diff --git a/examples/multi_nic_common/README.md b/examples/multi_nic_common/README.md
index 2be4f98..5a60863 100644
--- a/examples/multi_nic_common/README.md
+++ b/examples/multi_nic_common/README.md
@@ -211,7 +211,7 @@ please see https://cloud.google.com/iap/docs/using-tcp-forwarding#increasing_the
| [lbs\_internal](#input\_lbs\_internal) | A map containing each internal loadbalancer setting.
Example of variable deployment :lbs_internal = {
"internal-lb" = {
name = "internal-lb"
health_check_port = "80"
backends = ["fw-vmseries-01", "fw-vmseries-02"]
ip_address = "10.10.12.5"
subnetwork_key = "fw-trust-sub"
vpc_network_key = "fw-trust-vpc"
}
}For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_internal#inputs)
Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no |
| [linux\_vms](#input\_linux\_vms) | A map containing each Linux VM configuration that will be placed in SPOKE VPCs for testing purposes.
Example of varaible deployment:linux_vms = {
spoke1-vm = {
linux_machine_type = "n2-standard-4"
zone = "us-east1-b"
linux_disk_size = "50" # Modify this value as per deployment requirements
vpc_network_key = "fw-spoke1-vpc"
subnetwork_key = "fw-spoke1-sub"
private_ip = "192.168.1.2"
scopes = [
"https://www.googleapis.com/auth/compute.readonly",
"https://www.googleapis.com/auth/cloud.useraccounts.readonly",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring.write",
]
service_account_key = "sa-linux-01"
}
} | `map(any)` | `{}` | no |
| [name\_prefix](#input\_name\_prefix) | A string to prefix resource namings. | `string` | `"example-"` | no |
-| [networks](#input\_networks) | A map containing each network setting.
Example of variable deployment :networks = {
fw-mgmt-vpc = {
vpc_name = "fw-mgmt-vpc"
create_network = true
delete_default_routes_on_create = false
mtu = "1460"
routing_mode = "REGIONAL"
subnetworks = {
fw-mgmt-sub = {
name = "fw-mgmt-sub"
create_subnetwork = true
ip_cidr_range = "10.10.10.0/28"
region = "us-east1"
}
}
firewall_rules = {
allow-mgmt-ingress = {
name = "allow-mgmt-vpc"
source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
allowed_ports = []
}
}
}
}For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks)
Multiple keys can be added and will be deployed by the code. | `any` | `{}` | no |
+| [networks](#input\_networks) | A map containing each network setting.
Example of variable deployment :networks = {
fw-mgmt-vpc = {
vpc_name = "fw-mgmt-vpc"
create_network = true
delete_default_routes_on_create = false
mtu = "1460"
routing_mode = "REGIONAL"
subnetworks = {
fw-mgmt-sub = {
name = "fw-mgmt-sub"
create_subnetwork = true
ip_cidr_range = "10.10.10.0/28"
region = "us-east1"
}
}
firewall_rules = {
allow-mgmt-ingress = {
name = "allow-mgmt-ingress"
source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
allowed_ports = []
}
}
}
}For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks)
Multiple keys can be added and will be deployed by the code. | `any` | `{}` | no |
| [project](#input\_project) | The project name to deploy the infrastructure in to. | `string` | `null` | no |
| [region](#input\_region) | The region into which to deploy the infrastructure in to. | `string` | `"us-central1"` | no |
| [routes](#input\_routes) | A map containing each route setting. Note that you can only add routes using a next-hop type of internal load-balance rule.
Example of variable deployment :routes = {
"default-route-trust" = {
name = "fw-default-trust"
destination_range = "0.0.0.0/0"
vpc_network_key = "fw-trust-vpc"
lb_internal_name = "internal-lb"
}
}Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no |
diff --git a/examples/multi_nic_common/example.tfvars b/examples/multi_nic_common/example.tfvars
index 5e7c2f7..de5f008 100644
--- a/examples/multi_nic_common/example.tfvars
+++ b/examples/multi_nic_common/example.tfvars
@@ -57,7 +57,7 @@ networks = {
}
firewall_rules = {
allow-mgmt-ingress = {
- name = "allow-mgmt-vpc"
+ name = "allow-mgmt-ingress"
source_ranges = ["10.10.10.0/28"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
diff --git a/examples/multi_nic_common/variables.tf b/examples/multi_nic_common/variables.tf
index ca4fd65..2468e60 100644
--- a/examples/multi_nic_common/variables.tf
+++ b/examples/multi_nic_common/variables.tf
@@ -100,7 +100,7 @@ variable "networks" {
}
firewall_rules = {
allow-mgmt-ingress = {
- name = "allow-mgmt-vpc"
+ name = "allow-mgmt-ingress"
source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
diff --git a/examples/vmseries_ha/README.md b/examples/vmseries_ha/README.md
index 80ac5eb..a51583a 100644
--- a/examples/vmseries_ha/README.md
+++ b/examples/vmseries_ha/README.md
@@ -265,7 +265,7 @@ Check the succesful inbound and outbound traffic fail-over to and from the spoke
| [lbs\_internal](#input\_lbs\_internal) | A map containing each internal loadbalancer setting.
