              vault_secret_id = string,
+              version_number  = string,
+            }))),
             decryption_profiles = optional(map(object({
               type                                  = string, # Valid values: "SSL_FORWARD_PROXY", "SSL_INBOUND_INSPECTION"
               name                                  = string,
@@ -1040,43 +1052,36 @@ variable "network_configuration" {
               is_revocation_status_timeout_blocked  = optional(bool), # Applicable only when type = "SSL_FORWARD_PROXY"
               is_unknown_revocation_status_blocked  = optional(bool), # Applicable only when type = "SSL_FORWARD_PROXY"
               is_untrusted_issuer_blocked           = optional(bool)  # Applicable only when type = "SSL_FORWARD_PROXY"
-            })))
-            ip_address_lists = optional(map(object({
+            }))),
+            decryption_rules = optional(map(object({
+              name                        = string,
+              action                      = string,
+              decryption_profile_id       = optional(string),
+              secret                      = optional(string),
+              source_ip_address_list      = optional(string),
+              destination_ip_address_list = optional(string)
+            }))),
+            address_lists = optional(map(object({
               name = string,
               type = string, # Valid values: "FQND", "IP"
               addresses = list(string)
             })))
-            decryption_rules = optional(map(object({
-              name                  = string,
-              action                = string,
-              decryption_profile_id = optional(string),
-              secret                = optional(string),
-              destination_ip_address_list = optional(string),
-              source_ip_address_list      = optional(string)
-            })))
-            mapped_secrets = optional(map(object({
-              name            = string,
-              type            = string, # Valid values: SSL_FORWARD_PROXY, SSL_INBOUND_INSPECTION
-              source          = string, # Valid value: OCI_VAULT
-              vault_secret_id = string,
-              version_number  = string,
-            })))
-            security_rules = optional(map(object({
-              action              = string, # Valid values: ALLOW,DROP,REJECT,INSPECT
-              name                = string,
-              application         = optional(list(string)),
-              destination_address = optional(list(string)),
-              service             = optional(list(string)),
-              source_address      = optional(list(string)),
-              url                 = optional(list(string)),
-              inspection          = optional(string), # This is only applicable if action is INSPECT
-              after_rule          = optional(string),
-              before_rule         = optional(string)
-            })))
             url_lists = optional(map(object({
               name    = string,
               pattern = string,
               type    = string # Valid value: SIMPLE
+            }))),
+            security_rules = optional(map(object({
+              action = string, # Valid values: ALLOW,DROP,REJECT,INSPECT
+              name   = string,
+              application_lists         = optional(list(string)),
+              destination_address_lists = optional(list(string)),
+              service_lists             = optional(list(string)),
+              source_address_lists      = optional(list(string)),
+              url_lists                 = optional(list(string)),
+              inspection  = optional(string), # This is only applicable if action is INSPECT
+              after_rule  = optional(string),
+              before_rule = optional(string)
             })))
           })))
         }))
@@ -1260,7 +1265,7 @@ variable "compartments_dependency" {
 }
 
 variable "network_dependency" {
-  description = "An object containing the externally managed network resources this module may depend on. Supported resources are 'vcns', 'dynamic_routing_gateways', 'drg_attachments', 'local_peering_gateways', and 'remote_peering_connections', represented as map of objects. Each object, when defined, must have an 'id' attribute of string type set with the VCN, DRG OCID, DRG Attachment OCID, Local Peering Gateway OCID or Remote Peering Connection OCID. 'remote_peering_connections' must also pass the peer region name in the region_name attribute. See External Dependencies section in README.md (https://github.com/oracle-quickstart/terraform-oci-cis-landing-zone-networking#ext-dep) for details."
+  description = "An object containing the externally managed network resources this module may depend on. Supported resources are 'vcns', 'dynamic_routing_gateways', 'drg_attachments', 'local_peering_gateways', 'remote_peering_connections', and 'dns_private_views', represented as map of objects. Each object, when defined, must have an 'id' attribute of string type set with the VCN, DRG OCID, DRG Attachment OCID, Local Peering Gateway OCID or Remote Peering Connection OCID. 'remote_peering_connections' must also pass the peer region name in the region_name attribute. See External Dependencies section in README.md (https://github.com/oci-landing-zones/terraform-oci-modules-networking#ext-dep) for details."
   type = object({
     vcns = optional(map(object({
       id = string # the VCN OCID
@@ -1278,6 +1283,9 @@ variable "network_dependency" {
       id = string # the peer RPC OCID
       region_name = string # the peer RPC region name
     })))
+    dns_private_views = optional(map(object({
+      id = string # the DNS private view OCID
+    })))
   })
   default = null
 }