This module covers the core concepts of a GCP network, it allows you to provision a shared VPC along with many other network componenets that you may need to establish a secure and private connection between your workloads on GCP and Google APIs / internet.
This module is meant for use with Terraform 1.2.3+.
You need to have a project with google cloud billing enabled. This module will make that project a Host project by enabling shared VPC. You need also to enable the following list of APIs :
- Compute Engine API ❯❯
compute.googleapis.com - Serverless VPC Access API ❯❯
vpcaccess.googleapis.com - Cloud DNS API ❯❯
dns.googleapis.com - Service Networking API ❯❯
servicenetworking.googleapis.com - Service Directory API ❯❯
servicedirectory.googleapis.com - Firewall Insights API ❯❯
firewallinsights.googleapis.com - Cloud Identity-Aware Proxy API ❯❯
iap.googleapis.com - Network Management API ❯❯
networkmanagement.googleapis.com - Service Usage API ❯❯
serviceusage.googleapis.com - Serverless VPC Access API ❯❯
vpcaccess.googleapis.com
| File | Description |
|---|---|
| core.tf | Provisioning Shared VPC and a subnet |
| vpc_connector.tf | Configuring Serverless VPC Access |
| firewall.tf | Create Firewall rules |
| nat.tf | Configure Cloud Nat |
| dns.tf | Set up a managed zone and create records |
| pcs.tf | Configure Private Service Connect |
| pca.tf | Configure Private Service Access |
This work relies on the following official Terraform modules (module call):
module "gcp-core-network" {
source = "git::ssh://[email protected]/Abdelwaheb-Hnaien/gcp-core-network.git?ref=0.1.0"
perimeter = "prod"
org_prefix = "my-org"
host_project_id = "shared-xpn-project"
shared_vpc_name = "my-org-shared-vpc"
subnets = [
{
subnet_name = "my-org-shared-sub-local"
subnet_ip = "10.10.0.0/17"
subnet_region = "europe-west1"
subnet_private_access = "true"
subnet_flow_logs = "true"
description = "local subnet"
},
]
private_service_connect_ip = "172.28.144.12"
cloudsql_ip_range = "172.28.240.0/21"
memorystore_ip_range = "172.28.252.0/22"
filestore_ip_range = "172.28.248.0/22"
vpc_connector_ip_range = "172.28.144.13/28"
}
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| host_project_id | Host Project ID | String | n/a | yes |
| perimeter | Your Google Cloud environment(example : "prod", "dev", etc.) | String | n/a | yes |
| org_prefix | Your Google Cloud organization prefix (example: "my-org") | String | n/a | yes (at least one subnet) |
| shared_vpc_name | Shared VPC Name | String | n/a | yes |
| subnets | Subnets to be created in the Shared VPC | list(map(string)) | n/a | yes |
| private_service_connect_ip | Private service endpoint | String | n/a | yes |
| cloudsql_ip_range | Private service Connection : Cloud SQL IP Range | String | n/a | yes |
| memorystore_ip_range | Private service Connection : Memorystore IP Range | String | n/a | yes |
| filestore_ip_range | Private service Connection : Filestore IP Range | String | n/a | yes |
| vpc_connector_ip_range | VPC Serverless Access : VPC connector IP | String | n/a | yes |
| Name | Description |
|---|---|
| network | The VPC resource being created |
| network_id | The ID of the VPC being created |
| network_name | The name of the VPC being created |
| network_self_link | The URI of the VPC being created |
| project_id | VPC project id |
Please feel free to fork the repository and submit a pull request if you think there is an issue or simply if you would like to make this project better.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent