Palo Alto Networks Panorama Module for Google Clooud Platform

A Terraform module for deploying a Panorama instance in the Google Cloud Platform.

Usage

For usage, check the "examples" folder in the root of the repository.

Reference

Requirements

terraform, version: >= 1.3, < 2.0
google, version: >= 4.54

Providers

google, version: >= 4.54

Resources

compute_address (managed)
compute_address (managed)
compute_disk (managed)
compute_instance (managed)
compute_image (data)

Required Inputs

Name	Type	Description
`region`	`string`	Google Cloud region to deploy the resources into.
`zone`	`string`	Deployment area for Google Cloud resources within a region.
`subnet`	`string`	A regional resource, defining a range of IPv4 addresses.
`ssh_keys`	`string`	In order to connect via SSH to Panorama, provide your SSH public key here.

Optional Inputs

Name	Type	Description
`project`	`string`	The ID of the project in which the resource belongs.
`name`	`string`	Name of the Panorama instance.
`private_static_ip`	`string`	The static private IP address for Panorama.
`attach_public_ip`	`bool`	Determines if a Public IP should be assigned to Panorama.
`public_static_ip`	`string`	The static external IP address for Panorama instance.
`log_disks`	`list`	List of disks to create and attach to Panorama to store traffic logs.
`machine_type`	`string`	See the [Terraform manual](https://registry.
`min_cpu_platform`	`string`	See the [Terraform manual](https://registry.
`deletion_protection`	`bool`	Enable deletion protection on the instance.
`labels`	`map`	See the [Terraform manual](https://registry.
`tags`	`list`	See the [Terraform manual](https://registry.
`disk_type`	`string`	Type of boot disk.
`disk_size`	`string`	Size of boot disk in gigabytes.
`panorama_version`	`string`	Panorama version - based on the name of the Panorama public image - allows to specify which Panorama version will be deployed.
`custom_image`	`string`	Custom image for your Panorama instances.
`metadata`	`map`	See the [Terraform manual](https://registry.
`service_account`	`string`	IAM Service Account for running Panorama instance (just the email).
`scopes`	`list`	Access scopes for the compute instance - both OAuth2 URLs and gcloud short names are supported.

Outputs

Name	Description
`panorama_public_ip`	Private IP address of the Panorama instance.
`panorama_private_ip`	Public IP address of the Panorama instance.

Required Inputs details

region

Google Cloud region to deploy the resources into.

Type: string

^{back to list}

zone

Deployment area for Google Cloud resources within a region.

Type: string

^{back to list}

subnet

A regional resource, defining a range of IPv4 addresses. In Google Cloud, the terms subnet and subnetwork are synonymous.

Type: string

^{back to list}

ssh_keys

In order to connect via SSH to Panorama, provide your SSH public key here. Remember to add the admin prefix before you insert your public SSH key. More than one key can be added.

Example: ssh_keys = "admin:ssh-rsa AAAAB4NzaC5yc9EAACABBACBgQDAcjYw6xa2zUZ6reqHqDp9bYDLTu7Rnk5Sa3hthIsIsFaKenFLe4w3mm5eF3ebsfAAnuzI9ua9g7aB/ThIsIsAlSoFaKeN2VhUMDmlBYO5m1D4ip6eugS6uM="

Type: string

^{back to list}

Optional Inputs details

project

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Type: string

Default value: &{}

^{back to list}

name

Name of the Panorama instance.

Type: string

Default value: panorama

^{back to list}

private_static_ip

The static private IP address for Panorama. Only IPv4 is supported. An address may only be specified for INTERNAL address types. The IP address must be inside the specified subnetwork, if any. Set by the API if undefined.

Type: string

Default value: &{}

^{back to list}

attach_public_ip

Determines if a Public IP should be assigned to Panorama. Set by the API if the public_static_ip variable is not defined.

Type: bool

Default value: false

^{back to list}

public_static_ip

The static external IP address for Panorama instance. Only IPv4 is supported. Set by the API if undefined.

Type: string

Default value: &{}

^{back to list}

log_disks

List of disks to create and attach to Panorama to store traffic logs. Available options:

name (Required) Name of the resource. The name must be 1-63 characters long, and comply with RFC1035.
type (Optional) Disk type resource describing which disk type to use to create the disk. For available options, check the providers documentation.
size (Optional) Size of the disk for Panorama logs (Gigabytes).

Example:

log_disks = [
  {
    name = "example-disk-1"
    type = "pd-ssd"
    size = "2000"
  },
  {
    name = "example-disk-2"
    type = "pd-ssd"
    size = "3000"
  },
]

Type: list

Default value: []

^{back to list}

machine_type

See the Terraform manual

Type: string

Default value: n1-standard-16

^{back to list}

min_cpu_platform

See the Terraform manual

Type: string

Default value: Intel Broadwell

^{back to list}

deletion_protection

Enable deletion protection on the instance.

Type: bool

Default value: false

^{back to list}

labels

See the Terraform manual

Type: map(any)

Default value: map[]

^{back to list}

disk_type

Type of boot disk. For available options, check the providers documentation.

Type: string

Default value: pd-ssd

^{back to list}

disk_size

Size of boot disk in gigabytes. Default is the same as the OS image.

Type: string

Default value: &{}

^{back to list}

panorama_version

Panorama version - based on the name of the Panorama public image - allows to specify which Panorama version will be deployed. For more details regarding available Panorama versions in the Google Cloud Platform, please run the following command: gcloud compute images list --filter="name ~ .*panorama.*" --project paloaltonetworksgcp-public --no-standard-images

Type: string

Default value: panorama-byol-1000

^{back to list}

custom_image

Custom image for your Panorama instances. Custom images are available only to your Cloud project. You can create a custom image from boot disks and other images. For more information, please check the provider documentation as well as the Panorama Administrator's Guide.

If a custom_image is not specified, image_project and image_family are used to determine a Public image to use for Panorama.

Type: string

Default value: &{}

^{back to list}

metadata

See the Terraform manual

Type: map(string)

Default value: map[]

^{back to list}

service_account

IAM Service Account for running Panorama instance (just the email)

Type: string

Default value: &{}

^{back to list}

scopes

Access scopes for the compute instance - both OAuth2 URLs and gcloud short names are supported

Type: list(string)

Default value: []

^{back to list}

Usage​

Reference​

Requirements​

Providers​

Resources​

Required Inputs​

Optional Inputs​

Outputs​

Required Inputs details​

region​

zone​

subnet​

ssh_keys​

Optional Inputs details​

project​

name​

private_static_ip​

attach_public_ip​

public_static_ip​

log_disks​

machine_type​

min_cpu_platform​

deletion_protection​

labels​

tags​

disk_type​

disk_size​

panorama_version​

custom_image​

metadata​

service_account​

scopes​

Usage

Reference

Requirements

Providers

Resources

Required Inputs

Optional Inputs

Outputs

Required Inputs details

region

zone

subnet

ssh_keys

Optional Inputs details

project

name

private_static_ip

attach_public_ip

public_static_ip

log_disks

machine_type

min_cpu_platform

deletion_protection

labels

tags

disk_type

disk_size

panorama_version

custom_image

metadata

service_account

scopes