diff --git a/modules/net-vpc/README.md b/modules/net-vpc/README.md
index 124df134..6e4c8089 100644
--- a/modules/net-vpc/README.md
+++ b/modules/net-vpc/README.md
@@ -460,7 +460,7 @@ module "vpc" {
| [name](variables.tf#L84) | The name of the network being created. | string | ✓ | |
| [project_id](variables.tf#L100) | The ID of the project where this VPC will be created. | string | ✓ | |
| [auto_create_subnetworks](variables.tf#L17) | Set to true to create an auto mode subnet, defaults to custom mode. | bool | | false |
-| [create_default_routes](variables.tf#L23) | Toggle creation of googleapis private/restricted routes. | object({…}) | | {} |
+| [create_default_routes](variables.tf#L23) | Toggle creation of googleapis private/restricted routes. | object({…}) | | {} |
| [data_folder](variables.tf#L35) | An optional folder containing the subnet configurations in YaML format. | string | | null |
| [delete_default_routes_on_create](variables.tf#L41) | Set to true to delete the default routes at creation time. | bool | | false |
| [description](variables.tf#L47) | An optional description of this resource (triggers recreation on change). | string | | "Terraform-managed." |
diff --git a/modules/net-vpc/routes.tf b/modules/net-vpc/routes.tf
index e0603828..65a310ab 100644
--- a/modules/net-vpc/routes.tf
+++ b/modules/net-vpc/routes.tf
@@ -17,7 +17,23 @@
# tfdoc:file:description Route resources.
locals {
- _routes = var.routes == null ? {} : var.routes
+ _googleapis_ranges = {
+ private = "199.36.153.8/30"
+ private-6 = "2600:2d00:0002:2000::/64"
+ restricted = "199.36.153.4/30"
+ restricted-6 = "2600:2d00:0002:1000::/64"
+ }
+ _googleapis_routes = {
+ for k, v in local._googleapis_ranges : "${k}-googleapis" => {
+ dest_range = v
+ next_hop = "default-internet-gateway"
+ next_hop_type = "gateway"
+ priority = 1000
+ tags = null
+ }
+ if var.create_default_routes[k]
+ }
+ _routes = merge(local._googleapis_routes, coalesce(var.routes, {}))
routes = {
gateway = { for k, v in local._routes : k => v if v.next_hop_type == "gateway" }
ilb = { for k, v in local._routes : k => v if v.next_hop_type == "ilb" }
@@ -88,43 +104,3 @@ resource "google_compute_route" "vpn_tunnel" {
tags = each.value.tags
next_hop_vpn_tunnel = each.value.next_hop
}
-
-resource "google_compute_route" "private" {
- count = var.create_default_routes.private ? 1 : 0
- project = var.project_id
- network = local.network.name
- name = "private-googleapis-default"
- description = "Terraform-managed."
- dest_range = "199.36.153.8/30"
- next_hop_gateway = "default-internet-gateway"
-}
-
-resource "google_compute_route" "private6" {
- count = var.create_default_routes.private6 ? 1 : 0
- project = var.project_id
- network = local.network.name
- name = "private6-googleapis-default"
- description = "Terraform-managed."
- dest_range = "2600:2d00:0002:2000::/64"
- next_hop_gateway = "default-internet-gateway"
-}
-
-resource "google_compute_route" "restricted" {
- count = var.create_default_routes.restricted ? 1 : 0
- project = var.project_id
- network = local.network.name
- name = "restricted-googleapis-default"
- description = "Terraform-managed."
- dest_range = "199.36.153.4/30"
- next_hop_gateway = "default-internet-gateway"
-}
-
-resource "google_compute_route" "restricted6" {
- count = var.create_default_routes.restricted6 ? 1 : 0
- project = var.project_id
- network = local.network.name
- name = "restricted6-googleapis-default"
- description = "Terraform-managed."
- dest_range = "2600:2d00:0002:1000::/64"
- next_hop_gateway = "default-internet-gateway"
-}
diff --git a/modules/net-vpc/variables.tf b/modules/net-vpc/variables.tf
index f5f93eff..ba9dcc40 100644
--- a/modules/net-vpc/variables.tf
+++ b/modules/net-vpc/variables.tf
@@ -23,10 +23,10 @@ variable "auto_create_subnetworks" {
variable "create_default_routes" {
description = "Toggle creation of googleapis private/restricted routes."
type = object({
- private = optional(bool, true)
- private6 = optional(bool, false)
- restricted = optional(bool, true)
- restricted6 = optional(bool, false)
+ private = optional(bool, true)
+ private-6 = optional(bool, false)
+ restricted = optional(bool, true)
+ restricted-6 = optional(bool, false)
})
default = {}
nullable = false