The purpose of this step is to set up base and restricted shared VPCs with default DNS, NAT (optional), Private Service networking, VPC service controls, onprem dedicated interconnect, onprem VPN and baseline firewall rules for environment development.
- 0-bootstrap executed successfully.
- 1-org executed successfully.
- 2-environments/envs/development executed successfully.
- 3-networks/envs/shared executed successfully.
- Obtain the value for the access_context_manager_policy_id variable. Can be obtained by running
gcloud access-context-manager policies list --organization YOUR-ORGANIZATION_ID --format="value(name)".
| Name |
Description |
Type |
Default |
Required |
| access_context_manager_policy_id |
The id of the default Access Context Manager policy created in step 1-org. Can be obtained by running gcloud access-context-manager policies list --organization YOUR-ORGANIZATION_ID --format="value(name)". |
number |
n/a |
yes |
| default_region1 |
First subnet region. The shared vpc modules only configures two regions. |
string |
n/a |
yes |
| default_region2 |
Second subnet region. The shared vpc modules only configures two regions. |
string |
n/a |
yes |
| dns_enable_inbound_forwarding |
Toggle inbound query forwarding for VPC DNS. |
bool |
"true" |
no |
| dns_enable_logging |
Toggle DNS logging for VPC DNS. |
bool |
"true" |
no |
| domain |
The DNS name of peering managed zone, for instance 'example.com.' |
string |
n/a |
yes |
| firewall_enable_logging |
Toggle firewall logginglogging for VPC Firewalls. |
bool |
"true" |
no |
| nat_bgp_asn |
BGP ASN for first NAT cloud routes. |
number |
"64514" |
no |
| nat_enabled |
Toggle creation of NAT cloud router. |
bool |
"false" |
no |
| nat_num_addresses |
Number of external IPs to reserve for Cloud NAT. |
number |
"2" |
no |
| nat_num_addresses_region1 |
Number of external IPs to reserve for first Cloud NAT. |
number |
"2" |
no |
| nat_num_addresses_region2 |
Number of external IPs to reserve for second Cloud NAT. |
number |
"2" |
no |
| optional_fw_rules_enabled |
Toggle creation of optional firewall rules: IAP SSH, IAP RDP and Internal & Global load balancing health check and load balancing IP ranges. |
bool |
"false" |
no |
| org_id |
Organization ID |
string |
n/a |
yes |
| parent_folder |
Optional - if using a folder for testing. |
string |
"" |
no |
| subnetworks_enable_logging |
Toggle subnetworks flow logging for VPC Subnetwoks. |
bool |
"true" |
no |
| terraform_service_account |
Service account email of the account to impersonate to run Terraform. |
string |
n/a |
yes |
| windows_activation_enabled |
Enable Windows license activation for Windows workloads. |
bool |
"false" |
no |
| Name |
Description |
| base_host_project_id |
The base host project ID |
| base_network_name |
The name of the VPC being created |
| base_network_self_link |
The URI of the VPC being created |
| base_subnets_ips |
The IPs and CIDRs of the subnets being created |
| base_subnets_names |
The names of the subnets being created |
| base_subnets_secondary_ranges |
The secondary ranges associated with these subnets |
| base_subnets_self_links |
The self-links of subnets being created |
| restricted_access_level_name |
Access context manager access level name |
| restricted_host_project_id |
The restricted host project ID |
| restricted_network_name |
The name of the VPC being created |
| restricted_network_self_link |
The URI of the VPC being created |
| restricted_service_perimeter_name |
Access context manager service perimeter name |
| restricted_subnets_ips |
The IPs and CIDRs of the subnets being created |
| restricted_subnets_names |
The names of the subnets being created |
| restricted_subnets_secondary_ranges |
The secondary ranges associated with these subnets |
| restricted_subnets_self_links |
The self-links of subnets being created |