# Minimalistic VPC module This module allows creation and management of VPC networks including subnetworks and subnetwork IAM bindings, Shared VPC activation and service project registration, and one-to-one peering. ## Examples The module allows for several different VPC configurations, some of the most common are shown below. ### Simple VPC ```hcl module "vpc" { source = "../modules/net-vpc" project_id = "my-project" name = "my-network" subnets = [ { ip_cidr_range = "10.0.0.0/24" name = "production" region = "europe-west1" secondary_ip_range = { pods = "172.16.0.0/20" services = "192.168.0.0/24" } }, { ip_cidr_range = "10.0.16.0/24" name = "production" region = "europe-west2" secondary_ip_range = {} } ] } ``` ### Peering A single peering can be configured for the VPC, so as to allow management of simple scenarios, and more complex configurations like hub and spoke by defining the peering configuration on the spoke VPCs. Care must be taken so as a single peering is created/changed/destroyed at a time, due to the specific behaviour of the peering API calls. ```hcl module "vpc-spoke-1" { source = "../modules/net-vpc" project_id = "my-project" name = "my-network" subnets = [ { ip_cidr_range = "10.0.0.0/24" name = "subnet-1" region = "europe-west1" secondary_ip_range = { pods = "172.16.0.0/20" services = "192.168.0.0/24" } } ] peering_config = { peer_vpc_self_link = module.vpc-hub.self_link export_routes = false import_routes = true } } ``` ### Shared VPC ```hcl module "vpc-host" { source = "../modules/net-vpc" project_id = "my-project" name = "my-host-network" subnets = [ { ip_cidr_range = "10.0.0.0/24" name = "subnet-1" region = "europe-west1" secondary_ip_range = { pods = "172.16.0.0/20" services = "192.168.0.0/24" } } ] shared_vpc_host = true shared_vpc_service_projects = [ local.service_project_1.project_id, local.service_project_2.project_id ] iam_roles = { "europe-west1/subnet-1" = [ "roles/compute.networkUser", "roles/compute.securityAdmin" ] } iam_members = { "europe-west1/subnet-1" = { "roles/compute.networkUser" = [ local.service_project_1.cloudsvc_sa, local.service_project_1.gke_sa ] "roles/compute.securityAdmin" = [ local.service_project_1.gke_sa ] } } } ``` ## Variables | name | description | type | required | default | |---|---|:---: |:---:|:---:| | name | The name of the network being created | string | ✓ | | | project_id | The ID of the project where this VPC will be created | string | ✓ | | | *auto_create_subnetworks* | Set to true to create an auto mode subnet, defaults to custom mode. | bool | | false | | *description* | An optional description of this resource (triggers recreation on change). | string | | Terraform-managed. | | *iam_members* | List of IAM members keyed by subnet 'region/name' and role. | map(map(list(string))) | | null | | *iam_roles* | List of IAM roles keyed by subnet 'region/name'. | map(list(string)) | | null | | *log_config_defaults* | Default configuration for flow logs when enabled. | object({...}) | | ... | | *log_configs* | Map keyed by subnet 'region/name' of optional configurations for flow logs when enabled. | map(map(string)) | | null | | *peering_config* | VPC peering configuration. | object({...}) | | null | | *routes* | Network routes, keyed by name. | map(object({...})) | | null | | *routing_mode* | The network routing mode (default 'GLOBAL') | string | | GLOBAL | | *shared_vpc_host* | Enable shared VPC for this project. | bool | | false | | *shared_vpc_service_projects* | Shared VPC service projects to register with this host | list(string) | | [] | | *subnet_descriptions* | Optional map of subnet descriptions, keyed by subnet 'region/name'. | map(string) | | {} | | *subnet_flow_logs* | Optional map of boolean to control flow logs (default is disabled), keyed by subnet 'region/name'. | map(bool) | | {} | | *subnet_private_access* | Optional map of boolean to control private Google access (default is enabled), keyed by subnet 'region/name'. | map(bool) | | {} | | *subnets* | The list of subnets being created | map(object({...})) | | null | ## Outputs | name | description | sensitive | |---|---|:---:| | bindings | Subnet IAM bindings. | | | name | The name of the VPC being created. | | | network | Network resource. | | | project_id | Shared VPC host project id. | | | self_link | The URI of the VPC being created. | | | subnet_ips | Map of subnet address ranges keyed by 'region/name'. | | | subnet_regions | Map of subnet regions keyed by 'region/name'. | | | subnet_secondary_ranges | Map of subnet secondary ranges keyed by 'region/name'. | | | subnet_self_links | Map of subnet self links keyed by 'region/name'. | | | subnets | Subnet resources. | |