ajout bonus NAT et terraformshow

terraform/modules/network/main.tf

@@ -114,3 +114,37 @@ resource "google_compute_firewall" "backend_to_database_3306" {
   target_tags = ["database"]
 }
 
+
+// Router pour Cloud NAT
+resource "google_compute_router" "nat_router" {
+  name    = "${var.project_name}-nat-router"
+  project = var.project_name
+  region  = var.region
+  network = google_compute_network.vpc.id
+}
+
+// Cloud NAT : permet aux instances sans IP publique
+// (backend + database) de sortir sur Internet
+resource "google_compute_router_nat" "nat" {
+  name    = "${var.project_name}-cloud-nat"
+  project = var.project_name
+  region  = var.region
+  router  = google_compute_router.nat_router.name
+
+  // GCP alloue automatiquement des IP NAT
+  nat_ip_allocate_option = "AUTO_ONLY"
+
+  // On configure explicitement les sous-réseaux à NATer
+  source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS"
+
+  subnetwork {
+    name                    = google_compute_subnetwork.backend.name
+    source_ip_ranges_to_nat = ["ALL_IP_RANGES"]
+  }
+
+  subnetwork {
+    name                    = google_compute_subnetwork.database.name
+    source_ip_ranges_to_nat = ["ALL_IP_RANGES"]
+  }
+}
+