googleComputeInterconnectAttachment
Represents an InterconnectAttachment (VLAN attachment) resource. For more information, see Creating VLAN Attachments.
Example Usage - Interconnect Attachment Basic
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeNetworkFoobar = new google.computeNetwork.ComputeNetwork(
this,
"foobar",
{
auto_create_subnetworks: false,
name: "network-1",
}
);
const googleComputeRouterFoobar = new google.computeRouter.ComputeRouter(
this,
"foobar_1",
{
bgp: [
{
asn: 16550,
},
],
name: "router-1",
network: googleComputeNetworkFoobar.name,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeRouterFoobar.overrideLogicalId("foobar");
new google.computeInterconnectAttachment.ComputeInterconnectAttachment(
this,
"on_prem",
{
edge_availability_domain: "AVAILABILITY_DOMAIN_1",
mtu: 1500,
name: "on-prem-attachment",
router: googleComputeRouterFoobar.id,
type: "PARTNER",
}
);
Example Usage - Compute Interconnect Attachment Ipsec Encryption
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeNetworkNetwork = new google.computeNetwork.ComputeNetwork(
this,
"network",
{
auto_create_subnetworks: false,
name: "test-network",
}
);
const googleComputeRouterRouter = new google.computeRouter.ComputeRouter(
this,
"router",
{
bgp: [
{
asn: 16550,
},
],
encrypted_interconnect_router: true,
name: "test-router",
network: googleComputeNetworkNetwork.name,
}
);
const googleComputeAddressAddress = new google.computeAddress.ComputeAddress(
this,
"address",
{
address: "192.168.1.0",
address_type: "INTERNAL",
name: "test-address",
network: googleComputeNetworkNetwork.selfLink,
prefix_length: 29,
purpose: "IPSEC_INTERCONNECT",
}
);
new google.computeInterconnectAttachment.ComputeInterconnectAttachment(
this,
"ipsec-encrypted-interconnect-attachment",
{
edge_availability_domain: "AVAILABILITY_DOMAIN_1",
encryption: "IPSEC",
ipsec_internal_addresses: [googleComputeAddressAddress.selfLink],
name: "test-interconnect-attachment",
router: googleComputeRouterRouter.id,
type: "PARTNER",
}
);
Argument Reference
The following arguments are supported:
-
router- (Required) URL of the cloud router to be used for dynamic routing. This router must be in the same region as this InterconnectAttachment. The InterconnectAttachment will automatically connect the Interconnect to the network & region within which the Cloud Router is configured. -
name- (Required) Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression[aZ]([AZ09]*[aZ09])?which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
-
adminEnabled- (Optional) Whether the VLAN attachment is enabled or disabled. When using PARTNER type this will Pre-Activate the interconnect attachment -
interconnect- (Optional) URL of the underlying Interconnect object that this attachment's traffic will traverse through. Required if type is DEDICATED, must not be set if type is PARTNER. -
description- (Optional) An optional description of this resource. -
mtu- (Optional) Maximum Transmission Unit (MTU), in bytes, of packets passing through this interconnect attachment. Currently, only 1440 and 1500 are allowed. If not specified, the value will default to 1440. -
bandwidth- (Optional) Provisioned bandwidth capacity for the interconnect attachment. For attachments of type DEDICATED, the user can set the bandwidth. For attachments of type PARTNER, the Google Partner that is operating the interconnect must set the bandwidth. Output only for PARTNER type, mutable for PARTNER_PROVIDER and DEDICATED, Defaults to BPS_10G Possible values arebps50M,bps100M,bps200M,bps300M,bps400M,bps500M,bps1G,bps2G,bps5G,bps10G,bps20G, andbps50G. -
edgeAvailabilityDomain- (Optional) Desired availability domain for the attachment. Only available for type PARTNER, at creation time. For improved reliability, customers should configure a pair of attachments with one per availability domain. The selected availability domain will be provided to the Partner via the pairing key so that the provisioned circuit will lie in the specified domain. If not specified, the value will default to AVAILABILITY_DOMAIN_ANY. -
type- (Optional) The type of InterconnectAttachment you wish to create. Defaults to DEDICATED. Possible values arededicated,partner, andpartnerProvider. -
candidateSubnets- (Optional) Up to 16 candidate prefixes that can be used to restrict the allocation of cloudRouterIpAddress and customerRouterIpAddress for this attachment. All prefixes must be within link-local address space (169.254.0.0/16) and must be /29 or shorter (/28, /27, etc). Google will attempt to select an unused /29 from the supplied candidate prefix(es). The request will fail if all possible /29s are in use on Google's edge. If not supplied, Google will randomly select an unused /29 from all of link-local space. -
