汁なし坦々麺JP > Cloud > GCP > Cloud NAT > [A-00156]TerraformでCloud NATを作成する

[A-00156]TerraformでCloud NATを作成する

公開日: カテゴリー: Cloud NATGCPterraform コメントはまだありません タグ:

Google Cloud上にTerraformでCloud NATを作成します。

・アーキテクチャ

・Terraformの作成/実行

terraform {
  required_providers {
    google = {
        source = "hashicorp/google"
        version = "4.79.0"
    }
  }
}

provider "google" {
    project = var.project_id
    region = var.region
}
variable "project_id" {
    type = string
    default = "<input_your_project_id>"
}

variable "region" {
    type = string
    default = "asia-northeast1"
}
# VPC
resource "google_compute_network" "default" {
    name = "vpc1"
    auto_create_subnetworks = false
}

# Subnet
resource "google_compute_subnetwork" "default" {
    name = "subnet1"
    ip_cidr_range = "10.10.0.0/24"
    network = google_compute_network.default.id
    region = var.region
}
# Service Account
resource "google_service_account" "default" {
    project = var.project_id
    account_id = "terraform-demo"
    display_name = "Terraform Demo"
}

# IAM Role
resource "google_project_iam_member" "prjiam" {
    project = var.project_id
    role = "roles/iap.tunnelResourceAccessor"
    member = "serviceAccount:${google_service_account.default.email}"
}
# Compute Engine
resource "google_compute_instance" "default" {
    name = "vm1"
    machine_type = "e2-micro"
    zone = "${var.region}-a"
    boot_disk {
      initialize_params {
        image = "debian-cloud/debian-11"
      }
    }

    network_interface {
      network = google_compute_network.default.id
      subnetwork = google_compute_subnetwork.default.id
    }
}
# Firewall
resource "google_compute_firewall" "default" {
    name = "allow-ssh"
    network = google_compute_network.default.id

    allow {
      protocol = "tcp"
      ports = [ "22" ]
    }
    source_ranges = [ "35.235.240.0/20" ]
}


#Router
resource "google_compute_router" "default" {
    name = "nat-router"
    network = google_compute_network.default.id
    region = var.region
}

#NAT Gateway
resource "google_compute_router_nat" "default" {
    name = "nat-router"
    router = google_compute_router.default.name
    region = var.region
    nat_ip_allocate_option = "AUTO_ONLY"
    source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"

    log_config {
      enable = true
      filter = "ERRORS_ONLY"
    }
}

上記のソースを作成したら下記のコマンドを実行してデプロイ

terraform init
terraform plan
terraform apply

デプロイが完了したら下記のリソースが作成される。

・疎通確認

Compute EngineにSSH接続してpingを実行してみる

ping google.com

上記のようにEGRESS方向の通信では繋がるのが確認できます。

確認が終わったら下記のコマンドで片付けする

terraform destroy

・Appendix

公式ドキュメントはこちら

https://cloud.google.com/blog/ja/topics/developers-practitioners/cloud-nat-explained

https://cloud.google.com/nat/docs/overview?hl=ja

参考文献はこちら

https://qiita.com/oguogura/items/50c68df848239e17c7d3

https://zenn.dev/nekoshita/articles/6ce80834943a48

https://github.com/terraform-google-modules/terraform-google-cloud-nat/blob/v4.1.0/examples/nat_with_compute_engine/main.tf

https://medium.com/google-cloud/gcp-how-to-deploy-cloud-nat-with-terraform-44745a4daaa8

https://qiita.com/andromeda/items/93c0a272db047aabfd74

コメントを残す

メールアドレスが公開されることはありません。 が付いている欄は必須項目です

*