Example of variable deployment :lbs_internal = {
"internal-lb" = {
name = "internal-lb"
health_check_port = "80"
backends = ["fw-vmseries-01", "fw-vmseries-02"]
ip_address = "10.10.12.5"
subnetwork_key = "fw-trust-sub"
vpc_network_key = "fw-trust-vpc"
}
}For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_internal#inputs)
Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no |
| [linux\_vms](#input\_linux\_vms) | A map containing each Linux VM configuration that will be placed in SPOKE VPCs for testing purposes.
Example of varaible deployment:linux_vms = {
spoke1-vm = {
linux_machine_type = "n2-standard-4"
zone = "us-east1-b"
linux_disk_size = "50" # Modify this value as per deployment requirements
vpc_network_key = "fw-spoke1-vpc"
subnetwork_key = "fw-spoke1-sub"
private_ip = "192.168.1.2"
scopes = [
"https://www.googleapis.com/auth/compute.readonly",
"https://www.googleapis.com/auth/cloud.useraccounts.readonly",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring.write",
]
service_account_key = "sa-linux-01"
}
} | `any` | `{}` | no |
| [name\_prefix](#input\_name\_prefix) | A string to prefix resource namings. | `string` | `"example-"` | no |
-| [networks](#input\_networks) | A map containing each network setting.
Example of variable deployment :networks = {
fw-mgmt-vpc = {
vpc_name = "fw-mgmt-vpc"
create_network = true
delete_default_routes_on_create = false
mtu = "1460"
routing_mode = "REGIONAL"
subnetworks = {
fw-mgmt-sub = {
name = "fw-mgmt-sub"
create_subnetwork = true
ip_cidr_range = "10.10.10.0/28"
region = "us-east1"
}
}
firewall_rules = {
allow-mgmt-ingress = {
name = "allow-mgmt-vpc"
source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
allowed_ports = []
}
}
}
}For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks)
Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes |
+| [networks](#input\_networks) | A map containing each network setting.
Example of variable deployment :networks = {
fw-mgmt-vpc = {
vpc_name = "fw-mgmt-vpc"
create_network = true
delete_default_routes_on_create = false
mtu = "1460"
routing_mode = "REGIONAL"
subnetworks = {
fw-mgmt-sub = {
name = "fw-mgmt-sub"
create_subnetwork = true
ip_cidr_range = "10.10.10.0/28"
region = "us-east1"
}
}
firewall_rules = {
allow-mgmt-ingress = {
name = "allow-mgmt-ingress"
source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
allowed_ports = []
}
}
}
}For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks)
Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes |
| [project](#input\_project) | The project name to deploy the infrastructure in to. | `string` | `null` | no |
| [region](#input\_region) | The region into which to deploy the infrastructure in to. | `string` | `"us-central1"` | no |
| [routes](#input\_routes) | A map containing each route setting. Note that you can only add routes using a next-hop type of internal load-balance rule.
Example of variable deployment :routes = {
"default-route-trust" = {
name = "fw-default-trust"
destination_range = "0.0.0.0/0"
vpc_network_key = "fw-trust-vpc"
lb_internal_name = "internal-lb"
}
}Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no |
diff --git a/examples/vmseries_ha/example.tfvars b/examples/vmseries_ha/example.tfvars
index f86cf87..6843977 100644
--- a/examples/vmseries_ha/example.tfvars
+++ b/examples/vmseries_ha/example.tfvars
@@ -57,7 +57,7 @@ networks = {
}
firewall_rules = {
allow-mgmt-ingress = {
- name = "allow-mgmt-vpc"
+ name = "allow-mgmt-ingress"
source_ranges = ["10.10.10.0/24"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
diff --git a/examples/vmseries_ha/variables.tf b/examples/vmseries_ha/variables.tf
index ce479bc..11f157b 100644
--- a/examples/vmseries_ha/variables.tf
+++ b/examples/vmseries_ha/variables.tf
@@ -101,7 +101,7 @@ variable "networks" {
}
firewall_rules = {
allow-mgmt-ingress = {
- name = "allow-mgmt-vpc"
+ name = "allow-mgmt-ingress"
source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
diff --git a/examples/vpc_peering_common/README.md b/examples/vpc_peering_common/README.md
index ddec625..ece79de 100644
--- a/examples/vpc_peering_common/README.md
+++ b/examples/vpc_peering_common/README.md
@@ -229,7 +229,7 @@ please see https://cloud.google.com/iap/docs/using-tcp-forwarding#increasing_the
| [lbs\_internal](#input\_lbs\_internal) | A map containing each internal loadbalancer setting.
Example of variable deployment :lbs_internal = {
"internal-lb" = {
name = "internal-lb"
health_check_port = "80"
backends = ["fw-vmseries-01", "fw-vmseries-02"]
ip_address = "10.10.12.5"
subnetwork_key = "fw-trust-sub"
vpc_network_key = "fw-trust-vpc"
}
}For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_internal#inputs)
Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no |
| [linux\_vms](#input\_linux\_vms) | A map containing each Linux VM configuration that will be placed in SPOKE VPCs for testing purposes.
