Google Cloud Cloud NAT网关

时间:2018-12-27 08:20:54

标签: google-cloud-platform google-compute-engine terraform

我想通过terraform连接我的“专用”网络(没有外部IP的实例)。

  • google_compute_router_nat.advanced-nat:修补路由器us-west2 / my-router1:googleapi:错误400:字段'resource.nats [0] .subnetworks [0] .name'无效的值:'test-us- west2-private-subnet”。网址格式错误。 更多细节: 原因:无效,消息:字段'resource.nats [0] .subnetworks [0] .name'的值无效:'test-us-west2-private-subnet'。网址格式错误。 原因:无效,消息:字段'resource.nats [0] .natIps [0]'的值无效:'10 .0.0.0 / 16'。网址格式错误。

任务:将经典方案从AWS迁移到GCP:一个VPC网络,公共网络中的堡垒主机,专用网络中的所有计算机,无需外部IP。将NAT网关用于专用网络。

resource "google_compute_router" "router" {
  name    = "my-router1"
  network = "${var.gcp_project_name}-net"
  bgp {
    asn = 64514
  }
}

resource "google_compute_router_nat" "advanced-nat" {
  name                               = "nat-1"
  router                             = "${google_compute_router.router.name}"
  region                             = "us-west2"
  nat_ip_allocate_option             = "MANUAL_ONLY"
  nat_ips                            = ["10.0.0.0/16"]
  source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS"
  subnetwork {
    name = "${var.gcp_project_name}-${var.gcp_region_name}-private-subnet"
  }
}

some result

1 个答案:

答案 0 :(得分:0)

# VPC
resource "google_compute_network" "gcp_project_name" {
  name    = "${var.gcp_project_name}-net"
  auto_create_subnetworks = "false"
}

# PRIVATE SUBNET
resource "google_compute_subnetwork" "gcp_project_name_private_subnet" {
  name          = "${var.gcp_project_name}-${var.gcp_region_name}-private-subnet"
  ip_cidr_range = "10.0.0.0/16"
  network       = "${google_compute_network.gcp_project_name.self_link}"
  region        = "${var.gcp_region_name}"
}

# PUBLIC SUBNET
resource "google_compute_subnetwork" "gcp_project_name_public_subnet" {
  name          = "${var.gcp_project_name}-${var.gcp_region_name}-public-subnet"
  ip_cidr_range = "10.8.0.0/16"
  network       = "${google_compute_network.gcp_project_name.self_link}"
  region        = "${var.gcp_region_name}"
}

resource "google_compute_router" "router" {
  name    = "${var.gcp_router_name}"
  network = "${var.gcp_project_name}-net"
  region  = "${var.gcp_region_name}"
}


resource "google_compute_router_nat" "advanced-nat" {
  name                               = "${var.gcp_nat_name}"
  router                             = "${var.gcp_router_name}"
  region                             = "${var.gcp_region_name}"
  nat_ip_allocate_option             = "AUTO_ONLY"
  source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS"
  subnetwork {
    name = "${google_compute_subnetwork.gcp_project_name_private_subnet.self_link}"
  }
}
相关问题
最新问题