1/**
2 * Copyright 2022 Google LLC
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17```hcl
18data "google_client_config" "current" {}
19
20resource "google_compute_network" "apigee_network" {
21 name = "apigee-network"
22}
23
24resource "google_compute_global_address" "apigee_range" {
25 name = "apigee-range"
26 purpose = "VPC_PEERING"
27 address_type = "INTERNAL"
28 prefix_length = 16
29 network = google_compute_network.apigee_network.id
30}
31
32resource "google_service_networking_connection" "apigee_vpc_connection" {
33 network = google_compute_network.apigee_network.id
34 service = "servicenetworking.googleapis.com"
35 reserved_peering_ranges = [google_compute_global_address.apigee_range.name]
36}
37
38resource "google_kms_key_ring" "apigee_keyring" {
39 name = "apigee-keyring"
40 location = "us-central1"
41}
42
43resource "google_kms_crypto_key" "apigee_key" {
44 name = "apigee-key"
45 key_ring = google_kms_key_ring.apigee_keyring.id
46
47 lifecycle {
48 prevent_destroy = true
49 }
50}
51
52resource "google_project_service_identity" "apigee_sa" {
53 provider = google-beta
54 project = google_project.project.project_id
55 service = google_project_service.apigee.service
56}
57
58resource "google_kms_crypto_key_iam_binding" "apigee_sa_keyuser" {
59 crypto_key_id = google_kms_crypto_key.apigee_key.id
60 role = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
61
62 members = [
63 "serviceAccount:${google_project_service_identity.apigee_sa.email}",
64 ]
65}
66
67resource "google_apigee_organization" "apigee_org" {
68 analytics_region = "us-central1"
69 display_name = "apigee-org"
70 description = "Terraform-provisioned Apigee Org."
71 project_id = data.google_client_config.current.project
72 authorized_network = google_compute_network.apigee_network.id
73 runtime_database_encryption_key_name = google_kms_crypto_key.apigee_key.id
74
75 depends_on = [
76 google_service_networking_connection.apigee_vpc_connection,
77 google_kms_crypto_key_iam_binding.apigee_sa_keyuser,
78 ]
79}
80
81resource "google_apigee_instance" "apigee_instance" {
82 name = "my-instance-name"
83 location = "us-central1"
84 description = "Terraform-managed Apigee Runtime Instance"
85 display_name = "my-instance-name"
86 org_id = google_apigee_organization.apigee_org.id
87 disk_encryption_key_name = google_kms_crypto_key.apigee_key.id
88}
89```
View as plain text