Skip to content

svpc should use forwarding_rule_target app-apis not vpc-sc #1417

New issue
New issue
Open
Open
svpc should use forwarding_rule_target app-apis not vpc-sc#1417
Labels
bugSomething isn't working
@ajbeach2

Description

@ajbeach2
ajbeach2
opened on Jun 5, 2025

TL;DR

It seems the new svpc is is using the restricted vpc private_service_connect. There used to be a separate restricted and shared vpc modules.

https://github.com/terraform-google-modules/terraform-example-foundation/blob/main/3-networks-svpc/modules/shared_vpc/private_service_connect.tf#L26

The shared vpc now uses forwarding_rule_target = "vpc-sc"

In the old example, the shared vpc uses forwarding_rule_target = "all-apis"

terraform-example-foundation/3-networks-dual-svpc/modules/base_shared_vpc/private_service_connect.tf

Line 26 in 7acb983

forwarding_rule_target = "all-apis"

Shouldn't this be all-apis?

If you set forwarding_rule_target = "vpc-sc", the Private Service Connect forwarding rule will only allow access to the Google APIs that are protected by VPC Service Controls.

Expected behavior

No response

Observed behavior

No response

Terraform Configuration

N/A

Terraform Version

N/A

Terraform Provider Versions

N/A

Additional information

Related issue:
#1410

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions