feat: Add ephemeral_ip to bastion host. (#73)

Added ephemeral_ip and access_configs variable. Co-authored-by: Stephen Bancroft <[email protected]>
terraform-google-modules · Feb 23, 2021 · c4dbeab · c4dbeab
1 parent 938c16d
commit c4dbeab
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -69,10 +69,12 @@ If the user does not share the same domain as the org the bastion is in, you wil
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| access\_config | Access configs for network, nat\_ip and DNS | <pre>list(object({<br>    network_tier           = string<br>    nat_ip                 = string<br>    public_ptr_domain_name = string<br>  }))</pre> | <pre>[<br>  {<br>    "nat_ip": "",<br>    "network_tier": "PREMIUM",<br>    "public_ptr_domain_name": ""<br>  }<br>]</pre> | no |
 | additional\_ports | A list of additional ports/ranges to open access to on the instances from IAP. | `list(string)` | `[]` | no |
 | create\_instance\_from\_template | Whether to create and instance from the template or not. If false, no instance is created, but the instance template is created and usable by a MIG | `bool` | `true` | no |
 | disk\_size\_gb | Boot disk size in GB | `number` | `100` | no |
 | disk\_type | Boot disk type, can be either pd-ssd, local-ssd, or pd-standard | `string` | `"pd-standard"` | no |
+| ephemeral\_ip | Set to true if an ephemeral external IP/DNS is required, must also set access\_config if true | `bool` | `false` | no |
 | fw\_name\_allow\_ssh\_from\_iap | Firewall rule name for allowing SSH from IAP | `string` | `"allow-ssh-from-iap-to-tunnel"` | no |
 | host\_project | The network host project ID | `string` | `""` | no |
 | image | Source image for the Bastion. If image is not specified, image\_family will be used (which is the default). | `string` | `""` | no |

diff --git a/main.tf b/main.tf
@@ -83,6 +83,7 @@ resource "google_compute_instance_from_template" "bastion_vm" {
   network_interface {
     subnetwork         = var.subnet
     subnetwork_project = var.host_project != "" ? var.host_project : var.project
+    access_config      = var.ephemeral_ip ? var.access_config : []
   }
 
   source_instance_template = module.instance_template.self_link

diff --git a/variables.tf b/variables.tf
@@ -203,3 +203,23 @@ variable "metadata" {
   description = "Key-value map of additional metadata to assign to the instances"
   default     = {}
 }
+
+variable "ephemeral_ip" {
+  type        = bool
+  description = "Set to true if an ephemeral external IP/DNS is required, must also set access_config if true"
+  default     = false
+}
+
+variable "access_config" {
+  description = "Access configs for network, nat_ip and DNS"
+  type = list(object({
+    network_tier           = string
+    nat_ip                 = string
+    public_ptr_domain_name = string
+  }))
+  default = [{
+    nat_ip                 = "",
+    network_tier           = "PREMIUM",
+    public_ptr_domain_name = ""
+  }]
+}