Implements review comments.

blueprints/data-solutions/README.md

@@ -46,5 +46,5 @@ running on a VPC with a private IP and a dedicated Service Account. A GCS bucket
 
 <a href="./composer-2/" title="# Cloud Composer version 2 private instance, supporting Shared VPC and external CMEK key
 "><img src="./composer-2/diagram.png" align="left" width="280px"></a>
-This [blueprint](./composer-2/) creates a [Cloud Composer](https://cloud.google.com/sql) version 2 instance on a VPC with a dedicated service account. The solution supports as inputs: a Shared VPC and Cloud KMS CMEK keys.
+This [blueprint](./composer-2/) creates a [Cloud Composer](https://cloud.google.com/composer/) version 2 instance on a VPC with a dedicated service account. The solution supports as inputs: a Shared VPC and Cloud KMS CMEK keys.
 <br clear="left">

blueprints/data-solutions/composer-2/README.md

@@ -1,10 +1,10 @@
 # Cloud Composer version 2 private instance, supporting Shared VPC and external CMEK key
 
-This blueprint creates a Private instance of [Cloud Composer version 2](https://cloud.google.com/composer/docs/composer-2/composer-versioning-overview) on a VPC with a dedicated service account. Cloud Composer 2 is the new major verion for Cloud Composer that supports:
+This blueprint creates a Private instance of [Cloud Composer version 2](https://cloud.google.com/composer/docs/composer-2/composer-versioning-overview) on a VPC with a dedicated service account. Cloud Composer 2 is the new major version for Cloud Composer that supports:
  - environment autoscaling
  - workloads configuration: CPU, memory, and storage parameters for Airflow workers, schedulers, web server, and database.
 
-Please consult the [documentation page](https://cloud.google.com/composer/docs/composer-2/composer-versioning-overview) for an exaustive comparison between Composer Version 1 and Version 2.
+Please consult the [documentation page](https://cloud.google.com/composer/docs/composer-2/composer-versioning-overview) for an exhaustive comparison between Composer Version 1 and Version 2.
 
 The solution will use:
  - Cloud Composer 
@@ -31,7 +31,7 @@ Run Terraform init:
 $ terraform init
 ```
 
-Configure the Terraform variable in your terraform.tfvars file. You need to spefify at least the following variables:
+Configure the Terraform variable in your terraform.tfvars file. You need to specify at least the following variables:
 
 ```tfvars
 project_id          = "lcaggioni-sandbox"
@@ -48,6 +48,12 @@ You can now connect to your instance.
 
 # Customizations
 
+## VPC
+If a shared VPC is not configured, a VPC will be created within the project. The following IP ranges will be used:
+- Cloudsql: `10.20.10.0/24`
+- GKE: `10.20.11.0/28`
+
+Change the code as needed to match your needed configuration, remember that these addresses should not overlap with any other range used in network.
 ## Shared VPC
 As is often the case in real-world configurations, this blueprint accepts as input an existing [`Shared-VPC`](https://cloud.google.com/vpc/docs/shared-vpc) via the `network_config` variable. 
 
@@ -69,7 +75,7 @@ Make sure that:
 - The subnet has secondary ranges configured with 2 ranges:
     - pods: `/22` example: `10.10.8.0/22`
     - services = `/24` example: 10.10.12.0/24`
-- Firewall rules are set, as described in the [documentation](https://cloud.google.com/composer/docs/how-to/managing/configuring-private-ip#step_3_configure_firewall_rules)
+- Firewall rules are set, as described in the [documentation](https://cloud.google.com/composer/docs/composer-2/configure-private-ip#step_3_configure_firewall_rules)
 
 In order to run the example and deploy Cloud Composer on a shared VPC the identity running Terraform must have the following IAM role on the Shared VPC Host project.
  - Compute Network Admin (roles/compute.networkAdmin)

blueprints/data-solutions/composer-2/main.tf

@@ -23,6 +23,7 @@ locals {
     var.iam_groups_map
   )
 
+  # Adding Roles on Service Identities Service account as per documentation: https://cloud.google.com/composer/docs/composer-2/configure-shared-vpc#edit_permissions_for_the_google_apis_service_account
   _shared_vpc_bindings = {
     "roles/compute.networkUser" = [
       "prj-cloudservices", "prj-robot-gke"
@@ -128,13 +129,7 @@ module "vpc" {
   ]
 }
 
-module "firewall" {
-  source       = "../../../modules/net-vpc-firewall"
-  count        = local.use_shared_vpc ? 0 : 1
-  project_id   = module.project.project_id
-  network      = module.vpc.0.name
-  admin_ranges = ["10.0.0.0/20"]
-}
+# No explicit firewall rules set, created automatically by GKE autopilot
 
 module "nat" {
   source         = "../../../modules/net-cloudnat"

blueprints/data-solutions/composer-2/variables.tf

@@ -15,7 +15,7 @@
  */
 
 variable "composer_config" {
-  description = "Composer environemnt configuration. See [attribute reference](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/composer_environment#argument-reference---cloud-composer-2) for details on settings variables."
+  description = "Composer environment configuration. It accepts only following attributes: `environment_size`, `software_config` and `workloads_config`. See [attribute reference](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/composer_environment#argument-reference---cloud-composer-2) for details on settings variables."
   type = object({
     environment_size = string
     software_config  = any
@@ -98,7 +98,7 @@ variable "project_id" {
 }
 
 variable "region" {
-  description = "Region where instances will be deployed."
+  description = "Reagion where instances will be deployed."
   type        = string
   default     = "europe-west1"
 }