Most of the implementation seems to work with shared VPC except for the NAT resources when alllow_public_egress is true. To support shared VPC the resources vault-router (google_compute_router) and vault-nat (google_compute_router_nat and google_compute_address) would need to be created in the shared VPC host project (see here). This can be implemented by adding a new variable (host_project_id) that when set indicates a shared VPC deployment and would be used in the creation of the mentioned resources
TL;DR
Most of the implementation seems to work with shared VPC except for the NAT resources when
alllow_public_egress
is true. To support shared VPC the resourcesvault-router
(google_compute_router
) andvault-nat
(google_compute_router_nat
andgoogle_compute_address
) would need to be created in the shared VPC host project (see here). This can be implemented by adding a new variable (host_project_id
) that when set indicates a shared VPC deployment and would be used in the creation of the mentioned resourcesTerraform Resources
Detailed design
No response
Additional information
No response