{"id":15156040,"url":"https://github.com/avidhara/terraform-google-network","last_synced_at":"2026-01-21T17:32:48.884Z","repository":{"id":233515477,"uuid":"786922059","full_name":"avidhara/terraform-google-network","owner":"avidhara","description":"Terraform module for Google Cloud network resources ","archived":false,"fork":false,"pushed_at":"2024-04-18T05:36:16.000Z","size":47,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-13T15:26:44.364Z","etag":null,"topics":["gcp","google-cloud","google-networking","iac-terraform","terraform","terraform-gcp","terraform-module","terraform-modules"],"latest_commit_sha":null,"homepage":"https://registry.terraform.io/modules/avidhara/network/google/latest","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/avidhara.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-04-15T14:56:45.000Z","updated_at":"2024-04-17T16:10:32.000Z","dependencies_parsed_at":null,"dependency_job_id":"1747da27-39ea-454f-9587-eb6622d2510e","html_url":"https://github.com/avidhara/terraform-google-network","commit_stats":{"total_commits":8,"total_committers":2,"mean_commits":4.0,"dds":0.5,"last_synced_commit":"f6dca1626a82d992d80028e1fa4f963f48e2f9f1"},"previous_names":["avidhara/terraform-google-network"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avidhara%2Fterraform-google-network","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avidhara%2Fterraform-google-network/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avidhara%2Fterraform-google-network/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avidhara%2Fterraform-google-network/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/avidhara","download_url":"https://codeload.github.com/avidhara/terraform-google-network/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247655194,"owners_count":20974141,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gcp","google-cloud","google-networking","iac-terraform","terraform","terraform-gcp","terraform-module","terraform-modules"],"created_at":"2024-09-26T19:01:06.793Z","updated_at":"2026-01-21T17:32:48.839Z","avatar_url":"https://github.com/avidhara.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Static security analysis for Terraform](https://github.com/avidhara/terraform-google-network/actions/workflows/checkov.yml/badge.svg)](https://github.com/avidhara/terraform-google-network/actions/workflows/checkov.yml)\n# Terraform module for Google Cloud Network\n\n## Usage\n```hcl\nmodule \"vpc\" {\n  source = \"../../\"\n  name   = \"terraform-vpc\"\n  subnets = {\n    \"subnet-1\" = {\n      ip_cidr_range = \"10.0.0.0/16\"\n      region        = \"us-central1\"\n    },\n    \"subnet-2\" = {\n      ip_cidr_range = \"10.1.0.0/16\"\n      region        = \"us-central1\"\n    }\n  }\n\n  firewall_rules = {\n    \"allow-ssh\" = {\n      direction   = \"INGRESS\"\n      description = \"Allow SSH from anywhere\"\n      allow = [\n        {\n          protocol = \"tcp\"\n          ports    = [\"22\"]\n        }\n      ]\n      source_ranges      = [\"0.0.0.0/0\"]\n      destination_ranges = [\"10.0.0.0/16\"]\n    }\n  }\n}\n\n```\n\n\u003c!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.3.2 |\n| \u003ca name=\"requirement_google\"\u003e\u003c/a\u003e [google](#requirement\\_google) | \u003e= 5, \u003c 6 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_google\"\u003e\u003c/a\u003e [google](#provider\\_google) | \u003e= 5, \u003c 6 |\n\n## Modules\n\nNo modules.\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [google_compute_firewall.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall) | resource |\n| [google_compute_network.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_network) | resource |\n| [google_compute_route.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_route) | resource |\n| [google_compute_router.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_router) | resource |\n| [google_compute_router_nat.