diff --git a/modules/iap-tunneling/README.md b/modules/iap-tunneling/README.md index 4535432..784f7e4 100644 --- a/modules/iap-tunneling/README.md +++ b/modules/iap-tunneling/README.md @@ -89,6 +89,7 @@ the necessary APIs enabled. | additional\_ports | A list of additional ports/ranges to open access to on the instances from IAP. | `list(string)` | `[]` | no | | create\_firewall\_rule | If we need to create the firewall rule or not. | `bool` | `true` | no | | fw\_name\_allow\_ssh\_from\_iap | Firewall rule name for allowing SSH from IAP. | `string` | `"allow-ssh-from-iap-to-tunnel"` | no | +| fw\_priority | Firewall rule priority for allowing SSH from IAP. | `number` | `null` | no | | host\_project | The network host project ID. | `string` | `""` | no | | instances | Names and zones of the instances to allow SSH from IAP. | 
list(object({
    name = string
    zone = string
  }))
| n/a | yes | | members | List of IAM resources to allow using the IAP tunnel. | `list(string)` | n/a | yes | diff --git a/modules/iap-tunneling/main.tf b/modules/iap-tunneling/main.tf index 568a5e4..079cf45 100644 --- a/modules/iap-tunneling/main.tf +++ b/modules/iap-tunneling/main.tf @@ -31,6 +31,7 @@ resource "google_compute_firewall" "allow_from_iap_to_instances" { target_service_accounts = length(var.service_accounts) > 0 ? var.service_accounts : null target_tags = length(var.network_tags) > 0 ? var.network_tags : null + priority = var.fw_priority } resource "google_iap_tunnel_instance_iam_binding" "enable_iap" { diff --git a/modules/iap-tunneling/variables.tf b/modules/iap-tunneling/variables.tf index 80593a4..944c77e 100644 --- a/modules/iap-tunneling/variables.tf +++ b/modules/iap-tunneling/variables.tf @@ -31,6 +31,12 @@ variable "fw_name_allow_ssh_from_iap" { default = "allow-ssh-from-iap-to-tunnel" } +variable "fw_priority" { + description = "Firewall rule priority for allowing SSH from IAP." + type = number + default = null +} + variable "network" { description = "Self link of the network to attach the firewall to." type = string