diff --git a/fast/stages/2-networking-a-peering/README.md b/fast/stages/2-networking-a-peering/README.md
index e0c9f9b2..93db80e6 100644
--- a/fast/stages/2-networking-a-peering/README.md
+++ b/fast/stages/2-networking-a-peering/README.md
@@ -190,7 +190,7 @@ DNS queries sent to the on-premises infrastructure come from the `35.199.192.0/1
#### On-prem to cloud
-The [Inbound DNS Policy](https://cloud.google.com/dns/docs/server-policies-overview#dns-server-policy-in) defined in module `landing-vpc` ([`landing.tf`](./landing.tf)) automatically reserves the first available IP address on each created subnet (typically the third one in a CIDR) to expose the Cloud DNS service so that it can be consumed from outside of GCP.
+The [Inbound DNS Policy](https://cloud.google.com/dns/docs/server-policies-overview#dns-server-policy-in) defined in module `landing-vpc` ([`net-landing.tf`](./net-landing.tf)) automatically reserves the first available IP address on each created subnet (typically the third one in a CIDR) to expose the Cloud DNS service so that it can be consumed from outside of GCP.
## How to run this stage
@@ -349,9 +349,9 @@ vpn_onprem_primary_config = {
To create a new environment (e.g. `staging`), a few changes are required.
-Create a `spoke-staging.tf` file by copying `spoke-prod.tf` file,
+Create a `net-staging.tf` file by copying `net-prod.tf` file,
and adapt the new file by replacing the value "prod" with the value "staging".
-Running `diff spoke-dev.tf spoke-prod.tf` can help to see how environment files differ.
+Running `diff net-dev.tf net-prod.tf` can help to see how environment files differ.
The new VPC requires a set of dedicated CIDRs, one per region, added to variable `custom_adv` (for example as `spoke_staging_primary` and `spoke_staging_secondary`).
>`custom_adv` is a map that "resolves" CIDR names to actual addresses, and will be used later to configure routing.
@@ -369,15 +369,15 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
| [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns | |
| [dns-landing.tf](./dns-landing.tf) | Landing DNS zones and peerings setup. | dns · dns-response-policy | |
| [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns | |
-| [landing.tf](./landing.tf) | Landing VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | |
| [main.tf](./main.tf) | Networking folder and hierarchical policy. | folder · net-firewall-policy | |
| [monitoring-vpn-onprem.tf](./monitoring-vpn-onprem.tf) | VPN monitoring alerts. | | google_monitoring_alert_policy |
| [monitoring.tf](./monitoring.tf) | Network monitoring dashboards. | | google_monitoring_dashboard |
+| [net-dev.tf](./net-dev.tf) | Dev spoke VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | |
+| [net-landing.tf](./net-landing.tf) | Landing VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | |
+| [net-prod.tf](./net-prod.tf) | Production spoke VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | |
| [outputs.tf](./outputs.tf) | Module outputs. | | google_storage_bucket_object · local_file |
| [peerings.tf](./peerings.tf) | None | net-vpc-peering | |
| [regions.tf](./regions.tf) | Compute short names for regions. | | |
-| [spoke-dev.tf](./spoke-dev.tf) | Dev spoke VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | |
-| [spoke-prod.tf](./spoke-prod.tf) | Production spoke VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | |
| [test-resources.tf](./test-resources.tf) | temporary instances for testing | compute-vm | |
| [variables-peerings.tf](./variables-peerings.tf) | Peering related variables. | | |
| [variables.tf](./variables.tf) | Module variables. | | |
diff --git a/fast/stages/2-networking-a-peering/spoke-dev.tf b/fast/stages/2-networking-a-peering/net-dev.tf
similarity index 100%
rename from fast/stages/2-networking-a-peering/spoke-dev.tf
rename to fast/stages/2-networking-a-peering/net-dev.tf
diff --git a/fast/stages/2-networking-a-peering/landing.tf b/fast/stages/2-networking-a-peering/net-landing.tf
similarity index 100%
rename from fast/stages/2-networking-a-peering/landing.tf
rename to fast/stages/2-networking-a-peering/net-landing.tf
diff --git a/fast/stages/2-networking-a-peering/spoke-prod.tf b/fast/stages/2-networking-a-peering/net-prod.tf
similarity index 100%
rename from fast/stages/2-networking-a-peering/spoke-prod.tf
rename to fast/stages/2-networking-a-peering/net-prod.tf
diff --git a/fast/stages/2-networking-b-vpn/README.md b/fast/stages/2-networking-b-vpn/README.md
index 1ce344b5..26e9d619 100644
--- a/fast/stages/2-networking-b-vpn/README.md
+++ b/fast/stages/2-networking-b-vpn/README.md
@@ -203,7 +203,7 @@ DNS queries sent to the on-premises infrastructure come from the `35.199.192.0/1
#### On-prem to cloud
-The [Inbound DNS Policy](https://cloud.google.com/dns/docs/server-policies-overview#dns-server-policy-in) defined in module `landing-vpc` ([`landing.tf`](./landing.tf)) automatically reserves the first available IP address on each created subnet (typically the third one in a CIDR) to expose the Cloud DNS service so that it can be consumed from outside of GCP.
+The [Inbound DNS Policy](https://cloud.google.com/dns/docs/server-policies-overview#dns-server-policy-in) defined in module `landing-vpc` ([`net-landing.tf`](./net-landing.tf)) automatically reserves the first available IP address on each created subnet (typically the third one in a CIDR) to expose the Cloud DNS service so that it can be consumed from outside of GCP.
## How to run this stage
@@ -362,9 +362,9 @@ vpn_onprem_primary_config = {
To create a new environment (e.g. `staging`), a few changes are required.
-Create a `spoke-staging.tf` file by copying `spoke-prod.tf` file,
+Create a `net-staging.tf` file by copying `net-prod.tf` file,
and adapt the new file by replacing the value "prod" with the value "staging".
-Running `diff spoke-dev.tf spoke-prod.tf` can help to see how environment files differ.
+Running `diff net-dev.tf net-prod.tf` can help to see how environment files differ.
The new VPC requires a set of dedicated CIDRs, one per region, added to variable `custom_adv` (for example as `spoke_staging_ew1` and `spoke_staging_ew4`).
>`custom_adv` is a map that "resolves" CIDR names to actual addresses, and will be used later to configure routing.
@@ -372,7 +372,7 @@ The new VPC requires a set of dedicated CIDRs, one per region, added to variable
Variables managing L7 Internal Load Balancers (`l7ilb_subnets`) and Private Service Access (`psa_ranges`) should also be adapted, also subnets and firewall rules for the new spoke should be added as described above.
HA VPN connectivity (see also [VPNs](#vpns)) to `landing` is managed by the `vpn-spoke-*.tf` files.
-Copy `vpn-spoke-dev.tf` to `vpn-spoke-staging.tf` - replace `dev` with `staging` where relevant.
+Copy `vpn-net-dev.tf` to `vpn-net-staging.tf` - replace `dev` with `staging` where relevant.
VPN configuration also controls BGP advertisements, which requires the following variable changes:
@@ -391,14 +391,14 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
| [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns | |
| [dns-landing.tf](./dns-landing.tf) | Landing DNS zones and peerings setup. | dns · dns-response-policy | |
| [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns | |
-| [landing.tf](./landing.tf) | Landing VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | |
| [main.tf](./main.tf) | Networking folder and hierarchical policy. | folder · net-firewall-policy | |
| [monitoring-vpn.tf](./monitoring-vpn.tf) | VPN monitoring alerts. | | google_monitoring_alert_policy |
| [monitoring.tf](./monitoring.tf) | Network monitoring dashboards. | | google_monitoring_dashboard |
+| [net-dev.tf](./net-dev.tf) | Dev spoke VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | |
+| [net-landing.tf](./net-landing.tf) | Landing VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | |
+| [net-prod.tf](./net-prod.tf) | Production spoke VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | |
| [outputs.tf](./outputs.tf) | Module outputs. | | google_storage_bucket_object · local_file |
| [regions.tf](./regions.tf) | Compute short names for regions. | | |
-| [spoke-dev.tf](./spoke-dev.tf) | Dev spoke VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | |
-| [spoke-prod.tf](./spoke-prod.tf) | Production spoke VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | |
| [test-resources.tf](./test-resources.tf) | temporary instances for testing | compute-vm | |
| [variables-vpn.tf](./variables-vpn.tf) | None | | |
| [variables.tf](./variables.tf) | Module variables. | | |
diff --git a/fast/stages/2-networking-b-vpn/spoke-dev.tf b/fast/stages/2-networking-b-vpn/net-dev.tf
similarity index 100%
rename from fast/stages/2-networking-b-vpn/spoke-dev.tf
rename to fast/stages/2-networking-b-vpn/net-dev.tf
diff --git a/fast/stages/2-networking-b-vpn/landing.tf b/fast/stages/2-networking-b-vpn/net-landing.tf
similarity index 100%
rename from fast/stages/2-networking-b-vpn/landing.tf
rename to fast/stages/2-networking-b-vpn/net-landing.tf