Example of varaible deployment:linux_vms = {
spoke1-vm = {
linux_machine_type = "n2-standard-4"
zone = "us-east1-b"
linux_disk_size = "50" # Modify this value as per deployment requirements
vpc_network_key = "fw-spoke1-vpc"
subnetwork_key = "fw-spoke1-sub"
private_ip = "192.168.1.2"
scopes = [
"https://www.googleapis.com/auth/compute.readonly",
"https://www.googleapis.com/auth/cloud.useraccounts.readonly",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring.write",
]
service_account_key = "sa-linux-01"
}
} | `map(any)` | `{}` | no |
| [name\_prefix](#input\_name\_prefix) | A string to prefix resource namings. | `string` | `"example-"` | no |
-| [networks](#input\_networks) | A map containing each network setting.
Example of variable deployment :networks = {
fw-mgmt-vpc = {
vpc_name = "fw-mgmt-vpc"
create_network = true
delete_default_routes_on_create = false
mtu = "1460"
routing_mode = "REGIONAL"
subnetworks = {
fw-mgmt-sub = {
name = "fw-mgmt-sub"
create_subnetwork = true
ip_cidr_range = "10.10.10.0/28"
region = "us-east1"
}
}
firewall_rules = {
allow-mgmt-ingress = {
name = "allow-mgmt-vpc"
source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
allowed_ports = []
}
}
}
}For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks)
Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes |
+| [networks](#input\_networks) | A map containing each network setting.
Example of variable deployment :networks = {
fw-mgmt-vpc = {
vpc_name = "fw-mgmt-vpc"
create_network = true
delete_default_routes_on_create = false
mtu = "1460"
routing_mode = "REGIONAL"
subnetworks = {
fw-mgmt-sub = {
name = "fw-mgmt-sub"
create_subnetwork = true
ip_cidr_range = "10.10.10.0/28"
region = "us-east1"
}
}
firewall_rules = {
allow-mgmt-ingress = {
name = "allow-mgmt-ingress"
source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
allowed_ports = []
}
}
}
}For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks)
Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes |
| [project](#input\_project) | The project name to deploy the infrastructure in to. | `string` | `null` | no |
| [region](#input\_region) | The region into which to deploy the infrastructure in to. | `string` | `"us-central1"` | no |
| [routes](#input\_routes) | A map containing each route setting. Note that you can only add routes using a next-hop type of internal load-balance rule.
Example of variable deployment :routes = {
"default-route-trust" = {
name = "fw-default-trust"
destination_range = "0.0.0.0/0"
vpc_network_key = "fw-trust-vpc"
lb_internal_name = "internal-lb"
}
}Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no |
diff --git a/examples/vpc_peering_common/example.tfvars b/examples/vpc_peering_common/example.tfvars
index 2a7e6fe..7e7279a 100644
--- a/examples/vpc_peering_common/example.tfvars
+++ b/examples/vpc_peering_common/example.tfvars
@@ -57,8 +57,8 @@ networks = {
}
firewall_rules = {
allow-mgmt-ingress = {
- name = "allow-mgmt-vpc"
- source_ranges = ["1.1.1.1/32"] # Replace 1.1.1.1/32 with your own source IP range used for management purposes.
+ name = "allow-mgmt-ingress"
+ source_ranges = ["10.10.10.0/28"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
allowed_ports = []
diff --git a/examples/vpc_peering_common/variables.tf b/examples/vpc_peering_common/variables.tf
index 7110a19..357ac7e 100644
--- a/examples/vpc_peering_common/variables.tf
+++ b/examples/vpc_peering_common/variables.tf
@@ -101,7 +101,7 @@ variable "networks" {
}
firewall_rules = {
allow-mgmt-ingress = {
- name = "allow-mgmt-vpc"
+ name = "allow-mgmt-ingress"
source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
diff --git a/examples/vpc_peering_common_dual_stack/README.md b/examples/vpc_peering_common_dual_stack/README.md
index bb4d9cb..e201ad7 100644
--- a/examples/vpc_peering_common_dual_stack/README.md
+++ b/examples/vpc_peering_common_dual_stack/README.md
@@ -293,7 +293,7 @@ please see https://cloud.google.com/iap/docs/using-tcp-forwarding#increasing_the
| [lbs\_internal](#input\_lbs\_internal) | A map containing each internal loadbalancer setting.
Example of variable deployment :lbs_internal = {
"internal-lb" = {
name = "internal-lb"
health_check_port = "80"
backends = ["fw-vmseries-01", "fw-vmseries-02"]
ip_address = "10.10.12.5"
subnetwork_key = "fw-trust-sub"
vpc_network_key = "fw-trust-vpc"
}
}For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_internal#inputs)
Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no |
| [linux\_vms](#input\_linux\_vms) | A map containing each Linux VM configuration that will be placed in SPOKE VPCs for testing purposes.
