search

terraform-google-modules / terraform-google-network

Sets up a new VPC network on Google Cloud
https://registry.terraform.io/modules/terraform-google-modules/network/google
Apache License 2.0
417 stars 1.23k forks source link

Shared VPC support for subnet-level sharing #521

Closed jeheyer closed 8 months ago

jeheyer commented 11 months ago

TL;DR

Orgs using Shared VPC may wish to selectively share specific subnet(s) with specific project(s). The subnet object could have a shared_projects attribute which would be a list of project IDs to share to

Terraform Resources

data.google_project - to retrieve project number from project ID

google_compute_subnetwork_iam_binding - to assign IAM permissions for the project service accounts to a specific subnetwork

Detailed design

https://github.com/aws2gcp/gcp-network-terraform/blob/main/vpc-network/shared_vpc.tf

Additional information

Also might throw in ability to share subnets to specific accounts/groups. This is in the above code as a shared_accounts attribute to the subnet object, also a list of strings.

imrannayer commented 11 months ago

@jeheyer when you create a service project using project factory you can mention either share all VPCs in the host project or share a specific project.

github-actions[bot] commented 9 months ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days