diff --git a/modules/apigee/README.md b/modules/apigee/README.md
index 353fb528..319f6bb8 100644
--- a/modules/apigee/README.md
+++ b/modules/apigee/README.md
@@ -42,10 +42,12 @@ module "apigee" {
}
instances = {
europe-west1 = {
+ nat_required = true
runtime_ip_cidr_range = "10.0.4.0/22"
troubleshooting_ip_cidr_range = "10.1.1.0.0/28"
}
europe-west3 = {
+ nat_required = false
runtime_ip_cidr_range = "10.0.8.0/22"
troubleshooting_ip_cidr_range = "10.1.16.0/28"
}
@@ -179,13 +181,13 @@ module "apigee" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [project_id](variables.tf#L90) | Project ID. | string
| ✓ | |
+| [project_id](variables.tf#L91) | Project ID. | string
| ✓ | |
| [addons_config](variables.tf#L17) | Addons configuration. | object({…})
| | null
|
| [endpoint_attachments](variables.tf#L29) | Endpoint attachments. | map(object({…}))
| | null
|
| [envgroups](variables.tf#L38) | Environment groups (NAME => [HOSTNAMES]). | map(list(string))
| | null
|
| [environments](variables.tf#L44) | Environments. | map(object({…}))
| | null
|
-| [instances](variables.tf#L62) | Instances ([REGION] => [INSTANCE]). | map(object({…}))
| | null
|
-| [organization](variables.tf#L75) | Apigee organization. If set to null the organization must already exist. | object({…})
| | null
|
+| [instances](variables.tf#L62) | Instances ([REGION] => [INSTANCE]). | map(object({…}))
| | null
|
+| [organization](variables.tf#L76) | Apigee organization. If set to null the organization must already exist. | object({…})
| | null
|
## Outputs
@@ -194,9 +196,10 @@ module "apigee" {
| [endpoint_attachment_hosts](outputs.tf#L17) | Endpoint hosts. | |
| [envgroups](outputs.tf#L22) | Environment groups. | |
| [environments](outputs.tf#L27) | Environment. | |
-| [instances](outputs.tf#L32) | Instances. | |
-| [org_id](outputs.tf#L37) | Organization ID. | |
-| [org_name](outputs.tf#L42) | Organization name. | |
-| [organization](outputs.tf#L47) | Organization. | |
-| [service_attachments](outputs.tf#L52) | Service attachments. | |
+| [instance_nat_ips](outputs.tf#L32) | NAT IP addresses used in instances. | |
+| [instances](outputs.tf#L37) | Instances. | |
+| [org_id](outputs.tf#L42) | Organization ID. | |
+| [org_name](outputs.tf#L47) | Organization name. | |
+| [organization](outputs.tf#L52) | Organization. | |
+| [service_attachments](outputs.tf#L57) | Service attachments. | |
diff --git a/modules/apigee/main.tf b/modules/apigee/main.tf
index e68c5f90..74246056 100644
--- a/modules/apigee/main.tf
+++ b/modules/apigee/main.tf
@@ -100,6 +100,16 @@ resource "google_apigee_instance" "instances" {
consumer_accept_list = each.value.consumer_accept_list
}
+resource "google_apigee_nat_address" "apigee_nat" {
+ for_each = {
+ for instance_name, instance_config in local.instances :
+ instance_name => instance_config.nat_required ? instance_config : null
+ }
+
+ name = "nat-${each.key}"
+ instance_id = google_apigee_instance.instances[each.key].id
+}
+
resource "google_apigee_instance_attachment" "instance_attachments" {
for_each = merge(concat([for k1, v1 in local.environments : {
for v2 in coalesce(v1.regions, []) :
diff --git a/modules/apigee/outputs.tf b/modules/apigee/outputs.tf
index 74ad9f18..473fbea8 100644
--- a/modules/apigee/outputs.tf
+++ b/modules/apigee/outputs.tf
@@ -29,6 +29,11 @@ output "environments" {
value = try(google_apigee_environment.environments, null)
}
+output "instance_nat_ips" {
+ description = "NAT IP addresses used in instances."
+ value = try(google_apigee_nat_address.apigee_nat, null)
+}
+
output "instances" {
description = "Instances."
value = try(google_apigee_instance.instances, null)
@@ -52,4 +57,4 @@ output "organization" {
output "service_attachments" {
description = "Service attachments."
value = { for k, v in google_apigee_instance.instances : k => v.service_attachment }
-}
+}
\ No newline at end of file
diff --git a/modules/apigee/variables.tf b/modules/apigee/variables.tf
index 4c2f0308..cae48e99 100644
--- a/modules/apigee/variables.tf
+++ b/modules/apigee/variables.tf
@@ -68,6 +68,7 @@ variable "instances" {
troubleshooting_ip_cidr_range = string
disk_encryption_key = optional(string)
consumer_accept_list = optional(list(string))
+ nat_required = optional(bool, false)
}))
default = null
}