Example of varaible deployment:linux_vms = {
spoke1-vm = {
linux_machine_type = "n2-standard-4"
zone = "us-east1-b"
linux_disk_size = "50" # Modify this value as per deployment requirements
vpc_network_key = "fw-spoke1-vpc"
subnetwork_key = "fw-spoke1-sub"
private_ip = "192.168.1.2"
scopes = [
"https://www.googleapis.com/auth/compute.readonly",
"https://www.googleapis.com/auth/cloud.useraccounts.readonly",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring.write",
]
service_account_key = "sa-linux-01"
}
} | `map(any)` | `{}` | no |
| [name\_prefix](#input\_name\_prefix) | A string to prefix resource namings. | `string` | `"example-"` | no |
-| [networks](#input\_networks) | A map containing each network setting.
Example of variable deployment :networks = {
fw-mgmt-vpc = {
vpc_name = "fw-mgmt-vpc"
create_network = true
delete_default_routes_on_create = false
mtu = "1460"
routing_mode = "REGIONAL"
subnetworks = {
fw-mgmt-sub = {
name = "fw-mgmt-sub"
create_subnetwork = true
ip_cidr_range = "10.10.10.0/28"
region = "us-east1"
}
}
firewall_rules = {
allow-mgmt-ingress = {
name = "allow-mgmt-vpc"
source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
allowed_ports = []
}
}
}
}For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks)
Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes |
+| [networks](#input\_networks) | A map containing each network setting.
Example of variable deployment :networks = {
fw-mgmt-vpc = {
vpc_name = "fw-mgmt-vpc"
create_network = true
delete_default_routes_on_create = false
mtu = "1460"
routing_mode = "REGIONAL"
subnetworks = {
fw-mgmt-sub = {
name = "fw-mgmt-sub"
create_subnetwork = true
ip_cidr_range = "10.10.10.0/28"
region = "us-east1"
}
}
firewall_rules = {
allow-mgmt-ingress = {
name = "allow-mgmt-ingress"
source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
allowed_ports = []
}
}
}
}For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks)
Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes |
| [policy\_routes](#input\_policy\_routes) | A map containing Policy-Based Routes that are used to route outgoing IPv6 traffic to ILB.
Note that policy routes support ILB only as a next-hop.
Example :routes = {
spoke1-vpc-default-ipv6 = {
name = "spoke1-vpc-default-ipv6"
destination_range = "::/0"
vpc_network_key = "fw-spoke1-vpc"
lb_internal_key = "internal-lb-ipv6"
}
spoke2-vpc-default-ipv6 = {
name = "spoke2-vpc-default-ipv6"
destination_range = "::/0"
vpc_network_key = "fw-spoke2-vpc"
lb_internal_key = "internal-lb-ipv6"
}
}Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no |
| [policy\_routes\_trust\_vpc\_network\_key](#input\_policy\_routes\_trust\_vpc\_network\_key) | Trust VPC network\_key that is used to configure a DEFAULT\_ROUTING PBR that prevents network loops. | `string` | n/a | yes |
| [project](#input\_project) | The project name to deploy the infrastructure in to. | `string` | `null` | no |
diff --git a/examples/vpc_peering_common_dual_stack/example.tfvars b/examples/vpc_peering_common_dual_stack/example.tfvars
index dd1d65b..56e13b0 100644
--- a/examples/vpc_peering_common_dual_stack/example.tfvars
+++ b/examples/vpc_peering_common_dual_stack/example.tfvars
@@ -57,7 +57,7 @@ networks = {
}
firewall_rules = {
allow-mgmt-ingress = {
- name = "allow-mgmt-vpc"
+ name = "allow-mgmt-ingress"
source_ranges = ["1.1.1.1/32"] # Modify this value as per deployment requirements. Replace 1.1.1.1/32 with your own source IP address for management purposes.
priority = "1000"
allowed_protocol = "all"
diff --git a/examples/vpc_peering_common_dual_stack/variables.tf b/examples/vpc_peering_common_dual_stack/variables.tf
index 3041963..6b4ae89 100644
--- a/examples/vpc_peering_common_dual_stack/variables.tf
+++ b/examples/vpc_peering_common_dual_stack/variables.tf
@@ -101,7 +101,7 @@ variable "networks" {
}
firewall_rules = {
allow-mgmt-ingress = {
- name = "allow-mgmt-vpc"
+ name = "allow-mgmt-ingress"
source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
diff --git a/examples/vpc_peering_common_with_autoscale/README.md b/examples/vpc_peering_common_with_autoscale/README.md
index 1c8e18f..ff22f49 100644
--- a/examples/vpc_peering_common_with_autoscale/README.md
+++ b/examples/vpc_peering_common_with_autoscale/README.md
@@ -196,7 +196,7 @@ please see https://cloud.google.com/iap/docs/using-tcp-forwarding#increasing_the
| [lbs\_internal](#input\_lbs\_internal) | A map containing each internal loadbalancer setting.
Note : private IP reservation is not by default within the example as it may overlap with autoscale IP allocation.
