variable "projectid" { type = "string" default = "REPLACE-WITH-YOUR-GOOGLE-PROJECT-ID" } variable "region" { type = "string" default = "us-east1" } variable "zone-1" { type = "string" default = "us-east1-d" } variable "name" { type = "string" default = "bosh" } provider "google" { project = "${var.projectid}" region = "${var.region}" } resource "google_compute_network" "network" { name = "${var.name}" } // Subnet for the BOSH director resource "google_compute_subnetwork" "bosh-subnet-1" { name = "bosh-${var.region}" ip_cidr_range = "10.0.0.0/24" network = "${google_compute_network.network.self_link}" } // Allow SSH to BOSH bastion resource "google_compute_firewall" "bosh-bastion" { name = "bosh-bastion" network = "${google_compute_network.network.name}" allow { protocol = "icmp" } allow { protocol = "tcp" ports = ["22"] } target_tags = ["bosh-bastion"] } // Allow open access between internal MVs resource "google_compute_firewall" "bosh-internal" { name = "bosh-internal-${var.name}" network = "${google_compute_network.network.name}" allow { protocol = "icmp" } allow { protocol = "tcp" } allow { protocol = "udp" } target_tags = ["bosh-internal"] source_tags = ["bosh-internal"] } // BOSH bastion host resource "google_compute_instance" "bosh-bastion" { name = "bosh-bastion" machine_type = "n1-standard-1" zone = "${var.zone-1}" tags = ["bosh-bastion", "bosh-internal"] disk { image = "ubuntu-1404-trusty-v20160627" } network_interface { subnetwork = "${google_compute_subnetwork.bosh-subnet-1.name}" access_config { // Ephemeral IP } } metadata_startup_script = <