Working Landing Zone.

modules/network/main.tf

@@ -0,0 +1,30 @@
+# VPC
+resource "google_compute_network" "vpc_network" {
+  name                    = var.name
+  auto_create_subnetworks = false
+}
+
+# Subnets
+resource "google_compute_subnetwork" "subnet" {
+  count         = length(var.subnets)
+  name          = var.subnets[count.index].name
+  ip_cidr_range = var.subnets[count.index].cidr
+  region        = var.subnets[count.index].region != null ? var.subnets[count.index].region : var.subnets[0].region
+  network       = google_compute_network.vpc_network.id
+}
+
+# Cloud NAT
+resource "google_compute_router" "cr" {
+  name    = "${var.name}-router"
+  network = google_compute_network.vpc_network.id
+  region  = var.subnets[0].region
+}
+
+resource "google_compute_router_nat" "name" {
+  name = "${var.name}-nat"
+  region = var.subnets[0].region
+  router = google_compute_router.cr.name
+  nat_ip_allocate_option = "AUTO_ONLY"
+  source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
+  enable_dynamic_port_allocation = true
+}

modules/network/variables.tf

@@ -0,0 +1,20 @@
+variable "name" {
+  description = "The name of the network."
+  type        = string
+}
+
+# A Cloud NAT will be created in the same region as the first subnet.
+variable "subnets" {
+  description = "A list of subnets with names and CIDRs."
+
+  type = list(object({
+    name   = string
+    cidr   = string
+    region = string
+  }))
+
+  validation {
+    condition     = var.subnets[0].region != null
+    error_message = "The region for the first subnet must be specified."
+  }
+}