Complete the code to specify the host project for a Shared VPC.
resource "google_compute_shared_vpc_host_project" "host" { project = "[1]" }
The host project is the project that owns the Shared VPC network. It must be specified correctly to enable Shared VPC.
Complete the code to attach a service project to the Shared VPC host project.
resource "google_compute_shared_vpc_service_project" "service" { host_project = "my-shared-vpc-host" service_project = "[1]" }
The service project is the project that uses the Shared VPC network from the host project.
Fix the error in the IAM binding to allow the service project to use the Shared VPC network.
resource "google_project_iam_member" "service_network_user" { project = "my-shared-vpc-host" role = "roles/[1]" member = "serviceAccount:service-123456789@compute-system.iam.gserviceaccount.com" }
The role compute.networkUser allows the service project to use the Shared VPC network resources.
Fill both blanks to create a firewall rule in the Shared VPC host project allowing SSH from the service project.
resource "google_compute_firewall" "allow_ssh" { name = "allow-ssh" network = "projects/my-shared-vpc-host/global/networks/[1]" allow { protocol = "tcp" ports = ["22"] } source_ranges = ["[2]"] }
The firewall rule must specify the Shared VPC network name and the IP range of the service project to allow SSH traffic.
Fill all three blanks to define a subnet in the Shared VPC host project with private IP Google access enabled.
resource "google_compute_subnetwork" "shared_subnet" { name = "shared-subnet" ip_cidr_range = "[1]" region = "us-central1" network = "projects/my-shared-vpc-host/global/networks/[2]" private_ip_google_access = [3] }
The subnet must have a valid CIDR range, be attached to the Shared VPC network, and enable private IP Google access for private communication with Google services.