googleApigeeNatAddress

Apigee NAT (network address translation) address. A NAT address is a static external IP address used for Internet egress traffic. This is not avaible for Apigee hybrid. Apigee NAT addresses are not automatically activated because they might require explicit allow entries on the target systems first. See https://cloud.google.com/apigee/docs/reference/apis/apigee/rest/v1/organizations.instances.natAddresses/activate

To get more information about NatAddress, see:

Example Usage - Apigee Nat Address Basic

data "google_client_config" "current" {}

resource "google_compute_network" "apigee_network" {
  name = "apigee-network"
}

resource "google_compute_global_address" "apigee_range" {
  name          = "apigee-range"
  purpose       = "VPC_PEERING"
  address_type  = "INTERNAL"
  prefix_length = 21
  network       = google_compute_network.apigee_network.id
}

resource "google_service_networking_connection" "apigee_vpc_connection" {
  network                 = google_compute_network.apigee_network.id
  service                 = "servicenetworking.googleapis.com"
  reserved_peering_ranges = [google_compute_global_address.apigee_range.name]
}

resource "google_kms_key_ring" "apigee_keyring" {
  name     = "apigee-keyring"
  location = "us-central1"
}

resource "google_kms_crypto_key" "apigee_key" {
  name            = "apigee-key"
  key_ring        = google_kms_key_ring.apigee_keyring.id

  lifecycle {
    prevent_destroy = true
  }
}

resource "google_project_service_identity" "apigee_sa" {
  provider = google-beta
  project  = google_project.project.project_id
  service  = google_project_service.apigee.service
}

resource "google_kms_crypto_key_iam_binding" "apigee_sa_keyuser" {
  crypto_key_id = google_kms_crypto_key.apigee_key.id
  role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"

  members = [
    "serviceAccount:${google_project_service_identity.apigee_sa.email}",
  ]
}

resource "google_apigee_organization" "apigee_org" {
  analytics_region                     = "us-central1"
  display_name                         = "apigee-org"
  description                          = "Terraform-provisioned Apigee Org."
  project_id                           = data.google_client_config.current.project
  authorized_network                   = google_compute_network.apigee_network.id
  runtime_database_encryption_key_name = google_kms_crypto_key.apigee_key.id

  depends_on = [
    google_service_networking_connection.apigee_vpc_connection,
    google_kms_crypto_key_iam_binding.apigee_sa_keyuser,
  ]
}

resource "google_apigee_instance" "apigee_instance" {
  name                     = "apigee-instance"
  location                 = "us-central1"
  description              = "Terraform-managed Apigee Runtime Instance"
  display_name             = "apigee-instance"
  org_id                   = google_apigee_organization.apigee_org.id
  disk_encryption_key_name = google_kms_crypto_key.apigee_key.id
}

resource "google_apigee_nat_address" "apigee-nat" {
  name        = "tf-test%{random_suffix}"
  instance_id = google_apigee_instance.apigee_instance.id
}

Argument Reference

The following arguments are supported:

name - (Required) Resource ID of the NAT address.
instanceId - (Required) The Apigee instance associated with the Apigee environment, in the format organizations/{{orgName}}/instances/{{instanceName}}.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

id - an identifier for the resource with format {{instanceId}}/natAddresses/{{name}}
ipAddress - The allocated NAT IP address.
state - State of the NAT IP address.

Timeouts

This resource provides the following Timeouts configuration options:

create - Default is 30 minutes.
delete - Default is 30 minutes.

Import

NatAddress can be imported using any of these accepted formats:

$ terraform import google_apigee_nat_address.default {{instance_id}}/natAddresses/{{name}}
$ terraform import google_apigee_nat_address.default {{instance_id}}/{{name}}