fixes
This commit is contained in:
parent
4d0edefe41
commit
3fd7a4005d
|
@ -80,8 +80,8 @@ This implementation is intentionally minimal and easy to read. A real world use
|
|||
- Using a Shared VPC
|
||||
- Using VPC-SC to mitigate data exfiltration
|
||||
|
||||
### Share VPC
|
||||
The example support the configuration of a Shared VPC as an input variable.
|
||||
### Shared VPC
|
||||
The example supports the configuration of a Shared VPC as an input variable.
|
||||
To deploy the solution on a Shared VPC, you have to configure the `network_config` variable:
|
||||
|
||||
```
|
||||
|
@ -93,16 +93,13 @@ network_config = {
|
|||
}
|
||||
```
|
||||
|
||||
To run this example, the Shared VPC project need to have:
|
||||
To run this example, the Shared VPC project needs to have:
|
||||
- A Private Service Connect with a range of `/24` (example: `10.60.0.0/24`) to deploy the Cloud SQL instance.
|
||||
- Internet gateway configured to let the Test VM download packages.
|
||||
- Internet access configured (for example Cloud NAT) to let the Test VM download packages.
|
||||
|
||||
In order to run the example and deploy Cloud SQL on a shared VPC the identity running Terraform must have the following IAM permissions on the Shared VPC Host project.
|
||||
- compute.networks.list
|
||||
- compute.addresses.create
|
||||
- compute.addresses.list
|
||||
- servicenetworking.services.addPeering
|
||||
- compute.xpnAdmin
|
||||
In order to run the example and deploy Cloud SQL on a shared VPC the identity running Terraform must have the following IAM role on the Shared VPC Host project.
|
||||
- Compute Network Admin (roles/compute.networkAdmin)
|
||||
- Compute Shared VPC Admin (roles/compute.xpnAdmin)
|
||||
|
||||
## Test your environment
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@ module "db" {
|
|||
source = "../../../modules/cloudsql-instance"
|
||||
project_id = module.project.project_id
|
||||
availability_type = var.sql_configuration.availability_type
|
||||
encryption_key_name = var.service_encryption_keys != null ? var.service_encryption_keys[var.regions.primary] : null
|
||||
encryption_key_name = var.service_encryption_keys != null ? try(var.service_encryption_keys[var.regions.primary], null) : null
|
||||
network = local.vpc_self_link
|
||||
name = "${var.prefix}-db"
|
||||
region = var.regions.primary
|
||||
|
@ -29,7 +29,7 @@ module "db" {
|
|||
for k, v in var.regions :
|
||||
k => {
|
||||
region = v,
|
||||
encryption_key_name = var.service_encryption_keys != null ? var.service_encryption_keys[v] : null
|
||||
encryption_key_name = var.service_encryption_keys != null ? try(var.service_encryption_keys[v], null) : null
|
||||
} if k != "primary"
|
||||
}
|
||||
databases = [var.postgres_database]
|
||||
|
|
|
@ -19,7 +19,7 @@ module "gcs" {
|
|||
name = "data"
|
||||
location = var.regions.primary
|
||||
storage_class = "REGIONAL"
|
||||
encryption_key = var.service_encryption_keys != null ? var.service_encryption_keys[var.regions.primary] : null
|
||||
encryption_key = var.service_encryption_keys != null ? try(var.service_encryption_keys[var.regions.primary], null) : null
|
||||
force_destroy = true
|
||||
}
|
||||
|
||||
|
|
|
@ -53,7 +53,7 @@ module "test-vm" {
|
|||
encryption = var.service_encryption_keys != null ? {
|
||||
encrypt_boot = true
|
||||
disk_encryption_key_raw = null
|
||||
kms_key_self_link = var.service_encryption_keys != null ? var.service_encryption_keys[var.regions.primary] : null
|
||||
kms_key_self_link = var.service_encryption_keys != null ? try(var.service_encryption_keys[var.regions.primary], null) : null
|
||||
} : null
|
||||
metadata = { startup-script = local.startup-script }
|
||||
tags = ["ssh"]
|
||||
|
|
Loading…
Reference in New Issue