diff --git a/fast/stages/2-networking-b-vpn/spoke-prod.tf b/fast/stages/2-networking-b-vpn/net-prod.tf
similarity index 100%
rename from fast/stages/2-networking-b-vpn/spoke-prod.tf
rename to fast/stages/2-networking-b-vpn/net-prod.tf
diff --git a/fast/stages/2-networking-c-nva/README.md b/fast/stages/2-networking-c-nva/README.md
index daee38fc..416bb6f0 100644
--- a/fast/stages/2-networking-c-nva/README.md
+++ b/fast/stages/2-networking-c-nva/README.md
@@ -260,7 +260,7 @@ DNS queries sent to the on-premise infrastructure come from the `35.199.192.0/19
#### On-prem to cloud
-The [Inbound DNS Policy](https://cloud.google.com/dns/docs/server-policies-overview#dns-server-policy-in) defined in the *trusted landing VPC module* ([`landing.tf`](./landing.tf)) automatically reserves the first available IP address on each subnet (typically the third one in a CIDR) to expose the Cloud DNS service, so that it can be consumed from outside of GCP.
+The [Inbound DNS Policy](https://cloud.google.com/dns/docs/server-policies-overview#dns-server-policy-in) defined in the *trusted landing VPC module* ([`net-landing.tf`](./net-landing.tf)) automatically reserves the first available IP address on each subnet (typically the third one in a CIDR) to expose the Cloud DNS service, so that it can be consumed from outside of GCP.
## How to run this stage
@@ -419,9 +419,9 @@ vpn_onprem_primary_config = {
To create a new environment (e.g. `staging`), a few changes are required:
-Create a `spoke-staging.tf` file by copying `spoke-prod.tf` file.
+Create a `net-staging.tf` file by copying `net-prod.tf` file.
Adapt the new file by replacing the value "prod" with the value "staging".
-Running `diff spoke-dev.tf spoke-prod.tf` can help to see how environment files differ.
+Running `diff net-dev.tf net-prod.tf` can help to see how environment files differ.
The new VPC requires a set of dedicated CIDRs, one per region, added to variable `gcp_ranges` (for example as `spoke_staging_ew1` and `spoke_staging_ew4`).
>`gcp_ranges` is a map that "resolves" CIDR names to the actual addresses, and will be used later to configure routing.
@@ -439,15 +439,15 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
| [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns | |
| [dns-landing.tf](./dns-landing.tf) | Landing DNS zones and peerings setup. | dns · dns-response-policy | |
| [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns | |
-| [landing.tf](./landing.tf) | Landing VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | |
| [main.tf](./main.tf) | Networking folder and hierarchical policy. | folder · net-firewall-policy | |
| [monitoring-vpn-onprem.tf](./monitoring-vpn-onprem.tf) | VPN monitoring alerts. | | google_monitoring_alert_policy |
| [monitoring.tf](./monitoring.tf) | Network monitoring dashboards. | | google_monitoring_dashboard |
+| [net-dev.tf](./net-dev.tf) | Dev spoke VPC and related resources. | net-vpc · net-vpc-firewall · net-vpc-peering · project | |
+| [net-landing.tf](./net-landing.tf) | Landing VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | |
+| [net-prod.tf](./net-prod.tf) | Production spoke VPC and related resources. | net-vpc · net-vpc-firewall · net-vpc-peering · project | |
| [nva.tf](./nva.tf) | None | compute-mig · compute-vm · simple-nva | |
| [outputs.tf](./outputs.tf) | Module outputs. | | google_storage_bucket_object · local_file |
| [regions.tf](./regions.tf) | Compute short names for regions. | | |
-| [spoke-dev.tf](./spoke-dev.tf) | Dev spoke VPC and related resources. | net-vpc · net-vpc-firewall · net-vpc-peering · project | |
-| [spoke-prod.tf](./spoke-prod.tf) | Production spoke VPC and related resources. | net-vpc · net-vpc-firewall · net-vpc-peering · project | |
| [test-resources.tf](./test-resources.tf) | temporary instances for testing | compute-vm | |
| [variables.tf](./variables.tf) | Module variables. | | |