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_router_nat) | resource |\n| [google_compute_subnetwork.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_subnetwork) | resource |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_auto_create_subnetworks\"\u003e\u003c/a\u003e [auto\\_create\\_subnetworks](#input\\_auto\\_create\\_subnetworks) | (Optional) When set to true, the network is created in \"auto subnet mode\" and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in \"custom subnet mode\" so the user can explicitly connect subnetwork resources. | `bool` | `false` | no |\n| \u003ca name=\"input_bgp\"\u003e\u003c/a\u003e [bgp](#input\\_bgp) | (Optional) BGP information. It is used to configure the BGP session between the router and the Google Cloud network. It must contain the following attributes:\u003cbr\u003e  - asn: An autonomous system number (ASN) is a globally unique number that is used to identify an autonomous system (AS) that is part of the global BGP routing system.\u003cbr\u003e  - advertise\\_mode: (Optional) The mode to use for advertisement. Valid values are DEFAULT, CUSTOM. Default is DEFAULT.\u003cbr\u003e  - advertised\\_groups: (Optional) User-specified list of prefix groups to advertise in custom mode. This field can only be populated if advertise\\_mode is CUSTOM and is advertised to all peers of the router. These groups will be advertised in addition to any specified prefixes. Leave this field blank to advertise no custom groups.\u003cbr\u003e  - advertised\\_ip\\_ranges: (Optional) User-specified list of individual IP ranges to advertise in custom mode. This field can only be populated if advertise\\_mode is CUSTOM and is advertised to all peers of the router. These IP ranges will be advertised in addition to any specified groups. Leave this field blank to advertise no custom IP ranges.\u003cbr\u003e    - range: The IP range to advertise. The value must be a CIDR-formatted string.\u003cbr\u003e    - description: (Optional) An optional description of this resource. The resource must be recreated to modify this field.\u003cbr\u003e  - keepalive\\_interval: (Optional) The interval in seconds between BGP keepalive messages that are sent to the peer. The default is 60 seconds.\u003cbr\u003e  - identifier\\_range: (Optional) The range of internal addresses that are owned by this subnetwork. | \u003cpre\u003emap(object({\u003cbr\u003e    asn               = number\u003cbr\u003e    advertise_mode    = optional(string)\u003cbr\u003e    advertised_groups = optional(list(string))\u003cbr\u003e    advertised_ip_ranges = optional(list(object({\u003cbr\u003e      range       = string\u003cbr\u003e      description = optional(string)\u003cbr\u003e    })))\u003cbr\u003e    keepalive_interval = optional(number)\u003cbr\u003e    identifier_range   = optional(string)\u003cbr\u003e  }))\u003c/pre\u003e | `{}` | no |\n| \u003ca name=\"input_create\"\u003e\u003c/a\u003e [create](#input\\_create) | (optional) Whether to create the network or not. Default is true. | `bool` | `true` | no |\n| \u003ca name=\"input_create_router\"\u003e\u003c/a\u003e [create\\_router](#input\\_create\\_router) | (Optional) Whether to create the router or not. Default is true. | `bool` | `false` | no |\n| \u003ca name=\"input_create_router_nat\"\u003e\u003c/a\u003e [create\\_router\\_nat](#input\\_create\\_router\\_nat) | (Optional) Whether to create the router NAT or not. Default is true. | `bool` | `false` | no |\n| \u003ca name=\"input_delete_default_routes_on_create\"\u003e\u003c/a\u003e [delete\\_default\\_routes\\_on\\_create](#input\\_delete\\_default\\_routes\\_on\\_create) | (Optional) If set to true, default routes (0.0.0.0/0) will be deleted immediately after network creation. Defaults to false. | `bool` | `true` | no |\n| \u003ca name=\"input_description\"\u003e\u003c/a\u003e [description](#input\\_description) | (Optional) An optional description of this resource. The resource must be recreated to modify this field. | `string` | `null` | no |\n| \u003ca