Deploy bastion without IAP
antoinetran opened this issue · 4 comments
antoinetran commented
TL;DR
It seems impossible to deploy this terraform module without IAP? IAP is a paid option and I would like to just deploy a bastion with one external IP and firewal rules.
Terraform Resources
No response
Detailed design
No response
Additional information
No response
antoinetran commented
This code https://github.com/terraform-google-modules/terraform-google-bastion-host/blob/v6.0.0/modules/iap-tunneling/main.tf#L36C42-L36C42 enables IAP and is not an option. Thus I get this error:
Error retrieving IAM policy for iap tunnelinstance "projects/XXX/iap_tunnel/zones/XXX/instances/bastion-vm": googleapi: Error 403: Cloud Identity-Aware Proxy API has not been used in project XXX before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/iap.googleapis.com/overview?project=XXX then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry