terraform-example-foundation icon indicating copy to clipboard operation
terraform-example-foundation copied to clipboard

Published 20 hours ago verified publisher icon terraform-google-modules

svpc should use forwarding_rule_target app-apis not vpc-sc

Open ajbeach2 opened this issue 5 months ago • 0 comments

TL;DR

It seems the new svpc is is using the restricted vpc private_service_connect. There used to be a separate restricted and shared vpc modules.

https://github.com/terraform-google-modules/terraform-example-foundation/blob/main/3-networks-svpc/modules/shared_vpc/private_service_connect.tf#L26

The shared vpc now uses forwarding_rule_target = "vpc-sc"

In the old example, the shared vpc uses forwarding_rule_target = "all-apis" https://github.com/terraform-google-modules/terraform-example-foundation/blob/7acb98350145d16b24fe6500a15ede70bc379a22/3-networks-dual-svpc/modules/base_shared_vpc/private_service_connect.tf#L26

Shouldn't this be all-apis?

If you set forwarding_rule_target = "vpc-sc", the Private Service Connect forwarding rule will only allow access to the Google APIs that are protected by VPC Service Controls.

Expected behavior

No response

Observed behavior

No response

Terraform Configuration

N/A

Terraform Version

N/A

Terraform Provider Versions

N/A

Additional information

Related issue: https://github.com/terraform-google-modules/terraform-example-foundation/issues/1410

ajbeach2 avatar Jun 05 '25 15:06 ajbeach2