Skip to content

Latest commit

 

History

History
63 lines (55 loc) · 4.97 KB

File metadata and controls

63 lines (55 loc) · 4.97 KB

3-networks/production

The purpose of this step is to set up base and restricted shared VPCs with default DNS, NAT (optional), Private Service networking, VPC service controls, onprem Dedicated Interconnect, onprem VPN and baseline firewall rules for environment production.

Prerequisites

  1. 0-bootstrap executed successfully.
  2. 1-org executed successfully.
  3. 2-environments/envs/production executed successfully.
  4. 3-networks/envs/shared executed successfully.
  5. Obtain the value for the access_context_manager_policy_id variable. Can be obtained by running gcloud access-context-manager policies list --organization YOUR_ORGANIZATION_ID --format="value(name)".

Inputs

Name Description Type Default Required
access_context_manager_policy_id The id of the default Access Context Manager policy created in step 1-org. Can be obtained by running gcloud access-context-manager policies list --organization YOUR_ORGANIZATION_ID --format="value(name)". number n/a yes
default_region1 First subnet region. The shared vpc modules only configures two regions. string n/a yes
default_region2 Second subnet region. The shared vpc modules only configures two regions. string n/a yes
dns_enable_inbound_forwarding Toggle inbound query forwarding for VPC DNS. bool true no
dns_enable_logging Toggle DNS logging for VPC DNS. bool true no
domain The DNS name of peering managed zone, for instance 'example.com.'. Must end with a period. string n/a yes
enable_hub_and_spoke Enable Hub-and-Spoke architecture. bool false no
enable_hub_and_spoke_transitivity Enable transitivity via gateway VMs on Hub-and-Spoke architecture. bool false no
enable_partner_interconnect Enable Partner Interconnect in the environment. bool false no
firewall_enable_logging Toggle firewall logging for VPC Firewalls. bool true no
folder_prefix Name prefix to use for folders created. Should be the same in all steps. string "fldr" no
nat_bgp_asn BGP ASN for first NAT cloud routes. number 64514 no
nat_enabled Toggle creation of NAT cloud router. bool false no
nat_num_addresses Number of external IPs to reserve for Cloud NAT. number 2 no
nat_num_addresses_region1 Number of external IPs to reserve for first Cloud NAT. number 2 no
nat_num_addresses_region2 Number of external IPs to reserve for second Cloud NAT. number 2 no
optional_fw_rules_enabled Toggle creation of optional firewall rules: IAP SSH, IAP RDP and Internal & Global load balancing health check and load balancing IP ranges. bool false no
org_id Organization ID string n/a yes
parent_folder Optional - for an organization with existing projects or for development/validation. It will place all the example foundation resources under the provided folder instead of the root organization. The value is the numeric folder ID. The folder must already exist. Must be the same value used in previous step. string "" no
preactivate_partner_interconnect Preactivate Partner Interconnect VLAN attachment in the environment. bool false no
subnetworks_enable_logging Toggle subnetworks flow logging for VPC Subnetworks. bool true no
terraform_service_account Service account email of the account to impersonate to run Terraform. string n/a yes
windows_activation_enabled Enable Windows license activation for Windows workloads. bool false no

Outputs

Name Description
base_host_project_id The base host project ID
base_network_name The name of the VPC being created
base_network_self_link The URI of the VPC being created
base_subnets_ips The IPs and CIDRs of the subnets being created
base_subnets_names The names of the subnets being created
base_subnets_secondary_ranges The secondary ranges associated with these subnets
base_subnets_self_links The self-links of subnets being created
restricted_access_level_name Access context manager access level name
restricted_host_project_id The restricted host project ID
restricted_network_name The name of the VPC being created
restricted_network_self_link The URI of the VPC being created
restricted_service_perimeter_name Access context manager service perimeter name
restricted_subnets_ips The IPs and CIDRs of the subnets being created
restricted_subnets_names The names of the subnets being created
restricted_subnets_secondary_ranges The secondary ranges associated with these subnets
restricted_subnets_self_links The self-links of subnets being created