While I like the repo layout and the modules, the diagram should show a direct line from the internet to the database since the database server is given a public IP.
in gcp-terraform-workshop/terraform/modules/db/main.tf (of the task6 branch) it has
//
ip_configuration {
ipv4_enabled = "true"
//
The terraform docs for that say for ipv4_enabled "Whether this Cloud SQL instance should be assigned a public IPV4 address.", similar for GCP docs. And, since you allow 0.0.0.0/0 to that db then all the security and firewalling you've done for the subnets is helping everything but the db server.
Not sure if it was intentional or not, again, nice job on the project/repo layout.
While I like the repo layout and the modules, the diagram should show a direct line from the internet to the database since the database server is given a public IP.
in
gcp-terraform-workshop/terraform/modules/db/main.tf(of thetask6branch) it hasThe terraform docs for that say for
ipv4_enabled"Whether this Cloud SQL instance should be assigned a public IPV4 address.", similar for GCP docs. And, since you allow0.0.0.0/0to that db then all the security and firewalling you've done for the subnets is helping everything but the db server.Not sure if it was intentional or not, again, nice job on the project/repo layout.