- Notifications
You must be signed in to change notification settings - Fork5
Create Virtual Private Endpoint Gateways across VPC subnets.
License
terraform-ibm-modules/terraform-ibm-vpe-gateway
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
This module creates and configures virtual private endpoint gateways (https://cloud.ibm.com/docs/vpc?topic=vpc-ordering-endpoint-gateway) for an IBM Cloud service.
The module supports the following actions:
- Create virtual private endpoint gateways
- Create reserved IP addresses
- Attach endpoint gateways to reserved IP addresses.
An IBM Providerissue has been raised that impacts this module. When changing the name of reserved ip addresses for the VPE gateways, the outputs of this module may not be updated in the terraform state file. When this issue occurs, run aterraform apply -refresh-only
to update the terraform state.
provider"ibm" {ibmcloud_api_key="XXXXXXXXXX"# pragma: allowlist secretregion="us-south"}# Creates:# - VPEmodule"vpes" {source="terraform-ibm-modules/vpe-gateway/ibm"version="X.X.X"# Replace "X.X.X" with a release version to lock into a specific releaseregion="us-south"prefix="vpe"vpc_name="my-vpc-instance"vpc_id="r022-ae2a6785-gd62-7d4j-af62-b4891e949345"subnet_zone_list=[ { id="0757-b21b9565-bc4c-4847-bc6f-277ecd0a7cf6" name="subnet-1" cidr="10.0.10.0/24" public_gateway=true acl_name="acl" zone="zone-1" }, { id="0757-b21b9565-bc4c-4847-bc6f-277ecd0a7cf6" name="subnet-2" cidr="10.0.11.0/24" acl_name="acl" public_gateway=null zone="zone-2" } ]resource_group_id="00ae4b38253f43a3acd14619dd385632"# pragma: allowlist secretsecurity_group_ids=["r014-2d4f8cd6-6g3s-4ab5-ac3f-8fc717ce2a1f"]cloud_services=[ { service_name="kms" }, { service_name="cloud-object-storage" } ]cloud_service_by_crn=[ { crn="crn:v1:bluemix:public:databases-for-postgresql:us-south:a/abac0df06b644a9cabc6e44f55b3880d:93f97b1a-fe35-4f17-a8be-ecf197a36bed::" } ]service_endpoints="private"}
You need the following permissions to run this module.
- Account Management
- Resource Group service
Viewer
platform access
- Resource Group service
- IAM services
- VPE Infrastructure services
Editor
platform access
- VPE Infrastructure services
Name | Version |
---|---|
terraform | >= 1.9.0 |
ibm | >=1.61.0, <2.0.0 |
Name | Source | Version |
---|---|---|
ip | ./modules/reserved-ips | n/a |
Name | Type |
---|---|
ibm_is_virtual_endpoint_gateway.vpe | resource |
ibm_is_virtual_endpoint_gateway_ip.endpoint_gateway_ip | resource |
ibm_is_virtual_endpoint_gateway.vpe | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
cloud_service_by_crn | The list of cloud service CRNs used to create endpoint gateways. Use this list to identify services that are not supported by service name in thecloud_services variable. For a list of supported services, seeVPE-enabled services. Ifservice_name is not specified, the CRN is used to find the name. Ifvpe_name is not specified in the list, VPE names are created in the format<prefix>-<vpc_name>-<service_name> . The value that you specify forvpc_name must be known at Terraform plan time. | set( | [] | no |
cloud_services | The list of cloud services used to create endpoint gateways. Ifvpe_name is not specified in the list, VPE names are created in the format<prefix>-<vpc_name>-<service_name> . The value that you specify forvpc_name must be known at Terraform plan time. | set(object({ | [] | no |
prefix | The prefix that you would like to append to your resources. Value is only used if no value is passed for thevpe_name option in thecloud_services input variable. | string | "vpe" | no |
region | The region where VPC and services are deployed | string | "us-south" | no |
reserved_ips | Map of existing reserved IP names and values. If you wish to create your reserved ips independently and not create new ones you can first run thereserved-ips submodule and then copy the outputreserved_ip_map here. | object({ | {} | no |
resource_group_id | ID of the resource group where endpoint gateways will be provisioned | string | null | no |
security_group_ids | List of security group ids to attach to each endpoint gateway. | list(string) | null | no |
service_endpoints | Service endpoints to use to create endpoint gateways. Can bepublic , orprivate . | string | "private" | no |
subnet_zone_list | List of subnets in the VPC where gateways and reserved IPs will be provisioned. This value is intended to use thesubnet_zone_list output from the Landing Zone VPC Subnet Module (https://github.com/terraform-ibm-modules/terraform-ibm-landing-zone-vpc) or from templates using that module for subnet creation. | list( | [] | no |
vpc_id | ID of the VPC where the Endpoint Gateways will be created | string | null | no |
vpc_name | A label that can be used as a short name for virtual private endpoints. Ifvpe_name is not specified in thecloud_services orcloud_service_by_crn input variable lists, VPE names are created in the format<prefix>-<vpc_name>-<service_name> . The value that you specify forvpc_name must be known at Terraform plan time. | string | "vpc" | no |
Name | Description |
---|---|
crn | The CRN of the endpoint gateway |
vpe_ips | The endpoint gateway reserved ips |
You can report issues and request features for this module in GitHub issues in the module repo. SeeReport an issue or request a feature.
To set up your local development environment, seeLocal development setup in the project documentation.
About
Create Virtual Private Endpoint Gateways across VPC subnets.
Topics
Resources
License
Code of conduct
Uh oh!
There was an error while loading.Please reload this page.