From 115152a5f4bc8c5cdb646a4f373ee5529088087d Mon Sep 17 00:00:00 2001
From: "create-pr-on-fork-for-pan-dev[bot]"
 <135888023+create-pr-on-fork-for-pan-dev[bot]@users.noreply.github.com>
Date: Tue, 17 Oct 2023 14:28:14 +0100
Subject: [PATCH] Sync gcp Terraform module documentation (#474)

Co-authored-by: pan-dev-content-sync-trigger[bot] <pan-dev-content-sync-trigger[bot]@users.noreply.github.com>
---
 .../swfw/gcp/vmseries/modules/autoscale.md    |  19 +-
 .../swfw/gcp/vmseries/modules/bootstrap.md    |   2 +-
 .../vmseries/modules/iam_service_account.md   |   2 +-
 .../swfw/gcp/vmseries/modules/lb_external.md  |   2 +-
 .../vmseries/modules/lb_http_ext_global.md    |   2 +-
 .../swfw/gcp/vmseries/modules/lb_internal.md  |   3 +-
 .../swfw/gcp/vmseries/modules/panorama.md     |   2 +-
 .../swfw/gcp/vmseries/modules/vmseries.md     |   2 +-
 .../swfw/gcp/vmseries/modules/vpc-peering.md  |   2 +-
 .../docs/swfw/gcp/vmseries/modules/vpc.md     |   2 +-
 .../docs/swfw/gcp/vmseries/modules/vpn.md     | 270 ++++++++++++++++++
 11 files changed, 297 insertions(+), 11 deletions(-)
 create mode 100644 products/terraform/docs/swfw/gcp/vmseries/modules/vpn.md

diff --git a/products/terraform/docs/swfw/gcp/vmseries/modules/autoscale.md b/products/terraform/docs/swfw/gcp/vmseries/modules/autoscale.md
index 9733e902a..f94274baf 100644
--- a/products/terraform/docs/swfw/gcp/vmseries/modules/autoscale.md
+++ b/products/terraform/docs/swfw/gcp/vmseries/modules/autoscale.md
@@ -18,7 +18,7 @@ title: Auto-Scaling for Palo Alto Networks VM-Series
 
 # Auto-Scaling for Palo Alto Networks VM-Series
 
-[![GitHub Logo](/img/view_on_github.png)](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/examples/autoscale) [![Terraform Logo](/img/view_on_terraform_registry.png)](https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/google/latest/examples/autoscale)
+[![GitHub Logo](/img/view_on_github.png)](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/autoscale) [![Terraform Logo](/img/view_on_terraform_registry.png)](https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/google/latest/submodules/autoscale)
 
 ## Reference
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
@@ -33,7 +33,9 @@ title: Auto-Scaling for Palo Alto Networks VM-Series
 
 | Name | Version |
 |------|---------|
+| <a name="provider_archive"></a> [archive](#provider\_archive) | n/a |
 | <a name="provider_google"></a> [google](#provider\_google) | ~> 4.54 |
+| <a name="provider_random"></a> [random](#provider\_random) | n/a |
 
 ### Modules
 
@@ -43,14 +45,27 @@ No modules.
 
 | Name | Type |
 |------|------|
+| [google_cloudfunctions2_function.delicensing_cfn](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloudfunctions2_function) | resource |
 | [google_compute_autoscaler.zonal](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_autoscaler) | resource |
 | [google_compute_instance_group_manager.zonal](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance_group_manager) | resource |
 | [google_compute_instance_template.main](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance_template) | resource |
 | [google_compute_region_autoscaler.regional](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_region_autoscaler) | resource |
 | [google_compute_region_instance_group_manager.regional](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_region_instance_group_manager) | resource |
+| [google_logging_project_sink.delicensing_cfn](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/logging_project_sink) | resource |
+| [google_project_iam_member.delicensing_cfn](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource |
+| [google_project_iam_member.delicensing_cfn_invoker](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/project_iam_member) | resource |
 | [google_pubsub_subscription.main](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/pubsub_subscription) | resource |
 | [google_pubsub_subscription_iam_member.main](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/pubsub_subscription_iam_member) | resource |
+| [google_pubsub_topic.delicensing_cfn](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/pubsub_topic) | resource |
 | [google_pubsub_topic.main](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/pubsub_topic) | resource |
+| [google_pubsub_topic_iam_member.pubsub_sink_member](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/pubsub_topic_iam_member) | resource |
+| [google_secret_manager_secret.delicensing_cfn_pano_creds](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/secret_manager_secret) | resource |
+| [google_service_account.delicensing_cfn](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account) | resource |
+| [google_storage_bucket.delicensing_cfn](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket) | resource |
+| [google_storage_bucket_object.delicensing_cfn](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_object) | resource |
+| [google_vpc_access_connector.delicensing_cfn](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/vpc_access_connector) | resource |
+| [random_id.postfix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
+| [archive_file.delicensing_cfn](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source |
 | [google_compute_default_service_account.main](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_default_service_account) | data source |
 | [google_compute_zones.main](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/compute_zones) | data source |
 
