Google Cloud Private Service Access Terraform Module

Description

Private service access module that allows you to reach the internal IP addresses of services using private connections. This module creates a global address resource and peers it with the network. Coalfire has tested this module with Terraform version 1.5.0 and the Hashicorp Google provider versions 4.70 - 5.0.

FedRAMP Compliance: High (included as a part of Virtual Private Cloud)

Usage

module "private-service-access" {
  source = "github.com/Coalfire-CF/terraform-gcp-private-service-access"

  project_id = data.terraform_remote_state.bootstrap.outputs.networking_project_id

  network       = module.private.network_name
  name          = "${var.subnet_prefix}-private-psa"
  peering_range = "${var.ip_network_mgmt}.12.0/23"

  depends_on = [module.module.private]
}

Requirements

No requirements.

Providers

Name	Version
google	n/a

Modules

No modules.

Resources

Name	Type
google_compute_global_address.private_service_connection	resource
google_compute_network_peering_routes_config.peering_routes	resource
google_service_networking_connection.private_service_connection	resource
google_compute_network.network	data source

Inputs

Name	Description	Type	Default	Required
name	A name to associate for the service connection.	string	n/a	yes
network	Name or URI of VPC network connected with service producers using VPC peering.	string	n/a	yes
peering_range	An IP address range to reserve for the service connection.	string	n/a	yes
project_id	The Google Cloud Platform project ID	string	n/a	yes

Outputs

Name	Description
address	First IP of the reserved range.
google_compute_global_address_name	URL of the reserved range.