| [vpn-onprem.tf](./vpn-onprem.tf) | VPN between landing and onprem. | net-vpn-ha | |
diff --git a/fast/stages/2-networking-c-nva/spoke-dev.tf b/fast/stages/2-networking-c-nva/net-dev.tf
similarity index 100%
rename from fast/stages/2-networking-c-nva/spoke-dev.tf
rename to fast/stages/2-networking-c-nva/net-dev.tf
diff --git a/fast/stages/2-networking-c-nva/landing.tf b/fast/stages/2-networking-c-nva/net-landing.tf
similarity index 100%
rename from fast/stages/2-networking-c-nva/landing.tf
rename to fast/stages/2-networking-c-nva/net-landing.tf
diff --git a/fast/stages/2-networking-c-nva/spoke-prod.tf b/fast/stages/2-networking-c-nva/net-prod.tf
similarity index 100%
rename from fast/stages/2-networking-c-nva/spoke-prod.tf
rename to fast/stages/2-networking-c-nva/net-prod.tf
diff --git a/fast/stages/2-networking-d-separate-envs/README.md b/fast/stages/2-networking-d-separate-envs/README.md
index 88f68846..16b6af8b 100644
--- a/fast/stages/2-networking-d-separate-envs/README.md
+++ b/fast/stages/2-networking-d-separate-envs/README.md
@@ -318,10 +318,10 @@ Regions are defined via the `regions` variable which sets up a mapping between t
| [main.tf](./main.tf) | Networking folder and hierarchical policy. | folder · net-firewall-policy | |
| [monitoring-vpn-onprem.tf](./monitoring-vpn-onprem.tf) | VPN monitoring alerts. | | google_monitoring_alert_policy |
| [monitoring.tf](./monitoring.tf) | Network monitoring dashboards. | | google_monitoring_dashboard |
+| [net-dev.tf](./net-dev.tf) | Dev spoke VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | |
+| [net-prod.tf](./net-prod.tf) | Production spoke VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | |
| [outputs.tf](./outputs.tf) | Module outputs. | | google_storage_bucket_object · local_file |
| [regions.tf](./regions.tf) | Compute short names for regions. | | |
-| [spoke-dev.tf](./spoke-dev.tf) | Dev spoke VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | |
-| [spoke-prod.tf](./spoke-prod.tf) | Production spoke VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | |
| [test-resources.tf](./test-resources.tf) | Temporary instances for testing | compute-vm | |
| [variables.tf](./variables.tf) | Module variables. | | |
| [vpn-onprem.tf](./vpn-onprem.tf) | VPN between landing and onprem. | net-vpn-ha | |
diff --git a/fast/stages/2-networking-d-separate-envs/spoke-dev.tf b/fast/stages/2-networking-d-separate-envs/net-dev.tf
similarity index 100%
rename from fast/stages/2-networking-d-separate-envs/spoke-dev.tf
rename to fast/stages/2-networking-d-separate-envs/net-dev.tf
diff --git a/fast/stages/2-networking-d-separate-envs/spoke-prod.tf b/fast/stages/2-networking-d-separate-envs/net-prod.tf
similarity index 100%
rename from fast/stages/2-networking-d-separate-envs/spoke-prod.tf
rename to fast/stages/2-networking-d-separate-envs/net-prod.tf
diff --git a/fast/stages/2-networking-e-nva-bgp/README.md b/fast/stages/2-networking-e-nva-bgp/README.md
index e9bf8c10..2a6e2297 100644
--- a/fast/stages/2-networking-e-nva-bgp/README.md
+++ b/fast/stages/2-networking-e-nva-bgp/README.md
@@ -283,7 +283,7 @@ DNS queries sent to the on-premise infrastructure come from the `35.199.192.0/19
#### On-prem to cloud
-The [Inbound DNS Policy](https://cloud.google.com/dns/docs/server-policies-overview#dns-server-policy-in) defined in the *trusted landing VPC module* ([`landing.tf`](./landing.tf)) automatically reserves the first available IP address on each subnet (typically the third one in a CIDR) to expose the Cloud DNS service, so that it can be consumed from outside of GCP.
+The [Inbound DNS Policy](https://cloud.google.com/dns/docs/server-policies-overview#dns-server-policy-in) defined in the *trusted landing VPC module* ([`net-landing.tf`](./net-landing.tf)) automatically reserves the first available IP address on each subnet (typically the third one in a CIDR) to expose the Cloud DNS service, so that it can be consumed from outside of GCP.
