Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/heroku-examples/terraform-heroku-vpn-gcp

Terraform module for a Heroku Private Space VPN connection with Google Compute Platform
https://github.com/heroku-examples/terraform-heroku-vpn-gcp

Last synced: 2 days ago
JSON representation

Terraform module for a Heroku Private Space VPN connection with Google Compute Platform

Host: GitHub
URL: https://github.com/heroku-examples/terraform-heroku-vpn-gcp
Owner: heroku-examples
License: mit
Created: 2018-10-29T23:42:40.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2021-01-28T22:40:09.000Z (about 4 years ago)
Last Synced: 2024-04-14T18:35:58.650Z (10 months ago)
Language: HCL
Homepage: https://devcenter.heroku.com/articles/vpn-private-space-google-cloud-platform
Size: 23.4 KB
Stars: 7
Watchers: 7
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # Heroku Private Space VPN connection to Google Cloud Platform using Terraform

[![Build Status](https://travis-ci.org/heroku-examples/terraform-heroku-vpn-gcp.svg?branch=master)](https://travis-ci.org/heroku-examples/terraform-heroku-vpn-gcp)

A Heroku [Private Space](https://devcenter.heroku.com/articles/private-spaces) provides a container for [internally routed apps](https://devcenter.heroku.com/articles/internal-routing) that are only accessible within its private network.

[Private Space VPN Connections](https://devcenter.heroku.com/articles/private-space-vpn-connection) provide site-to-site interconnection with [Google Cloud VPN](https://cloud.google.com/vpn/docs/concepts/overview).

Apps on either side of the VPN connection may access apps on the other side other by DNS name via the established IPSec network tunnels. Two tunnels provide redundancy to ensure uninterrupted network connectivity.

A single [Terraform config](https://www.terraform.io/docs/configuration/index.html) embodies the complete integration between Heroku and Google Cloud Platform, enabling high-level collaboration, repeatability, test-ability, and change management.

## Primary components

* [Heroku](https://www.heroku.com/home)

* [Google Cloud Platform](https://cloud.google.com/)

* [Terraform](https://terraform.io)

## Challenges & Caveats

* **Config drift when using Heroku or Google Dashboard or CLI.** Once the config is applied, if changes are made to the resources outside of Terraform, then the Terraform state will no longer match its configuration, making it impossible to apply or destroy further until the drifting values are imported (for new resources) or manually updated in `terraform.tfstate`.

## Requirements

* [Heroku](https://www.heroku.com/home)

  * install [command-line tools (CLI)](https://toolbelt.heroku.com)

  * [an account](https://signup.heroku.com) (must be a member of an Enterprise account for access to Private Spaces)

  * [a team](https://devcenter.heroku.com/articles/heroku-teams) in the Enterprise account

* [Google Cloud](https://cloud.google.com/)

  * install [Cloud SDK](https://cloud.google.com/sdk/)

  * [an account](https://console.cloud.google.com/freetrial)

* install [git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)

* install [Terraform](https://terraform.io)

## Usage

### As a module

Use this module from another Terraform configuration to provision the Google Cloud resources for Private Spaces VPN:

```hcl

provider "google" {

  version = "~> 1.19"

  region  = "${var.google_region}"

}

provider "heroku" {

  version = "~> 1.5"

}

module "heroku_vpn_gcp" {

  source = "github.com/heroku-examples/terraform-heroku-vpn-gcp"

  providers = {

    google = "google"

  }

  // …input variables

}

```

👓 See [examples](examples/) for usage details.

### Complete example

Ensure the [requirements](#user-content-requirements) are met, then,

1. Clone this repo:

    ```bash

    git clone [email protected]:heroku-examples/terraform-heroku-vpn-gcp.git

    cd terraform-heroku-vpn-gcp/

    ```

1. Set Heroku API key

    1. `heroku authorizations:create -d terraform-heroku-vpn-gcp`

    2. `export HEROKU_API_KEY=<"Token" value from the authorization>`

1. Login & configure Google Cloud

    1. `gcloud init`

    1. `gcloud auth application-default login`

    1. `export GOOGLE_PROJECT=`

1. `cd examples/heroku-private-space`

1. `terraform init`

1. Optionally, import any existing resources:

    * **Heroku Private Space**

      * `terraform import heroku_space.default `

      * When running subsequent Terraform commands, the `heroku_enterprise_team`, `heroku_private_space`, & `heroku_private_space_region` input variables must match the existing Private Space's values

    * **Google VPC Network**

      * `terraform import google_compute_network.default `

      * When running subsequent Terraform commands, the `google_network` & `google_network_auto_create_subnetworks` input variable must match the existing network's values

    * **Google VPC Subnetwork**

      * `terraform import google_compute_subnetwork.default `

      * When running subsequent Terraform commands, the `google_subnetwork`, `google_subnetwork_cidr_block`, `google_subnetwork_private_ip_access`, & `google_region` input variables must match the existing subnet's values

1. Then, apply the config with your own top-level config values:

    ```bash

    terraform apply \

      -var heroku_enterprise_team=example-team \

      -var heroku_private_space=example-space \

      -var heroku_private_space_region=oregon \

      -var google_region=us-west1

    ```

-----

🔬 This is a community proof-of-concept, [MIT license](LICENSE), provided "as is", without warranty of any kind.