This repository is maintained by Darkbit.io, a cloud-native security assessment consulting firm based in the US that helps organizations understand the risks in their cloud and Kubernetes resource configurations. If you have found an issue, please file it using a GitHub issue.
This module (collection/gcp) implements the IAM permissions necessary to permit the Darkbit collection service to obtain GCP Cloud Asset Inventory Exports. Intended to be included in your existing Terraform codebase that creates and manages the GKE Clusters.
Basic usage of this module is as follows:
module "gcp-cai" {
source = "github.com/darkbitio/db-gcp-collection-module.git//collection/gcp?ref=0.1.0"
# Required
organization_id = "<GCP Organization Id Number>"
collection_sa_email = "<GCP Collection SA Email>"
}- Creates an IAM binding for the collection GCP SA to perform Cloud Asset Inventory exports at the organization level
- Outputs the GCP Organization Id
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| organizaton_id | The current GCP Organization Id | string |
n/a | yes |
| collection_sa_email | The provided GCP Service Account email used for GCP CAI Exports | string |
n/a | yes |
| Name | Description |
|---|---|
| org_id | The GCP Organization Number/ID |
- Terraform >= 0.13.0
- [terraform-provider-google] plugin 3.50.x
resourcemanager.organization.setIamPolicyat the organization node
The project requires the following APIs to be enabled for this module.
- Google Cloud Resource Manager API:
cloudresourcemanager.googleapis.com - Google Cloud IAM API:
iam.googleapis.com