kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
490dbfbdc58039ec2595deb52ea77ca6c340c7d2
hunfabric/modules/apigee/recipe-apigee-swp
History
Simon Roberts 26dbaa2d6e Enable terraform_naming_convention in tflint (#3930) 
* Draft terraform_naming_convention

* Two fast/stages fixes for terraform_naming_convention

* Disable terraform_naming_convention for resources for now

* module fixes for terraform_naming_convention

* tfdoc

* Remove "moved" from recipe and needs-fixing

* Fix moved for spoke_ra

* fix tests

* Use default (snake_case) for resources

* factory.terraform_data.project-preconditions

* First-pass migration of resources + tests

* Fix tests/modules/organization

* Require snake_case for variables; Add annotations for _testing

* permit _fast_debug variable

* Fix net_vpc_factory and net_vpc_firewall tests

* tfdoc addons and recipe

* Fix more tests

* Fix some net-global -> net_global tests

---------

Co-authored-by: Ludovico Magnocavallo <ludomagno@google.com>
2026-05-06 06:06:26 +00:00
..
bundle/apiproxy
Fix pre-commit hook (#3882)
2026-04-18 10:07:14 +02:00
templates
Fix pre-commit hook (#3882)
2026-04-18 10:07:14 +02:00
diagram.png
main.tf
Enable terraform_naming_convention in tflint (#3930)
2026-05-06 06:06:26 +00:00
outputs.tf
README.md
Enable terraform_naming_convention in tflint (#3930)
2026-05-06 06:06:26 +00:00
variables.tf
Enable terraform_naming_convention in tflint (#3930)
2026-05-06 06:06:26 +00:00

README.md

Apigee X with Secure Web Proxy

This recipe demonstrates how to configure Apigee X with Secure Web Proxy (SWP). This is a common solution when you need your Apigee X runtime to connect to numerous on-premises backends, but prefer to avoid establishing VPC peering between the Apigee X Google-managed VPC and the VPC where hybrid connectivity and advertising Apigee X runtime IP ranges to the on-premises network.

The diagram below depicts the architecture deployed:

Architecture

In this recipe the SWP gateway has been co-located with Apigee X in the same project for ease of deployment. It's important to note that the SWP gateway's deployment is flexible and can be independently placed in a different project. Our current setup uses a privately accessible VM as the backend target for SWP. In a real-world scenario, with hybrid connectivity configured in the SWP gateway's VPC, the backend could alternatively be an on-premises host.

Once the terraform configuration is applied you can verify that all is working by running the following:

  • Deploy a sample proxy to Apigee X

    ./deploy-apiproxy.sh

  • Make a request to the proxy

    curl -v <API_URL>/test

    Note: The API_URL is returned as a terraform output

Variables

name description type required default
analytics_region Region. string
instance_region Region. string
network_config Network configuration. object({…})
project_id Project ID. string
_testing Populate this variable to avoid triggering the data source. object({…}) null

Outputs

name description sensitive
api_url API url.

Test

module "recipe_apigee_swp" {
  source     = "./fabric/modules/apigee/recipe-apigee-swp"
  project_id = "project-1"
  _testing = {
    name   = "project-1"
    number = 1234567890
  }
  instance_region  = "europe-west1"
  analytics_region = "europe-west1"
  network_config = {
    subnet_ip_cidr_range            = "10.16.0.0/24"
    subnet_psc_ip_cidr_range        = "10.16.1.0/24"
    subnet_proxy_only_ip_cidr_range = "10.16.2.0/24"
  }
}
# tftest modules=10 resources=43