fixes

examples/data-solutions/cloudsql-multiregion/README.md

@@ -80,8 +80,8 @@ This implementation is intentionally minimal and easy to read. A real world use
 - Using a Shared VPC
 - Using VPC-SC to mitigate data exfiltration
 
-### Share VPC
-The example support the configuration of a Shared VPC as an input variable. 
+### Shared VPC
+The example supports the configuration of a Shared VPC as an input variable. 
 To deploy the solution on a Shared VPC, you have to configure the `network_config` variable:
 
 ```
@@ -93,16 +93,13 @@ network_config = {
   }
 ```
 
-To run this example, the Shared VPC project need to have:
+To run this example, the Shared VPC project needs to have:
  - A Private Service Connect with a range of `/24` (example: `10.60.0.0/24`) to deploy the Cloud SQL instance.
- - Internet gateway configured to let the Test VM download packages. 
+ - Internet access configured (for example Cloud NAT) to let the Test VM download packages. 
 
-In order to run the example and deploy Cloud SQL on a shared VPC the identity running Terraform must have the following IAM permissions on the Shared VPC Host project.
- - compute.networks.list
- - compute.addresses.create
- - compute.addresses.list
- - servicenetworking.services.addPeering
- - compute.xpnAdmin
+In order to run the example and deploy Cloud SQL on a shared VPC the identity running Terraform must have the following IAM role on the Shared VPC Host project.
+ - Compute Network Admin (roles/compute.networkAdmin)
+ - Compute Shared VPC Admin (roles/compute.xpnAdmin)
 
 ## Test your environment
 

examples/data-solutions/cloudsql-multiregion/cloudsql.tf

@@ -16,7 +16,7 @@ module "db" {
   source              = "../../../modules/cloudsql-instance"
   project_id          = module.project.project_id
   availability_type   = var.sql_configuration.availability_type
-  encryption_key_name = var.service_encryption_keys != null ? var.service_encryption_keys[var.regions.primary] : null
+  encryption_key_name = var.service_encryption_keys != null ? try(var.service_encryption_keys[var.regions.primary], null) : null
   network             = local.vpc_self_link
   name                = "${var.prefix}-db"
   region              = var.regions.primary
@@ -29,7 +29,7 @@ module "db" {
     for k, v in var.regions :
     k => {
       region              = v,
-      encryption_key_name = var.service_encryption_keys != null ? var.service_encryption_keys[v] : null
+      encryption_key_name = var.service_encryption_keys != null ? try(var.service_encryption_keys[v], null) : null
     } if k != "primary"
   }
   databases = [var.postgres_database]

examples/data-solutions/cloudsql-multiregion/datastorage.tf

@@ -19,7 +19,7 @@ module "gcs" {
   name           = "data"
   location       = var.regions.primary
   storage_class  = "REGIONAL"
-  encryption_key = var.service_encryption_keys != null ? var.service_encryption_keys[var.regions.primary] : null
+  encryption_key = var.service_encryption_keys != null ? try(var.service_encryption_keys[var.regions.primary], null) : null
   force_destroy  = true
 }
 

examples/data-solutions/cloudsql-multiregion/gce.tf

@@ -53,7 +53,7 @@ module "test-vm" {
   encryption = var.service_encryption_keys != null ? {
     encrypt_boot            = true
     disk_encryption_key_raw = null
-    kms_key_self_link       = var.service_encryption_keys != null ? var.service_encryption_keys[var.regions.primary] : null
+    kms_key_self_link       = var.service_encryption_keys != null ? try(var.service_encryption_keys[var.regions.primary], null) : null
   } : null
   metadata = { startup-script = local.startup-script }
   tags     = ["ssh"]