vpn.hcl

resource "google_project" "host-project" {
  name                = "host-project"
  project_id          = "host-project-id"  // プロジェクトIDはグローバルで一つなので、実際に作るときはかぶらないように乱数をつけておくと良いかもしれません。
  auto_create_network = false  // これを設定していないとリージョン毎にサブネットワークが生成される
}

resource "google_compute_network" "host-vpc" {
  project                 = google_project.host-project.id
  name                    = "default"
  auto_create_subnetworks = false
  routing_mode            = "GLOBAL"
}

locals {
  bgp_shared_secrets = [
    "AWSで自動生成されたやつ1",
    "AWSで自動生成されたやつ2",
    "AWSで自動生成されたやつ3",
    "AWSで自動生成されたやつ4",
  ]
  // ダウンロードしたファイルのInside IP AddressesのCustomer Gatewayに書かれてるアドレス
  google_bgp_ips = [
    "IPアドレス1/30",  // こっちは /30をつける
    "IPアドレス2/30",
    "IPアドレス3/30",
    "IPアドレス4/30",
  ]
  // ダウンロードしたファイルのInside IP AddressesのVirtual Private Gatewayに書かれてるアドレス
  aws_bgp_ips = [
    "IPアドレス1",  // こっちは /30いらない (何でだろう)
    "IPアドレス2",
    "IPアドレス3",
    "IPアドレス4",
  ]
}

resource "google_compute_ha_vpn_gateway" "aws-gateway" {
  provider = "google-beta"
  project  = google_project.host-project.id
  region   = "asia-northeast1"
  name     = "aws-gateway"
  network  = google_compute_network.host-vpc.self_link
}

resource "google_compute_router" "aws-gateway" {
  project = google_project.host-project.id
  name    = "aws-gateway"
  region  = "asia-northeast1"
  network = google_compute_network.host-vpc.self_link
  bgp {
    asn            = 65000
    advertise_mode = "CUSTOM"  // 事情がなければ DEFAULT でも大丈夫そう
    advertised_ip_ranges {  // DEFAULTの場合は無くて大丈夫そう
      range = "カスタム" 
    }
  }
}

resource "google_compute_external_vpn_gateway" "aws-gateway" {
  provider        = "google-beta"
  project         = google_project.host-project.id
  name            = "aws-gateway"
  redundancy_type = "FOUR_IPS_REDUNDANCY"

  interface {
    id         = 0
    ip_address = "IPアドレス1" // AWS VPNトンネルの Outside IP Address
  }
  interface {
    id         = 1
    ip_address = "IPアドレス2"
  }
  interface {
    id         = 2
    ip_address = "IPアドレス3"
  }
  interface {
    id         = 3
    ip_address = "IPアドレス4"
  }
}

resource "google_compute_vpn_tunnel" "aws-gateway" {
  count                           = 4
  provider                        = "google-beta"
  project                         = google_project.host-project.id
  name                            = "aws-gateway-${count.index}"
  region                          = "asia-northeast1"
  ike_version                     = 2
  vpn_gateway                     = google_compute_ha_vpn_gateway.aws-gateway.self_link
  peer_external_gateway           = google_compute_external_vpn_gateway.aws-gateway.self_link
  peer_external_gateway_interface = count.index
  shared_secret                   = local.bgp_shared_secrets[count.index]
  router                          = google_compute_router.aws-gateway.self_link
  vpn_gateway_interface           = floor(count.index / 2)
}

resource "google_compute_router_interface" "router-interface-aws-gateway" {
  count    = 4
  provider = "google-beta"
  project  = google_project.host-project.id

  name       = "aws-gateway-${count.index}"
  router     = google_compute_router.aws-gateway.name
  region     = "asia-northeast1"
  ip_range   = local.google_bgp_ips[count.index]
  vpn_tunnel = google_compute_vpn_tunnel.aws-gateway[count.index].name
}

resource "google_compute_router_peer" "aws-gateway" {
  count    = 4
  provider = "google-beta"
  project  = google_project.host-project.id

  name                      = "aws-gateway-${count.index}"
  router                    = google_compute_router.aws-gateway.name
  region                    = "asia-northeast1"
  peer_ip_address           = local.aws_bgp_ips[count.index]
  peer_asn                  = 64512
  advertised_route_priority = 100
  interface                 = google_compute_router_interface.router-interface-aws-gateway[count.index].name
}