Skip to content

A Terraform module to create and manage a Cloud Router that used the Border Gateway Protocol (BGP) in Google Cloud https://cloud.google.com/network-connectivity/docs/router

License

Notifications You must be signed in to change notification settings

mineiros-io/terraform-google-cloud-router

Repository files navigation

Build Status GitHub tag (latest SemVer) Terraform Version Google Provider Version Join Slack

terraform-google-cloud-router

A Terraform module for Google Cloud Platform (GCP).

This module supports Terraform version 1 and is compatible with the Terraform Google Provider version 4. (4.28 and later) and 5._**

This module is part of our Infrastructure as Code (IaC) framework that enables our users and customers to easily deploy and manage reusable, secure, and production-grade cloud infrastructure.

Module Features

A Terraform base module for creating a google_compute_router resource. This module creates another resource google_compute_router_nat to create a more comprehensive google cloud router module.

Getting Started

Most basic usage just setting required arguments:

module "terraform-google-cloud-router" {
  source = "github.com/mineiros-io/terraform-google-cloud-router.git?ref=v0.0.2"
}

Module Argument Reference

See variables.tf and examples/ for details and use-cases.

Top-level Arguments

Module Configuration

  • module_enabled: (Optional bool)

    Specifies whether resources in the module will be created.

    Default is true.

  • module_depends_on: (Optional list(dependency))

    A list of dependencies. Any object can be assigned to this list to define a hidden external dependency.

    Example:

    module_depends_on = [
      google_network.network
    ]

Main Resource Configuration

  • region: (Required string)

    The region to host the VPC and all related resources in.

  • network: (Required string)

    A reference to the network to which this router belongs.

  • project: (Optional string)

    The ID of the project in which the resource belongs. If it is not set, the provider project is used.

  • name: (Optional string)

    Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression '[a-z]([-a-z0-9]*[a-z0-9])?' which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

    Default is "main".

  • bgp: (Optional object(bgp))

    BGP information specific to this router.

    Each bgp object can have the following fields:

    Example:

    bgp {
      asn               = 64514
      advertise_mode    = "CUSTOM"
      advertised_groups = ["ALL_SUBNETS"]
      advertised_ip_ranges {
        range = "1.2.3.4"
      }
      advertised_ip_ranges {
        range = "6.7.0.0/16"
    }

    The bgp object accepts the following attributes:

    • asn: (Required string)

      Local BGP Autonomous System Number (ASN). Must be an RFC6996 private ASN, either 16-bit or 32-bit. The value will be fixed for this router resource. All VPN tunnels that link to this router will have the same local ASN.

    • advertise_mode: (Optional string)

      User-specified flag to indicate which mode to use for advertisement. Possible values are DEFAULT and CUSTOM.

      Default is "DEFAULT".

    • advertised_groups: (Optional list(string))

      User-specified list of prefix groups to advertise in custom mode. This field can only be populated if advertiseMode is CUSTOM and is advertised to all peers of the router. These groups will be advertised in addition to any specified prefixes. Leave this field blank to advertise no custom groups. This enum field has the one valid value: ALL_SUBNETS

      Default is [].

    • advertised_ip_ranges: (Optional list(advertised_ip_range))

      User-specified list of individual IP ranges to advertise in custom mode. This field can only be populated if advertiseMode is CUSTOM and is advertised to all peers of the router. These IP ranges will be advertised in addition to any specified groups. Leave this field blank to advertise no custom IP ranges.

      Default is [].

      Each advertised_ip_range object in the list accepts the following attributes:

      • range: (Required string)

        The IP range to advertise. The value must be a CIDR-formatted string.

      • description: (Optional string)

        User-specified description for the IP range.

Extended Resource Configuration

Terraform google cloud router nat
  • nats: (Optional list(nat))

    NATs to deploy on this router.

    Default is [].

    Each nat object in the list accepts the following attributes:

    • name: (Required string)

      Name of the NAT.

    • nat_ip_allocate_option: (Optional string)

      How external IPs should be allocated for this NAT.