Example of variable deployment :lbs_internal = {
"internal-lb" = {
name = "internal-lb"
health_check_port = "80"
backends = ["fw-vmseries-01", "fw-vmseries-02"]
subnetwork_key = "fw-trust-sub"
vpc_network_key = "fw-trust-vpc"
}
}For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_internal#inputs)
Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no |
| [linux\_vms](#input\_linux\_vms) | A map containing each Linux VM configuration that will be placed in SPOKE VPCs for testing purposes.
Example of varaible deployment:linux_vms = {
spoke1-vm = {
linux_machine_type = "n2-standard-4"
zone = "us-east1-b"
linux_disk_size = "50" # Modify this value as per deployment requirements
vpc_network_key = "fw-spoke1-vpc"
subnetwork_key = "fw-spoke1-sub"
private_ip = "192.168.1.2"
scopes = [
"https://www.googleapis.com/auth/compute.readonly",
"https://www.googleapis.com/auth/cloud.useraccounts.readonly",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring.write",
]
service_account_key = "sa-linux-01"
}
} | `map(any)` | `{}` | no |
| [name\_prefix](#input\_name\_prefix) | A string to prefix resource namings. | `string` | `"example-"` | no |
-| [networks](#input\_networks) | A map containing each network setting.
Example of variable deployment :networks = {
fw-mgmt-vpc = {
vpc_name = "fw-mgmt-vpc"
create_network = true
delete_default_routes_on_create = false
mtu = "1460"
routing_mode = "REGIONAL"
subnetworks = {
fw-mgmt-sub = {
name = "fw-mgmt-sub"
create_subnetwork = true
ip_cidr_range = "10.10.10.0/28"
region = "us-east1"
}
}
firewall_rules = {
allow-mgmt-ingress = {
name = "allow-mgmt-vpc"
source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
allowed_ports = []
}
}
}
}For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks)
Multiple keys can be added and will be deployed by the code. | `any` | `{}` | no |
+| [networks](#input\_networks) | A map containing each network setting.
Example of variable deployment :networks = {
fw-mgmt-vpc = {
vpc_name = "fw-mgmt-vpc"
create_network = true
delete_default_routes_on_create = false
mtu = "1460"
routing_mode = "REGIONAL"
subnetworks = {
fw-mgmt-sub = {
name = "fw-mgmt-sub"
create_subnetwork = true
ip_cidr_range = "10.10.10.0/28"
region = "us-east1"
}
}
firewall_rules = {
allow-mgmt-ingress = {
name = "allow-mgmt-ingress"
source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
allowed_ports = []
}
}
}
}For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks)
Multiple keys can be added and will be deployed by the code. | `any` | `{}` | no |
| [project](#input\_project) | The project name to deploy the infrastructure in to. | `string` | `null` | no |
| [region](#input\_region) | The region into which to deploy the infrastructure in to. | `string` | `"us-central1"` | no |
| [routes](#input\_routes) | A map containing each route setting. Note that you can only add routes using a next-hop type of internal load-balance rule.
Example of variable deployment :routes = {
"default-route-trust" = {
name = "fw-default-trust"
destination_range = "0.0.0.0/0"
vpc_network_key = "fw-trust-vpc"
lb_internal_name = "internal-lb"
}
}Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no |
diff --git a/examples/vpc_peering_common_with_autoscale/example.tfvars b/examples/vpc_peering_common_with_autoscale/example.tfvars
index eb8f60e..7bbda63 100644
--- a/examples/vpc_peering_common_with_autoscale/example.tfvars
+++ b/examples/vpc_peering_common_with_autoscale/example.tfvars
@@ -49,7 +49,7 @@ networks = {
}
firewall_rules = {
allow-mgmt-ingress = {
- name = "allow-mgmt-vpc"
+ name = "allow-mgmt-ingress"
source_ranges = ["1.1.1.1/32"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
diff --git a/examples/vpc_peering_common_with_autoscale/variables.tf b/examples/vpc_peering_common_with_autoscale/variables.tf
index 3005ddc..fadb9a3 100644
--- a/examples/vpc_peering_common_with_autoscale/variables.tf
+++ b/examples/vpc_peering_common_with_autoscale/variables.tf
@@ -74,7 +74,7 @@ variable "networks" {
}
firewall_rules = {
allow-mgmt-ingress = {
- name = "allow-mgmt-vpc"
+ name = "allow-mgmt-ingress"
source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
diff --git a/examples/vpc_peering_common_with_network_tags/README.md b/examples/vpc_peering_common_with_network_tags/README.md
index 1050d1c..8e6bae2 100644
--- a/examples/vpc_peering_common_with_network_tags/README.md
+++ b/examples/vpc_peering_common_with_network_tags/README.md
@@ -247,7 +247,7 @@ please see https://cloud.google.com/iap/docs/using-tcp-forwarding#increasing_the
| [lbs\_internal](#input\_lbs\_internal) | A map containing each internal loadbalancer setting .