## How to run this stage
@@ -442,9 +442,9 @@ vpn_onprem_primary_config = {
To create a new environment (e.g. `staging`), a few changes are required:
-Create a `spoke-staging.tf` file by copying `spoke-prod.tf` file.
+Create a `net-staging.tf` file by copying `net-prod.tf` file.
Adapt the new file by replacing the value "prod" with the value "staging".
-Running `diff spoke-dev.tf spoke-prod.tf` can help to see how environment files differ.
+Running `diff net-dev.tf net-prod.tf` can help to see how environment files differ.
The new VPC requires a set of dedicated CIDRs, one per region, added to variable `gcp_ranges` (for example as `spoke_staging_ew1` and `spoke_staging_ew4`).
`gcp_ranges` is a map that "resolves" CIDR names to the actual addresses, and will be used later to configure routing.
@@ -464,16 +464,16 @@ DNS configurations are centralised in the `dns-*.tf` files. Spokes delegate DNS
| [dns-dev.tf](./dns-dev.tf) | Development spoke DNS zones and peerings setup. | dns | |
| [dns-landing.tf](./dns-landing.tf) | Landing DNS zones and peerings setup. | dns · dns-response-policy | |
| [dns-prod.tf](./dns-prod.tf) | Production spoke DNS zones and peerings setup. | dns | |
-| [landing.tf](./landing.tf) | Landing VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | |
| [main.tf](./main.tf) | Networking folder and hierarchical policy. | folder · net-firewall-policy | |
| [monitoring-vpn-onprem.tf](./monitoring-vpn-onprem.tf) | VPN monitoring alerts. | | google_monitoring_alert_policy |
| [monitoring.tf](./monitoring.tf) | Network monitoring dashboards. | | google_monitoring_dashboard |
| [ncc.tf](./ncc.tf) | None | ncc-spoke-ra | google_network_connectivity_hub |
+| [net-dev.tf](./net-dev.tf) | Dev spoke VPC and related resources. | net-vpc · net-vpc-firewall · net-vpc-peering · project | |
+| [net-landing.tf](./net-landing.tf) | Landing VPC and related resources. | net-cloudnat · net-vpc · net-vpc-firewall · project | |
+| [net-prod.tf](./net-prod.tf) | Production spoke VPC and related resources. | net-vpc · net-vpc-firewall · net-vpc-peering · project | |
| [nva.tf](./nva.tf) | None | compute-vm · simple-nva | google_compute_address |
| [outputs.tf](./outputs.tf) | Module outputs. | | google_storage_bucket_object · local_file |
| [regions.tf](./regions.tf) | Compute short names for regions. | | |
-| [spoke-dev.tf](./spoke-dev.tf) | Dev spoke VPC and related resources. | net-vpc · net-vpc-firewall · net-vpc-peering · project | |
-| [spoke-prod.tf](./spoke-prod.tf) | Production spoke VPC and related resources. | net-vpc · net-vpc-firewall · net-vpc-peering · project | |
| [test-resources.tf](./test-resources.tf) | temporary instances for testing | compute-vm | |
| [variables.tf](./variables.tf) | Module variables. | | |
| [vpn-onprem.tf](./vpn-onprem.tf) | VPN between landing and onprem. | net-vpn-ha | |
diff --git a/fast/stages/2-networking-e-nva-bgp/spoke-dev.tf b/fast/stages/2-networking-e-nva-bgp/net-dev.tf
similarity index 100%
rename from fast/stages/2-networking-e-nva-bgp/spoke-dev.tf
rename to fast/stages/2-networking-e-nva-bgp/net-dev.tf
diff --git a/fast/stages/2-networking-e-nva-bgp/landing.tf b/fast/stages/2-networking-e-nva-bgp/net-landing.tf
similarity index 100%
rename from fast/stages/2-networking-e-nva-bgp/landing.tf
rename to fast/stages/2-networking-e-nva-bgp/net-landing.tf
diff --git a/fast/stages/2-networking-e-nva-bgp/spoke-prod.tf b/fast/stages/2-networking-e-nva-bgp/net-prod.tf
similarity index 100%
rename from fast/stages/2-networking-e-nva-bgp/spoke-prod.tf
rename to fast/stages/2-networking-e-nva-bgp/net-prod.tf