GCP VPC

With Google Virtual Private Cloud networks (Google VPC), you can launch GCP resources in a logically isolated virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of GCP.

This module creates a GCP VPC with these constraints:

  • By default, the VPC is global

  • All subnets are in the same region chosen by user

  • List of public and private subnets can be created

  • List of private subnets for VPC-native Kubernetes clusters can be created

  • All created subnets are of purpose PRIVATE_RFC_1918

  • Create subnet flow logs in Stackdriver

  • All traffic are captured in flow logs

  • Subnetwork without external IP addresses can access Google APIs and services by using Private Google Access

  • If external access enabled, use a NAT router for public subnets

Requirements

Name

Version

terraform

>= 1.0

google

>= 4.75.0

Providers

Name

Version

google

>= 4.75.0

Modules

No modules.

Resources

Name

Type

google_compute_network.vpc

resource

google_compute_router.routers

resource

google_compute_router_nat.nat_gateway

resource

google_compute_subnetwork.gke_subnet

resource

google_compute_subnetwork.subnets

resource

google_client_config.current

data source

Inputs

Name

Description

Type

Default

Required

auto_create_subnetworks

Creation of a subnet for each region automatically

bool

false

no

delete_default_routes_on_create

Default routes (0.0.0.0/0) will be deleted immediately after network creation

bool

null

no

enable_google_access

Access Google APIs and services by using Private Google Access

bool

true

no

enable_ula_internal_ipv6

Enable ULA internal ipv6 on this network

bool

null

no

flow_log_max_aggregation_interval

The maximum interval of time during which a flow of packets is captured and aggregated into a flow log

string

"INTERVAL_5_SEC"

no

gke_subnet

The GKE subnet. The subnet contains a name, a CIDR block for nodes, a CIDR block for Pods, a CIDR block for services and a region

 

object({
    name                = string
    nodes_cidr_block    = string
    pods_cidr_block     = string
    services_cidr_block = string
    region              = string
  })

null

no

internal_ipv6_range

Specify the /48 range they want from the google defined ULA prefix fd20::/20

string

null

no

mtu

Maximum Transmission Unit in bytes

number

1460

no

name

Name of the VPC

string

n/a

yes

network_firewall_policy_enforcement_order

Set the order that Firewall Rules and Firewall Policies are evaluated

string

"AFTER_CLASSIC_FIREWALL"

no

routing_mode

The network-wide routing mode to use

string

"GLOBAL"

no

subnets

A map of subnets inside the VPC. Each subnet object has a CIDR block, a region, and a boolean set to true if the subnet is public, or false if the subnet is private

 

map(object({
    cidr_block    = string
    region        = string
    public_access = bool
  }))

{}

no

Outputs

Name

Description

gateway_ipv4

The gateway address for default routing out of the network. This value is selected by GCP

gke_subnet_cidr_block

GKE subnet CIDR block

gke_subnet_id

GKE subnet ID

gke_subnet_name

GKE subnet name

gke_subnet_pods_cidr_block

IP CIDR block of GKE Pods

gke_subnet_pods_range_name

IP CIDR range name of GKE Pods

gke_subnet_region

GKE subnet region

gke_subnet_self_link

GKE subnet self link

gke_subnet_svc_cidr_block

IP CIDR block of GKE services

gke_subnet_svc_range_name

IP CIDR range name of GKE services

id

The ID of the VPC

name

The name of the VPC

private_subnet_cidr_blocks

List of private subnet CIDR blocks

private_subnet_ids

List of private subnet IDs

private_subnet_regions

List of private subnet regions

private_subnet_self_links

List of private subnet self links

public_subnet_cidr_blocks

List of public subnet CIDR blocks

public_subnet_ids

List of public subnet IDs

public_subnet_regions

List of public subnet regions

public_subnet_self_links

List of public subnet self links

self_link

The URI of the created resource

Examples