diff --git a/modules/net-vpc/README.md b/modules/net-vpc/README.md
index d541d176e..a000a474a 100644
--- a/modules/net-vpc/README.md
+++ b/modules/net-vpc/README.md
@@ -86,7 +86,7 @@ module "vpc-host" {
local.service_project_1.project_id,
local.service_project_2.project_id
]
- iam_members = {
+ iam = {
"europe-west1/subnet-1" = {
"roles/compute.networkUser" = [
local.service_project_1.cloudsvc_sa,
@@ -110,13 +110,13 @@ module "vpc-host" {
| *auto_create_subnetworks* | Set to true to create an auto mode subnet, defaults to custom mode. | bool | | false |
| *delete_default_routes_on_create* | Set to true to delete the default routes at creation time. | bool | | false |
| *description* | An optional description of this resource (triggers recreation on change). | string | | Terraform-managed. |
-| *iam_members* | List of IAM members keyed by subnet 'region/name' and role. | map(map(list(string))) | | {} |
+| *iam* | Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format. | map(map(list(string))) | | {} |
| *log_config_defaults* | Default configuration for flow logs when enabled. | object({...}) | | ... |
| *log_configs* | Map keyed by subnet 'region/name' of optional configurations for flow logs when enabled. | map(map(string)) | | {} |
| *peering_config* | VPC peering configuration. | object({...}) | | null |
| *peering_create_remote_end* | Skip creation of peering on the remote end when using peering_config | bool | | true |
| *routes* | Network routes, keyed by name. | map(object({...})) | | {} |
-| *routing_mode* | The network routing mode (default 'GLOBAL') | string | | GLOBAL |
+| *routing_mode* | The network routing mode (default 'GLOBAL') | string | | ... |
| *shared_vpc_host* | Enable shared VPC for this project. | bool | | false |
| *shared_vpc_service_projects* | Shared VPC service projects to register with this host | list(string) | | [] |
| *subnet_descriptions* | Optional map of subnet descriptions, keyed by subnet 'region/name'. | map(string) | | {} |
diff --git a/modules/net-vpc/main.tf b/modules/net-vpc/main.tf
index bad4f870c..14800ef50 100644
--- a/modules/net-vpc/main.tf
+++ b/modules/net-vpc/main.tf
@@ -15,7 +15,7 @@
*/
locals {
- iam_members = var.iam_members == null ? {} : var.iam_members
+ iam_members = var.iam == null ? {} : var.iam
subnet_iam_members = flatten([
for subnet, roles in local.iam_members : [
for role, members in roles : {
diff --git a/modules/net-vpc/variables.tf b/modules/net-vpc/variables.tf
index 6c3ab855a..485da8794 100644
--- a/modules/net-vpc/variables.tf
+++ b/modules/net-vpc/variables.tf
@@ -32,8 +32,8 @@ variable "description" {
default = "Terraform-managed."
}
-variable "iam_members" {
- description = "List of IAM members keyed by subnet 'region/name' and role."
+variable "iam" {
+ description = "Subnet IAM bindings in {REGION/NAME => {ROLE => [MEMBERS]} format."
type = map(map(list(string)))
default = {}
}
diff --git a/networking/shared-vpc-gke/main.tf b/networking/shared-vpc-gke/main.tf
index 05e34bc48..bee0d8142 100644
--- a/networking/shared-vpc-gke/main.tf
+++ b/networking/shared-vpc-gke/main.tf
@@ -107,7 +107,7 @@ module "vpc-shared" {
}
}
]
- iam_members = {
+ iam = {
"${var.region}/gce" = {
"roles/compute.networkUser" = concat(var.owners_gce, [
"serviceAccount:${module.project-svc-gce.service_accounts.cloud_services}",
diff --git a/tests/modules/net_vpc/fixture/main.tf b/tests/modules/net_vpc/fixture/main.tf
index 5ab2c4f8d..03b74124a 100644
--- a/tests/modules/net_vpc/fixture/main.tf
+++ b/tests/modules/net_vpc/fixture/main.tf
@@ -18,7 +18,7 @@ module "test" {
source = "../../../../modules/net-vpc"
project_id = var.project_id
name = var.name
- iam_members = var.iam_members
+ iam = var.iam
log_configs = var.log_configs
log_config_defaults = var.log_config_defaults
peering_config = var.peering_config
diff --git a/tests/modules/net_vpc/fixture/variables.tf b/tests/modules/net_vpc/fixture/variables.tf
index 7388ad665..0a19ef07d 100644
--- a/tests/modules/net_vpc/fixture/variables.tf
+++ b/tests/modules/net_vpc/fixture/variables.tf
@@ -29,7 +29,7 @@ variable "auto_create_subnetworks" {
default = false
}
-variable "iam_members" {
+variable "iam" {
type = map(map(set(string)))
default = null
}