VPC Network Module for GCP

A Terraform module for deploying a VPC and associated subnetworks and firewall rules in GCP.

One advantage of this module over the terraform-google-network module is that this module lets you use existing VPC networks and subnetworks to support brownfield deployments.

Reference

Requirements

Name	Version
terraform	>= 1.3, < 2.0
google	~> 4.54

Providers

Name	Version
google	~> 4.54

Modules

No modules.

Resources

Name	Type
google_compute_firewall.this	resource
google_compute_network.this	resource
google_compute_subnetwork.this	resource
google_compute_network.this	data source
google_compute_subnetwork.this	data source

Inputs

Name	Description	Type	Default	Required
create_network	A flag to indicate the creation or import of a VPC network. Setting this to `true` will create a new network managed by Terraform. Setting this to `false` will try to read the existing network identified by `name` and `project` variables.	`bool`	`true`	no
delete_default_routes_on_create	A flag to indicate the deletion of the default routes at VPC creation. Setting this to `true` the default route `0.0.0.0/0` will be deleted upon network creation. Setting this to `false` the default route `0.0.0.0/0` will be not be deleted upon network creation.	`bool`	`false`	no
firewall_rules	A map containing each firewall rule configuration. Action of the firewall rule is always `allow`. The only possible direction of the firewall rule is `INGRESS`. List of available attributes of each firewall rule entry: - `name` : Name of the firewall rule. - `source_ranges` : (Optional) A list of strings containing the source IP ranges to be allowed on the firewall rule. - `source_tags` : (Optional) A list of strings containing the source network tags to be allowed on the firewall rule. - `source_service_accounts` : (Optional) A list of strings containg the source servce accounts to be allowed on the firewall rule. - `target_service_accounts` : (Optional) A list of strings containing the service accounts for which the firewall rule applies to. - `target_tags` : (Optional) A list of strings containing the network tags for which the firewall rule applies to. - `allowed_protocol` : The protocol type to match in the firewall rule. Possible values are: `tcp`, `udp`, `icmp`, `esp`, `ah`, `sctp`, `ipip`, `all`. - `ports` : A list of strings containing TCP or UDP port numbers to match in the firewall rule. This type of setting can only be configured if allowing TCP and UDP as protocols. - `priority` : (Optional) A priority value for the firewall rule. The lower the number - the more preferred the rule is. - `log_metadata` : (Optional) This field denotes whether to include or exclude metadata for firewall logs. Possible values are: `EXCLUDE_ALL_METADATA`, `INCLUDE_ALL_METADATA`. Example : `firewall_rules = { firewall-rule-1 = { name = "first-rule" source_ranges = ["10.10.10.0/24", "1.1.1.0/24"] priority = "2000" target_tags = ["vmseries-firewalls"] allowed_protocol = "TCP" allowed_ports = ["443", "22"] } }`	`map(object({ name = string source_ranges = optional(list(string)) source_tags = optional(list(string)) source_service_accounts = optional(list(string)) allowed_protocol = string allowed_ports = list(string) priority = optional(string) target_service_accounts = optional(list(string)) target_tags = optional(list(string)) log_metadata = optional(string) }))`	`{}`	no
mtu	MTU value for VPC Network. Acceptable values are between 1300 and 8896.	`number`	`1460`	no
name	The name of the created or already existing VPC Network.	`string`	n/a	yes
project_id	Project in which to create or look for VPCs and subnets	`string`	`null`	no
routing_mode	Type of network-wide routing mode to use. Possible types are: REGIONAL and GLOBAL. REGIONAL routing mode will set the cloud routers to only advertise subnetworks within the same region as the router. GLOBAL routing mode will set the cloud routers to advertise all the subnetworks that belong to this network.	`string`	`"REGIONAL"`	no
subnetworks	A map containing subnetworks configuration. Subnets can belong to different regions. List of available attributes of each subnetwork entry: - `name` : Name of the subnetwork. - `create_subnetwork` : Boolean value to control the creation or reading of the subnetwork. If set to `true` - this will create the subnetwork. If set to `false` - this will read a subnet with provided information. - `ip_cidr_range` : A string that contains the subnetwork to create. Only IPv4 format is supported. - `region` : Region where to configure or import the subnet. Example: `subnetworks = { my-sub = { name = "my-sub" create_subnetwork = true ip_cidr_range = "192.168.0.0/24" region = "us-east1" } }`	`map(object({ name = string create_subnetwork = optional(bool, true) ip_cidr_range = string region = string }))`	`{}`	no

Outputs

Name	Description
network	Created or read network attributes.
subnetworks	Map containing key, value pairs of created or read subnetwork attributes.

VPC Network Module for GCP

Reference​

Requirements​

Providers​

Modules​

Resources​

Inputs​

Outputs​