googleApigeeInstance
An instance is the runtime dataplane in Apigee.
To get more information about Instance, see:
- API documentation
- How-to Guides
- Creating a runtime instance
Example Usage - Apigee Instance Basic
data "google_client_config" "current" {}
resource "google_compute_network" "apigee_network" {
name = "apigee-network"
}
resource "google_compute_global_address" "apigee_range" {
name = "apigee-range"
purpose = "VPC_PEERING"
address_type = "INTERNAL"
prefix_length = 16
network = google_compute_network.apigee_network.id
}
resource "google_service_networking_connection" "apigee_vpc_connection" {
network = google_compute_network.apigee_network.id
service = "servicenetworking.googleapis.com"
reserved_peering_ranges = [google_compute_global_address.apigee_range.name]
}
resource "google_apigee_organization" "apigee_org" {
analytics_region = "us-central1"
project_id = data.google_client_config.current.project
authorized_network = google_compute_network.apigee_network.id
depends_on = [google_service_networking_connection.apigee_vpc_connection]
}
resource "google_apigee_instance" "apigee_instance" {
name = "tf-test%{random_suffix}"
location = "us-central1"
org_id = google_apigee_organization.apigee_org.id
}
Example Usage - Apigee Instance Cidr Range
data "google_client_config" "current" {}
resource "google_compute_network" "apigee_network" {
name = "apigee-network"
}
resource "google_compute_global_address" "apigee_range" {
name = "apigee-range"
purpose = "VPC_PEERING"
address_type = "INTERNAL"
prefix_length = 22
network = google_compute_network.apigee_network.id
}
resource "google_service_networking_connection" "apigee_vpc_connection" {
network = google_compute_network.apigee_network.id
service = "servicenetworking.googleapis.com"
reserved_peering_ranges = [google_compute_global_address.apigee_range.name]
}
resource "google_apigee_organization" "apigee_org" {
analytics_region = "us-central1"
project_id = data.google_client_config.current.project
authorized_network = google_compute_network.apigee_network.id
depends_on = [google_service_networking_connection.apigee_vpc_connection]
}
resource "google_apigee_instance" "apigee_instance" {
name = "tf-test%{random_suffix}"
location = "us-central1"
org_id = google_apigee_organization.apigee_org.id
peering_cidr_range = "SLASH_22"
}
Example Usage - Apigee Instance Ip Range
data "google_client_config" "current" {}
resource "google_compute_network" "apigee_network" {
name = "apigee-network"
}
resource "google_compute_global_address" "apigee_range" {
name = "apigee-range"
purpose = "VPC_PEERING"
address_type = "INTERNAL"
prefix_length = 22
network = google_compute_network.apigee_network.id
}
resource "google_service_networking_connection" "apigee_vpc_connection" {
network = google_compute_network.apigee_network.id
service = "servicenetworking.googleapis.com"
reserved_peering_ranges = [google_compute_global_address.apigee_range.name]
}
resource "google_apigee_organization" "apigee_org" {
analytics_region = "us-central1"
project_id = data.google_client_config.current.project
authorized_network = google_compute_network.apigee_network.id
depends_on = [google_service_networking_connection.apigee_vpc_connection]
}
resource "google_apigee_instance" "apigee_instance" {
name = "tf-test%{random_suffix}"
location = "us-central1"
org_id = google_apigee_organization.apigee_org.id
ip_range = "10.87.8.0/22"
}
Example Usage - Apigee Instance Full
data "google_client_config" "current" {}
resource "google_compute_network" "apigee_network" {
name = "apigee-network"
}
resource "google_compute_global_address" "apigee_range" {
name = "apigee-range"
purpose = "VPC_PEERING"
address_type = "INTERNAL"
prefix_length = 16
network = google_compute_network.apigee_network.id
}
resource "google_service_networking_connection" "apigee_vpc_connection" {
network = google_compute_network.apigee_network.id
service = "servicenetworking.googleapis.com"
reserved_peering_ranges = [google_compute_global_address.apigee_range.name]
}
resource "google_kms_key_ring" "apigee_keyring" {
name = "apigee-keyring"
location = "us-central1"
}
resource "google_kms_crypto_key" "apigee_key" {
name = "apigee-key"
key_ring = google_kms_key_ring.apigee_keyring.id
lifecycle {
prevent_destroy = true
}
}
resource "google_project_service_identity" "apigee_sa" {
provider = google-beta
project = google_project.project.project_id
service = google_project_service.apigee.service
}
resource "google_kms_crypto_key_iam_binding" "apigee_sa_keyuser" {
crypto_key_id = google_kms_crypto_key.apigee_key.id
role = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
members = [
"serviceAccount:${google_project_service_identity.apigee_sa.email}",
]
}
resource "google_apigee_organization" "apigee_org" {
analytics_region = "us-central1"
display_name = "apigee-org"
description = "Terraform-provisioned Apigee Org."
project_id = data.google_client_config.current.project
authorized_network = google_compute_network.apigee_network.id
runtime_database_encryption_key_name = google_kms_crypto_key.apigee_key.id
depends_on = [
google_service_networking_connection.apigee_vpc_connection,
google_kms_crypto_key_iam_binding.apigee_sa_keyuser,
]
}
resource "google_apigee_instance" "apigee_instance" {
name = "tf-test%{random_suffix}"
location = "us-central1"
description = "Terraform-managed Apigee Runtime Instance"
display_name = "tf-test%{random_suffix}"
org_id = google_apigee_organization.apigee_org.id
disk_encryption_key_name = google_kms_crypto_key.apigee_key.id
}
Argument Reference
The following arguments are supported:
-
name- (Required) Resource ID of the instance. -
location- (Required) Required. Compute Engine location where the instance resides. -
orgId- (Required) The Apigee Organization associated with the Apigee instance, in the formatorganizations/{{orgName}}.
-
peeringCidrRange- (Optional) The size of the CIDR block range that will be reserved by the instance. For valid values, see CidrRange on the documentation. -
ipRange- (Optional) IP range represents the customer-provided CIDR block of length 22 that will be used for the Apigee instance creation. This optional range, if provided, should be freely available as part of larger named range the customer has allocated to the Service Networking peering. If this is not provided, Apigee will automatically request for any available /22 CIDR block from Service Networking. The customer should use this CIDR block for configuring their firewall needs to allow traffic from Apigee. Input format: "a.b.c.d/22" -
description- (Optional) Description of the instance. -
displayName- (Optional) Display name of the instance. -
diskEncryptionKeyName- (Optional) Customer Managed Encryption Key (CMEK) used for disk and volume encryption. Required for Apigee paid subscriptions only. Use the following format:projects/([^/]+)/locations/([^/]+)/keyRings/([^/]+)/cryptoKeys/([^/]+) -
consumerAcceptList- (Optional) Optional. Customer accept list represents the list of projects (id/number) on customer side that can privately connect to the service attachment. It is an optional field which the customers can provide during the instance creation. By default, the customer project associated with the Apigee organization will be included to the list.
Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
-
id- an identifier for the resource with format{{orgId}}/instances/{{name}} -
host- Output only. Hostname or IP address of the exposed Apigee endpoint used by clients to connect to the service. -
port- Output only. Port number of the exposed Apigee endpoint. -
serviceAttachment- Output only. Resource name of the service attachment created for the instance in the format: projects//regions//serviceAttachments/* Apigee customers can privately forward traffic to this service attachment using the PSC endpoints.
Timeouts
This resource provides the following Timeouts configuration options:
create- Default is 60 minutes.delete- Default is 60 minutes.
Import
Instance can be imported using any of these accepted formats: