Jojoooo1 · October 31, 2023 19:45
diff --git a/fw-rules-infra-shared-vpc.tf b/fw-rules-infra-shared-vpc.tf
 resource "google_compute_firewall" "deny_all_egress" {
  project = var.project_id

  name        = "deny-all-egress"
  network     = local.network
  description = "By default deny all egress traffic (managed by terraform)"

  deny {
    protocol = "all"
  }

  priority  = 65530
  direction = "EGRESS"

  destination_ranges = ["0.0.0.0/0"]

  log_config {
    metadata = "INCLUDE_ALL_METADATA"
  }
 }

 resource "google_compute_firewall" "allow_all_egress" {
  project = var.project_id

  name        = "allow-all-egress"
  network     = local.network
  description = "Allow all egress traffic (managed by terraform)"

  allow {
    protocol = "all"
  }

  priority  = 1000
  direction = "EGRESS"

  target_tags        = ["allow-all-egress"]
  destination_ranges = ["0.0.0.0/0"]

  log_config {
    metadata = "INCLUDE_ALL_METADATA"
  }
 }

 resource "google_compute_firewall" "allow_gcp_private_service_access_egress" {
  project = var.project_id

  name        = "allow-all-gcp-private-service-access-egress"
  network     = local.network
  description = "Allow egress traffic to GCP private service access ranges from 'allow-gcp-private-service-access' (managed by terraform)"

  allow {
    protocol = "all"
  }

  priority  = 1000
  direction = "EGRESS"

  target_tags        = ["allow-gcp-private-service-access"]
  destination_ranges = [local.gcp_private_service_access_ranges]

  log_config {
    metadata = "INCLUDE_ALL_METADATA"
  }
 }

 resource "google_compute_firewall" "allow_ssh_from_iap_ingress" {
  project = var.project_id

  name        = "allow-ssh-from-iap-ingress"
  network     = local.network
  description = "Allow ingress traffic from IAP to 'allow-ssh-from-iap' (managed by terraform)"


  allow {
    protocol = "tcp"
    ports    = ["22"]
  }

  priority  = 1000
  direction = "INGRESS"

  target_tags   = ["allow-ssh-from-iap"]
  source_ranges = ["35.235.240.0/20"]

  log_config {
    metadata = "INCLUDE_ALL_METADATA"
  }
 }
	resource "google_compute_firewall" "deny_all_egress" {
	project = var.project_id

	name = "deny-all-egress"
	network = local.network
	description = "By default deny all egress traffic (managed by terraform)"

	deny {
	protocol = "all"
	}

	priority = 65530
	direction = "EGRESS"

	destination_ranges = ["0.0.0.0/0"]

	log_config {
	metadata = "INCLUDE_ALL_METADATA"
	}
	}

	resource "google_compute_firewall" "allow_all_egress" {
	project = var.project_id

	name = "allow-all-egress"
	network = local.network
	description = "Allow all egress traffic (managed by terraform)"

	allow {
	protocol = "all"
	}

	priority = 1000
	direction = "EGRESS"

	target_tags = ["allow-all-egress"]
	destination_ranges = ["0.0.0.0/0"]

	log_config {
	metadata = "INCLUDE_ALL_METADATA"
	}
	}

	resource "google_compute_firewall" "allow_gcp_private_service_access_egress" {
	project = var.project_id

	name = "allow-all-gcp-private-service-access-egress"
	network = local.network
	description = "Allow egress traffic to GCP private service access ranges from 'allow-gcp-private-service-access' (managed by terraform)"

	allow {
	protocol = "all"
	}

	priority = 1000
	direction = "EGRESS"

	target_tags = ["allow-gcp-private-service-access"]
	destination_ranges = [local.gcp_private_service_access_ranges]

	log_config {
	metadata = "INCLUDE_ALL_METADATA"
	}
	}

	resource "google_compute_firewall" "allow_ssh_from_iap_ingress" {
	project = var.project_id

	name = "allow-ssh-from-iap-ingress"
	network = local.network
	description = "Allow ingress traffic from IAP to 'allow-ssh-from-iap' (managed by terraform)"


	allow {
	protocol = "tcp"
	ports = ["22"]
	}

	priority = 1000
	direction = "INGRESS"

	target_tags = ["allow-ssh-from-iap"]
	source_ranges = ["35.235.240.0/20"]

	log_config {
	metadata = "INCLUDE_ALL_METADATA"
	}
	}
No results found