generated from mentoriaiac/template-modulo-terraform
-
Notifications
You must be signed in to change notification settings - Fork 3
/
main.tf
67 lines (55 loc) · 1.53 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
provider "google" {
project = "mentoria-iac-staging"
region = "us-central1"
}
# VPC
resource "google_compute_network" "groundwork" {
name = "groundwork"
auto_create_subnetworks = false
}
# Subnets
resource "google_compute_subnetwork" "load_balancer" {
name = "load-balancer"
ip_cidr_range = "10.2.1.0/24"
network = google_compute_network.groundwork.id
}
resource "google_compute_subnetwork" "nomad" {
name = "nomad"
ip_cidr_range = "10.2.2.0/24"
network = google_compute_network.groundwork.id
}
# NAT
resource "google_compute_router" "nat" {
name = "groundwork"
network = google_compute_network.groundwork.id
}
resource "google_compute_router_nat" "nat" {
name = "groundwork-nat"
router = google_compute_router.nat.name
nat_ip_allocate_option = "AUTO_ONLY"
source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS"
subnetwork {
name = google_compute_subnetwork.nomad.id
source_ip_ranges_to_nat = ["ALL_IP_RANGES"]
}
}
# Firewall
resource "google_compute_firewall" "allow_internal" {
name = "allow-internal"
network = google_compute_network.groundwork.name
source_ranges = ["10.2.0.0/22"]
# Define como prioridade baixa para permitir que outras regras sobreescrevam
# para casos mais específicos.
priority = 65534
allow {
protocol = "tcp"
ports = ["0-65535"]
}
allow {
protocol = "udp"
ports = ["0-65535"]
}
allow {
protocol = "icmp"
}
}