      Default is "AUTO_ONLY".

    • source_subnetwork_ip_ranges_to_nat: (Optional string)

      How NAT should be configured per Subnetwork.

      Default is "ALL_SUBNETWORKS_ALL_IP_RANGES".

    • nat_ips: (Optional list(number))

      Self-links of NAT IPs. Only valid if natIpAllocateOption is set to MANUAL_ONLY.

    • enable_dynamic_port_allocation: (Optional bool)

      Enable Dynamic Port Allocation. If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. Mutually exclusive with enableEndpointIndependentMapping.

    • min_ports_per_vm: (Optional number)

      Minimum number of ports allocated to a VM from this NAT.

    • min_ports_per_vm: (Optional number)

      Maximum number of ports allocated to a VM from this NAT.

    • udp_idle_timeout_sec: (Optional number)

      Timeout (in seconds) for UDP connections.

      Default is 30.

    • icmp_idle_timeout_sec: (Optional number)

      Timeout (in seconds) for ICMP connections.

      Default is 30.

    • tcp_established_idle_timeout_sec: (Optional number)

      Timeout (in seconds) for TCP established connections.

      Default is 1200.

    • tcp_transitory_idle_timeout_sec: (Optional number)

      Timeout (in seconds) for TCP transitory connections.

      Default is 30.

    • log_config: (Optional object(log_config))

      Configuration for logging on NAT.

      Default is [].

      The log_config object accepts the following attributes:

      • enabled: (Required bool)

        Indicates whether or not to export logs.

        Default is true.

      • filter: (Required string)

        Specifies the desired filtering of logs on this NAT.

        Default is "ALL".

    • subnetworks: (Optional list(subnetwork))

      Configuration for logging on NAT.

      Default is [].

      Each subnetwork object in the list accepts the following attributes:

      • name: (Required string)

        Self-link of subnetwork to NAT.

      • source_ip_ranges_to_nat: (Required string)

        List of options for which source IPs in the subnetwork should have NAT enabled.

      • secondary_ip_range_names: (Optional string)

        List of the secondary ranges of the subnetwork that are allowed to use NAT.

        Default is "[]".

Module Outputs

The following attributes are exported in the outputs of the module:

  • module_enabled: (bool)

    Whether this module is enabled.

  • router: (object(router))

    The outputs of the created Cloud Router.

  • nats: (list(nat))

    The outputs of the create Cloud NATs.

External Documentation

Google Documentation

Terraform Google Provider Documentation

Module Versioning

This Module follows the principles of Semantic Versioning (SemVer).

Given a version number MAJOR.MINOR.PATCH, we increment the:

  1. MAJOR version when we make incompatible changes,
  2. MINOR version when we add functionality in a backwards compatible manner, and
  3. PATCH version when we make backwards compatible bug fixes.

Backwards compatibility in 0.0.z and 0.y.z version

  • Backwards compatibility in versions 0.0.z is not guaranteed when z is increased. (Initial development)
  • Backwards compatibility in versions 0.y.z is not guaranteed when y is increased. (Pre-release)

About Mineiros

Mineiros is a remote-first company headquartered in Berlin, Germany that solves development, automation and security challenges in cloud infrastructure.

Our vision is to massively reduce time and overhead for teams to manage and deploy production-grade and secure cloud infrastructure.

We offer commercial support for all of our modules and encourage you to reach out if you have any questions or need help. Feel free to email us at hello@mineiros.io or join our Community Slack channel.

Reporting Issues

We use GitHub Issues to track community reported issues and missing features.

Contributing

Contributions are always encouraged and welcome! For the process of accepting changes, we use Pull Requests. If you'd like more information, please see our Contribution Guidelines.

Makefile Targets

This repository comes with a handy Makefile. Run make help to see details on each available target.

License

license

This module is licensed under the Apache License Version 2.0, January 2004. Please see LICENSE for full details.

Copyright © 2020-2022 Mineiros GmbH