diff --git a/fast/stages/2-networking-a-peering/landing.tf b/fast/stages/2-networking-a-peering/landing.tf
index 37e3adfd4..995a652ae 100644
--- a/fast/stages/2-networking-a-peering/landing.tf
+++ b/fast/stages/2-networking-a-peering/landing.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -51,17 +51,9 @@ module "landing-vpc" {
inbound = true
}
# set explicit routes for googleapis in case the default route is deleted
- routes = {
- private-googleapis = {
- dest_range = "199.36.153.8/30"
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
- restricted-googleapis = {
- dest_range = "199.36.153.4/30"
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
+ create_default_routes = {
+ private = true
+ restricted = true
}
data_folder = "${var.factories_config.data_dir}/subnets/landing"
}
diff --git a/fast/stages/2-networking-a-peering/spoke-dev.tf b/fast/stages/2-networking-a-peering/spoke-dev.tf
index b12d260d9..0c51b12e9 100644
--- a/fast/stages/2-networking-a-peering/spoke-dev.tf
+++ b/fast/stages/2-networking-a-peering/spoke-dev.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -53,17 +53,9 @@ module "dev-spoke-vpc" {
data_folder = "${var.factories_config.data_dir}/subnets/dev"
psa_config = try(var.psa_ranges.dev, null)
# set explicit routes for googleapis in case the default route is deleted
- routes = {
- private-googleapis = {
- dest_range = "199.36.153.8/30"
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
- restricted-googleapis = {
- dest_range = "199.36.153.4/30"
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
+ create_default_routes = {
+ private = true
+ restricted = true
}
}
diff --git a/fast/stages/2-networking-a-peering/spoke-prod.tf b/fast/stages/2-networking-a-peering/spoke-prod.tf
index 5130d2404..42986ab82 100644
--- a/fast/stages/2-networking-a-peering/spoke-prod.tf
+++ b/fast/stages/2-networking-a-peering/spoke-prod.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -52,17 +52,9 @@ module "prod-spoke-vpc" {
data_folder = "${var.factories_config.data_dir}/subnets/prod"
psa_config = try(var.psa_ranges.prod, null)
# set explicit routes for googleapis in case the default route is deleted
- routes = {
- private-googleapis = {
- dest_range = "199.36.153.8/30"
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
- restricted-googleapis = {
- dest_range = "199.36.153.4/30"
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
+ create_default_routes = {
+ private = true
+ restricted = true
}
}
diff --git a/fast/stages/2-networking-b-vpn/landing.tf b/fast/stages/2-networking-b-vpn/landing.tf
index 37e3adfd4..995a652ae 100644
--- a/fast/stages/2-networking-b-vpn/landing.tf
+++ b/fast/stages/2-networking-b-vpn/landing.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -51,17 +51,9 @@ module "landing-vpc" {
inbound = true
}
# set explicit routes for googleapis in case the default route is deleted
- routes = {
- private-googleapis = {
- dest_range = "199.36.153.8/30"
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
- restricted-googleapis = {
- dest_range = "199.36.153.4/30"
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
+ create_default_routes = {
+ private = true
+ restricted = true
}
data_folder = "${var.factories_config.data_dir}/subnets/landing"
}
diff --git a/fast/stages/2-networking-b-vpn/spoke-dev.tf b/fast/stages/2-networking-b-vpn/spoke-dev.tf
index b12d260d9..0c51b12e9 100644
--- a/fast/stages/2-networking-b-vpn/spoke-dev.tf
+++ b/fast/stages/2-networking-b-vpn/spoke-dev.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -53,17 +53,9 @@ module "dev-spoke-vpc" {
data_folder = "${var.factories_config.data_dir}/subnets/dev"
psa_config = try(var.psa_ranges.dev, null)
# set explicit routes for googleapis in case the default route is deleted
- routes = {
- private-googleapis = {
- dest_range = "199.36.153.8/30"
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
- restricted-googleapis = {
- dest_range = "199.36.153.4/30"
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
+ create_default_routes = {
+ private = true
+ restricted = true
}
}
diff --git a/fast/stages/2-networking-b-vpn/spoke-prod.tf b/fast/stages/2-networking-b-vpn/spoke-prod.tf
index 5130d2404..42986ab82 100644
--- a/fast/stages/2-networking-b-vpn/spoke-prod.tf
+++ b/fast/stages/2-networking-b-vpn/spoke-prod.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -52,17 +52,9 @@ module "prod-spoke-vpc" {
data_folder = "${var.factories_config.data_dir}/subnets/prod"
psa_config = try(var.psa_ranges.prod, null)
# set explicit routes for googleapis in case the default route is deleted
- routes = {
- private-googleapis = {
- dest_range = "199.36.153.8/30"
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
- restricted-googleapis = {
- dest_range = "199.36.153.4/30"
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
+ create_default_routes = {
+ private = true
+ restricted = true
}
}
diff --git a/fast/stages/2-networking-c-nva/landing.tf b/fast/stages/2-networking-c-nva/landing.tf
index e66b03db9..855f882bd 100644
--- a/fast/stages/2-networking-c-nva/landing.tf
+++ b/fast/stages/2-networking-c-nva/landing.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -116,17 +116,9 @@ module "landing-trusted-vpc" {
inbound = true
}
# Set explicit routes for googleapis in case the default route is deleted
- routes = {
- private-googleapis = {
- dest_range = "199.36.153.8/30"
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
- restricted-googleapis = {
- dest_range = "199.36.153.4/30"
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
+ create_default_routes = {
+ private = true
+ restricted = true
}
}
diff --git a/fast/stages/2-networking-c-nva/spoke-dev.tf b/fast/stages/2-networking-c-nva/spoke-dev.tf
index 8e26a7325..5af5ed5a4 100644
--- a/fast/stages/2-networking-c-nva/spoke-dev.tf
+++ b/fast/stages/2-networking-c-nva/spoke-dev.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -53,19 +53,11 @@ module "dev-spoke-vpc" {
delete_default_routes_on_create = true
psa_config = try(var.psa_ranges.dev, null)
# Set explicit routes for googleapis; send everything else to NVAs
+ create_default_routes = {
+ private = true
+ restricted = true
+ }
routes = {
- private-googleapis = {
- dest_range = "199.36.153.8/30"
- priority = 999
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
- restricted-googleapis = {
- dest_range = "199.36.153.4/30"
- priority = 999
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
nva-primary-to-primary = {
dest_range = "0.0.0.0/0"
priority = 1000
diff --git a/fast/stages/2-networking-c-nva/spoke-prod.tf b/fast/stages/2-networking-c-nva/spoke-prod.tf
index 1b2c4e2b6..de829b319 100644
--- a/fast/stages/2-networking-c-nva/spoke-prod.tf
+++ b/fast/stages/2-networking-c-nva/spoke-prod.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -52,19 +52,11 @@ module "prod-spoke-vpc" {
delete_default_routes_on_create = true
psa_config = try(var.psa_ranges.prod, null)
# Set explicit routes for googleapis; send everything else to NVAs
+ create_default_routes = {
+ private = true
+ restricted = true
+ }
routes = {
- private-googleapis = {
- dest_range = "199.36.153.8/30"
- priority = 999
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
- restricted-googleapis = {
- dest_range = "199.36.153.4/30"
- priority = 999
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
nva-primary-to-primary = {
dest_range = "0.0.0.0/0"
priority = 1000
diff --git a/fast/stages/2-networking-d-separate-envs/spoke-dev.tf b/fast/stages/2-networking-d-separate-envs/spoke-dev.tf
index 7cad84794..3c1c8c2c0 100644
--- a/fast/stages/2-networking-d-separate-envs/spoke-dev.tf
+++ b/fast/stages/2-networking-d-separate-envs/spoke-dev.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -53,17 +53,9 @@ module "dev-spoke-vpc" {
data_folder = "${var.factories_config.data_dir}/subnets/dev"
psa_config = try(var.psa_ranges.dev, null)
# set explicit routes for googleapis in case the default route is deleted
- routes = {
- private-googleapis = {
- dest_range = "199.36.153.8/30"
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
- restricted-googleapis = {
- dest_range = "199.36.153.4/30"
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
+ create_default_routes = {
+ private = true
+ restricted = true
}
}
diff --git a/fast/stages/2-networking-d-separate-envs/spoke-prod.tf b/fast/stages/2-networking-d-separate-envs/spoke-prod.tf
index e529d5f8e..8a91bb42b 100644
--- a/fast/stages/2-networking-d-separate-envs/spoke-prod.tf
+++ b/fast/stages/2-networking-d-separate-envs/spoke-prod.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -52,17 +52,9 @@ module "prod-spoke-vpc" {
data_folder = "${var.factories_config.data_dir}/subnets/prod"
psa_config = try(var.psa_ranges.prod, null)
# set explicit routes for googleapis in case the default route is deleted
- routes = {
- private-googleapis = {
- dest_range = "199.36.153.8/30"
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
- restricted-googleapis = {
- dest_range = "199.36.153.4/30"
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
+ create_default_routes = {
+ private = true
+ restricted = true
}
}
diff --git a/fast/stages/2-networking-e-nva-bgp/landing.tf b/fast/stages/2-networking-e-nva-bgp/landing.tf
index 8f0b19592..9d4938c38 100644
--- a/fast/stages/2-networking-e-nva-bgp/landing.tf
+++ b/fast/stages/2-networking-e-nva-bgp/landing.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -117,17 +117,9 @@ module "landing-trusted-vpc" {
inbound = true
}
# Set explicit routes for googleapis in case the default route is deleted
- routes = {
- private-googleapis = {
- dest_range = "199.36.153.8/30"
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
- restricted-googleapis = {
- dest_range = "199.36.153.4/30"
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
+ create_default_routes = {
+ private = true
+ restricted = true
}
}
diff --git a/fast/stages/2-networking-e-nva-bgp/spoke-dev.tf b/fast/stages/2-networking-e-nva-bgp/spoke-dev.tf
index 967a2746f..4b8c33160 100644
--- a/fast/stages/2-networking-e-nva-bgp/spoke-dev.tf
+++ b/fast/stages/2-networking-e-nva-bgp/spoke-dev.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -53,19 +53,9 @@ module "dev-spoke-vpc" {
delete_default_routes_on_create = true
psa_config = try(var.psa_ranges.dev, null)
# Set explicit routes for googleapis; send everything else to NVAs
- routes = {
- private-googleapis = {
- dest_range = "199.36.153.8/30"
- priority = 999
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
- restricted-googleapis = {
- dest_range = "199.36.153.4/30"
- priority = 999
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
+ create_default_routes = {
+ private = true
+ restricted = true
}
}
diff --git a/fast/stages/2-networking-e-nva-bgp/spoke-prod.tf b/fast/stages/2-networking-e-nva-bgp/spoke-prod.tf
index 997860814..890855f1e 100644
--- a/fast/stages/2-networking-e-nva-bgp/spoke-prod.tf
+++ b/fast/stages/2-networking-e-nva-bgp/spoke-prod.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -52,19 +52,9 @@ module "prod-spoke-vpc" {
delete_default_routes_on_create = true
psa_config = try(var.psa_ranges.prod, null)
# Set explicit routes for googleapis; send everything else to NVAs
- routes = {
- private-googleapis = {
- dest_range = "199.36.153.8/30"
- priority = 999
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
- restricted-googleapis = {
- dest_range = "199.36.153.4/30"
- priority = 999
- next_hop_type = "gateway"
- next_hop = "default-internet-gateway"
- }
+ create_default_routes = {
+ private = true
+ restricted = true
}
}
diff --git a/modules/net-vpc/README.md b/modules/net-vpc/README.md
index 2a4416b65..124df1342 100644
--- a/modules/net-vpc/README.md
+++ b/modules/net-vpc/README.md
@@ -457,27 +457,28 @@ module "vpc" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [name](variables.tf#L72) | The name of the network being created. | string | ✓ | |
-| [project_id](variables.tf#L88) | The ID of the project where this VPC will be created. | string | ✓ | |
+| [name](variables.tf#L84) | The name of the network being created. | string | ✓ | |
+| [project_id](variables.tf#L100) | The ID of the project where this VPC will be created. | string | ✓ | |
| [auto_create_subnetworks](variables.tf#L17) | Set to true to create an auto mode subnet, defaults to custom mode. | bool | | false |
-| [data_folder](variables.tf#L23) | An optional folder containing the subnet configurations in YaML format. | string | | null |
-| [delete_default_routes_on_create](variables.tf#L29) | Set to true to delete the default routes at creation time. | bool | | false |
-| [description](variables.tf#L35) | An optional description of this resource (triggers recreation on change). | string | | "Terraform-managed." |
-| [dns_policy](variables.tf#L41) | DNS policy setup for the VPC. | object({…}) | | null |
-| [firewall_policy_enforcement_order](variables.tf#L54) | Order that Firewall Rules and Firewall Policies are evaluated. Can be either 'BEFORE_CLASSIC_FIREWALL' or 'AFTER_CLASSIC_FIREWALL'. | string | | "AFTER_CLASSIC_FIREWALL" |
-| [mtu](variables.tf#L66) | Maximum Transmission Unit in bytes. The minimum value for this field is 1460 (the default) and the maximum value is 1500 bytes. | number | | null |
-| [peering_config](variables.tf#L77) | VPC peering configuration. | object({…}) | | null |
-| [psa_config](variables.tf#L93) | The Private Service Access configuration for Service Networking. | object({…}) | | null |
-| [routes](variables.tf#L103) | Network routes, keyed by name. | map(object({…})) | | {} |
-| [routing_mode](variables.tf#L123) | The network routing mode (default 'GLOBAL'). | string | | "GLOBAL" |
-| [shared_vpc_host](variables.tf#L133) | Enable shared VPC for this project. | bool | | false |
-| [shared_vpc_service_projects](variables.tf#L139) | Shared VPC service projects to register with this host. | list(string) | | [] |
-| [subnet_iam](variables.tf#L145) | Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format. | map(map(list(string))) | | {} |
-| [subnet_iam_additive](variables.tf#L151) | Subnet IAM additive bindings in {REGION/NAME => {ROLE => [MEMBERS]}} format. | map(map(list(string))) | | {} |
-| [subnets](variables.tf#L158) | Subnet configuration. | list(object({…})) | | [] |
-| [subnets_proxy_only](variables.tf#L183) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | list(object({…})) | | [] |
-| [subnets_psc](variables.tf#L195) | List of subnets for Private Service Connect service producers. | list(object({…})) | | [] |
-| [vpc_create](variables.tf#L206) | Create VPC. When set to false, uses a data source to reference existing VPC. | bool | | true |
+| [create_default_routes](variables.tf#L23) | Toggle creation of googleapis private/restricted routes. | object({…}) | | {} |
+| [data_folder](variables.tf#L35) | An optional folder containing the subnet configurations in YaML format. | string | | null |
+| [delete_default_routes_on_create](variables.tf#L41) | Set to true to delete the default routes at creation time. | bool | | false |
+| [description](variables.tf#L47) | An optional description of this resource (triggers recreation on change). | string | | "Terraform-managed." |
+| [dns_policy](variables.tf#L53) | DNS policy setup for the VPC. | object({…}) | | null |
+| [firewall_policy_enforcement_order](variables.tf#L66) | Order that Firewall Rules and Firewall Policies are evaluated. Can be either 'BEFORE_CLASSIC_FIREWALL' or 'AFTER_CLASSIC_FIREWALL'. | string | | "AFTER_CLASSIC_FIREWALL" |
+| [mtu](variables.tf#L78) | Maximum Transmission Unit in bytes. The minimum value for this field is 1460 (the default) and the maximum value is 1500 bytes. | number | | null |