vlanTag8021Q- (Optional) The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094. When using PARTNER type this will be managed upstream. -
ipsecInternalAddresses- (Optional) URL of addresses that have been reserved for the interconnect attachment, Used only for interconnect attachment that has the encryption option as IPSEC. The addresses must be RFC 1918 IP address ranges. When creating HA VPN gateway over the interconnect attachment, if the attachment is configured to use an RFC 1918 IP address, then the VPN gateway's IP address will be allocated from the IP address range specified here. For example, if the HA VPN gateway's interface 0 is paired to this interconnect attachment, then an RFC 1918 IP address for the VPN gateway interface 0 will be allocated from the IP address specified for this interconnect attachment. If this field is not specified for interconnect attachment that has encryption option as IPSEC, later on when creating HA VPN gateway on this interconnect attachment, the HA VPN gateway's IP address will be allocated from regional external IP address pool. -
encryption- (Optional) Indicates the user-supplied encryption option of this interconnect attachment. Can only be specified at attachment creation for PARTNER or DEDICATED attachments.- NONE - This is the default value, which means that the VLAN attachment carries unencrypted traffic. VMs are able to send traffic to, or receive traffic from, such a VLAN attachment.
- IPSEC - The VLAN attachment carries only encrypted traffic that is encrypted by an IPsec device, such as an HA VPN gateway or third-party IPsec VPN. VMs cannot directly send traffic to, or receive traffic from, such a VLAN attachment. To use HA VPN over Cloud Interconnect, the VLAN attachment must be created with this option. Default value is
none. Possible values arenoneandipsec.
-
region- (Optional) Region where the regional interconnect attachment resides. -
project- (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
-
id- an identifier for the resource with formatprojects/{{project}}/regions/{{region}}/interconnectAttachments/{{name}} -
cloudRouterIpAddress- IPv4 address + prefix length to be configured on Cloud Router Interface for this interconnect attachment. -
customerRouterIpAddress- IPv4 address + prefix length to be configured on the customer router subinterface for this interconnect attachment. -
pairingKey- [Output only for type PARTNER. Not present for DEDICATED]. The opaque identifier of an PARTNER attachment used to initiate provisioning with a selected partner. Of the form "XXXXX/region/domain" -
partnerAsn- [Output only for type PARTNER. Not present for DEDICATED]. Optional BGP ASN for the router that should be supplied by a layer 3 Partner if they configured BGP on behalf of the customer. -
privateInterconnectInfo- Information specific to an InterconnectAttachment. This property is populated if the interconnect that this is attached to is of type DEDICATED. Structure is documented below. -
state- [Output Only] The current state of this attachment's functionality. -
googleReferenceId- Google reference ID, to be used when raising support tickets with Google or otherwise to debug backend connectivity issues. -
creationTimestamp- Creation timestamp in RFC3339 text format. -
selfLink- The URI of the created resource.
The privateInterconnectInfo block contains:
tag8021Q- (Output) 802.1q encapsulation tag to be used for traffic between Google and the customer, going to and from this network and region.
Timeouts
This resource provides the following Timeouts configuration options:
create- Default is 20 minutes.update- Default is 20 minutes.delete- Default is 20 minutes.
Import
InterconnectAttachment can be imported using any of these accepted formats:
$ terraform import google_compute_interconnect_attachment.default projects/{{project}}/regions/{{region}}/interconnectAttachments/{{name}}
$ terraform import google_compute_interconnect_attachment.default {{project}}/{{region}}/{{name}}
$ terraform import google_compute_interconnect_attachment.default {{region}}/{{name}}
$ terraform import google_compute_interconnect_attachment.default {{name}}
User Project Overrides
This resource supports User Project Overrides.