From 9a96f2ffe1524e15473cbd35d1fd62ad1d642f20 Mon Sep 17 00:00:00 2001
From: katexochen <49727155+katexochen@users.noreply.github.com>
Date: Tue, 27 Sep 2022 12:44:45 +0200
Subject: [PATCH] No public IPs for GCP instances

---
 cli/internal/terraform/terraform/gcp/main.tf        | 13 +++++++++++++
 .../terraform/gcp/modules/instance_group/main.tf    |  1 -
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/cli/internal/terraform/terraform/gcp/main.tf b/cli/internal/terraform/terraform/gcp/main.tf
index a5c0581d5..12680459d 100644
--- a/cli/internal/terraform/terraform/gcp/main.tf
+++ b/cli/internal/terraform/terraform/gcp/main.tf
@@ -58,6 +58,19 @@ resource "google_compute_subnetwork" "vpc_subnetwork" {
   ]
 }
 
+resource "google_compute_router" "vpc_router" {
+  name        = local.name
+  description = "Constellation VPC router"
+  network     = google_compute_network.vpc_network.id
+}
+
+resource "google_compute_router_nat" "vpc_router_nat" {
+  name                               = local.name
+  router                             = google_compute_router.vpc_router.name
+  nat_ip_allocate_option             = "AUTO_ONLY"
+  source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
+}
+
 resource "google_compute_firewall" "firewall_external" {
   name          = local.name
   description   = "Constellation VPC firewall"
diff --git a/cli/internal/terraform/terraform/gcp/modules/instance_group/main.tf b/cli/internal/terraform/terraform/gcp/modules/instance_group/main.tf
index 1a44414c8..5501031df 100644
--- a/cli/internal/terraform/terraform/gcp/modules/instance_group/main.tf
+++ b/cli/internal/terraform/terraform/gcp/modules/instance_group/main.tf
@@ -48,7 +48,6 @@ resource "google_compute_instance_template" "template" {
   network_interface {
     network    = var.network
     subnetwork = var.subnetwork
-    access_config {}
     alias_ip_range {
       ip_cidr_range         = "/24"
       subnetwork_range_name = var.name