Working Landing Zone.

.gitignore

@@ -0,0 +1,6 @@
+*.tfvars
+.terraform*
+*.tfstate
+*.tfstate.backup
+*.tfplan
+*.tfplan.*

README.md

@@ -0,0 +1,10 @@
+# GCP Simple Landing Zone
+
+A simple LZ with a single subnet VPC network, a Cloud NAT and VPN connection.
+
+There are two submodules:
+
+* Network - a module that creates a VPC with defined subnets
+* Cloud VPN - a module that creates a Cloud VPN
+
+

main.tf

@@ -0,0 +1,39 @@
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = ">= 6.27.0"
+    }
+  }
+}
+
+provider "google" {
+  # Configuration options
+  region  = var.region
+  zone    = var.zone
+  project = var.project_id
+}
+
+module "network" {
+  source = "./modules/network"
+
+  name = var.network_name
+  subnets = [
+    {
+      name   = var.subnet_name
+      region = var.region
+      cidr   = var.subnet_cidr
+    }
+  ]
+}
+
+module "vm" {
+  source = "./modules/linux-vm"
+
+  name         = "vm-test"
+  network_name = var.network_name
+  subnet_name  = var.subnet_name
+  ssh          = var.ssh
+
+  depends_on = [module.network]
+}

modules/linux-vm/main.tf

@@ -0,0 +1,21 @@
+resource "google_compute_instance" "vm_hub" {
+  name           = var.name
+  machine_type   = var.machine_type
+  can_ip_forward = var.can_ip_forward
+  description    = var.description
+
+  boot_disk {
+    initialize_params {
+      image = "debian-cloud/debian-12"
+    }
+  }
+
+  network_interface {
+    network    = var.network_name
+    subnetwork = var.subnet_name
+  }
+
+  metadata = {
+    ssh-keys = "${var.ssh[0].public_key} ${var.ssh[0].ssh_user}"
+  }
+}

modules/linux-vm/outputs.tf

@@ -0,0 +1,3 @@
+output "vm_internal_ip" {
+  value = google_compute_instance.vm_hub.network_interface[0].network_ip
+}

modules/linux-vm/variables.tf

@@ -0,0 +1,41 @@
+variable "name" {
+  description = "The name of the VM instance."
+  type        = string
+}
+
+variable "machine_type" {
+  description = "The machine type of the VM instance."
+  type        = string
+  default     = "e2-micro"
+}
+
+variable "can_ip_forward" {
+  description = "Whether the VM instance can forward IP packets."
+  type        = bool
+  default     = false
+}
+
+variable "description" {
+  description = "The description of the VM instance."
+  type        = string
+  nullable    = true
+  default     = null
+}
+
+variable "network_name" {
+  description = "The name of the network to attach the VM instance to."
+  type        = string
+}
+
+variable "subnet_name" {
+  description = "The name of the subnet to attach the VM instance to."
+  type        = string
+}
+
+variable "ssh" {
+  description = "SSH Key(s) definition"
+  type = list(object({
+    public_key = string
+    ssh_user   = string
+  }))
+}

modules/network/main.tf

@@ -0,0 +1,30 @@
+# VPC
+resource "google_compute_network" "vpc_network" {
+  name                    = var.name
+  auto_create_subnetworks = false
+}
+
+# Subnets
+resource "google_compute_subnetwork" "subnet" {
+  count         = length(var.subnets)
+  name          = var.subnets[count.index].name
+  ip_cidr_range = var.subnets[count.index].cidr
+  region        = var.subnets[count.index].region != null ? var.subnets[count.index].region : var.subnets[0].region
+  network       = google_compute_network.vpc_network.id
+}
+
+# Cloud NAT
+resource "google_compute_router" "cr" {
+  name    = "${var.name}-router"
+  network = google_compute_network.vpc_network.id
+  region  = var.subnets[0].region
+}
+
+resource "google_compute_router_nat" "name" {
+  name = "${var.name}-nat"
+  region = var.subnets[0].region
+  router = google_compute_router.cr.name
+  nat_ip_allocate_option = "AUTO_ONLY"
+  source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
+  enable_dynamic_port_allocation = true
+}

modules/network/variables.tf

@@ -0,0 +1,20 @@
+variable "name" {
+  description = "The name of the network."
+  type        = string
+}
+
+# A Cloud NAT will be created in the same region as the first subnet.
+variable "subnets" {
+  description = "A list of subnets with names and CIDRs."
+
+  type = list(object({
+    name   = string
+    cidr   = string
+    region = string
+  }))
+
+  validation {
+    condition     = var.subnets[0].region != null
+    error_message = "The region for the first subnet must be specified."
+  }
+}

variables.tf

@@ -0,0 +1,46 @@
+variable "project_id" {
+  description = "The ID of the project."
+  type        = string
+}
+
+variable "region" {
+  description = "The region for the resources."
+  type        = string
+  default     = "europe-central2"
+}
+
+variable "zone" {
+  description = "The zone for the resources."
+  type        = string
+  default     = "europe-central2-b"
+}
+
+variable "network_name" {
+  description = "The name of the network."
+  type        = string
+  default     = "dom-lab-network"
+}
+
+variable "subnet_name" {
+  description = "The name of the subnet."
+  type        = string
+  default     = "waw-default"
+}
+
+variable "subnet_cidr" {
+  description = "The CIDR range for the subnet."
+  type        = string
+  default     = "192.168.16.0/24"
+}
+
+variable "ssh" {
+  description = "SSH Key(s) definition"
+  type = list(object({
+    public_key = string
+    ssh_user   = string
+  }))
+  default = [{
+    public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID1Z96CGdoNnbazs89cdnDLDdju6UtuKAZctEAmnEaAC"
+    ssh_user   = "slawek@1password"
+  }]
+}