add sub-module for regiona backend security policy

README.md

@@ -1,5 +1,5 @@
 # Cloud Armor Terraform Module
-This module makes it easy to setup [Cloud Armor global Security Policy](https://cloud.google.com/armor/docs/cloud-armor-overview#security_policies) with Security rules. You can attach the global Security Policy policy to backend services exposed by the following load balancer types:
+This module makes it easy to setup [Cloud Armor global Security Policy](https://cloud.google.com/armor/docs/security-policy-overview#expandable-1) with Security rules. You can attach the global Security policy to the backend services exposed by the following load balancer types:
 - Global external Application Load Balancer (HTTP/HTTPS)
 - Classic Application Load Balancer (HTTP/HTTPS)
 - Global external proxy Network Load Balancer (TCP/SSL)

modules/advanced-network-ddos-protection/README.md

@@ -18,8 +18,8 @@ module "advanced_network_ddos_protection" {
   source  = "GoogleCloudPlatform/cloud-armor/google//modules/advanced-network-ddos-protection"
   version = "~> 2.2"
 
-  project_id                         = var.project_id
-  adv_ddos_policy_regions            = ["us-central1", "us-east1"]
+  project_id  = var.project_id
+  regions     = ["us-central1", "us-east1"]
 }
 ```
 
@@ -29,13 +29,13 @@ module "advanced_network_ddos_protection" {
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| ddos\_protection\_config | Configuration for Google Cloud Armor DDOS Proctection Config. 1) ADVANCED: additional protections for Managed Protection Plus subscribers 2) ADVANCED\_PREVIEW: flag to enable the security policy in preview mode | `string` | `"ADVANCED"` | no |
+| ddos\_protection\_config | Configuration for Google Cloud Armor DDOS Proctection Config. 1) ADVANCED: additional protections for Managed Protection Plus subscribers 2) ADVANCED\_PREVIEW: enable the security policy in preview mode | `string` | `"ADVANCED"` | no |
 | network\_edge\_security\_service\_description | description of edge security service for advanced network ddos protection | `string` | `"edge security service for advanced network ddos protection"` | no |
 | network\_edge\_security\_service\_name | Name of network edge security service resource for advanced network ddos protection | `string` | `"adv-network-ddos-protection"` | no |
 | policy\_description | An optional description of advanced network ddos protection security policy | `string` | `"CA Advance DDoS protection"` | no |
 | policy\_name | Name of the advanced network ddos protection security policy. Name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash | `string` | `"adv-network-ddos-protection"` | no |
 | project\_id | The project in which the resource belongs. | `string` | n/a | yes |
-| regions | The regions in which enable advanced network DDoS protection | `list(string)` | n/a | yes |
+| regions | The regions in which advanced network DDoS protection will be activated | `list(string)` | n/a | yes |
 
 ## Outputs
 

modules/advanced-network-ddos-protection/variables.tf

@@ -20,12 +20,12 @@ variable "project_id" {
 }
 
 variable "regions" {
-  description = "The regions in which enable advanced network DDoS protection"
+  description = "The regions in which advanced network DDoS protection will be activated"
   type        = list(string)
 }
 
 variable "ddos_protection_config" {
-  description = "Configuration for Google Cloud Armor DDOS Proctection Config. 1) ADVANCED: additional protections for Managed Protection Plus subscribers 2) ADVANCED_PREVIEW: flag to enable the security policy in preview mode"
+  description = "Configuration for Google Cloud Armor DDOS Proctection Config. 1) ADVANCED: additional protections for Managed Protection Plus subscribers 2) ADVANCED_PREVIEW: enable the security policy in preview mode"
   type        = string
   default     = "ADVANCED"
 }

modules/network-edge-security-policy/README.md

@@ -125,7 +125,7 @@ resource "google_compute_region_backend_service" "backend" {
 | policy\_rules | Policy Rules | <pre>list(object({<br>    priority         = number<br>    action           = string<br>    preview          = optional(bool)<br>    description      = optional(string)<br>    ip_protocols     = optional(list(string))<br>    src_ip_ranges    = optional(list(string))<br>    src_asns         = optional(list(string))<br>    src_region_codes = optional(list(string))<br>    src_ports        = optional(list(string))<br>    dest_ports       = optional(list(string))<br>    dest_ip_ranges   = optional(list(string))<br><br>    user_defined_fields = optional(list(object({<br>      name   = optional(string)<br>      values = optional(list(string))<br>    })))<br>  }))</pre> | `null` | no |
 | policy\_user\_defined\_fields | Definitions of user-defined fields for CLOUD\_ARMOR\_NETWORK policies. A user-defined field consists of up to 4 bytes extracted from a fixed offset in the packet, relative to the IPv4, IPv6, TCP, or UDP header, with an optional mask to select certain bits | <pre>list(object({<br>    name   = optional(string)<br>    base   = string<br>    offset = optional(number)<br>    size   = optional(number)<br>    mask   = optional(string)<br>  }))</pre> | `null` | no |
 | project\_id | The project in which the resource belongs. | `string` | n/a | yes |
-| region | The region in which enablesecurity policy is created | `string` | n/a | yes |
+| region | The region in which security policy is created | `string` | n/a | yes |
 
 ## Outputs
 

modules/network-edge-security-policy/variables.tf

@@ -20,7 +20,7 @@ variable "project_id" {
 }
 
 variable "region" {
-  description = "The region in which enablesecurity policy is created"
+  description = "The region in which security policy is created"
   type        = string
 }