Skip to content

Commit

Permalink
feat: add api gateway
Browse files Browse the repository at this point in the history
  • Loading branch information
@miguelpuiggarcia
miguelpuiggarcia committed Sep 4, 2023
1 parent b8e4cdf commit 81edc5c
Showing 1 changed file with 9 additions and 4 deletions.
13 changes: 9 additions & 4 deletions gcp/cloud-run-v2/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,15 +116,16 @@ resource "google_compute_region_network_endpoint_group" "cloudrun_neg" {
}
}


# Cloud Armor Security Policy

resource "google_compute_security_policy" "cloud_armor_policy" {
count = var.enable_cloud_armor ? 1 : 0
name = "${var.name}-armor-policy"
description = "A security policy for Cloud Armor."

rule {
action = "allow"
priority = "1000"
action = "allow" # or "deny", depending on your needs
priority = 2147483647
match {
versioned_expr = "SRC_IPS_V1"
config {
Expand All @@ -133,9 +134,13 @@ resource "google_compute_security_policy" "cloud_armor_policy" {
}
description = "default rule"
}

# Additional rules can go here with different priority values.
# ...
}



# Load Balancer module using serverless NEGs
# View all options on https://github.com/terraform-google-modules/terraform-google-lb-http
module "lb-http" {
Expand Down Expand Up @@ -164,7 +169,7 @@ module "lb-http" {
custom_response_headers = ["X-Cache-Hit: {cdn_cache_status}"]

# Clour Armor security
security_policy = var.enable_cloud_armor ? google_compute_security_policy.cloud_armor_policy[0].self_link : null
security_policy = var.enable_cloud_armor ? google_compute_security_policy.cloud_armor_policy[0].self_link : null

log_config = {
enable = false
Expand Down

0 comments on commit 81edc5c

Please sign in to comment.