Initial Commit

.gitignore

@@ -0,0 +1,34 @@
+# Local .terraform Directories
+**/.terraform/*
+
+# .tfstate Files
+*.tfstate
+*.tfstate.*
+
+# Crash Log Files
+crash.log
+crash.*.log
+
+# Exclude All .tfvars Files, which are likely to contain Sensitive Data, such as
+# Passwords, Private Keys, and other secrets. These should not be part of Version
+# Control as they are Data Points which are potentially sensitive and subject
+# to change, depending on the Environment.
+*.tfvars
+*.tfvars.json
+
+# Ignore Override Files as they are usually used to override resources locally and so
+# are not checked in.
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include Override Files you do wish to add to Version Control using Negated Pattern.
+# !example_override.tf
+
+# Include tfplan Files to ignore the Plan Output of Command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI Configuration Files
+.terraformrc
+terraform.rc

README.md

@@ -0,0 +1,3 @@
+# terraform-google-vpc-network
+
+Terraform Google VPC Network

firewall-rule/main.tf

@@ -0,0 +1,24 @@
+resource "google_compute_firewall" "default" {
+  provider = google
+
+  name        = var.name
+  description = var.description
+
+  network = var.network
+
+  priority = var.priority
+
+  dynamic "allow" {
+    for_each = var.allow
+
+    content {
+      ports    = lookup(allow.value, "ports", null)
+      protocol = allow.value.protocol
+    }
+  }
+
+  source_ranges = var.source_ranges
+
+  source_tags = var.source_tags
+  target_tags = var.target_tags
+}

firewall-rule/variables.tf

@@ -0,0 +1,49 @@
+variable "name" {
+  type        = string
+  description = "The name of the firewall rule"
+}
+
+variable "description" {
+  type        = string
+  description = "The description of the firewall rule"
+}
+
+variable "network" {
+  type        = string
+  description = "The network this firewall rule applies to"
+}
+
+variable "priority" {
+  type        = string
+  description = "The firewall rule priority"
+
+  default = "1000"
+}
+
+variable "allow" {
+  type        = list(any)
+  description = "The protocol and port to allow"
+
+  default = []
+}
+
+variable "source_ranges" {
+  type        = list(string)
+  description = "A list of source CIDR ranges that this firewall applies to"
+
+  default = []
+}
+
+variable "source_tags" {
+  type        = list(any)
+  description = "A list of source tags for this firewall rule"
+
+  default = []
+}
+
+variable "target_tags" {
+  type        = list(any)
+  description = "A list of target tags for this firewall rule"
+
+  default = []
+}

firewall-rule/versions.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_version = "~> v1.6.2"
+
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 5.4.0"
+    }
+    google-beta = {
+      source  = "hashicorp/google-beta"
+      version = "~> 5.4.0"
+    }
+  }
+}

network/main.tf

@@ -0,0 +1,26 @@
+resource "google_compute_network" "default" {
+  provider = google
+
+  name        = var.name
+  description = var.description
+
+  auto_create_subnetworks = var.auto_create_subnetworks
+}
+
+# tfsec:ignore:google-compute-no-public-ingress
+module "icmp-access" {
+  source = "../firewall-rule"
+
+  name        = "access-${var.name}-icmp"
+  description = "Access for internet control message protocol"
+
+  network = var.name
+
+  allow = [
+    {
+      protocol = "icmp"
+    }
+  ]
+
+  source_ranges = ["0.0.0.0/0"]
+}

network/output.tf

@@ -0,0 +1,7 @@
+output "network" {
+  value = google_compute_network.default.name
+}
+
+output "network_link" {
+  value = google_compute_network.default.self_link
+}

network/variables.tf

@@ -0,0 +1,18 @@
+variable "name" {
+  type        = string
+  description = "Network name"
+}
+
+variable "description" {
+  type        = string
+  description = "Network description"
+
+  default = ""
+}
+
+variable "auto_create_subnetworks" {
+  type        = bool
+  description = "Auto create subnetworks"
+
+  default = false
+}

network/versions.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_version = "~> v1.6.2"
+
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 5.4.0"
+    }
+    google-beta = {
+      source  = "hashicorp/google-beta"
+      version = "~> 5.4.0"
+    }
+  }
+}

subnetwork/main.tf

@@ -0,0 +1,24 @@
+# tfsec:ignore:google-compute-enable-vpc-flow-logs
+resource "google_compute_subnetwork" "default" {
+  provider = google
+
+  name        = var.name
+  description = var.description
+
+  region = var.region
+
+  network = var.network
+
+  private_ip_google_access = true
+
+  ip_cidr_range = var.cidr_range
+
+  dynamic "secondary_ip_range" {
+    for_each = var.secondary_ip_ranges
+
+    content {
+      ip_cidr_range = lookup(secondary_ip_range.value, "ip_cidr_range", null)
+      range_name    = lookup(secondary_ip_range.value, "range_name", null)
+    }
+  }
+}

subnetwork/output.tf

@@ -0,0 +1,11 @@
+output "subnetwork" {
+  value = google_compute_subnetwork.default.name
+}
+
+output "subnetwork_link" {
+  value = google_compute_subnetwork.default.self_link
+}
+
+output "ip_cidr_range" {
+  value = google_compute_subnetwork.default.ip_cidr_range
+}

subnetwork/variables.tf

@@ -0,0 +1,33 @@
+variable "name" {
+  type        = string
+  description = "Subnetwork name"
+}
+
+variable "description" {
+  type        = string
+  description = "Subnetwork description"
+
+  default = ""
+}
+
+variable "region" {
+  type        = string
+  description = "Subnetwork region"
+}
+
+variable "network" {
+  type        = string
+  description = "Subnetwork parent network"
+}
+
+variable "cidr_range" {
+  type        = string
+  description = "Subnetwork ip cidr range"
+}
+
+variable "secondary_ip_ranges" {
+  type        = list(any)
+  description = "Subnetwork secondary ip cidr ranges"
+
+  default = []
+}

subnetwork/versions.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_version = "~> v1.6.2"
+
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 5.4.0"
+    }
+    google-beta = {
+      source  = "hashicorp/google-beta"
+      version = "~> 5.4.0"
+    }
+  }
+}