main.tf

# config sets up a GCP network in three regions with the most services
# configures low cost flow logs for moderate risk solutions
# Edit Source Ranges for the default google_compute_firewall with campus sources ranges
# 3 regions selected to cover largest number of GCP Services


resource "google_compute_firewall" "default" {
  name    = "default-firewall-${var.project_name}"
  network = google_compute_network.default.name
  project = var.project_id

  allow {
    protocol = "icmp"
  }

  allow {
    protocol = "tcp"
    ports    = [var.sshport, var.rdpport]
	}
    source_ranges = ["10.33.0.0/16", "172.92.0.0/16"]

}

resource "google_compute_network" "default" {
  name = "uw-default-${var.project_name}"
  description = "US Central Default Network"
  project = var.project_id
  auto_create_subnetworks = false
}

resource "google_compute_subnetwork" "us-central1-subnetwork" {
  name          = "us-central1-subnetwork"
  ip_cidr_range = "10.2.0.0/16"
  region        = "us-central1"
  network       = google_compute_network.default.id
  project       = var.project_id

  log_config {
    aggregation_interval = "INTERVAL_15_MIN"
    flow_sampling        = 0.5
    metadata             = "INCLUDE_ALL_METADATA"
  }
}

resource "google_compute_subnetwork" "us-east1-subnetwork" {
  name          = "us-east1-subnetwork"
  ip_cidr_range = "10.3.0.0/16"
  region        = "us-east1"
  network       = google_compute_network.default.id
  project       = var.project_id

  log_config {
    aggregation_interval = "INTERVAL_15_MIN"
    flow_sampling        = 0.5
    metadata             = "INCLUDE_ALL_METADATA"
  }
}

resource "google_compute_subnetwork" "us-east4-subnetwork" {
  name          = "us-east4-subnetwork"
  ip_cidr_range = "10.4.0.0/16"
  region        = "us-east4"
  network       = google_compute_network.default.id
  project       = var.project_id

  log_config {
    aggregation_interval = "INTERVAL_15_MIN"
    flow_sampling        = 0.5
    metadata             = "INCLUDE_ALL_METADATA"
  }
}
	# config sets up a GCP network in three regions with the most services
	# configures low cost flow logs for moderate risk solutions
	# Edit Source Ranges for the default google_compute_firewall with campus sources ranges
	# 3 regions selected to cover largest number of GCP Services


	resource "google_compute_firewall" "default" {
	name = "default-firewall-${var.project_name}"
	network = google_compute_network.default.name
	project = var.project_id

	allow {
	protocol = "icmp"
	}

	allow {
	protocol = "tcp"
	ports = [var.sshport, var.rdpport]
	}
	source_ranges = ["10.33.0.0/16", "172.92.0.0/16"]

	}

	resource "google_compute_network" "default" {
	name = "uw-default-${var.project_name}"
	description = "US Central Default Network"
	project = var.project_id
	auto_create_subnetworks = false
	}

	resource "google_compute_subnetwork" "us-central1-subnetwork" {
	name = "us-central1-subnetwork"
	ip_cidr_range = "10.2.0.0/16"
	region = "us-central1"
	network = google_compute_network.default.id
	project = var.project_id

	log_config {
	aggregation_interval = "INTERVAL_15_MIN"
	flow_sampling = 0.5
	metadata = "INCLUDE_ALL_METADATA"
	}
	}

	resource "google_compute_subnetwork" "us-east1-subnetwork" {
	name = "us-east1-subnetwork"
	ip_cidr_range = "10.3.0.0/16"
	region = "us-east1"
	network = google_compute_network.default.id
	project = var.project_id

	log_config {
	aggregation_interval = "INTERVAL_15_MIN"
	flow_sampling = 0.5
	metadata = "INCLUDE_ALL_METADATA"
	}
	}

	resource "google_compute_subnetwork" "us-east4-subnetwork" {
	name = "us-east4-subnetwork"
	ip_cidr_range = "10.4.0.0/16"
	region = "us-east4"
	network = google_compute_network.default.id
	project = var.project_id

	log_config {
	aggregation_interval = "INTERVAL_15_MIN"
	flow_sampling = 0.5
	metadata = "INCLUDE_ALL_METADATA"
	}
	}