googleApigeeNatAddress
Apigee NAT (network address translation) address. A NAT address is a static external IP address used for Internet egress traffic. This is not avaible for Apigee hybrid. Apigee NAT addresses are not automatically activated because they might require explicit allow entries on the target systems first. See https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances.natAddresses/activate
To get more information about NatAddress, see:
- API documentation
- How-to Guides
- Provisioning NAT IPs
Example Usage - Apigee Nat Address Basic
data "google_client_config" "current" {}
resource "google_compute_network" "apigee_network" {
name = "apigee-network"
}
resource "google_compute_global_address" "apigee_range" {
name = "apigee-range"
purpose = "VPC_PEERING"
address_type = "INTERNAL"
prefix_length = 21
network = google_compute_network.apigee_network.id
}
resource "google_service_networking_connection" "apigee_vpc_connection" {
network = google_compute_network.apigee_network.id
service = "servicenetworking.googleapis.com"
reserved_peering_ranges = [google_compute_global_address.apigee_range.name]
}
resource "google_kms_key_ring" "apigee_keyring" {
name = "apigee-keyring"
location = "us-central1"
}
resource "google_kms_crypto_key" "apigee_key" {
name = "apigee-key"
key_ring = google_kms_key_ring.apigee_keyring.id
lifecycle {
prevent_destroy = true
}
}
resource "google_project_service_identity" "apigee_sa" {
provider = google-beta
project = google_project.project.project_id
service = google_project_service.apigee.service
}
resource "google_kms_crypto_key_iam_binding" "apigee_sa_keyuser" {
crypto_key_id = google_kms_crypto_key.apigee_key.id
role = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
members = [
"serviceAccount:${google_project_service_identity.apigee_sa.email}",
]
}
resource "google_apigee_organization" "apigee_org" {
analytics_region = "us-central1"
display_name = "apigee-org"
description = "Terraform-provisioned Apigee Org."
project_id = data.google_client_config.current.project
authorized_network = google_compute_network.apigee_network.id
runtime_database_encryption_key_name = google_kms_crypto_key.apigee_key.id
depends_on = [
google_service_networking_connection.apigee_vpc_connection,
google_kms_crypto_key_iam_binding.apigee_sa_keyuser,
]
}
resource "google_apigee_instance" "apigee_instance" {
name = "apigee-instance"
location = "us-central1"
description = "Terraform-managed Apigee Runtime Instance"
display_name = "apigee-instance"
org_id = google_apigee_organization.apigee_org.id
disk_encryption_key_name = google_kms_crypto_key.apigee_key.id
}
resource "google_apigee_nat_address" "apigee-nat" {
name = "tf-test%{random_suffix}"
instance_id = google_apigee_instance.apigee_instance.id
}
Argument Reference
The following arguments are supported:
-
name
- (Required) Resource ID of the NAT address. -
instanceId
- (Required) The Apigee instance associated with the Apigee environment, in the formatorganizations/{{orgName}}/instances/{{instanceName}}
.
Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
-
id
- an identifier for the resource with format{{instanceId}}/natAddresses/{{name}}
-
ipAddress
- The allocated NAT IP address. -
state
- State of the NAT IP address.
Timeouts
This resource provides the following Timeouts configuration options:
create
- Default is 30 minutes.delete
- Default is 30 minutes.
Import
NatAddress can be imported using any of these accepted formats: