Shared VPC support for subnet-level sharing

Question

Shared VPC support for subnet-level sharing

jeheyer opened this issue a year ago · 2 comments

TL;DR

Orgs using Shared VPC may wish to selectively share specific subnet(s) with specific project(s). The subnet object could have a shared_projects attribute which would be a list of project IDs to share to

Terraform Resources

data.google_project - to retrieve project number from project ID

google_compute_subnetwork_iam_binding - to assign IAM permissions for the project service accounts to a specific subnetwork

Detailed design

https://github.com/aws2gcp/gcp-network-terraform/blob/main/vpc-network/shared_vpc.tf

Additional information

Also might throw in ability to share subnets to specific accounts/groups. This is in the above code as a shared_accounts attribute to the subnet object, also a list of strings.

Answer 1 · 2023-11-28T13:31:21.000Z

@jeheyer when you create a service project using project factory you can mention either share all VPCs in the host project or share a specific project.

Answer 2 · 2024-01-27T23:09:21.000Z

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days