Google Cloud Platform project Terraform module

This Terraform module provisions a Google Cloud Platform organization. It ships the following submodules:

Usage

module "gcp_project" {
  source  = "nephosolutions/organization/google"
  version = "~> 1.0.0"

  billing_account = "..."
  default_region  = "europe-west1"
  default_zone    = "europe-west1-b"
  labels          = {}
  org_id          = "..."
  project_name    = "My GCP Project"
}

Requirements

Name	Version
terraform	>= 0.13
google	>= 3.90

Providers

Name	Version
google	4.45.0

Modules

Name	Source	Version
audit_config	./modules/audit_config	n/a
bootstrap_project	nephosolutions/gcp-project/google	~> 7.1.0
cloud_identity_group	terraform-google-modules/group/google	~> 0.4
iam_memberships	./modules/iam_memberships	n/a

Resources

Name	Type
google_essential_contacts_contact.essential_contact	resource
google_organization_iam_binding.basic_role	resource
google_organization.org	data source

Inputs

Name	Description	Type	Default	Required
billing_account	The billing_account to which the projects should be attached to	`string`	n/a	yes
cloud_identity_groups	Contains the details of the Cloud Identity groups to be created.	object({ create_groups = bool billing_project = string required_groups = object({ audit_viewers = object({ id = string display_name = string description = string owners = list(string) managers = list(string) members = list(string) }) billing_admins = object({ id = string display_name = string description = string owners = list(string) managers = list(string) members = list(string) }) billing_data_users = object({ id = string display_name = string description = string owners = list(string) managers = list(string) members = list(string) }) monitoring_admins = object({ id = string display_name = string description = string owners = list(string) managers = list(string) members = list(string) }) network_viewers = object({ id = string display_name = string description = string owners = list(string) managers = list(string) members = list(string) }) org_admins = object({ id = string display_name = string description = string owners = list(string) managers = list(string) members = list(string) }) platform_viewers = object({ id = string display_name = string description = string owners = list(string) managers = list(string) members = list(string) }) scc_admins = object({ id = string display_name = string description = string owners = list(string) managers = list(string) members = list(string) }) secrets_admins = object({ id = string display_name = string description = string owners = list(string) managers = list(string) members = list(string) }) security_admins = object({ id = string display_name = string description = string owners = list(string) managers = list(string) members = list(string) }) security_reviewers = object({ id = string display_name = string description = string owners = list(string) managers = list(string) members = list(string) }) }) })	{ "billing_project": "", "create_groups": false, "required_groups": { "audit_viewers": { "description": "Members are part of an audit team and view audit logs in the logging project.", "display_name": "GCP Audit Viewers", "id": "[email protected]", "managers": [], "members": [], "owners": [] }, "billing_admins": { "description": "Billing admins are responsible for setting up billing accounts and monitoring their usage.", "display_name": "GCP Billing Admins", "id": "[email protected]", "managers": [], "members": [], "owners": [] }, "billing_data_users": { "description": "Members are authorized to view the spend on projects. Typical members are part of the finance team.", "display_name": "GCP Billing Data Users", "id": "[email protected]", "managers": [], "members": [], "owners": [] }, "monitoring_admins": { "description": "Members have access to Monitoring Workspaces.", "display_name": "GCP Monitoring Admins", "id": "[email protected]", "managers": [], "members": [], "owners": [] }, "network_viewers": { "description": "Members are part of the networking team and review network configurations.", "display_name": "GCP Network Viewers", "id": "[email protected]", "managers": [], "members": [], "owners": [] }, "org_admins": { "description": "Organization admins are responsible for organizing the structure of the resources used by the organization.", "display_name": "GCP Organization Admins", "id": "[email protected]", "managers": [], "members": [], "owners": [] }, "platform_viewers": { "description": "Members have the ability to view resource information across the Google Cloud organization.", "display_name": "GCP Platform Viewers", "id": "[email protected]", "managers": [], "members": [], "owners": [] }, "scc_admins": { "description": "Members can administer Security Command Center.", "display_name": "GCP Security Command Center Admins", "id": "[email protected]", "managers": [], "members": [], "owners": [] }, "secrets_admins": { "description": "Members are responsible for putting secrets into Secrets Manager.", "display_name": "GCP Secrets Manager Secrets Admins", "id": "[email protected]", "managers": [], "members": [], "owners": [] }, "security_admins": { "description": "Security admins are responsible for establishing and managing security policies for the entire organization, including access management and organization constraint policies.", "display_name": "GCP Security Admins", "id": "[email protected]", "managers": [], "members": [], "owners": [] }, "security_reviewers": { "description": "Members are part of the security team responsible for reviewing cloud security.", "display_name": "GCP Security Reviewers", "id": "[email protected]", "managers": [], "members": [], "owners": [] } } }	no
default_zone	The zone within a region used by default to create new resources	`string`	n/a	yes
editors	Identities that will be granted the basic role `editor` on the organization	`list(string)`	`[]`	no
essential_contacts_language	Essential Contacts preferred language for notifications, as a ISO 639-1 language code. See Supported languages for a list of supported languages.	`string`	`"en"`	no
iam_audit_config	Map of service APIs which will be enabled for audit logging, with a map of audit log types for which logging is to be configured, with an map of optional attributes including a list of identities that do not cause logging. google_folder_iam_audit_config	map(map(object({ exempted_members = list(string) })))	`{}`	no
org_id	The numeric ID of the Google Cloud organization.	`string`	n/a	yes
owners	Identities that will be granted the basic role `owner` on the organization	`list(string)`	`[]`	no
viewers	Identities that will be granted the basic role `viewer` on the organization	`list(string)`	`[]`	no

Outputs

Name	Description
bootstrap_project_id	Project where service accounts and core APIs will be enabled.
cloud_identity_groups	Map of Google Cloud Identity groups created.

Name		Name	Last commit message	Last commit date
Latest commit History 10 Commits
.github		.github
.idea		.idea
modules		modules
test/fixtures		test/fixtures
.editorconfig		.editorconfig
.gitignore		.gitignore
.license_header.txt		.license_header.txt
.pre-commit-config.yaml		.pre-commit-config.yaml
CHANGELOG.md		CHANGELOG.md
LICENSE		LICENSE
README.md		README.md
contacts.tf		contacts.tf
groups.tf		groups.tf
main.tf		main.tf
outputs.tf		outputs.tf
variables.tf		variables.tf
versions.tf		versions.tf

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Google Cloud Platform project Terraform module

Usage

Requirements

Providers

Modules

Resources

Inputs

Outputs

About

Releases 1

Packages

Languages

License

nephosolutions/terraform-google-organization

Folders and files

Latest commit

History

Repository files navigation

Google Cloud Platform project Terraform module

Usage

Requirements

Providers

Modules

Resources

Inputs

Outputs

About

Topics

Resources

License

Stars

Watchers

Forks

Releases 1

Packages 0

Languages

Packages