This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Encountering issues when creating a VPC and Firewall rules using the Terraform GCP blueprint.

Posted on 01-24-2024 04:29 AM
rahulprakash
New Member
Reply posted on --/--/---- --:-- AM

  1. When creating VPC and Firewall rules using "Terraform blueprints and modules for Google Cloud," the VPC is successfully created. However, when attempting to create the Firewall at the same time, an error occurs: "Network name already created." This error found because I am using the same source, "terraform-google-modules/network/google." Additionally, when using the source "terraform-google-modules/network/google//modules/firewall-rules," a version conflict error occurs.

  2. How to set the default variables in the firewall_rules variable.tf file:

 

variable "rules" {
  description = "This is DEPRICATED and available for backward compatiblity. Use ingress_rules and egress_rules variables. List of custom rule definitions"
  type = list(object({
    name                    = string
    description             = optional(string, null)
    direction               = optional(string, "INGRESS")
    disabled                = optional(bool, null)
    priority                = optional(number, null)
    ranges                  = optional(list(string), [])
    source_tags             = optional(list(string))
    source_service_accounts = optional(list(string))
    target_tags             = optional(list(string))
    target_service_accounts = optional(list(string))

    allow = optional(list(object({
      protocol = string
      ports    = optional(list(string))
    })), [])
    deny = optional(list(object({
      protocol = string
      ports    = optional(list(string))
    })), [])
    log_config = optional(object({
      metadata = string
    }))
  }))
  default = [
    {
      name                    = "allow-ssh-ingress"
      description             = null
      direction               = "INGRESS"
      priority                = null
      destination_ranges      = ["10.0.0.0/8"]
      source_ranges           = ["0.0.0.0/0"]
      source_tags             = null
      source_service_accounts = null
      target_tags             = null
      target_service_accounts = null
      allow = [{
        protocol = "tcp"
        ports    = ["22"]
      }]
      deny = []
      log_config = {
          metadata = "INCLUDE_ALL_METADATA"
      }
    }
  ]
}

 

 

 

 

 

 

 

1 1 312
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
Marvin_Lucero
Staff
Reply posted on --/--/---- --:-- AM

Hi @rahulprakash ,

@rahulprakash wrote:

When creating VPC and Firewall rules using "Terraform blueprints and modules for Google Cloud," the VPC is successfully created. However, when attempting to create the Firewall at the same time, an error occurs: "Network name already created." This error found because I am using the same source, "terraform-google-modules/network/google." Additionally, when using the source "terraform-google-modules/network/google//modules/firewall-rules," a version conflict error occurs.

Based from the error, try creating the VPC and firewall rules separately. Create the VPC config first, then, next is the firewall rules. Also, check if there are existing resources that have the same name or config outside of Terraform. If there are resources already existing it will be a problem, since Terraform attempts to create resources based on your configs. 

What I also noticed, when using the Firewall rules module, use a specific version or different source reference if you are seeing version conflicts. For example:

module "firewall_rules" {
source = "terraform-google-modules/network/google//modules/firewall-rules"
version = "X.Y.Z"
# Other configuration parameters...
}
@rahulprakash wrote:

How to set the default variables in the firewall_rules variable.tf file:

There is already a problem with the variable "rules"
1. The variable is called "rules" but in the default setting, you have specified it as "allow-ssh-ingress".
2. The attribute destination_ranges is used, but it's not defined in the variable type.

I've edited and revised the attribute names and added default values for the ranges, source_tags, source_service_accounts, target_tags, and target_service_accounts attributes. You can check the example below and feel free to refer to it :

# variable.tf

variable "firewall_rules" {
description = "This is DEPRECATED and available for backward compatibility. Use ingress_rules and egress_rules variables. List of custom rule definitions"
type = list(object({
name = string
description = optional(string, null)
direction = optional(string, "INGRESS")
disabled = optional(bool, null)
priority = optional(number, null)
ranges = optional(list(string), [])
source_tags = optional(list(string), null)
source_service_accounts = optional(list(string), null)
target_tags = optional(list(string), null)
target_service_accounts = optional(list(string), null)

allow = optional(list(object({
protocol = string
ports = optional(list(string), [])
})), [])
deny = optional(list(object({
protocol = string
ports = optional(list(string), [])
})), [])
log_config = optional(object({
metadata = string
}))
}))
default = [
{
name = "allow-ssh-ingress"
description = null
direction = "INGRESS"
priority = null
ranges = []
source_tags = null
source_service_accounts = null
target_tags = null
target_service_accounts = null
allow = [{
protocol = "tcp"
ports = ["22"]
}]
deny = []
log_config = {
metadata = "INCLUDE_ALL_METADATA"
}
}
]
}

 Let me know if it helps.

Top Labels in this Space
Top Solution Authors
View all