name=\"input_drain_nat_ips\"\u003e\u003c/a\u003e [drain\\_nat\\_ips](#input\\_drain\\_nat\\_ips) | (Optional) A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. | `list(string)` | `[]` | no |\n| \u003ca name=\"input_enable_dynamic_port_allocation\"\u003e\u003c/a\u003e [enable\\_dynamic\\_port\\_allocation](#input\\_enable\\_dynamic\\_port\\_allocation) | (Optional) Enable Dynamic Port Allocation. If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. Mutually exclusive with enableEndpointIndependentMapping. | `bool` | `false` | no |\n| \u003ca name=\"input_enable_endpoint_independent_mapping\"\u003e\u003c/a\u003e [enable\\_endpoint\\_independent\\_mapping](#input\\_enable\\_endpoint\\_independent\\_mapping) | (Optional) Enable endpoint independent mapping. Defaults to false. Mutually exclusive with enableDynamicPortAllocation. | `bool` | `false` | no |\n| \u003ca name=\"input_enable_ula_internal_ipv6\"\u003e\u003c/a\u003e [enable\\_ula\\_internal\\_ipv6](#input\\_enable\\_ula\\_internal\\_ipv6) | (Optional) Enable ULA internal ipv6 on this network. Enabling this feature will assign a /48 from google defined ULA prefix fd20::/20. | `bool` | `false` | no |\n| \u003ca name=\"input_encrypted_interconnect_router\"\u003e\u003c/a\u003e [encrypted\\_interconnect\\_router](#input\\_encrypted\\_interconnect\\_router) | (Optional) Indicates if a router is dedicated for use with encrypted VLAN attachments (interconnectAttachments). | `bool` | `false` | no |\n| \u003ca name=\"input_endpoint_types\"\u003e\u003c/a\u003e [endpoint\\_types](#input\\_endpoint\\_types) | (Optional) Specifies the endpoint Types supported by the NAT Gateway. Supported values include: ENDPOINT\\_TYPE\\_VM, ENDPOINT\\_TYPE\\_SWG, ENDPOINT\\_TYPE\\_MANAGED\\_PROXY\\_LB. | `string` | `null` | no |\n| \u003ca name=\"input_firewall_rules\"\u003e\u003c/a\u003e [firewall\\_rules](#input\\_firewall\\_rules) | (Optional) List of firewall rules. Each element must contain the following attributes:\u003cbr\u003e  - name: Name of the firewall rule.\u003cbr\u003e  - allow: (Optional) List of allow blocks. Each block must contain the following attributes:\u003cbr\u003e    - protocol: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. Possible values are: AH, ESP, GRE, ICMP, ICMPv6, IP, SCTP, TCP, UDP.\u003cbr\u003e    - ports: (Optional) List of ports which are allowed by this rule. This field is only applicable for UDP or TCP protocol.\u003cbr\u003e  - deny: (Optional) List of deny blocks. Each block must contain the following attributes:\u003cbr\u003e    - protocol: The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. Possible values are: AH, ESP, GRE, ICMP, ICMPv6, IP, SCTP, TCP, UDP.\u003cbr\u003e    - ports: (Optional) List of ports which are denied by this rule. This field is only applicable for UDP or TCP protocol.\u003cbr\u003e  - description: (Optional) An optional description of this resource. The resource must be recreated to modify this field.\u003cbr\u003e  - destination\\_ranges: (Optional) If destination ranges are specified, the firewall will apply only to traffic that has destination IP address in these ranges. These ranges must be expressed in CIDR format. Only IPv4 is supported.\u003cbr\u003e  - direction: (Optional) Direction of traffic to which this firewall applies. Default is INGRESS. Possible values are: INGRESS, EGRESS.\u003cbr\u003e  - disabled: (Optional) Denotes whether the firewall rule is disabled, i.e not applied to the network it is associated with. When set to true, the firewall rule is not enforced and the network behaves as if it did not exist. If not set, the firewall rule is enabled.\u003cbr\u003e  - log\\_config: (Optional) List of log config for a firewall rule. Each element must contain the following attributes:\u003cbr\u003e    - metadata: The metadata for firewall logs. Possible values are: INCLUDE\\_ALL\\_METADATA, EXCLUDE\\_ALL\\_METADATA, CUSTOM\\_METADATA.\u003cbr\u003e  - priority: (Optional) Priority for this rule. This is an integer between 0 and 65535, both inclusive. When not specified, the value chosen is based on the direction of the rule.\u003cbr\u003e  - source\\_ranges: (Optional) If source ranges are specified, the firewall will apply only to traffic that has source IP address in these ranges. These ranges must be expressed in CIDR format. Only IPv4 is supported.\u003cbr\u003e  - source\\_service\\_accounts: (Optional) If source service accounts are specified, the firewall will apply only to traffic originating from an instance with a service account in this list. Source service accounts cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not an IP address.\u003cbr\u003e  - source\\_tags: (Optional) If source tags are specified, the firewall will apply only to traffic with source IP that belongs to a tag listed in source tags. Source tags cannot be used to control traffic to an instance's external IP address because tags are associated with an instance, not an IP address.\u003cbr\u003e  - target\\_service\\_accounts: (Optional) A list of service accounts indicating sets of instances located in the network that may make network connections as specified in allowed[]. target\\_service\\_accounts cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not an IP address.\u003cbr\u003e  - target\\_tags: (Optional) A list of instance tags indicating sets of instances located in the network that may make network connections as specified in allowed[]. If target\\_tags is specified, the firewall rule applies only to traffic with target tags listed. However, if no target\\_tags are specified, the firewall rule applies to all instances in the network.\u003cbr\u003e  - enable\\_logging: (Optional) This field denotes whether to enable logging for a particular firewall rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. If not set, logging will not be enabled for this firewall rule. | \u003cpre\u003emap(object({\u003cbr\u003e    allow = optional(list(\u003cbr\u003e      object({\u003cbr\u003e        protocol = string\u003cbr\u003e        ports    = optional(list(string))\u003cbr\u003e      })\u003cbr\u003e    ))\u003cbr\u003e    deny = optional(list(\u003cbr\u003e      object({\u003cbr\u003e        protocol = string\u003cbr\u003e        ports    = optional(list(string))\u003cbr\u003e      })\u003cbr\u003e    ))\u003cbr\u003e    description        = optional(string)\u003cbr\u003e    destination_ranges = optional(list(string))\u003cbr\u003e    direction          = optional(string)\u003cbr\u003e    disabled           = optional(bool)\u003cbr\u003e    log_config = optional(list(object({\u003cbr\u003e      metadata = string\u003cbr\u003e    })))\u003cbr\u003e    priority                = optional(number)\u003cbr\u003e    source_ranges           = optional(list(string))\u003cbr\u003e    source_service_accounts = optional(list(string))\u003cbr\u003e    source_tags             = optional(list(string))\u003cbr\u003e    target_service_accounts = optional(list(string))\u003cbr\u003e    target_tags             = optional(list(string))\u003cbr\u003e    enable_logging          = optional(bool)\u003cbr\u003e  }))\u003c/pre\u003e | `{}` | no |\n| \u003ca name=\"input_icmp_idle_timeout_sec\"\u003e\u003c/a\u003e [icmp\\_idle\\_timeout\\_sec](#input\\_icmp\\_idle\\_timeout\\_sec) | (Optional) Timeout (in seconds) for ICMP connections. Defaults to 30s if not set. | `string` | `\"30\"` | no |\n| \u003ca name=\"input_internal_ipv6_range\"\u003e\u003c/a\u003e [internal\\_ipv6\\_range](#input\\_internal\\_ipv6\\_range) | (Optional) When enabling ula internal ipv6, caller optionally can specify the /48 range they want from the google defined ULA prefix fd20::/20. The input must be a valid /48 ULA IPv6 address and must be within the fd20::/20. Operation will fail if the speficied /48 is already in used by another resource. If the field is not speficied, then a /48 range will be randomly allocated from fd20::/20 and returned via this field. | `string` | `null` | no |\n| \u003ca name=\"input_log_config_enable\"\u003e\u003c/a\u003e [log\\_config\\_enable](#input\\_log\\_config\\_enable) | (Optional) Enable logging for this NAT. Defaults to false. | `bool` | `false` | no |\n| \u003ca name=\"input_log_config_filter\"\u003e\u003c/a\u003e [log\\_config\\_filter](#input\\_log\\_config\\_filter) | (Optional) Specifies the desired filtering of logs on this NAT. Valid values are: \"ERRORS\\_ONLY\", \"TRANSLATIONS\\_ONLY\", \"ALL\" | `string` | `\"ALL\"` | no |\n| \u003ca name=\"input_max_ports_per_vm\"\u003e\u003c/a\u003e [max\\_ports\\_per\\_vm](#input\\_max\\_ports\\_per\\_vm) | (Optional) Maximum number of ports allocated to a VM from this NAT. This field can only be set when enableDynamicPortAllocation is enabled. | `string` | `null` | no |\n| \u003ca name=\"input_min_ports_per_vm\"\u003e\u003c/a\u003e [min\\_ports\\_per\\_vm](#input\\_min\\_ports\\_per\\_vm) | (Optional) Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set.) | `string` | `64` | no |\n| \u003ca name=\"input_module_depends_on\"\u003e\u003c/a\u003e [module\\_depends\\_on](#input\\_module\\_depends\\_on) | (Optional) A list of resources that this resource depends on. A dependency exists if the dependent resource will be created before the resource that has the dependency. | `list(string)` | `[]` | no |\n| \u003ca name=\"input_mtu\"\u003e\u003c/a\u003e [mtu](#input\\_mtu) | (Optional) Maximum Transmission Unit in bytes. The default value is 1460 bytes. The minimum value for this field is 1300 and the maximum value is 8896 bytes (jumbo frames). Note that packets larger than 1500 bytes (standard Ethernet) can be subject to TCP-MSS clamping or dropped with an ICMP Fragmentation-Needed message if the packets are routed to the Internet or other VPCs with varying MTUs. | `number` | `null` | no |\n| \u003ca name=\"input_name\"\u003e\u003c/a\u003e [name](#input\\_name) | (Required) Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. | `string` | n/a | yes |\n| \u003ca name=\"input_nat_ips\"\u003e\u003c/a\u003e [nat\\_ips](#input\\_nat\\_ips) | (Optional) Self-links of NAT IPs. Only valid if natIpAllocateOption is set to MANUAL\\_ONLY. | `list(string)` | `[]` | no |\n| \u003ca name=\"input_nat_name\"\u003e\u003c/a\u003e [nat\\_name](#input\\_nat\\_name) | (Optional) Name of the NAT service. The name must be 1-63 characters long and comply with RFC1035. | `string` | `null` | no |\n| \u003ca name=\"input_network_firewall_policy_enforcement_order\"\u003e\u003c/a\u003e [network\\_firewall\\_policy\\_enforcement\\_order](#input\\_network\\_firewall\\_policy\\_enforcement\\_order) | (Optional) Set the order that Firewall Rules and Firewall Policies are evaluated. Default value is AFTER\\_CLASSIC\\_FIREWALL. Possible values are: BEFORE\\_CLASSIC\\_FIREWALL, AFTER\\_CLASSIC\\_FIREWALL. | `string` | `null` | no |\n| \u003ca name=\"input_project\"\u003e\u003c/a\u003e [project](#input\\_project) | (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. | `string` | `null` | no |\n| \u003ca name=\"input_route_region\"\u003e\u003c/a\u003e [route\\_region](#input\\_route\\_region) | (Optional) The region in which the router will be created. If it is not provided, the provider region is used. | `string` | `null` | no |\n| \u003ca name=\"input_router_name\"\u003e\u003c/a\u003e [router\\_name](#input\\_router\\_name) | (Optional) Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. | `string` | `null` | no |\n| \u003ca name=\"input_routes\"\u003e\u003c/a\u003e [routes](#input\\_routes) | (Optional) List of routes. Each element must contain the following attributes:\u003cbr\u003e  - dest\\_range: The destination range of outgoing packets that this route applies to. Only IPv4 is supported.\u003cbr\u003e  - description: (Optional) An optional description of this resource. The resource must be recreated to modify this field.