From 02c33adcbfa1f17985546b0c0bfe1bb51163a04a Mon Sep 17 00:00:00 2001 From: Petri Autero Date: Wed, 6 Feb 2019 13:05:51 +0200 Subject: [PATCH] Clarify the public ip / cidr --- examples/cloud-sql-mysql/main.tf | 8 ++++---- examples/cloud-sql-mysql/variables.tf | 6 ------ 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/examples/cloud-sql-mysql/main.tf b/examples/cloud-sql-mysql/main.tf index 61839da..60b844a 100644 --- a/examples/cloud-sql-mysql/main.tf +++ b/examples/cloud-sql-mysql/main.tf @@ -41,11 +41,11 @@ module "mysql" { master_user_name = "${var.master_user_name}" master_user_host = "%" - enable_public_internet_access = "${var.enable_public_internet_access}" + # To make it easier to test this example, we are giving the servers public IP addresses and allowing inbound + # connections from anywhere. In real-world usage, your servers should live in private subnets, only have private IP + # addresses, and only allow access from specific trusted networks, servers or applications in your VPC. + enable_public_internet_access = true - # Never do this in production! - # We're setting permissive network rules to make - # it easier to test the instance authorized_networks = [ { name = "allow-all-inbound" diff --git a/examples/cloud-sql-mysql/variables.tf b/examples/cloud-sql-mysql/variables.tf index c543996..0eecc43 100644 --- a/examples/cloud-sql-mysql/variables.tf +++ b/examples/cloud-sql-mysql/variables.tf @@ -28,12 +28,6 @@ variable "master_user_password" { # OPTIONAL PARAMETERS # Generally, these values won't need to be changed. # --------------------------------------------------------------------------------------------------------------------- -# In nearly all cases, databases should NOT be publicly accessible, however if you're migrating from a PAAS provider like Heroku to GCP, this needs to remain open to the internet. -variable "enable_public_internet_access" { - description = "WARNING: - In nearly all cases a database should NOT be publicly accessible. Only set this to true if you want the database open to the internet" - default = true -} - variable "mysql_version" { description = "The engine version of the database, e.g. `MYSQL_5_6` or `MYSQL_5_7`. See https://cloud.google.com/sql/docs/features for supported versions." default = "MYSQL_5_7"