@@ -61,6 +76,7 @@ No modules.
 | <a name="input_autoscaler_metrics"></a> [autoscaler\_metrics](#input\_autoscaler\_metrics) | A map with the keys being metrics identifiers (e.g. custom.googleapis.com/VMSeries/panSessionUtilization). Each of the contained objects has attribute `target` which is a numerical threshold for a scale-out or a scale-in. Each zonal group grows until it satisfies all the targets. Additional optional attribute `type` defines the metric as either `GAUGE`, `DELTA_PER_SECOND`, or `DELTA_PER_MINUTE`. For full specification, see the `metric` inside the [provider doc](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_autoscaler). | `map` | <pre>{<br />  "custom.googleapis.com/VMSeries/panSessionThroughputKbps": {<br />    "target": 700000<br />  },<br />  "custom.googleapis.com/VMSeries/panSessionUtilization": {<br />    "target": 70<br />  }<br />}</pre> | no |
 | <a name="input_cooldown_period"></a> [cooldown\_period](#input\_cooldown\_period) | The number of seconds that the autoscaler should wait before it starts collecting information from a new VM-Series. This prevents the autoscaler from collecting information when the VM-Series is initializing, during which the collected usage would not be reliable. Virtual machine initialization times might vary because of numerous factors. | `number` | `480` | no |
 | <a name="input_create_pubsub_topic"></a> [create\_pubsub\_topic](#input\_create\_pubsub\_topic) | Set to `true` to create a Pub/Sub topic and subscription. The Panorama Google Cloud Plugin can use this Pub/Sub to trigger actions when the VM-Series Instance Group descales. Actions include, removal of VM-Series from Panorama and automatic delicensing (if VM-Series BYOL licensing is used). For more information, please see [Autoscaling the VM-Series on GCP](https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/set-up-the-vm-series-firewall-on-google-cloud-platform/autoscaling-on-google-cloud-platform). | `bool` | `true` | no |
+| <a name="input_delicensing_cloud_function_config"></a> [delicensing\_cloud\_function\_config](#input\_delicensing\_cloud\_function\_config) | Defining `delicensing_cloud_function_config` enables creation of delicesing cloud function and related resources.<br />The variable contains the following configuration parameters that are related to Cloud Function:<br />- `name_prefix`           - Resource name prefix<br />- `function_name`         - Cloud Function base name<br />- `region`                - Cloud Function region<br />- `bucket_location`       - Cloud Function source code bucket location <br />- `panorama_address`      - Panorama IP address/FQDN<br />- `panorama2_address`     - Panorama 2 IP address/FQDN. Set if Panorama is in HA mode<br />- `vpc_connector_network` - Panorama VPC network Name<br />- `vpc_connector_cidr`    - VPC connector /28 CIDR.<br />                            VPC connector will be user for delicensing CFN to access Panorama VPC network.<br /> <br /><br />Example:<pre>{<br />  name\_prefix           = "abc-"<br />  function\_name         = "delicensing-cfn"<br />  region                = "europe-central1"<br />  bucket\_location       = "EU"<br />  panorama\_address      = "1.1.1.1"<br />  panorama2\_address     = ""<br />  vpc\_connector\_network = "panorama-vpc"<br />  vpc\_connector\_cidr    = "10.10.190.0/28"<br />}</pre> | <pre>object({<br />    name\_prefix           = string<br />    function\_name         = string<br />    region                = string<br />    bucket\_location       = string<br />    panorama\_address      = string<br />    panorama2\_address     = string<br />    vpc\_connector\_network = string<br />    vpc\_connector\_cidr    = string<br />  })</pre> | `null` | no |
 | <a name="input_disk_type"></a> [disk\_type](#input\_disk\_type) | The disk type that is attached to the instances of the VM-Series firewalls. | `string` | `"pd-ssd"` | no |
 | <a name="input_image"></a> [image](#input\_image) | Link to VM-Series PAN-OS image. Can be either a full self\_link, or one of the shortened forms per the [provider doc](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_instance#image). | `string` | `"https://www.googleapis.com/compute/v1/projects/paloaltonetworksgcp-public/global/images/vmseries-byol-1014"` | no |
 | <a name="input_machine_type"></a> [machine\_type](#input\_machine\_type) | The instance type for the VM-Series firewalls. | `string` | `"n2-standard-4"` | no |
@@ -71,6 +87,7 @@ No modules.
 | <a name="input_name"></a> [name](#input\_name) | The name of the VM-Series deployed. This value will be used as the `base_instance_name` and will be used as a prepended prefix for other created resources. | `string` | n/a | yes |
 | <a name="input_named_ports"></a> [named\_ports](#input\_named\_ports) | A list of named port configurations. The name identifies the backend port to receive the traffic <br />from the global load balancers.<pre>named\_ports = [<br />  {<br />    name = "http"<br />    port = "80"<br />  },<br />  {<br />    name = "app42"<br />    port = "4242"<br />  },<br />]</pre> | `list` | `[]` | no |
 | <a name="input_network_interfaces"></a> [network\_interfaces](#input\_network\_interfaces) | List of the network interface specifications.<br /><br />Available options:<br />- `subnetwork`       - (Required\|string) Self-link of a subnetwork to create interface in.<br />- `create_public_ip` - (Optional\|boolean) Whether to reserve public IP for the interface. | `list(any)` | n/a | yes |
+| <a name="input_project_id"></a> [project\_id](#input\_project\_id) | GCP Project ID to contain the created cloud resources. | `string` | `null` | no |
 | <a name="input_region"></a> [region](#input\_region) | The Google Cloud region for the resources. If null, provider region will be used. | `string` | `null` | no |
 | <a name="input_regional_mig"></a> [regional\_mig](#input\_regional\_mig) | Sets the managed instance group type to either a regional (if `true`) or a zonal (if `false`).<br />For more information please see [About regional MIGs](https://cloud.google.com/compute/docs/instance-groups/regional-migs#why_choose_regional_managed_instance_groups). | `bool` | n/a | yes |
 | <a name="input_scale_in_control_replicas_fixed"></a> [scale\_in\_control\_replicas\_fixed](#input\_scale\_in\_control\_replicas\_fixed) | Fixed number of VM-Series instances that can be killed within the scale-in time window. See `scale_in_control` in the [provider doc](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_autoscaler). | `number` | `1` | no |
diff --git a/products/terraform/docs/swfw/gcp/vmseries/modules/bootstrap.md b/products/terraform/docs/swfw/gcp/vmseries/modules/bootstrap.md
index d1e4569b9..fe5c9da17 100644
--- a/products/terraform/docs/swfw/gcp/vmseries/modules/bootstrap.md
+++ b/products/terraform/docs/swfw/gcp/vmseries/modules/bootstrap.md
@@ -18,7 +18,7 @@ title: Google Cloud Storage Bucket For Initial Boot Of Palo Alto Networks VM-Ser
 
 # Google Cloud Storage Bucket For Initial Boot Of Palo Alto Networks VM-Series
 
-[![GitHub Logo](/img/view_on_github.png)](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/examples/bootstrap) [![Terraform Logo](/img/view_on_terraform_registry.png)](https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/google/latest/examples/bootstrap)
+[![GitHub Logo](/img/view_on_github.png)](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/bootstrap) [![Terraform Logo](/img/view_on_terraform_registry.png)](https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/google/latest/submodules/bootstrap)
 
 ## Reference
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/products/terraform/docs/swfw/gcp/vmseries/modules/iam_service_account.md b/products/terraform/docs/swfw/gcp/vmseries/modules/iam_service_account.md
index 0bb07721c..066826474 100644
--- a/products/terraform/docs/swfw/gcp/vmseries/modules/iam_service_account.md
+++ b/products/terraform/docs/swfw/gcp/vmseries/modules/iam_service_account.md
@@ -25,7 +25,7 @@ The account produced by this module is intended to have minimal required permiss
 
 [Google Cloud Docs](https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances#best_practices)
 
-[![GitHub Logo](/img/view_on_github.png)](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/examples/iam_service_account) [![Terraform Logo](/img/view_on_terraform_registry.png)](https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/google/latest/examples/iam_service_account)
+[![GitHub Logo](/img/view_on_github.png)](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/iam_service_account) [![Terraform Logo](/img/view_on_terraform_registry.png)](https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/google/latest/submodules/iam_service_account)
 
 ## Reference
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/products/terraform/docs/swfw/gcp/vmseries/modules/lb_external.md b/products/terraform/docs/swfw/gcp/vmseries/modules/lb_external.md
index 10b6036ad..7865b2307 100644
--- a/products/terraform/docs/swfw/gcp/vmseries/modules/lb_external.md
+++ b/products/terraform/docs/swfw/gcp/vmseries/modules/lb_external.md
@@ -26,7 +26,7 @@ title: Externally-Facing Regional TCP/UDP Network Load Balancer on GCP
   - Can only use the nic0 (the base interface) of an instance.
   - Cannot serve as a next hop in a GCP custom routing table entry.
 
-[![GitHub Logo](/img/view_on_github.png)](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/examples/lb_external) [![Terraform Logo](/img/view_on_terraform_registry.png)](https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/google/latest/examples/lb_external)
+[![GitHub Logo](/img/view_on_github.png)](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_external) [![Terraform Logo](/img/view_on_terraform_registry.png)](https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/google/latest/submodules/lb_external)
 
 ## Reference
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/products/terraform/docs/swfw/gcp/vmseries/modules/lb_http_ext_global.md b/products/terraform/docs/swfw/gcp/vmseries/modules/lb_http_ext_global.md
index 18bf0e6b3..7979b1bea 100644
--- a/products/terraform/docs/swfw/gcp/vmseries/modules/lb_http_ext_global.md
+++ b/products/terraform/docs/swfw/gcp/vmseries/modules/lb_http_ext_global.md
@@ -21,7 +21,7 @@ title: Google Cloud HTTP/HTTPS External Global Load Balancer
 A simplified GLB, which assumes that all participating instances are equally capable and that all
 participating groups are equally capable as well.
 
-[![GitHub Logo](/img/view_on_github.png)](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/examples/lb_http_ext_global) [![Terraform Logo](/img/view_on_terraform_registry.png)](https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/google/latest/examples/lb_http_ext_global)
+[![GitHub Logo](/img/view_on_github.png)](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_http_ext_global) [![Terraform Logo](/img/view_on_terraform_registry.png)](https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/google/latest/submodules/lb_http_ext_global)
 
 ## Example
 
diff --git a/products/terraform/docs/swfw/gcp/vmseries/modules/lb_internal.md b/products/terraform/docs/swfw/gcp/vmseries/modules/lb_internal.md
index 6a48ed0a6..c109a6e6e 100644
--- a/products/terraform/docs/swfw/gcp/vmseries/modules/lb_internal.md
+++ b/products/terraform/docs/swfw/gcp/vmseries/modules/lb_internal.md
@@ -18,7 +18,7 @@ title: Internally-Facing Regional TCP/UDP Load Balancer on GCP
 
 # Internally-Facing Regional TCP/UDP Load Balancer on GCP
 
-[![GitHub Logo](/img/view_on_github.png)](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/examples/lb_internal) [![Terraform Logo](/img/view_on_terraform_registry.png)](https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/google/latest/examples/lb_internal)
+[![GitHub Logo](/img/view_on_github.png)](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/lb_internal) [![Terraform Logo](/img/view_on_terraform_registry.png)](https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/google/latest/submodules/lb_internal)
 
 ## Reference
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
@@ -47,7 +47,6 @@ No modules.
 | [google-beta_google_compute_region_backend_service.this](https://registry.terraform.io/providers/hashicorp/google-beta/latest/docs/resources/google_compute_region_backend_service) | resource |
 | [google_compute_forwarding_rule.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_forwarding_rule) | resource |
 | [google_compute_health_check.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_health_check) | resource |
-| [google_client_config.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config) | data source |
 
 ### Inputs
 
diff --git a/products/terraform/docs/swfw/gcp/vmseries/modules/panorama.md b/products/terraform/docs/swfw/gcp/vmseries/modules/panorama.md
index 2358a2aa1..1c22821f3 100644
--- a/products/terraform/docs/swfw/gcp/vmseries/modules/panorama.md
+++ b/products/terraform/docs/swfw/gcp/vmseries/modules/panorama.md
@@ -20,7 +20,7 @@ title: Palo Alto Networks Panorama Module for Google Clooud Platform
 
 A Terraform module for deploying a Panorama instance in the Google Cloud Platform.
 
-[![GitHub Logo](/img/view_on_github.png)](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/examples/panorama) [![Terraform Logo](/img/view_on_terraform_registry.png)](https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/google/latest/examples/panorama)
+[![GitHub Logo](/img/view_on_github.png)](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/panorama) [![Terraform Logo](/img/view_on_terraform_registry.png)](https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/google/latest/submodules/panorama)
 
 ## Usage
 
diff --git a/products/terraform/docs/swfw/gcp/vmseries/modules/vmseries.md b/products/terraform/docs/swfw/gcp/vmseries/modules/vmseries.md
index 3ea60ceb6..449dff1aa 100644
--- a/products/terraform/docs/swfw/gcp/vmseries/modules/vmseries.md
+++ b/products/terraform/docs/swfw/gcp/vmseries/modules/vmseries.md
@@ -24,7 +24,7 @@ When troubleshooting you can use this module also with a good ol' Linux image. I
 
 - One cannot connect to `nic1` of Linux, because GCP DHCP doesn't ever furnish it with a default route. Connect to the primary interface (the `nic0`) for both data traffic and management traffic.
 
-[![GitHub Logo](/img/view_on_github.png)](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/examples/vmseries) [![Terraform Logo](/img/view_on_terraform_registry.png)](https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/google/latest/examples/vmseries)
+[![GitHub Logo](/img/view_on_github.png)](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vmseries) [![Terraform Logo](/img/view_on_terraform_registry.png)](https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/google/latest/submodules/vmseries)
 
 ## Reference
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/products/terraform/docs/swfw/gcp/vmseries/modules/vpc-peering.md b/products/terraform/docs/swfw/gcp/vmseries/modules/vpc-peering.md
index f5d54e4d0..4c16df957 100644
--- a/products/terraform/docs/swfw/gcp/vmseries/modules/vpc-peering.md
+++ b/products/terraform/docs/swfw/gcp/vmseries/modules/vpc-peering.md
@@ -22,7 +22,7 @@ The module allows to create VPC peering between two networks in both directions.
 
 By default, no routes are exported/imported for each direction, every option has to be explicitely enabled by setting appropriate value to `true`.
 
-[![GitHub Logo](/img/view_on_github.png)](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/examples/vpc-peering) [![Terraform Logo](/img/view_on_terraform_registry.png)](https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/google/latest/examples/vpc-peering)
+[![GitHub Logo](/img/view_on_github.png)](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc-peering) [![Terraform Logo](/img/view_on_terraform_registry.png)](https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/google/latest/submodules/vpc-peering)
 
 ## Reference
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/products/terraform/docs/swfw/gcp/vmseries/modules/vpc.md b/products/terraform/docs/swfw/gcp/vmseries/modules/vpc.md
index 72919d4c4..f4b313968 100644
--- a/products/terraform/docs/swfw/gcp/vmseries/modules/vpc.md
+++ b/products/terraform/docs/swfw/gcp/vmseries/modules/vpc.md
@@ -29,7 +29,7 @@ Any existing networks/subnetworks can work equally well, independent on how they
 For Terraform 0.13+, a viable alternative is to use [Goggle-authored Terraform modules](https://registry.terraform.io/modules/terraform-google-modules/network)
 and employ `for_each` or `count` parameters when needed.
 
-[![GitHub Logo](/img/view_on_github.png)](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/examples/vpc) [![Terraform Logo](/img/view_on_terraform_registry.png)](https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/google/latest/examples/vpc)
+[![GitHub Logo](/img/view_on_github.png)](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpc) [![Terraform Logo](/img/view_on_terraform_registry.png)](https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/google/latest/submodules/vpc)
 
 ## Reference
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/products/terraform/docs/swfw/gcp/vmseries/modules/vpn.md b/products/terraform/docs/swfw/gcp/vmseries/modules/vpn.md
new file mode 100644
index 000000000..1f1ede24d
--- /dev/null
+++ b/products/terraform/docs/swfw/gcp/vmseries/modules/vpn.md
@@ -0,0 +1,270 @@
+---
+hide_title: true
+id: vpn
+keywords:
+- pan-os
+- panos
+- firewall
+- configuration
+- terraform
+- vmseries
+- vm-series
+- gcp
+pagination_next: null
+pagination_prev: null
+sidebar_label: Vpn
+title: VPN
+---
+
+# VPN
+
+This module makes it easy to deploy either GCP-to-GCP or GCP-to-On-prem VPN using [Cloud HA VPN](https://cloud.google.com/vpn/docs/concepts/overview#ha-vpn) including HA VPN Gateway itself. VPN includes one or more VPN instances (connections).
+
+Each created VPN instance is represented by 1..4 VPN tunnels that taget remote VPN gateway(s) located in a single remote location. Remote VPN gateway(s) might have singe IP address (`redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"`) or 2 IP addresses (`redundancy_type = "TWO_IPS_REDUNDANCY"`).
+
+[![GitHub Logo](/img/view_on_github.png)](https://github.com/PaloAltoNetworks/terraform-google-vmseries-modules/tree/main/modules/vpn) [![Terraform Logo](/img/view_on_terraform_registry.png)](https://registry.terraform.io/modules/PaloAltoNetworks/vmseries-modules/google/latest/submodules/vpn)
+
+## Example
+
+```hcl
+data "google_compute_network" "test" {
+  name    = "<network_name>"
+  project = "<project_id>"
+}
+
+module "vpn" {
+  source = "../../../modules/vpn"
+
+  project = "<project_id>"
+  region  = "us-central1"
+
+  vpn_gateway_name = "my-test-gateway"
+  router_name      = "my-test-router"
+  network          = data.google_compute_network.test.self_link
+
+  vpn_config = {
+    router_asn    = 65000
+    local_network = "vpc-vpn"
+
+    router_advertise_config = {
+      ip_ranges = {
+        "10.10.0.0/16" : "GCP range 1"
+      }
+      mode   = "CUSTOM"
+      groups = null
+    }
+
+    instances = {
+      vpn-to-onprem1 = {
+        name = "vpn-to-onprem1",
+        peer_external_gateway = {
+          redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"
+          interfaces = [{
+            id         = 0
+            ip_address = "1.1.1.1"
+          }]
+        },
+        tunnels = {
+          remote0 = {
+            bgp_peer = {
+              address = "169.254.1.2"
+              asn     = 65001
+            }
+            bgp_peer_options                = null
+            bgp_session_range               = "169.254.1.1/30"
+            ike_version                     = 2
+            vpn_gateway_interface           = 0
+            peer_external_gateway_interface = 0
+            shared_secret                   = "secret"
+          }
+          remote1 = {
+            bgp_peer = {
+              address = "169.254.1.6"
+              asn     = 65001
+            }
+            bgp_peer_options                = null
+            bgp_session_range               = "169.254.1.5/30"
+            ike_version                     = 2
+            vpn_gateway_interface           = 1
+            peer_external_gateway_interface = null
+            shared_secret                   = "secret"
+          }
+        }
+      }
+      vpn-to-onprem2 = {
+        name = "vpn-to-onprem2",
+        peer_external_gateway = {
+          redundancy_type = "TWO_IPS_REDUNDANCY"
+          interfaces = [{
+            id         = 0
+            ip_address = "3.3.3.3"
+            }, {
+            id         = 1
+            ip_address = "4.4.4.4"
+          }]
+        },
+        tunnels = {
+          remote0 = {
+            bgp_peer = {
+              address = "169.254.2.2"
+              asn     = 65002
+            }
+            bgp_peer_options                = null
+            bgp_session_range               = "169.254.2.1/30"
+            ike_version                     = 2
+            vpn_gateway_interface           = 0
+            peer_external_gateway_interface = 0
+            shared_secret                   = "secret"
+          }
+          remote1 = {
+            bgp_peer = {
+              address = "169.254.2.6"
+              asn     = 65002
+            }
+            bgp_peer_options                = null
+            bgp_session_range               = "169.254.2.5/30"
+            ike_version                     = 2
+            vpn_gateway_interface           = 1
+            peer_external_gateway_interface = 1
+            shared_secret                   = "secret"
+          }
+        }
+      }
+      vpn-to-gcp = {
+        name = "vpn-to-gcp",
+
+        peer_gcp_gateway = "https://www.googleapis.com/compute/v1/projects/<remote_project_id>/regions/<region>/vpnGateways/<remote_vpn_gw_name>"
+
+        tunnels = {
+          remote0 = {
+            bgp_peer = {
+              address = "169.254.3.2"
+              asn     = 65003
+            }
+            bgp_peer_options                = null
+            bgp_session_range               = "169.254.3.1/30"
+            ike_version                     = 2
+            vpn_gateway_interface           = 0
+            peer_external_gateway_interface = null
+            shared_secret                   = "secret"
+          }
+          remote1 = {
+            bgp_peer = {
+              address = "169.254.3.6"
+              asn     = 65003
+            }
+            bgp_peer_options                = null
+            bgp_session_range               = "169.254.3.5/30"
+            ike_version                     = 2
+            vpn_gateway_interface           = 1
+            peer_external_gateway_interface = 1
+            shared_secret                   = "secret"
+          }
+        }
+      }
+    }
+  }
+}
+```
+
+## Reference
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+### Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.2, < 2.0 |
+| <a name="requirement_google"></a> [google](#requirement\_google) | >= 4.58 |
+
+### Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_google"></a> [google](#provider\_google) | >= 4.58 |
+| <a name="provider_google-beta"></a> [google-beta](#provider\_google-beta) | n/a |
+| <a name="provider_random"></a> [random](#provider\_random) | n/a |
+
+### Modules
+
+No modules.
+
+### Resources
+
+| Name | Type |
+|------|------|
+| [google-beta_google_compute_vpn_tunnel.tunnels](https://registry.terraform.io/providers/hashicorp/google-beta/latest/docs/resources/google_compute_vpn_tunnel) | resource |
+| [google_compute_external_vpn_gateway.external_gateway](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_external_vpn_gateway) | resource |
+| [google_compute_ha_vpn_gateway.ha_gateway](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_ha_vpn_gateway) | resource |
+| [google_compute_router.router](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_router) | resource |
+| [google_compute_router_interface.router_interface](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_router_interface) | resource |
+| [google_compute_router_peer.bgp_peer](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_router_peer) | resource |
+| [random_id.secret](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
+
+### Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_labels"></a> [labels](#input\_labels) | Labels for VPN components | `map(string)` | `{}` | no |
+| <a name="input_network"></a> [network](#input\_network) | VPC network ID that should be used for deployment | `string` | n/a | yes |
+| <a name="input_project"></a> [project](#input\_project) | n/a | `string` | `null` | no |
+| <a name="input_region"></a> [region](#input\_region) | Region to deploy VPN gateway in | `string` | n/a | yes |
+| <a name="input_router_name"></a> [router\_name](#input\_router\_name) | Cloud router name. The router is created by the module | `string` | `null` | no |
+| <a name="input_vpn_config"></a> [vpn\_config](#input\_vpn\_config) | VPN configuration from GCP to on-prem or from GCP to GCP.<br />If you'd like secrets to be randomly generated set `shared_secret` to empty string ("").<br /><br />Example:<pre>vpn\_config = {<br />  router\_asn    = 65000<br />  local\_network = "vpc-vpn"<br /><br />  router\_advertise\_config = {<br />    ip\_ranges = {<br />      "10.10.0.0/16" : "GCP range 1"<br />    }<br />    mode   = "CUSTOM"<br />    groups = null<br />  }<br /><br />  instances = {<br />    vpn-to-onprem = {<br />      name = "vpn-to-onprem",<br />      peer\_external\_gateway = {<br />        redundancy\_type = "TWO\_IPS\_REDUNDANCY"<br />        interfaces = [{<br />          id         = 0<br />          ip\_address = "1.1.1.1"<br />          }, {<br />          id         = 1<br />          ip\_address = "2.2.2.2"<br />        }]<br />      },<br />      tunnels = {<br />        remote0 = {<br />          bgp\_peer = {<br />            address = "169.254.1.2"<br />            asn     = 65001<br />          }<br />          bgp\_peer\_options                = null<br />          bgp\_session\_range               = "169.254.1.1/30"<br />          ike\_version                     = 2<br />          vpn\_gateway\_interface           = 0<br />          peer\_external\_gateway\_interface = 0<br />          shared\_secret                   = "secret"<br />        }<br />        remote1 = {<br />          bgp\_peer = {<br />            address = "169.254.1.6"<br />            asn     = 65001<br />          }<br />          bgp\_peer\_options                = null<br />          bgp\_session\_range               = "169.254.1.5/30"<br />          ike\_version                     = 2<br />          vpn\_gateway\_interface           = 1<br />          peer\_external\_gateway\_interface = 1<br />          shared\_secret                   = "secret"<br />        }<br />      }<br />    }<br />  }<br />}</pre> | `any` | n/a | yes |
+| <a name="input_vpn_gateway_name"></a> [vpn\_gateway\_name](#input\_vpn\_gateway\_name) | VPN gateway name. Gateway created by the module | `string` | n/a | yes |
+
+### Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_random_secret"></a> [random\_secret](#output\_random\_secret) | HA VPN IPsec tunnels secret that has been randomly generated |
+| <a name="output_vpn_gw_local_address_1"></a> [vpn\_gw\_local\_address\_1](#output\_vpn\_gw\_local\_address\_1) | HA VPN gateway IP address 1 |
+| <a name="output_vpn_gw_local_address_2"></a> [vpn\_gw\_local\_address\_2](#output\_vpn\_gw\_local\_address\_2) | HA VPN gateway IP address 2 |
+| <a name="output_vpn_gw_name"></a> [vpn\_gw\_name](#output\_vpn\_gw\_name) | HA VPN gateway name |
+| <a name="output_vpn_gw_self_link"></a> [vpn\_gw\_self\_link](#output\_vpn\_gw\_self\_link) | HA VPN gateway self\_link |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.2, < 2.0 |
+| <a name="requirement_google"></a> [google](#requirement\_google) | == 4.58 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_google"></a> [google](#provider\_google) | == 4.58 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_vpn_ha"></a> [vpn\_ha](#module\_vpn\_ha) | terraform-google-modules/vpn/google | 3.0.1 |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [google_compute_ha_vpn_gateway.ha_gateway](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_ha_vpn_gateway) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_project"></a> [project](#input\_project) | n/a | `string` | `null` | no |
+| <a name="input_region"></a> [region](#input\_region) | Region to deploy VPN gateway in | `string` | n/a | yes |
+| <a name="input_vpc_network_id"></a> [vpc\_network\_id](#input\_vpc\_network\_id) | VPC network ID that should be used for deployment | `string` | n/a | yes |
+| <a name="input_vpn"></a> [vpn](#input\_vpn) | VPN configuration from GCP to on-prem or from GCP to GCP.<br />If you'd like secrets to be randomly generated set `shared_secret` to empty string ("").<br /><br />Example:<pre>vpn = {<br />router\_asn    = 65000<br />local\_network = "vpc-vpn"<br /><br />router\_advertise\_config = {<br />  ip\_ranges = {<br />    "10.10.0.0/16" : "GCP range 1"<br />  }<br />  mode   = "CUSTOM"<br />  groups = null<br />}<br /><br />instances = {<br />  vpn-to-onprem = {<br />    name = "vpn-to-onprem",<br />    peer\_external\_gateway = {<br />      redundancy\_type = "TWO\_IPS\_REDUNDANCY"<br />      interfaces = [{<br />        id         = 0<br />        ip\_address = "1.1.1.1"<br />        }, {<br />        id         = 1<br />        ip\_address = "2.2.2.2"<br />      }]<br />    },<br />    tunnels = {<br />      remote0 = {<br />        bgp\_peer = {<br />          address = "169.254.1.2"<br />          asn     = 65001<br />        }<br />        bgp\_peer\_options                = null<br />        bgp\_session\_range               = "169.254.1.1/30"<br />        ike\_version                     = 2<br />        vpn\_gateway\_interface           = 0<br />        peer\_external\_gateway\_interface = 0<br />        shared\_secret                   = "secret"<br />      }<br />      remote1 = {<br />        bgp\_peer = {<br />          address = "169.254.1.6"<br />          asn     = 65001<br />        }<br />        bgp\_peer\_options                = null<br />        bgp\_session\_range               = "169.254.1.5/30"<br />        ike\_version                     = 2<br />        vpn\_gateway\_interface           = 1<br />        peer\_external\_gateway\_interface = 1<br />        shared\_secret                   = "secret"<br />      }<br />    }<br />  }<br />}</pre> | `any` | n/a | yes |
+| <a name="input_vpn_gateway_name"></a> [vpn\_gateway\_name](#input\_vpn\_gateway\_name) | VPN gateway name | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_local_ipsec_gw2_address_2"></a> [local\_ipsec\_gw2\_address\_2](#output\_local\_ipsec\_gw2\_address\_2) | HA VPN gateway IP address 2 |
+| <a name="output_local_ipsec_gw_address_1"></a> [local\_ipsec\_gw\_address\_1](#output\_local\_ipsec\_gw\_address\_1) | HA VPN gateway IP address 1 |
+| <a name="output_random_secrets_map"></a> [random\_secrets\_map](#output\_random\_secrets\_map) | HA VPN IPsec tunnels secrets that were randomly generated |
+| <a name="output_vpn_gateway_name"></a> [vpn\_gateway\_name](#output\_vpn\_gateway\_name) | HA VPN gateway name |
+| <a name="output_vpn_gateway_self_link"></a> [vpn\_gateway\_self\_link](#output\_vpn\_gateway\_self\_link) | HA VPN gateway self\_link |
+<!-- END_TF_DOCS -->
\ No newline at end of file