\u003cbr\u003e  - priority: (Optional) The priority of this route. Priority is used to break ties in cases where there is more than one matching route of equal prefix length. In the case of two routes with equal prefix length, the one with the lowest-valued priority wins.\u003cbr\u003e  - next\\_hop\\_gateway: (Optional) The URL to a gateway that should handle matching packets. Currently, the only supported gateway is default-internet-gateway.\u003cbr\u003e  - next\\_hop\\_instance: (Optional) The URL to an instance that should handle matching packets. The instance must be in the same region as the router that is making the request.\u003cbr\u003e  - next\\_hop\\_ip: (Optional) The network IP address of an instance that should handle matching packets. Only IPv4 is supported.\u003cbr\u003e  - next\\_hop\\_vpn\\_tunnel: (Optional) The URL to a VpnTunnel that should handle matching packets.\u003cbr\u003e  - next\\_hop\\_ilb: (Optional) The URL to a forwarding rule of type loadBalancingScheme INTERNAL that should handle matching packets.\u003cbr\u003e  - next\\_hop\\_instance\\_zone: (Optional) The zone in which the next\\_hop\\_instance is located.\u003cbr\u003e  - tags: (Optional) A list of instance tags to which this route applies. | \u003cpre\u003emap(object({\u003cbr\u003e    dest_range             = string\u003cbr\u003e    description            = optional(string)\u003cbr\u003e    priority               = optional(number)\u003cbr\u003e    next_hop_gateway       = optional(string)\u003cbr\u003e    next_hop_instance      = optional(string)\u003cbr\u003e    next_hop_ip            = optional(string)\u003cbr\u003e    next_hop_vpn_tunnel    = optional(string)\u003cbr\u003e    next_hop_ilb           = optional(string)\u003cbr\u003e    next_hop_instance_zone = optional(string)\u003cbr\u003e    tags                   = optional(list(string))\u003cbr\u003e  }))\u003c/pre\u003e | `{}` | no |\n| \u003ca name=\"input_routing_mode\"\u003e\u003c/a\u003e [routing\\_mode](#input\\_routing\\_mode) | (Optional) The network-wide routing mode to use. If set to REGIONAL, this network's cloud routers will only advertise routes with subnetworks of this network in the same region as the router. If set to GLOBAL, this network's cloud routers will advertise routes with all subnetworks of this network, across regions. Possible values are: REGIONAL, GLOBAL. | `string` | `\"GLOBAL\"` | no |\n| \u003ca name=\"input_rules\"\u003e\u003c/a\u003e [rules](#input\\_rules) | (Optional) List of rules. Each element must contain the following attributes:\u003cbr\u003e  - rule\\_number: The rule number of the rule. It must be unique within the list of rules.\u003cbr\u003e  - description: (Optional) An optional description of this resource. The resource must be recreated to modify this field.\u003cbr\u003e  - match: The match criteria for the rule. Possible values are: SRC\\_IPS, SRC\\_SERVICE\\_ACCOUNTS, SRC\\_TAGS.\u003cbr\u003e  - action: (Optional) The action to take when the rule is matched. Each element must contain the following attributes:\u003cbr\u003e    - source\\_nat\\_active\\_ips: (Optional) The list of IPs to be used for NAT.\u003cbr\u003e    - source\\_nat\\_drain\\_ips: (Optional) The list of IPs to be drained.\u003cbr\u003e    - source\\_nat\\_active\\_ranges: (Optional) The list of ranges to be used for NAT.\u003cbr\u003e    - source\\_nat\\_drain\\_ranges: (Optional) The list of ranges to be drained. | \u003cpre\u003elist(object({\u003cbr\u003e    rule_number = number\u003cbr\u003e    description = optional(string)\u003cbr\u003e    match       = string\u003cbr\u003e    action = optional(list(object({\u003cbr\u003e      source_nat_active_ips    = optional(string)\u003cbr\u003e      source_nat_drain_ips     = optional(string)\u003cbr\u003e      source_nat_active_ranges = optional(string)\u003cbr\u003e      source_nat_drain_ranges  = optional(string)\u003cbr\u003e    })))\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_source_subnetwork_ip_ranges_to_nat\"\u003e\u003c/a\u003e [source\\_subnetwork\\_ip\\_ranges\\_to\\_nat](#input\\_source\\_subnetwork\\_ip\\_ranges\\_to\\_nat) | (Optional) How