diff --git a/TerraformShow.txt b/TerraformShow.txt new file mode 100644 index 0000000..e69de29 diff --git a/terraform/environement/dev/terraform.tfstate b/terraform/environement/dev/terraform.tfstate index 48d16ab..461385f 100644 --- a/terraform/environement/dev/terraform.tfstate +++ b/terraform/environement/dev/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.14.1", - "serial": 41, + "serial": 44, "lineage": "cda21175-fcc8-5d20-f9f0-0bb6b6aa53e7", "outputs": { "backend_instance_name": { @@ -918,6 +918,101 @@ } ] }, + { + "module": "module.network", + "mode": "managed", + "type": "google_compute_router", + "name": "nat_router", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "bgp": [], + "creation_timestamp": "2025-12-04T02:29:18.660-08:00", + "description": "", + "encrypted_interconnect_router": false, + "id": "projects/fluted-agency-478713-h5/regions/europe-west9/routers/fluted-agency-478713-h5-nat-router", + "name": "fluted-agency-478713-h5-nat-router", + "network": "https://www.googleapis.com/compute/v1/projects/fluted-agency-478713-h5/global/networks/fluted-agency-478713-h5-vpc", + "project": "fluted-agency-478713-h5", + "region": "europe-west9", + "self_link": "https://www.googleapis.com/compute/v1/projects/fluted-agency-478713-h5/regions/europe-west9/routers/fluted-agency-478713-h5-nat-router", + "timeouts": null + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "module.network.google_compute_network.vpc" + ] + } + ] + }, + { + "module": "module.network", + "mode": "managed", + "type": "google_compute_router_nat", + "name": "nat", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "auto_network_tier": "PREMIUM", + "drain_nat_ips": null, + "enable_dynamic_port_allocation": false, + "enable_endpoint_independent_mapping": false, + "endpoint_types": [ + "ENDPOINT_TYPE_VM" + ], + "icmp_idle_timeout_sec": 30, + "id": "fluted-agency-478713-h5/europe-west9/fluted-agency-478713-h5-nat-router/fluted-agency-478713-h5-cloud-nat", + "log_config": [], + "max_ports_per_vm": 0, + "min_ports_per_vm": 0, + "name": "fluted-agency-478713-h5-cloud-nat", + "nat_ip_allocate_option": "AUTO_ONLY", + "nat_ips": null, + "project": "fluted-agency-478713-h5", + "region": "europe-west9", + "router": "fluted-agency-478713-h5-nat-router", + "rules": [], + "source_subnetwork_ip_ranges_to_nat": "LIST_OF_SUBNETWORKS", + "subnetwork": [ + { + "name": "fluted-agency-478713-h5-backend-subnet", + "secondary_ip_range_names": [], + "source_ip_ranges_to_nat": [ + "ALL_IP_RANGES" + ] + }, + { + "name": "fluted-agency-478713-h5-database-subnet", + "secondary_ip_range_names": [], + "source_ip_ranges_to_nat": [ + "ALL_IP_RANGES" + ] + } + ], + "tcp_established_idle_timeout_sec": 1200, + "tcp_time_wait_timeout_sec": 120, + "tcp_transitory_idle_timeout_sec": 30, + "timeouts": null, + "udp_idle_timeout_sec": 30 + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "module.network.google_compute_network.vpc", + "module.network.google_compute_router.nat_router", + "module.network.google_compute_subnetwork.backend", + "module.network.google_compute_subnetwork.database" + ] + } + ] + }, { "module": "module.network", "mode": "managed", diff --git a/terraform/environement/dev/terraform.tfstate.backup b/terraform/environement/dev/terraform.tfstate.backup index 8bf10f9..48d16ab 100644 --- a/terraform/environement/dev/terraform.tfstate.backup +++ b/terraform/environement/dev/terraform.tfstate.backup @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.14.1", - "serial": 39, + "serial": 41, "lineage": "cda21175-fcc8-5d20-f9f0-0bb6b6aa53e7", "outputs": { "backend_instance_name": { @@ -556,6 +556,33 @@ } ] }, + { + "module": "module.iam", + "mode": "managed", + "type": "google_os_login_ssh_public_key", + "name": "me", + "provider": "provider[\"registry.terraform.io/hashicorp/google\"]", + "instances": [ + { + "schema_version": 0, + "attributes": { + "expiration_time_usec": "", + "fingerprint": "71eb6e62aaab9d725e150aa0fa1dcb91a2ff30909115fb7847146d2b5b25948d", + "id": "users/clement.jannaire@gmail.com/sshPublicKeys/71eb6e62aaab9d725e150aa0fa1dcb91a2ff30909115fb7847146d2b5b25948d", + "key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvHKPTKUCVRU0a55sV7nlVuaAANya9BSoNHvyQ2NkBVxys87rkAIm8TR8JVBFOGSFEihkfJI2kz5XniUuj35G8SiECDv53YLSyJOoJ9EATs7RmZkk15ZsZ7XiOyOiX1fTpXvR4Mw5b4D/bg+mTfAXb7rbOCD3MmEcG4sGrX6iLCRnRMvzvxUBOwY/Jk3i+wg951buyzkJ+bTvOCzkSP5gX5lmcZaH7jfVOaGnFVOk1KHpTw0wNadJ/dS05AlaJJ0/kBFwt56biU09oZndVDR3ttSuYh9jiI25S57U3BEpXYj8wt8bbi+3N3b8o+ENUF8yeUkG5+UGEwVNToLL3Jk6zYuqgXDhyKw4K1n5DZbrqpHKFyVA3jbQh/PlP/oaJ7OT62lU+Oug6qAVUoz1+E7F4yf302KpvID49Q1LoFiTlDEtMuj//7mdr2L8KHEraUAWU8bxgVuP2tSJbwBmEJeT84dOShPc1u9rKPwvvzogvkWD3J9K5p3pANtC7vUCkCuc= clement_jannaire_gmail_com\n", + "project": "fluted-agency-478713-h5", + "timeouts": null, + "user": "clement.jannaire@gmail.com" + }, + "sensitive_attributes": [], + "identity_schema_version": 0, + "private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19", + "dependencies": [ + "module.iam.data.google_client_openid_userinfo.me" + ] + } + ] + }, { "module": "module.iam", "mode": "managed", diff --git a/terraform/modules/network/main.tf b/terraform/modules/network/main.tf index cb79b22..729c81e 100644 --- a/terraform/modules/network/main.tf +++ b/terraform/modules/network/main.tf @@ -114,3 +114,37 @@ resource "google_compute_firewall" "backend_to_database_3306" { target_tags = ["database"] } + +// Router pour Cloud NAT +resource "google_compute_router" "nat_router" { + name = "${var.project_name}-nat-router" + project = var.project_name + region = var.region + network = google_compute_network.vpc.id +} + +// Cloud NAT : permet aux instances sans IP publique +// (backend + database) de sortir sur Internet +resource "google_compute_router_nat" "nat" { + name = "${var.project_name}-cloud-nat" + project = var.project_name + region = var.region + router = google_compute_router.nat_router.name + + // GCP alloue automatiquement des IP NAT + nat_ip_allocate_option = "AUTO_ONLY" + + // On configure explicitement les sous-réseaux à NATer + source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS" + + subnetwork { + name = google_compute_subnetwork.backend.name + source_ip_ranges_to_nat = ["ALL_IP_RANGES"] + } + + subnetwork { + name = google_compute_subnetwork.database.name + source_ip_ranges_to_nat = ["ALL_IP_RANGES"] + } +} +