A Terraform module for Google Cloud Platform (GCP).
This module supports Terraform version 1 and is compatible with the Terraform Google Provider version 4. (4.28 and later) and 5._**
This module is part of our Infrastructure as Code (IaC) framework that enables our users and customers to easily deploy and manage reusable, secure, and production-grade cloud infrastructure.
- Module Features
- Getting Started
- Module Argument Reference
- Module Outputs
- External Documentation
- Module Versioning
- About Mineiros
- Reporting Issues
- Contributing
- Makefile Targets
- License
A Terraform base module for creating a google_compute_router
resource. This module creates another resource google_compute_router_nat
to create a more comprehensive google cloud router module.
Most basic usage just setting required arguments:
module "terraform-google-cloud-router" {
source = "github.com/mineiros-io/terraform-google-cloud-router.git?ref=v0.0.2"
}
See variables.tf and examples/ for details and use-cases.
-
module_enabled
: (Optionalbool
)Specifies whether resources in the module will be created.
Default is
true
. -
module_depends_on
: (Optionallist(dependency)
)A list of dependencies. Any object can be assigned to this list to define a hidden external dependency.
Example:
module_depends_on = [ google_network.network ]
-
region
: (Requiredstring
)The region to host the VPC and all related resources in.
-
network
: (Requiredstring
)A reference to the network to which this router belongs.
-
project
: (Optionalstring
)The ID of the project in which the resource belongs. If it is not set, the provider project is used.
-
name
: (Optionalstring
)Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
'[a-z]([-a-z0-9]*[a-z0-9])?'
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.Default is
"main"
. -
bgp
: (Optionalobject(bgp)
)BGP information specific to this router.
Each
bgp
object can have the following fields:Example:
bgp { asn = 64514 advertise_mode = "CUSTOM" advertised_groups = ["ALL_SUBNETS"] advertised_ip_ranges { range = "1.2.3.4" } advertised_ip_ranges { range = "6.7.0.0/16" }
The
bgp
object accepts the following attributes:-
asn
: (Requiredstring
)Local BGP Autonomous System Number
(ASN)
. Must be an RFC6996 private ASN, either16-bit
or32-bit
. The value will be fixed for this router resource. All VPN tunnels that link to this router will have the same local ASN. -
advertise_mode
: (Optionalstring
)User-specified flag to indicate which mode to use for advertisement. Possible values are
DEFAULT
andCUSTOM
.Default is
"DEFAULT"
. -
advertised_groups
: (Optionallist(string)
)User-specified list of prefix groups to advertise in custom mode. This field can only be populated if advertiseMode is
CUSTOM
and is advertised to all peers of the router. These groups will be advertised in addition to any specified prefixes. Leave this field blank to advertise no custom groups. This enum field has the one valid value:ALL_SUBNETS
Default is
[]
. -
advertised_ip_ranges
: (Optionallist(advertised_ip_range)
)User-specified list of individual IP ranges to advertise in custom mode. This field can only be populated if advertiseMode is
CUSTOM
and is advertised to all peers of the router. These IP ranges will be advertised in addition to any specified groups. Leave this field blank to advertise no custom IP ranges.Default is
[]
.Each
advertised_ip_range
object in the list accepts the following attributes:-
range
: (Requiredstring
)The IP range to advertise. The value must be a CIDR-formatted string.
-
description
: (Optionalstring
)User-specified description for the IP range.
-
-
-
nats
: (Optionallist(nat)
)NATs to deploy on this router.
Default is
[]
.Each
nat
object in the list accepts the following attributes:-
name
: (Requiredstring
)Name of the NAT.
-
nat_ip_allocate_option
: (Optionalstring
)How external IPs should be allocated for this NAT.
Default is
"AUTO_ONLY"
. -
source_subnetwork_ip_ranges_to_nat
: (Optionalstring
)How NAT should be configured per Subnetwork.
Default is
"ALL_SUBNETWORKS_ALL_IP_RANGES"
. -
nat_ips
: (Optionallist(number)
)Self-links of NAT IPs. Only valid if
natIpAllocateOption
is set to MANUAL_ONLY. -
enable_dynamic_port_allocation
: (Optionalbool
)Enable Dynamic Port Allocation. If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. Mutually exclusive with enableEndpointIndependentMapping.
-
min_ports_per_vm
: (Optionalnumber
)Minimum number of ports allocated to a VM from this NAT.
-
min_ports_per_vm
: (Optionalnumber
)Maximum number of ports allocated to a VM from this NAT.
-
udp_idle_timeout_sec
: (Optionalnumber
)Timeout (in seconds) for UDP connections.
Default is
30
. -
icmp_idle_timeout_sec
: (Optionalnumber
)Timeout (in seconds) for ICMP connections.
Default is
30
. -
tcp_established_idle_timeout_sec
: (Optionalnumber
)Timeout (in seconds) for TCP established connections.
Default is
1200
. -
tcp_transitory_idle_timeout_sec
: (Optionalnumber
)Timeout (in seconds) for TCP transitory connections.
Default is
30
. -
log_config
: (Optionalobject(log_config)
)Configuration for logging on NAT.
Default is
[]
.The
log_config
object accepts the following attributes: -
subnetworks
: (Optionallist(subnetwork)
)Configuration for logging on NAT.
Default is
[]
.Each
subnetwork
object in the list accepts the following attributes:-
name
: (Requiredstring
)Self-link of subnetwork to NAT.
-
source_ip_ranges_to_nat
: (Requiredstring
)List of options for which source IPs in the subnetwork should have NAT enabled.
-
secondary_ip_range_names
: (Optionalstring
)List of the secondary ranges of the subnetwork that are allowed to use NAT.
Default is
"[]"
.
-
-
The following attributes are exported in the outputs of the module:
-
module_enabled
: (bool
)Whether this module is enabled.
-
router
: (object(router)
)The outputs of the created Cloud Router.
-
nats
: (list(nat)
)The outputs of the create Cloud NATs.
- https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_router
- https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_router_nat
This Module follows the principles of Semantic Versioning (SemVer).
Given a version number MAJOR.MINOR.PATCH
, we increment the:
MAJOR
version when we make incompatible changes,MINOR
version when we add functionality in a backwards compatible manner, andPATCH
version when we make backwards compatible bug fixes.
- Backwards compatibility in versions
0.0.z
is not guaranteed whenz
is increased. (Initial development) - Backwards compatibility in versions
0.y.z
is not guaranteed wheny
is increased. (Pre-release)
Mineiros is a remote-first company headquartered in Berlin, Germany that solves development, automation and security challenges in cloud infrastructure.
Our vision is to massively reduce time and overhead for teams to manage and deploy production-grade and secure cloud infrastructure.
We offer commercial support for all of our modules and encourage you to reach out if you have any questions or need help. Feel free to email us at hello@mineiros.io or join our Community Slack channel.
We use GitHub Issues to track community reported issues and missing features.
Contributions are always encouraged and welcome! For the process of accepting changes, we use Pull Requests. If you'd like more information, please see our Contribution Guidelines.
This repository comes with a handy Makefile.
Run make help
to see details on each available target.
This module is licensed under the Apache License Version 2.0, January 2004. Please see LICENSE for full details.
Copyright © 2020-2022 Mineiros GmbH