fixes
This commit is contained in:
parent
4d0edefe41
commit
3fd7a4005d
|
@ -80,8 +80,8 @@ This implementation is intentionally minimal and easy to read. A real world use
|
||||||
- Using a Shared VPC
|
- Using a Shared VPC
|
||||||
- Using VPC-SC to mitigate data exfiltration
|
- Using VPC-SC to mitigate data exfiltration
|
||||||
|
|
||||||
### Share VPC
|
### Shared VPC
|
||||||
The example support the configuration of a Shared VPC as an input variable.
|
The example supports the configuration of a Shared VPC as an input variable.
|
||||||
To deploy the solution on a Shared VPC, you have to configure the `network_config` variable:
|
To deploy the solution on a Shared VPC, you have to configure the `network_config` variable:
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -93,16 +93,13 @@ network_config = {
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
To run this example, the Shared VPC project need to have:
|
To run this example, the Shared VPC project needs to have:
|
||||||
- A Private Service Connect with a range of `/24` (example: `10.60.0.0/24`) to deploy the Cloud SQL instance.
|
- A Private Service Connect with a range of `/24` (example: `10.60.0.0/24`) to deploy the Cloud SQL instance.
|
||||||
- Internet gateway configured to let the Test VM download packages.
|
- Internet access configured (for example Cloud NAT) to let the Test VM download packages.
|
||||||
|
|
||||||
In order to run the example and deploy Cloud SQL on a shared VPC the identity running Terraform must have the following IAM permissions on the Shared VPC Host project.
|
In order to run the example and deploy Cloud SQL on a shared VPC the identity running Terraform must have the following IAM role on the Shared VPC Host project.
|
||||||
- compute.networks.list
|
- Compute Network Admin (roles/compute.networkAdmin)
|
||||||
- compute.addresses.create
|
- Compute Shared VPC Admin (roles/compute.xpnAdmin)
|
||||||
- compute.addresses.list
|
|
||||||
- servicenetworking.services.addPeering
|
|
||||||
- compute.xpnAdmin
|
|
||||||
|
|
||||||
## Test your environment
|
## Test your environment
|
||||||
|
|
||||||
|
|
|
@ -16,7 +16,7 @@ module "db" {
|
||||||
source = "../../../modules/cloudsql-instance"
|
source = "../../../modules/cloudsql-instance"
|
||||||
project_id = module.project.project_id
|
project_id = module.project.project_id
|
||||||
availability_type = var.sql_configuration.availability_type
|
availability_type = var.sql_configuration.availability_type
|
||||||
encryption_key_name = var.service_encryption_keys != null ? var.service_encryption_keys[var.regions.primary] : null
|
encryption_key_name = var.service_encryption_keys != null ? try(var.service_encryption_keys[var.regions.primary], null) : null
|
||||||
network = local.vpc_self_link
|
network = local.vpc_self_link
|
||||||
name = "${var.prefix}-db"
|
name = "${var.prefix}-db"
|
||||||
region = var.regions.primary
|
region = var.regions.primary
|
||||||
|
@ -29,7 +29,7 @@ module "db" {
|
||||||
for k, v in var.regions :
|
for k, v in var.regions :
|
||||||
k => {
|
k => {
|
||||||
region = v,
|
region = v,
|
||||||
encryption_key_name = var.service_encryption_keys != null ? var.service_encryption_keys[v] : null
|
encryption_key_name = var.service_encryption_keys != null ? try(var.service_encryption_keys[v], null) : null
|
||||||
} if k != "primary"
|
} if k != "primary"
|
||||||
}
|
}
|
||||||
databases = [var.postgres_database]
|
databases = [var.postgres_database]
|
||||||
|
|
|
@ -19,7 +19,7 @@ module "gcs" {
|
||||||
name = "data"
|
name = "data"
|
||||||
location = var.regions.primary
|
location = var.regions.primary
|
||||||
storage_class = "REGIONAL"
|
storage_class = "REGIONAL"
|
||||||
encryption_key = var.service_encryption_keys != null ? var.service_encryption_keys[var.regions.primary] : null
|
encryption_key = var.service_encryption_keys != null ? try(var.service_encryption_keys[var.regions.primary], null) : null
|
||||||
force_destroy = true
|
force_destroy = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -53,7 +53,7 @@ module "test-vm" {
|
||||||
encryption = var.service_encryption_keys != null ? {
|
encryption = var.service_encryption_keys != null ? {
|
||||||
encrypt_boot = true
|
encrypt_boot = true
|
||||||
disk_encryption_key_raw = null
|
disk_encryption_key_raw = null
|
||||||
kms_key_self_link = var.service_encryption_keys != null ? var.service_encryption_keys[var.regions.primary] : null
|
kms_key_self_link = var.service_encryption_keys != null ? try(var.service_encryption_keys[var.regions.primary], null) : null
|
||||||
} : null
|
} : null
|
||||||
metadata = { startup-script = local.startup-script }
|
metadata = { startup-script = local.startup-script }
|
||||||
tags = ["ssh"]
|
tags = ["ssh"]
|
||||||
|
|
Loading…
Reference in New Issue