| access_context_manager_policy_id |
The id of the default Access Context Manager policy created in step 1-org. Can be obtained by running gcloud access-context-manager policies list --organization YOUR_ORGANIZATION_ID --format="value(name)". |
number |
n/a |
yes |
| backend_bucket |
Backend bucket to load Terraform Remote State Data from previous steps. |
string |
n/a |
yes |
| base_hub_dns_enable_inbound_forwarding |
Toggle inbound query forwarding for Base Hub VPC DNS. |
bool |
true |
no |
| base_hub_dns_enable_logging |
Toggle DNS logging for Base Hub VPC DNS. |
bool |
true |
no |
| base_hub_firewall_enable_logging |
Toggle firewall logging for VPC Firewalls in Base Hub VPC. |
bool |
true |
no |
| base_hub_nat_bgp_asn |
BGP ASN for first NAT cloud routes in Base Hub. |
number |
64514 |
no |
| base_hub_nat_enabled |
Toggle creation of NAT cloud router in Base Hub. |
bool |
false |
no |
| base_hub_nat_num_addresses_region1 |
Number of external IPs to reserve for first Cloud NAT in Base Hub. |
number |
2 |
no |
| base_hub_nat_num_addresses_region2 |
Number of external IPs to reserve for second Cloud NAT in Base Hub. |
number |
2 |
no |
| base_hub_windows_activation_enabled |
Enable Windows license activation for Windows workloads in Base Hub |
bool |
false |
no |
| bgp_asn_dns |
BGP Autonomous System Number (ASN). |
number |
64667 |
no |
| dns_enable_logging |
Toggle DNS logging for VPC DNS. |
bool |
true |
no |
| domain |
The DNS name of forwarding managed zone, for instance 'example.com'. Must end with a period. |
string |
n/a |
yes |
| enable_hub_and_spoke_transitivity |
Enable transitivity via gateway VMs on Hub-and-Spoke architecture. |
bool |
false |
no |
| enable_partner_interconnect |
Enable Partner Interconnect in the environment. |
bool |
false |
no |
| firewall_policies_enable_logging |
Toggle hierarchical firewall logging. |
bool |
true |
no |
| preactivate_partner_interconnect |
Preactivate Partner Interconnect VLAN attachment in the environment. |
bool |
false |
no |
| restricted_hub_dns_enable_inbound_forwarding |
Toggle inbound query forwarding for Restricted Hub VPC DNS. |
bool |
true |
no |
| restricted_hub_dns_enable_logging |
Toggle DNS logging for Restricted Hub VPC DNS. |
bool |
true |
no |
| restricted_hub_firewall_enable_logging |
Toggle firewall logging for VPC Firewalls in Restricted Hub VPC. |
bool |
true |
no |
| restricted_hub_nat_bgp_asn |
BGP ASN for first NAT cloud routes in Restricted Hub. |
number |
64514 |
no |
| restricted_hub_nat_enabled |
Toggle creation of NAT cloud router in Restricted Hub. |
bool |
false |
no |
| restricted_hub_nat_num_addresses_region1 |
Number of external IPs to reserve for first Cloud NAT in Restricted Hub. |
number |
2 |
no |
| restricted_hub_nat_num_addresses_region2 |
Number of external IPs to reserve for second Cloud NAT in Restricted Hub. |
number |
2 |
no |
| restricted_hub_windows_activation_enabled |
Enable Windows license activation for Windows workloads in Restricted Hub. |
bool |
false |
no |
| subnetworks_enable_logging |
Toggle subnetworks flow logging for VPC Subnetworks. |
bool |
true |
no |
| target_name_server_addresses |
List of IPv4 address of target name servers for the forwarding zone configuration. See https://cloud.google.com/dns/docs/overview#dns-forwarding-zones for details on target name servers in the context of Cloud DNS forwarding zones. |
list(string) |
n/a |
yes |
| terraform_service_account |
Service account email of the account to be added to the VPC-SC perimeter. |
string |
n/a |
yes |