You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The purpose of this step is to set up base and restricted shared VPCs with default DNS, NAT (optional), Private Service networking, VPC service controls, onprem dedicated interconnect, onprem VPN and baseline firewall rules for environment non-production.
Obtain the value for the access_context_manager_policy_id variable. Can be obtained by running gcloud access-context-manager policies list --organization YOUR-ORGANIZATION_ID --format="value(name)".
Inputs
Name
Description
Type
Default
Required
access_context_manager_policy_id
The id of the default Access Context Manager policy created in step 1-org. Can be obtained by running gcloud access-context-manager policies list --organization YOUR-ORGANIZATION_ID --format="value(name)".
number
n/a
yes
default_region1
First subnet region. The shared vpc modules only configures two regions.
string
n/a
yes
default_region2
Second subnet region. The shared vpc modules only configures two regions.
string
n/a
yes
dns_enable_inbound_forwarding
Toggle inbound query forwarding for VPC DNS.
bool
"true"
no
dns_enable_logging
Toggle DNS logging for VPC DNS.
bool
"true"
no
domain
The DNS name of peering managed zone, for instance 'example.com.'
string
n/a
yes
firewall_enable_logging
Toggle firewall logginglogging for VPC Firewalls.
bool
"true"
no
nat_bgp_asn
BGP ASN for first NAT cloud routes.
number
"64514"
no
nat_enabled
Toggle creation of NAT cloud router.
bool
"false"
no
nat_num_addresses
Number of external IPs to reserve for Cloud NAT.
number
"2"
no
nat_num_addresses_region1
Number of external IPs to reserve for first Cloud NAT.
number
"2"
no
nat_num_addresses_region2
Number of external IPs to reserve for second Cloud NAT.
number
"2"
no
optional_fw_rules_enabled
Toggle creation of optional firewall rules: IAP SSH, IAP RDP and Internal & Global load balancing health check and load balancing IP ranges.
bool
"false"
no
org_id
Organization ID
string
n/a
yes
parent_folder
Optional - if using a folder for testing.
string
""
no
subnetworks_enable_logging
Toggle subnetworks flow logging for VPC Subnetwoks.
bool
"true"
no
terraform_service_account
Service account email of the account to impersonate to run Terraform.
string
n/a
yes
windows_activation_enabled
Enable Windows license activation for Windows workloads.
bool
"false"
no
Outputs
Name
Description
base_host_project_id
The base host project ID
base_network_name
The name of the VPC being created
base_network_self_link
The URI of the VPC being created
base_subnets_ips
The IPs and CIDRs of the subnets being created
base_subnets_names
The names of the subnets being created
base_subnets_secondary_ranges
The secondary ranges associated with these subnets
base_subnets_self_links
The self-links of subnets being created
restricted_access_level_name
Access context manager access level name
restricted_host_project_id
The restricted host project ID
restricted_network_name
The name of the VPC being created
restricted_network_self_link
The URI of the VPC being created
restricted_service_perimeter_name
Access context manager service perimeter name
restricted_subnets_ips
The IPs and CIDRs of the subnets being created
restricted_subnets_names
The names of the subnets being created
restricted_subnets_secondary_ranges
The secondary ranges associated with these subnets