This repository leverages pre-built Terraform templates to streamline the setup and management of Google Cloud's networking infrastructure. This project accelerates your access to managed services like AlloyDB, Cloud SQL and Memorystore for Redis Clusters while maintaining robust security boundaries between your on-premises resources and the cloud environment. By defining role-based stages, the solution ensures that only authorized users can modify specific network components, adhering to the principle of least privilege and enhancing overall security.
- Simplified setup
- Enhanced security
- Scalability
- Role-based access
The project is structured into the following folders:
cloudnetworking-config-solutions
βββconfiguration
βββ bootstrap.tfvars
βββ organization.tfvars
βββ networking.tfvars
βββ networking-manual.tfvars
βββ security
βββ alloydb.tfvars
βββ cloudsql.tfvars
βββ gce.tfvars
βββ mrc.tfvars
βββexecution
βββ 00-bootstrap
βββ 01-organization
βββ 02-networking
βββ 03-security
βββ 04-producer
βββ 05-networking-manual
βββ 06-consumer
βββmodules
βββ net-vpc
βββ psc_forwarding_rule
-
configuration: This folder contains Terraform configuration files (*.tfvars) that hold variables used for multiple stages. These .tfvars files would include configurable variables such as project IDs, region or other values that you want to customize for your specific environment. -
execution: This folder houses the main Terraform code, organized into stages:00-bootstrap: Sets up foundational resources like service accounts and Terraform state storage.01-organization: Manages organization-level policies for network resources.02-networking: Manages VPCs, subnets, Cloud HA VPN and other core networking components like PSA, SCP, Cloud NAT.03-security: Configures firewalls and other security measures.04-producer: Implements producer services like AlloyDB, Memorystore for Redis clusters, and Cloud SQL.05-networking-manual: Implements networking services like Private Service Connectivity.06-consumer: Implements consumer services like Google Compute Engine instances.
-
modules: contains reusable Terraform modules.
-
Terraform: Ensure you have Terraform installed. Download from the official website
-
Google Cloud SDK (gcloud CLI): Install and authenticate with your Google Cloud project. Follow the instructions official documentation to install.
-
Google Cloud Project: Have an active Google Cloud project where you'll deploy the infrastructure. You can create a new project in the Google Cloud console.
-
IAM Permissions: Each stage's README will detail the required IAM permissions for that specific stage. Administrators must assign these permissions to users/service accounts responsible for each stage.
-
Clone the Repository:
git clone https://github.com/googlecloudplatform/cloudnetworking-config-solutions.git -
Customize Configuration:
Update the
*.tfvarsfiles in the configuration directory with your project-specific values. -
Navigate to a Stage:
Start with 00-bootstrap, then proceed sequentially through the stages.
-
Follow Stage-Specific Instructions:
Each stage directory contains a README with detailed instructions. Typically, you will run:
terraform init terraform plan terraform apply
- Customization: Configure the provided Terraform templates to your specific networking needs.
- Dependencies: Some stages depend on resources created in earlier stages.
- State Management: Consider using a remote backend like Google Cloud Storage for robust state management.