terraform-ibm-modules · Khuzaima05 · Nov 17, 2025 · Nov 23, 2025 · Nov 23, 2025 · Nov 23, 2025
@@ -13,3 +13,6 @@ offerings:
           instance_id: 1c7d5f78-9262-44c3-b779-b28fe4d88c37
           region: us-south
           scope_resource_group_var_name: existing_resource_group_name
+      - name: quickstart
+        mark_ready: true
+        install_type: fullstack
@@ -63,8 +63,8 @@
       "flavors": [
         {
           "label": "Standard - Integrated setup with configurable services",
-          "name": "fully-configurable",
           "short_description": "Ideal for users who want flexibility with a reliable starting point.",
+          "name": "fully-configurable",
           "index": 1,
           "install_type": "fullstack",
           "working_directory": "solutions/fully-configurable",
@@ -771,6 +771,218 @@
           "dependency_version_2": true,
           "terraform_version": "1.12.2",
           "ignore_readme": true
+        },
+        {
+          "label": "QuickStart - Basic and simple",
+          "short_description": "Ideal for users new to IBM Cloud or Virtual Private Cloud (VPC) who want to get started without configuring underlying infrastructure.",
+          "name": "quickstart",
+          "index": 2,
+          "install_type": "fullstack",
+          "working_directory": "solutions/quickstart",
+          "release_notes_url": "https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-secure-infrastructure-vpc-relnotes",
+          "architecture": {
+            "features": [
+              {
+                "title": " ",
+                "description": "Ideal for users new to IBM Cloud or Virtual Private Cloud (VPC) who want to get started without configuring underlying infrastructure."
+              },
+              {
+                "title": " ",
+                "description": "A lightweight, experimental configuration for quickly provisioning Virtual Private Cloud (VPC) instances on IBM Cloud."
+              }
+            ],
+            "diagrams": [
+              {
+                "diagram": {
+                  "caption": "Virtual Private Cloud topology - Quickstart (Basic and simple)",
+                  "url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/main/reference-architectures/deployable-architecture-quickstart-vpc.svg",
+                  "type": "image/svg+xml"
+                },
+                "description": "This architecture provisions and configures a <b>Virtual Private Cloud (VPC)</b> environment. This basic configuration creates a VPC with one subnet in each zone (three subnets total) and applies a predefined network ACL."
+              }
+            ]
+          },
+          "iam_permissions": [
+            {
+              "role_crns": [
+                "crn:v1:bluemix:public:iam::::role:Viewer"
+              ],
+              "service_name": "Resource group only",
+              "notes": "Viewer access is required in the resource group you want to provision in."
+            },
+            {
+              "role_crns": [
+                "crn:v1:bluemix:public:iam::::role:Administrator"
+              ],
+              "service_name": "All Account Management services",
+              "notes": "[Optional] Required to create new resource groups when enabling the Account Configuration integration."
+            },
+            {
+              "role_crns": [
+                "crn:v1:bluemix:public:iam::::role:Administrator"
+              ],
+              "service_name": "All Identity and Access enabled services",
+              "notes": "[Optional] Required to to create trusted profile for App Configuration aggregator which is used for compliance scanning."
+            },
+            {
+              "role_crns": [
+                "crn:v1:bluemix:public:iam::::role:Administrator"
+              ],
+              "service_name": "is.vpc",
+              "notes": "Required to create Virtual Private Cloud(VPC)"
+            },
+            {
+              "service_name": "cloud-object-storage",
+              "role_crns": [
+                "crn:v1:bluemix:public:iam::::serviceRole:Manager",
+                "crn:v1:bluemix:public:iam::::role:Editor"
+              ],
+              "notes": "[Optional] Required if VPC Flow Logs are enabled."
+            }
+          ],
+          "configuration": [
+            {
+              "key": "ibmcloud_api_key"
+            },
+            {
+              "key": "existing_resource_group_name",
+              "display_name": "resource_group",
+              "custom_config": {
+                "type": "resource_group",
+                "grouping": "deployment",
+                "original_grouping": "deployment",
+                "config_constraints": {
+                  "identifier": "rg_name"
+                }
+              },
+              "default_value": "Default",
+              "description": "The name of an existing resource group to provision the resources."
+            },
+            {
+              "key": "prefix",
+              "required": true,
+              "default_value": "dev",
+              "random_string": {
+                "length": 4
+              },
+              "value_constraints": [
+                {
+                  "type": "regex",
+                  "description": "Prefix must begin with a lowercase letter and may contain only lowercase letters, digits, and hyphens '-'. It must not end with a hyphen('-'), and cannot contain consecutive hyphens ('--'). It should not exceed 16 characters.",
+                  "value": "^$|^__NULL__$|^[a-z](?!.*--)(?:[a-z0-9-]{0,14}[a-z0-9])?$"
+                }
+              ]
+            },
+            {
+              "key": "region",
+              "required": true,
+              "custom_config": {
+                "config_constraints": {
+                  "generationType": "2"
+                },
+                "grouping": "deployment",
+                "original_grouping": "deployment",
+                "type": "vpc_region"
+              }
+            },
+            {
+              "key": "vpc_name",
+              "required": true
+            },
+            {
+              "key": "network_profile",
+              "type": "string",
+              "displayname": "Network Profile",
+              "required": true,
+              "default_value": "common",
+              "description": "Select the predefined network profile that controls allowed traffic and security posture for the VPC.",
+              "options": [
+                {
+                  "displayname": "Open",
+                  "value": "open",
+                  "description": "Allows all inbound and outbound traffic. Suitable for testing or unrestricted workloads."
+                },
+                {
+                  "displayname": "Standard",
+                  "value": "common",
+                  "description": "Allows standard access (SSH, HTTP, HTTPS) and includes IBM internal + VPC connectivity rules. Recommended default for most workloads."
+                },
+                {
+                  "displayname": "IBM Internal",
+                  "value": "ibm-internal",
+                  "description": "Blocks all customer inbound traffic. Only IBM internal and VPC connectivity traffic is allowed."
+                },
+                {
+                  "displayname": "Closed",
+                  "value": "closed",
+                  "description": "Fully restricted network profile. No inbound or outbound traffic allowed."
+                }
+              ]
+            },
+            {
+              "key": "resource_tags",
+              "custom_config": {
+                "type": "array",
+                "grouping": "deployment",
+                "original_grouping": "deployment",
+                "config_constraints": {
+                  "type": "string"
+                }
+              }
+            },
+            {
+              "key": "access_tags",
+              "custom_config": {
+                "type": "array",
+                "grouping": "deployment",
+                "original_grouping": "deployment",
+                "config_constraints": {
+                  "type": "string"
+                }
+              }
+            },
+            {
+              "key": "enable_vpc_flow_logs",
+              "type": "boolean",
+              "type_metadata": "boolean",
+              "options": [
+                {
+                  "description": "Do not collect VPC network traffic metadata.",
+                  "displayname": "False",
+                  "value": false
+                },
+                {
+                  "description": "Collect and store IP traffic metadata from VPC network interfaces to Cloud Object Storage for monitoring, security analysis, and troubleshooting.",
+                  "displayname": "True",
+                  "value": true
+                }
+              ]
+            },
+            {
+              "key": "skip_vpc_cos_iam_auth_policy",
+              "hidden": true
+            },
+            {
+              "key": "provider_visibility",
+              "hidden": true,
+              "options": [
+                {
+                  "displayname": "private",
+                  "value": "private"
+                },
+                {
+                  "displayname": "public",
+                  "value": "public"
+                },
+                {
+                  "displayname": "public-and-private",
+                  "value": "public-and-private"
+                }
+              ]
+            }
+          ],
+          "terraform_version": "1.12.2",
+          "ignore_readme": true
         }
       ]
     }

@@ -0,0 +1,147 @@
+---
+
+copyright:
+  years: 2025
+lastupdated: "2025-12-02"
+
+keywords:
+
+subcollection: deployable-reference-architectures
+
+authors:
+  - name: "Khuzaima Shakeel"
+
+# The release that the reference architecture describes
+version: 1.0.0
+
+# Whether the reference architecture is published to Cloud Docs production.
+# When set to false, the file is available only in staging. Default is false.
+production: true
+
+# Use if the reference architecture has deployable code.
+# Value is the URL to land the user in the IBM Cloud catalog details page
+# for the deployable architecture.
+# See https://test.cloud.ibm.com/docs/get-coding?topic=get-coding-deploy-button
+deployment-url: https://cloud.ibm.com/catalog/architecture/deploy-arch-ibm-slz-vpc-9fc0fa64-27af-4fed-9dce-47b3640ba739-global
+
+docs: https://cloud.ibm.com/docs/secure-infrastructure-vpc
+
+image_source: https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc/blob/main/reference-architectures/deployable-architecture-quickstart-vpc.svg
+
+related_links:
+  - title: "Cloud foundation for VPC (Standard - Integrated setup with configurable services)"
+    url: "https://cloud.ibm.com/docs/deployable-reference-architectures?topic=deployable-reference-architectures-vpc-fully-configurable"
+    description: "A deployable architecture that provides full control over VPC networking, security, and connectivity components."
+  - title: "Cloud foundation for VPC (Standard - Financial Services edition)"
+    url: "https://cloud.ibm.com/docs/deployable-reference-architectures?topic=deployable-reference-architectures-vpc-ra"
+    description: "A VPC architecture based on IBM Cloud for Financial Services controls."
+
+use-case: Foundational Infrastructure
+compliance: None
+
+content-type: reference-architecture
+
+---
+
+{{site.data.keyword.attribute-definition-list}}
+
+# Cloud foundation for VPC – QuickStart (Basic and simple)
+{: #vpc-quickstart-ra}
+{: toc-content-type="reference-architecture"}
+{: toc-industry="CrossIndustry"}
+{: toc-use-case="Foundational Infrastructure"}
+{: toc-version="1.0.0"}
+
+The QuickStart variation provides a **simple and beginner-friendly** Virtual Private Cloud (VPC) deployment that requires minimal configuration. It helps users rapidly create a functional network environment on IBM Cloud without needing to define subnets, ACL rules, security groups, or connectivity patterns manually.
+This variation is ideal for users who want a **basic VPC setup**, lightweight networking defaults, and the option to enable VPC Flow Logs.
+
+Unlike the fully configurable architecture, QuickStart intentionally limits complexity and deploys a clean, minimal network footprint that can be used as a stepping stone toward more advanced architectures.
+
+---
+
+## Architecture diagram
+{: #ra-vpc-quickstart-architecture}
+
+![Architecture diagram for the QuickStart variation of Cloud foundation for VPC](deployable-architecture-quickstart-vpc.svg "QuickStart VPC architecture"){: caption="QuickStart VPC architecture" caption-side="bottom"}{: external download="deployable-architecture-quickstart-vpc.svg"}
+
+---
+
+## Design requirements
+{: #ra-vpc-quickstart-design-requirements}
+
+![Design requirements for QuickStart VPC](heat-map-deploy-arch-slz-vpc-quickstart.svg "Design requirements"){: caption="Scope of the QuickStart design requirements" caption-side="bottom"}
+
+---
+
+## Components
+{: #ra-vpc-quickstart-components}
+
+### VPC architecture decisions
+{: #ra-vpc-quickstart-components-arch}
+
+| Requirement | Component | Reasons for choice | Alternative |
+|------------|-----------|--------------------|-------------|
+| *Provide a basic, ready-to-use VPC with minimal inputs* | Predefined VPC | Deploys a VPC quickly without requiring the user to design the network | Use the fully configurable variation for deeper customization |
+| *Create availability-zone redundancy* | Fixed three-zone subnets | One subnet per zone to ensure multi-AZ coverage | Single-zone deployment (not recommended) |
+| *Basic traffic governance* | Network profile selector (open, common, ibm-internal, closed) | Users can choose the desired security posture without written ACL rules | Manually writing custom ACLs |
+
+{: caption="VPC architecture decisions" caption-side="bottom"}
+
+---
+
+### Networking and connectivity decisions
+{: #ra-vpc-quickstart-components-connectivity}
+
+| Requirement | Component | Reason | Alternative |
+|------------|-----------|--------|-------------|
+| *Optional access to the internet* | Public gateways per zone (automatic) | Enabled only for `open` and `common` profiles | No public gateways for locked-down profiles |
+| *Subnet-level traffic control* | Network ACL profiles | Simplifies security without requiring rule definitions | Fully customizable ACLs (in advanced variation) |
+| *Instance-level default security* | Default VPC security group | Automatically cleaned when selecting restrictive profiles (`ibm-internal`, `closed`) | Custom security group rules |
+
+{: caption="Networking and connectivity decisions" caption-side="bottom"}
+
+---
+
+### Simplicity and user experience decisions
+{: #ra-vpc-quickstart-components-simplicity}
+
+| Requirement | Component | Reasons | Alternative |
+|------------|-----------|---------|-------------|
+| *Zero-effort deployment* | Predefined subnets + ACL mapping | Users only pick prefix, region, and profile | Manual subnet planning |
+| *Clear security posture options* | User-friendly “Network Profile” widget | Shows descriptions and recommendations | Plain text input |
+| *Simple observability integration* | Optional VPC Flow Logs → COS | Enabled via toggle | External log collectors |
+
+{: caption="Simplicity decision points" caption-side="bottom"}
+
+---
+
+## Key features
+{: #ra-vpc-quickstart-features}
+
+### Core VPC Setup
+- Automatically creates a new VPC with IBM-recommended defaults
+- Deploys **one subnet per zone** (three total)
+
+### Built-in Network Profiles
+- **Open** – Unrestricted
+- **Standard (Common)** – SSH/HTTP/HTTPS + IBM internal rules
+- **IBM Internal** – No inbound customer traffic
+- **Closed** – Fully restricted
+
+### Security & Network Defaults
+- ACLs applied according to selected network profile
+- Security group automatically cleaned for restrictive profiles
+- Public gateways created only when allowed by the profile
+
+### Optional Flow Logs
+- Enable VPC Flow Logs to create a COS instance and bucket automatically
+
+
+---
+<!--
+## Next steps
+{: #ra-vpc-fully-configurable-next-steps}
+
+TODO: Decide what next steps to list, if any
+
+Optional section. Include links to your deployment guide or next steps to get started with the architecture. -->
@@ -0,0 +1,3 @@
+# Cloud foundation for VPC (Quickstart)
+
+:exclamation: **Important:** This solution is not intended to be called by other modules because it contains a provider configuration and is not compatible with the `for_each`, `count`, and `depends_on` arguments. For more information, see [Providers Within Modules](https://developer.hashicorp.com/terraform/language/modules/develop/providers).
@@ -0,0 +1,7 @@
+{
+  "ibmcloud_api_key": $VALIDATION_APIKEY,
+  "region": "us-south",
+  "resource_tags": $TAGS,
+  "existing_resource_group_name": "geretain-test-resources",
+  "prefix": $PREFIX
+}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		# Cloud foundation for VPC (Quickstart)

		:exclamation: Important: This solution is not intended to be called by other modules because it contains a provider configuration and is not compatible with the `for_each`, `count`, and `depends_on` arguments. For more information, see [Providers Within Modules](https://developer.hashicorp.com/terraform/language/modules/develop/providers).