This module makes it easy to set up a new VPC Network in GCP by defining your network and subnet ranges in a concise syntax. This module will create:
- Shared VPC Network
- Subnets
- Routing
- Firewall rules
- Network peering
Coalfire has tested this module with Terraform version 1.5.0 and the Hashicorp Google provider versions 4.70 - 5.0.
FedRAMP Compliance: Moderate, High
module "public_network" {
source = "github.com/Coalfire-CF/terraform-google-network"
project_id = "your_project_id"
network_name = "${var.vpc_prefix}-public"
subnets = [
{
subnet_name = "${var.subnet_prefix}-public-firewall"
subnet_ip = module.subnets_public.network_cidr_blocks["firewall"]
subnet_region = var.region
}
]
}
No requirements.
No providers.
| Name | Source | Version |
|---|---|---|
| firewall_rules | ./modules/firewall-rules | n/a |
| routes | ./modules/routes | n/a |
| subnets | ./modules/subnets | n/a |
| vpc | ./modules/vpc | n/a |
No resources.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| auto_create_subnetworks | When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources. | bool |
false |
no |
| delete_default_internet_gateway_routes | If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted | bool |
false |
no |
| description | An optional description of this resource. The resource must be recreated to modify this field. | string |
"" |
no |
| firewall_rules | List of firewall rules | any |
[] |
no |
| mtu | The network MTU (If set to 0, meaning MTU is unset - defaults to '1460'). Recommended values: 1460 (default for historic reasons), 1500 (Internet default), or 8896 (for Jumbo packets). Allowed are all values in the range 1300 to 8896, inclusively. | number |
0 |
no |
| network_name | The name of the network being created | string |
n/a | yes |
| project_id | The ID of the project where this VPC will be created | string |
n/a | yes |
| routes | List of routes being created in this VPC | list(map(string)) |
[] |
no |
| routing_mode | The network routing mode (default 'GLOBAL') | string |
"GLOBAL" |
no |
| secondary_ranges | Secondary ranges that will be used in some of the subnets | map(list(object({ range_name = string, ip_cidr_range = string }))) |
{} |
no |
| shared_vpc_host | Makes this project a Shared VPC host if 'true' (default 'false') | bool |
false |
no |
| subnets | The list of subnets being created | list(map(string)) |
n/a | yes |
| Name | Description |
|---|---|
| network | The created network |
| network_id | The ID of the VPC being created |
| network_name | The name of the VPC being created |
| network_self_link | The URI of the VPC being created |
| project_id | VPC project id |
| route_names | The route names associated with this VPC |
| subnets | A map with keys of form subnet_region/subnet_name and values being the outputs of the google_compute_subnetwork resources used to create corresponding subnets. |
| subnets_flow_logs | Whether the subnets will have VPC flow logs enabled |
| subnets_ids | The IDs of the subnets being created |
| subnets_ips | The IPs and CIDRs of the subnets being created |
| subnets_names | The names of the subnets being created |
| subnets_private_access | Whether the subnets will have access to Google API's without a public IP |
| subnets_regions | The region where the subnets will be created |
| subnets_secondary_ranges | The secondary ranges associated with these subnets |
| subnets_self_links | The self-links of subnets being created |