NAT should be configured per Subnetwork. If ALL\\_SUBNETWORKS\\_ALL\\_IP\\_RANGES, all of the IP ranges in every Subnetwork are allowed to Nat. If ALL\\_SUBNETWORKS\\_ALL\\_PRIMARY\\_IP\\_RANGES, all of the primary IP ranges in every Subnetwork are allowed to Nat. LIST\\_OF\\_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below). Note that if this field contains ALL\\_SUBNETWORKS\\_ALL\\_IP\\_RANGES or ALL\\_SUBNETWORKS\\_ALL\\_PRIMARY\\_IP\\_RANGES, then there should not be any other RouterNat section in any Router for this network in this region. Possible values are: ALL\\_SUBNETWORKS\\_ALL\\_IP\\_RANGES, ALL\\_SUBNETWORKS\\_ALL\\_PRIMARY\\_IP\\_RANGES, LIST\\_OF\\_SUBNETWORKS. | `string` | `\"ALL_SUBNETWORKS_ALL_IP_RANGES\"` | no |\n| \u003ca name=\"input_subnets\"\u003e\u003c/a\u003e [subnets](#input\\_subnets) | (Optional) List of subnetworks. Each element must contain the following attributes:\u003cbr\u003e  - name: Name of the subnetwork.\u003cbr\u003e  - ip\\_cidr\\_range: The range of internal addresses that are owned by this subnetwork.\u003cbr\u003e  - network: The network this subnet belongs to. If not provided, the network will be created in auto subnet mode.\u003cbr\u003e  - description: (Optional) An optional description of this resource. The resource must be recreated to modify this field.\u003cbr\u003e  - purpose: (Optional) The purpose of the resource. Possible values are: INTERNAL\\_HTTPS\\_LOAD\\_BALANCER, INTERNAL\\_TCP\\_UDP\\_LOAD\\_BALANCER, PRIVATE, PUBLIC.\u003cbr\u003e  - role: (Optional) The role of subnetwork. Possible values are: ACTIVE, INACTIVE.\u003cbr\u003e  - secondary\\_ip\\_range: (Optional) List of secondary ip ranges to be used in this subnetwork.\u003cbr\u003e  - private\\_ipv6\\_google\\_access: (Optional) The private ipv6 google access type. Possible values are: OFF, ON.\u003cbr\u003e  - private\\_ip\\_google\\_access: (Optional) The private ip google access type. Default is false.\u003cbr\u003e  - region: The region this subnetwork belongs to.\u003cbr\u003e  - log\\_config: (Optional) List of log config for a subnetwork. Each element must contain the following attributes:\u003cbr\u003e    - aggregation\\_interval: (Optional) The aggregation interval for flow logs. Default is 5 seconds.\u003cbr\u003e    - flow\\_sampling: (Optional) The flow sampling for flow logs. Default is 0.5.\u003cbr\u003e    - metadata: (Optional) The metadata for flow logs. Possible values are: INCLUDE\\_ALL\\_METADATA, EXCLUDE\\_ALL\\_METADATA, CUSTOM\\_METADATA.\u003cbr\u003e    - metadata\\_fields: (Optional) The metadata fields for flow logs. Required if metadata is CUSTOM\\_METADATA.\u003cbr\u003e    - filter\\_expr: (Optional) The filter expression for flow logs.\u003cbr\u003e  - stack\\_type: (Optional) The stack type of the subnetwork. Possible values are: IPV4\\_ONLY, IPV4\\_IPV6.\u003cbr\u003e  - ipv6\\_access\\_type: (Optional) The ipv6 access type of the subnetwork. Possible values are: OFF, ON.\u003cbr\u003e  - external\\_ipv6\\_prefix: (Optional) The external ipv6 prefix of the subnetwork.\u003cbr\u003e  - allow\\_subnet\\_cidr\\_routes\\_overlap: (Optional) Whether to allow subnet cidr routes overlap. Default is false. | \u003cpre\u003emap(object({\u003cbr\u003e    ip_cidr_range              = string\u003cbr\u003e    network                    = optional(string)\u003cbr\u003e    description                = optional(string)\u003cbr\u003e    purpose                    = optional(string)\u003cbr\u003e    role                       = optional(string)\u003cbr\u003e    secondary_ip_range         = optional(list(map(string)))\u003cbr\u003e    private_ipv6_google_access = optional(string)\u003cbr\u003e    private_ip_google_access   = optional(bool)\u003cbr\u003e    region                     = string\u003cbr\u003e    log_config = optional(list(object({\u003cbr\u003e      aggregation_interval = optional(string)\u003cbr\u003e      flow_sampling        = optional(string)\u003cbr\u003e      metadata             = optional(string)\u003cbr\u003e      metadata_fields      = optional(list(string))\u003cbr\u003e      filter_expr          = optional(string)\u003cbr\u003e    })))\u003cbr\u003e    stack_type                       = optional(string)\u003cbr\u003e    ipv6_access_type                 = optional(string)\u003cbr\u003e    external_ipv6_prefix             = optional(string)\u003cbr\u003e    allow_subnet_cidr_routes_overlap = optional(bool)\u003cbr\u003e  }))\u003c/pre\u003e | `{}` | no |\n| \u003ca name=\"input_subnetworks\"\u003e\u003c/a\u003e [subnetworks](#input\\_subnetworks) | (Optional) List of subnetworks. Each element must contain the following attributes:\u003cbr\u003e  - name: Name of the subnetwork.\u003cbr\u003e  - source\\_ip\\_ranges\\_to\\_nat: List of primary and secondary subnetwork ranges to NAT.\u003cbr\u003e  - secondary\\_ip\\_range\\_names: List of secondary ip range names to be used in this subnetwork. | \u003cpre\u003elist(object({\u003cbr\u003e    name                     = string,\u003cbr\u003e    source_ip_ranges_to_nat  = list(string)\u003cbr\u003e    secondary_ip_range_names = list(string)\u003cbr\u003e  }))\u003c/pre\u003e | `[]` | no |\n| \u003ca name=\"input_tcp_established_idle_timeout_sec\"\u003e\u003c/a\u003e [tcp\\_established\\_idle\\_timeout\\_sec](#input\\_tcp\\_established\\_idle\\_timeout\\_sec) | (Optional) Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set. | `string` | `\"120\"` | no |\n| \u003ca name=\"input_tcp_time_wait_timeout_sec\"\u003e\u003c/a\u003e [tcp\\_time\\_wait\\_timeout\\_sec](#input\\_tcp\\_time\\_wait\\_timeout\\_sec) | (Optional) Timeout (in seconds) for TCP connections that are in TIME\\_WAIT state. Defaults to 120s if not set. | `string` | `\"120\"` | no |\n| \u003ca name=\"input_tcp_transitory_idle_timeout_sec\"\u003e\u003c/a\u003e [tcp\\_transitory\\_idle\\_timeout\\_sec](#input\\_tcp\\_transitory\\_idle\\_timeout\\_sec) | (Optional) Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set. | `string` | `\"30\"` | no |\n| \u003ca name=\"input_udp_idle_timeout_sec\"\u003e\u003c/a\u003e [udp\\_idle\\_timeout\\_sec](#input\\_udp\\_idle\\_timeout\\_sec) | (Optional) Timeout (in seconds) for UDP connections. Defaults to 30s if not set. | `string` | `\"30\"` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_firewall_id\"\u003e\u003c/a\u003e [firewall\\_id](#output\\_firewall\\_id) | an identifier for the resource with format projects/{{project}}/global/firewalls/{{name}} |\n| \u003ca name=\"output_gateway_ipv4\"\u003e\u003c/a\u003e [gateway\\_ipv4](#output\\_gateway\\_ipv4) | The gateway address for default routing out of the network. This value is selected by GCP. |\n| \u003ca name=\"output_id\"\u003e\u003c/a\u003e [id](#output\\_id) | an identifier for the resource with format projects/{{project}}/global/networks/{{name}} |\n| \u003ca name=\"output_nat_id\"\u003e\u003c/a\u003e [nat\\_id](#output\\_nat\\_id) | an identifier for the resource with format projects/{{project}}/regions/{{region}}/routers/{{router\\_name}}/nat |\n| \u003ca name=\"output_numeric_id\"\u003e\u003c/a\u003e [numeric\\_id](#output\\_numeric\\_id) | The unique identifier for the resource. This identifier is defined by the server. |\n| \u003ca name=\"output_router_id\"\u003e\u003c/a\u003e [router\\_id](#output\\_router\\_id) | an identifier for the resource with format projects/{{project}}/regions/{{region}}/routers/{{name}} |\n| \u003ca name=\"output_self_link\"\u003e\u003c/a\u003e [self\\_link](#output\\_self\\_link) | The URI of the created resource. |\n| \u003ca name=\"output_subnet_ids\"\u003e\u003c/a\u003e [subnet\\_ids](#output\\_subnet\\_ids) | n/a |\n\u003c!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Favidhara%2Fterraform-google-network","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Favidhara%2Fterraform-google-network","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Favidhara%2Fterraform-google-network/lists"}