+| [peering_config](variables.tf#L89) | VPC peering configuration. | object({…}) | | null |
+| [psa_config](variables.tf#L105) | The Private Service Access configuration for Service Networking. | object({…}) | | null |
+| [routes](variables.tf#L115) | Network routes, keyed by name. | map(object({…})) | | {} |
+| [routing_mode](variables.tf#L135) | The network routing mode (default 'GLOBAL'). | string | | "GLOBAL" |
+| [shared_vpc_host](variables.tf#L145) | Enable shared VPC for this project. | bool | | false |
+| [shared_vpc_service_projects](variables.tf#L151) | Shared VPC service projects to register with this host. | list(string) | | [] |
+| [subnet_iam](variables.tf#L157) | Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format. | map(map(list(string))) | | {} |
+| [subnet_iam_additive](variables.tf#L163) | Subnet IAM additive bindings in {REGION/NAME => {ROLE => [MEMBERS]}} format. | map(map(list(string))) | | {} |
+| [subnets](variables.tf#L170) | Subnet configuration. | list(object({…})) | | [] |
+| [subnets_proxy_only](variables.tf#L195) | List of proxy-only subnets for Regional HTTPS or Internal HTTPS load balancers. Note: Only one proxy-only subnet for each VPC network in each region can be active. | list(object({…})) | | [] |
+| [subnets_psc](variables.tf#L207) | List of subnets for Private Service Connect service producers. | list(object({…})) | | [] |
+| [vpc_create](variables.tf#L218) | Create VPC. When set to false, uses a data source to reference existing VPC. | bool | | true |
## Outputs
diff --git a/modules/net-vpc/routes.tf b/modules/net-vpc/routes.tf
index 5981b696f..e0603828f 100644
--- a/modules/net-vpc/routes.tf
+++ b/modules/net-vpc/routes.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -88,3 +88,43 @@ resource "google_compute_route" "vpn_tunnel" {
tags = each.value.tags
next_hop_vpn_tunnel = each.value.next_hop
}
+
+resource "google_compute_route" "private" {
+ count = var.create_default_routes.private ? 1 : 0
+ project = var.project_id
+ network = local.network.name
+ name = "private-googleapis-default"
+ description = "Terraform-managed."
+ dest_range = "199.36.153.8/30"
+ next_hop_gateway = "default-internet-gateway"
+}
+
+resource "google_compute_route" "private6" {
+ count = var.create_default_routes.private6 ? 1 : 0
+ project = var.project_id
+ network = local.network.name
+ name = "private6-googleapis-default"
+ description = "Terraform-managed."
+ dest_range = "2600:2d00:0002:2000::/64"
+ next_hop_gateway = "default-internet-gateway"
+}
+
+resource "google_compute_route" "restricted" {
+ count = var.create_default_routes.restricted ? 1 : 0
+ project = var.project_id
+ network = local.network.name
+ name = "restricted-googleapis-default"
+ description = "Terraform-managed."
+ dest_range = "199.36.153.4/30"
+ next_hop_gateway = "default-internet-gateway"
+}
+
+resource "google_compute_route" "restricted6" {
+ count = var.create_default_routes.restricted6 ? 1 : 0
+ project = var.project_id
+ network = local.network.name
+ name = "restricted6-googleapis-default"
+ description = "Terraform-managed."
+ dest_range = "2600:2d00:0002:1000::/64"
+ next_hop_gateway = "default-internet-gateway"
+}
diff --git a/modules/net-vpc/variables.tf b/modules/net-vpc/variables.tf
index 8f0f3ab4a..f5f93eff0 100644
--- a/modules/net-vpc/variables.tf
+++ b/modules/net-vpc/variables.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -20,6 +20,18 @@ variable "auto_create_subnetworks" {
default = false
}
+variable "create_default_routes" {
+ description = "Toggle creation of googleapis private/restricted routes."
+ type = object({
+ private = optional(bool, true)
+ private6 = optional(bool, false)
+ restricted = optional(bool, true)
+ restricted6 = optional(bool, false)
+ })
+ default = {}
+ nullable = false
+}
+
variable "data_folder" {
description = "An optional folder containing the subnet configurations in YaML format."
type = string