diff --git a/modules/apigee/README.md b/modules/apigee/README.md
index d4a1d30fb..7ffa6b09a 100644
--- a/modules/apigee/README.md
+++ b/modules/apigee/README.md
@@ -240,6 +240,8 @@ module "apigee" {
### New instance (VPC Peering Provisioning Mode)
+Access logging is optional, shown here as an example.
+
```hcl
module "apigee" {
source = "./fabric/modules/apigee"
@@ -248,10 +250,13 @@ module "apigee" {
europe-west1 = {
runtime_ip_cidr_range = "10.0.4.0/22"
troubleshooting_ip_cidr_range = "10.1.1.0/28"
+ access_logging = {
+ filter = "statusCode >= 200 && statusCode < 300"
+ }
}
}
}
-# tftest modules=1 resources=1
+# tftest modules=1 resources=1 inventory=access-logging.yaml
```
### New instance (Non VPC Peering Provisioning Mode)
@@ -383,14 +388,14 @@ module "apigee" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [project_id](variables.tf#L144) | Project ID. | string | ✓ | |
+| [project_id](variables.tf#L148) | Project ID. | string | ✓ | |
| [addons_config](variables.tf#L17) | Addons configuration. | object({…}) | | null |
| [dns_zones](variables.tf#L29) | DNS zones. | map(object({…})) | | {} |
| [endpoint_attachments](variables.tf#L41) | Endpoint attachments. | map(object({…})) | | {} |
| [envgroups](variables.tf#L51) | Environment groups (NAME => [HOSTNAMES]). | map(list(string)) | | {} |
| [environments](variables.tf#L58) | Environments. | map(object({…})) | | {} |
-| [instances](variables.tf#L86) | Instances ([REGION] => [INSTANCE]). | map(object({…})) | | {} |
-| [organization](variables.tf#L112) | Apigee organization. If set to null the organization must already exist. | object({…}) | | null |
+| [instances](variables.tf#L86) | Instances ([REGION] => [INSTANCE]). | map(object({…})) | | {} |
+| [organization](variables.tf#L116) | Apigee organization. If set to null the organization must already exist. | object({…}) | | null |
## Outputs
diff --git a/modules/apigee/main.tf b/modules/apigee/main.tf
index 130314797..225bc5918 100644
--- a/modules/apigee/main.tf
+++ b/modules/apigee/main.tf
@@ -103,6 +103,13 @@ resource "google_apigee_instance" "instances" {
)
disk_encryption_key_name = each.value.disk_encryption_key
consumer_accept_list = each.value.consumer_accept_list
+ dynamic "access_logging_config" {
+ for_each = each.value.access_logging == null ? [] : [""]
+ content {
+ enabled = each.value.access_logging.enabled
+ filter = each.value.access_logging.filter
+ }
+ }
}
resource "google_apigee_nat_address" "apigee_nat" {
diff --git a/modules/apigee/variables.tf b/modules/apigee/variables.tf
index b450b47f5..9acb05492 100644
--- a/modules/apigee/variables.tf
+++ b/modules/apigee/variables.tf
@@ -96,6 +96,10 @@ variable "instances" {
name = optional(string)
runtime_ip_cidr_range = optional(string)
troubleshooting_ip_cidr_range = optional(string)
+ access_logging = optional(object({
+ enabled = optional(bool, true)
+ filter = optional(string)
+ }))
}))
validation {
condition = alltrue([
diff --git a/tests/modules/apigee/examples/access-logging.yaml b/tests/modules/apigee/examples/access-logging.yaml
new file mode 100644
index 000000000..b54f811cd
--- /dev/null
+++ b/tests/modules/apigee/examples/access-logging.yaml
@@ -0,0 +1,32 @@
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.apigee.google_apigee_instance.instances["europe-west1"]:
+ access_logging_config:
+ - enabled: true
+ filter: statusCode >= 200 && statusCode < 300
+ description: Terraform-managed
+ disk_encryption_key_name: null
+ display_name: null
+ ip_range: 10.0.4.0/22,10.1.1.0/28
+ location: europe-west1
+ name: instance-europe-west1
+ org_id: organizations/my-project
+ timeouts: null
+
+counts:
+ google_apigee_instance: 1
+ modules: 1
+ resources: 1