Example of variable deployment :lbs_internal = {
internal-lb-region-1 = {
name = "internal-lb"
region = "us-east1"
health_check_port = "80"
backends = ["fw-vmseries-01", "fw-vmseries-02"]
ip_address = "10.10.12.5"
subnetwork_key = "fw-trust-sub-region-1"
vpc_network_key = "fw-trust-vpc"
}
}For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_internal#inputs)
Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no |
| [linux\_vms](#input\_linux\_vms) | A map containing each Linux VM configuration in region\_1 that will be placed in spoke VPC network for testing purposes.
Example of varaible deployment:linux_vms = {
spoke1-vm = {
linux_machine_type = "n2-standard-4"
region = "us-east1"
zone = "us-east1-b"
linux_disk_size = "50" # Modify this value as per deployment requirements
vpc_network_key = "fw-spoke1-vpc"
subnetwork_key = "fw-spoke1-sub-region-1"
private_ip = "192.168.1.2"
scopes = [
"https://www.googleapis.com/auth/compute.readonly",
"https://www.googleapis.com/auth/cloud.useraccounts.readonly",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring.write",
]
service_account_key = "sa-linux-01"
}
} | `map(any)` | `{}` | no |
| [name\_prefix](#input\_name\_prefix) | A string to prefix resource namings. | `string` | `"example-"` | no |
-| [networks](#input\_networks) | A map containing each network setting.
Example of variable deployment :networks = {
fw-mgmt-vpc = {
vpc_name = "fw-mgmt-vpc"
create_network = true
delete_default_routes_on_create = false
mtu = "1460"
routing_mode = "REGIONAL"
subnetworks = {
fw-mgmt-sub = {
name = "fw-mgmt-sub"
create_subnetwork = true
ip_cidr_range = "10.10.10.0/28"
region = "us-east1"
}
}
firewall_rules = {
allow-mgmt-ingress = {
name = "allow-mgmt-vpc"
source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
allowed_ports = []
}
}
}
}For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks)
Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes |
+| [networks](#input\_networks) | A map containing each network setting.
Example of variable deployment :networks = {
fw-mgmt-vpc = {
vpc_name = "fw-mgmt-vpc"
create_network = true
delete_default_routes_on_create = false
mtu = "1460"
routing_mode = "REGIONAL"
subnetworks = {
fw-mgmt-sub = {
name = "fw-mgmt-sub"
create_subnetwork = true
ip_cidr_range = "10.10.10.0/28"
region = "us-east1"
}
}
firewall_rules = {
allow-mgmt-ingress = {
name = "allow-mgmt-ingress"
source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
allowed_ports = []
}
}
}
}For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks)
Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes |
| [project](#input\_project) | The project name to deploy the infrastructure in to. | `string` | `null` | no |
| [routes](#input\_routes) | A map containing each route setting. Note that you can only add routes using a next-hop type of internal load-balance rule.
Example of variable deployment :routes = {
fw-default-trust-region-1 = {
name = "fw-default-trust"
destination_range = "0.0.0.0/0"
vpc_network_key = "fw-spoke1-vpc"
lb_internal_key = "internal-lb-region-1"
region = "us-east1"
tags = ["us-east1"]
},
fw-default-trust-region-2 = {
name = "fw-default-trust"
destination_range = "0.0.0.0/0"
vpc_network_key = "fw-spoke1-vpc"
lb_internal_key = "internal-lb-region-2"
region = "us-west1"
tags = ["us-west1"]
}
}Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no |
| [service\_accounts](#input\_service\_accounts) | A map containing each service account setting.
Example of variable deployment :service_accounts = {
"sa-vmseries-01" = {
service_account_id = "sa-vmseries-01"
display_name = "VM-Series SA"
roles = [
"roles/compute.networkViewer",
"roles/logging.logWriter",
"roles/monitoring.metricWriter",
"roles/monitoring.viewer",
"roles/viewer"
]
}
}For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/iam_service_account#Inputs)
Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no |
diff --git a/examples/vpc_peering_common_with_network_tags/example.tfvars b/examples/vpc_peering_common_with_network_tags/example.tfvars
index 5ac147b..7f6db91 100644
--- a/examples/vpc_peering_common_with_network_tags/example.tfvars
+++ b/examples/vpc_peering_common_with_network_tags/example.tfvars
@@ -62,7 +62,7 @@ networks = {
}
firewall_rules = {
allow-mgmt-ingress = {
- name = "allow-mgmt-vpc"
+ name = "allow-mgmt-ingress"
source_ranges = ["10.10.10.0/28", "10.20.10.0/28"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
diff --git a/examples/vpc_peering_common_with_network_tags/variables.tf b/examples/vpc_peering_common_with_network_tags/variables.tf
index 2b5c23c..eddd071 100644
--- a/examples/vpc_peering_common_with_network_tags/variables.tf
+++ b/examples/vpc_peering_common_with_network_tags/variables.tf
@@ -95,7 +95,7 @@ variable "networks" {
}
firewall_rules = {
allow-mgmt-ingress = {
- name = "allow-mgmt-vpc"
+ name = "allow-mgmt-ingress"
source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
diff --git a/examples/vpc_peering_dedicated/README.md b/examples/vpc_peering_dedicated/README.md
index 54ffd82..c0210b0 100644
--- a/examples/vpc_peering_dedicated/README.md
+++ b/examples/vpc_peering_dedicated/README.md
@@ -243,7 +243,7 @@ The GCP Global HTTP LB acts as a proxy and sends traffic to the VM-Series `Untru
| [lbs\_internal](#input\_lbs\_internal) | A map containing each internal loadbalancer setting.
