This repository creates demo infrastructure for an NCC Hub with optional Firewall Endpoints in 2 regions. The NCC hub showcases dynamic route exchange, which allows for VPC Spokes to be in the same NCC Hub as Hybrid Spokes (VPN Tunnel, Interconnect, or Router Instance). By default, the firewall endpoints are not deployed. They can be enabled by simply setting enable_firewall_plus = true in the terraform.tfvars.
- Install terraform >= 1.8
- Update the values in the terraform.tfvars
| Name | Version |
|---|---|
| terraform | >= 1.8 |
| ~> 5.29 | |
| google-beta | ~> 5.29 |
| Name | Version |
|---|---|
| ~> 5.29 |
| Name | Source | Version |
|---|---|---|
| firewall_endpoints | ./modules/firewall-endpoint | n/a |
| ncc | ./modules/ncc | n/a |
| network_firewall_policy | ./modules/network-firewall-policy | n/a |
| nva | ./modules/nva | n/a |
| routers | terraform-google-modules/cloud-router/google | ~> 6.0 |
| vpc | terraform-google-modules/network/google | ~> 9.1 |
| vpn_landing | terraform-google-modules/vpn/google//modules/vpn_ha | ~> 4.0 |
| vpn_onprem | terraform-google-modules/vpn/google//modules/vpn_ha | ~> 4.0 |
| Name | Type |
|---|---|
| google_compute_instance.workload | resource |
| google_compute_network_firewall_policy_association.default | resource |
| google_project_service.project | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| default_region | Default region | string |
n/a | yes |
| default_region2 | Default region 2 | string |
n/a | yes |
| enable_firewall_plus | Enable firewall plus | bool |
false |
no |
| environment_code | Environment code | string |
n/a | yes |
| firewall_enable_logging | Enable firelwall logging | bool |
false |
no |
| org_id | Org ID (Requried for firewall endpoints) | string |
n/a | yes |
| project_id | GCP Project ID | string |
n/a | yes |
| services | Services to enable in project | list(string) |
[ |
no |
No outputs.