Example of variable deployment :lbs_internal = {
"internal-lb" = {
name = "internal-lb"
health_check_port = "80"
backends = ["fw-vmseries-01", "fw-vmseries-02"]
ip_address = "10.10.12.5"
subnetwork_key = "fw-trust-sub"
vpc_network_key = "fw-trust-vpc"
}
}For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_internal#inputs)
Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no |
| [linux\_vms](#input\_linux\_vms) | A map containing each Linux VM configuration that will be placed in SPOKE VPCs for testing purposes.
Example of variable deployment:linux_vms = {
spoke1-vm = {
linux_machine_type = "n2-standard-4"
zone = "us-east1-b"
linux_disk_size = "50" # Modify this value as per deployment requirements
subnetwork = "spoke1-sub"
private_ip = "192.168.1.2"
scopes = [
"https://www.googleapis.com/auth/compute.readonly",
"https://www.googleapis.com/auth/cloud.useraccounts.readonly",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring.write",
]
service_account_key = "sa-linux-01"
}
} | `map(any)` | `{}` | no |
| [name\_prefix](#input\_name\_prefix) | A string to prefix resource namings. | `string` | `"example-"` | no |
-| [networks](#input\_networks) | A map containing each network setting.
Example of variable deployment :networks = {
fw-mgmt-vpc = {
vpc_name = "fw-mgmt-vpc"
create_network = true
delete_default_routes_on_create = false
mtu = "1460"
routing_mode = "REGIONAL"
subnetworks = {
fw-mgmt-sub = {
name = "fw-mgmt-sub"
create_subnetwork = true
ip_cidr_range = "10.10.10.0/28"
region = "us-east1"
}
}
firewall_rules = {
allow-mgmt-ingress = {
name = "allow-mgmt-vpc"
source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
allowed_ports = []
}
}
}
}For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks)
Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes |
+| [networks](#input\_networks) | A map containing each network setting.
Example of variable deployment :networks = {
fw-mgmt-vpc = {
vpc_name = "fw-mgmt-vpc"
create_network = true
delete_default_routes_on_create = false
mtu = "1460"
routing_mode = "REGIONAL"
subnetworks = {
fw-mgmt-sub = {
name = "fw-mgmt-sub"
create_subnetwork = true
ip_cidr_range = "10.10.10.0/28"
region = "us-east1"
}
}
firewall_rules = {
allow-mgmt-ingress = {
name = "allow-mgmt-ingress"
source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
allowed_ports = []
}
}
}
}For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks)
Multiple keys can be added and will be deployed by the code. | `any` | n/a | yes |
| [project](#input\_project) | The project name to deploy the infrastructure in to. | `string` | `null` | no |
| [region](#input\_region) | The region into which to deploy the infrastructure in to. | `string` | `"us-central1"` | no |
| [routes](#input\_routes) | A map containing each route setting. Note that you can only add routes using a next-hop type of internal load-balance rule.
Example of variable deployment :routes = {
"default-route-trust" = {
name = "fw-default-trust"
destination_range = "0.0.0.0/0"
vpc_network_key = "fw-trust-vpc"
lb_internal_name = "internal-lb"
}
}Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no |
diff --git a/examples/vpc_peering_dedicated/example.tfvars b/examples/vpc_peering_dedicated/example.tfvars
index ff78321..15eea02 100644
--- a/examples/vpc_peering_dedicated/example.tfvars
+++ b/examples/vpc_peering_dedicated/example.tfvars
@@ -57,7 +57,7 @@ networks = {
}
firewall_rules = {
allow-mgmt-ingress = {
- name = "allow-mgmt-vpc"
+ name = "allow-mgmt-ingress"
source_ranges = ["10.10.10.0/28"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
diff --git a/examples/vpc_peering_dedicated/variables.tf b/examples/vpc_peering_dedicated/variables.tf
index 06a7eca..ceafa58 100644
--- a/examples/vpc_peering_dedicated/variables.tf
+++ b/examples/vpc_peering_dedicated/variables.tf
@@ -101,7 +101,7 @@ variable "networks" {
}
firewall_rules = {
allow-mgmt-ingress = {
- name = "allow-mgmt-vpc"
+ name = "allow-mgmt-ingress"
source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
diff --git a/examples/vpc_peering_dedicated_with_autoscale/README.md b/examples/vpc_peering_dedicated_with_autoscale/README.md
index 96ae094..2bf538e 100644
--- a/examples/vpc_peering_dedicated_with_autoscale/README.md
+++ b/examples/vpc_peering_dedicated_with_autoscale/README.md
@@ -200,7 +200,7 @@ please see https://cloud.google.com/iap/docs/using-tcp-forwarding#increasing_the
| [lbs\_internal](#input\_lbs\_internal) | A map containing each internal loadbalancer setting.
Note : private IP reservation is not by default within the example as it may overlap with autoscale IP allocation.
Example of variable deployment :lbs_internal = {
"internal-lb" = {
name = "internal-lb"
health_check_port = "80"
backends = ["fw-vmseries-01", "fw-vmseries-02"]
subnetwork_key = "fw-trust-sub"
vpc_network_key = "fw-trust-vpc"
}
}For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/lb_internal#inputs)
Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no |
| [linux\_vms](#input\_linux\_vms) | A map containing each Linux VM configuration that will be placed in SPOKE VPCs for testing purposes.
Example of varaible deployment:linux_vms = {
spoke1-vm = {
linux_machine_type = "n2-standard-4"
zone = "us-east1-b"
linux_disk_size = "50" # Modify this value as per deployment requirements
vpc_network_key = "fw-spoke1-vpc"
subnetwork_key = "fw-spoke1-sub"
private_ip = "192.168.1.2"
scopes = [
"https://www.googleapis.com/auth/compute.readonly",
"https://www.googleapis.com/auth/cloud.useraccounts.readonly",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring.write",
]
service_account_key = "sa-linux-01"
}
} | `map(any)` | `{}` | no |
| [name\_prefix](#input\_name\_prefix) | A string to prefix resource namings. | `string` | `"example-"` | no |
-| [networks](#input\_networks) | A map containing each network setting.
Example of variable deployment :networks = {
fw-mgmt-vpc = {
vpc_name = "fw-mgmt-vpc"
create_network = true
delete_default_routes_on_create = false
mtu = "1460"
routing_mode = "REGIONAL"
subnetworks = {
fw-mgmt-sub = {
name = "fw-mgmt-sub"
create_subnetwork = true
ip_cidr_range = "10.10.10.0/28"
region = "us-east1"
}
}
firewall_rules = {
allow-mgmt-ingress = {
name = "allow-mgmt-vpc"
source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
allowed_ports = []
}
}
}
}For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks)
Multiple keys can be added and will be deployed by the code. | `any` | `{}` | no |
+| [networks](#input\_networks) | A map containing each network setting.
Example of variable deployment :networks = {
fw-mgmt-vpc = {
vpc_name = "fw-mgmt-vpc"
create_network = true
delete_default_routes_on_create = false
mtu = "1460"
routing_mode = "REGIONAL"
subnetworks = {
fw-mgmt-sub = {
name = "fw-mgmt-sub"
create_subnetwork = true
ip_cidr_range = "10.10.10.0/28"
region = "us-east1"
}
}
firewall_rules = {
allow-mgmt-ingress = {
name = "allow-mgmt-ingress"
source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
allowed_ports = []
}
}
}
}For a full list of available configuration items - please refer to [module documentation](https://github.com/PaloAltoNetworks/terraform-google-swfw-modules/tree/main/modules/vpc#input_networks)
Multiple keys can be added and will be deployed by the code. | `any` | `{}` | no |
| [project](#input\_project) | The project name to deploy the infrastructure in to. | `string` | `null` | no |
| [region](#input\_region) | The region into which to deploy the infrastructure in to. | `string` | `"us-central1"` | no |
| [routes](#input\_routes) | A map containing each route setting. Note that you can only add routes using a next-hop type of internal load-balance rule.
Example of variable deployment :routes = {
"default-route-trust" = {
name = "fw-default-trust"
destination_range = "0.0.0.0/0"
vpc_network_key = "fw-trust-vpc"
lb_internal_name = "internal-lb"
}
}Multiple keys can be added and will be deployed by the code. | `map(any)` | `{}` | no |
diff --git a/examples/vpc_peering_dedicated_with_autoscale/example.tfvars b/examples/vpc_peering_dedicated_with_autoscale/example.tfvars
index b94c9c3..a0bcfc4 100644
--- a/examples/vpc_peering_dedicated_with_autoscale/example.tfvars
+++ b/examples/vpc_peering_dedicated_with_autoscale/example.tfvars
@@ -49,7 +49,7 @@ networks = {
}
firewall_rules = {
allow-mgmt-ingress = {
- name = "allow-mgmt-vpc"
+ name = "allow-mgmt-ingress"
source_ranges = ["10.10.10.0/28"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"
diff --git a/examples/vpc_peering_dedicated_with_autoscale/variables.tf b/examples/vpc_peering_dedicated_with_autoscale/variables.tf
index 3005ddc..fadb9a3 100644
--- a/examples/vpc_peering_dedicated_with_autoscale/variables.tf
+++ b/examples/vpc_peering_dedicated_with_autoscale/variables.tf
@@ -74,7 +74,7 @@ variable "networks" {
}
firewall_rules = {
allow-mgmt-ingress = {
- name = "allow-mgmt-vpc"
+ name = "allow-mgmt-ingress"
source_ranges = ["10.10.10.0/24", "1.1.1.1/32"] # Set your own management source IP range.
priority = "1000"
allowed_protocol = "all"