Requires an existing project
, service account
as demonstrated in gcp-tf-starter
This module adds the following to your existing project:
- Storage Bucket
- KMS key assigned to a Service Account
- Top-Level Network and Subnet
See it in action at https://github.com/cloudymax/gcp-tf-starter
module "gcp-tf-base" {
source = "github.com/cloudymax/modules-gcp-tf-base.git"
organization = var.organization
organization_id = var.organization_id
billing_account = var.billing_account
main_availability_zone = var.main_availability_zone
location = var.location
project_name = var.project_name
project_id = var.project_id
keyring = var.keyring
keyring_key = var.keyring_key
big_robot_group = var.big_robot_group
big_robot_name = var.big_robot_name
big_robot_email = var.big_robot_email
# State bucket
backend_bucket_name = var.backend_bucket_name
bucket_path_prefix = var.bucket_path_prefix
}
No requirements.
Name | Version |
---|---|
n/a | |
random | n/a |
No modules.
Name | Type |
---|---|
google_compute_network.network | resource |
google_compute_shared_vpc_host_project.host | resource |
google_compute_subnetwork.default_subnet | resource |
google_kms_crypto_key.key | resource |
google_kms_key_ring_iam_policy.key_ring_policy | resource |
google_service_account_key.mykey | resource |
random_string.random-key-name | resource |
google_client_config.current | data source |
google_cloud_identity_groups.cloud_identity_group_basic | data source |
google_iam_policy.keyEditor | data source |
google_kms_key_ring.keyring | data source |
google_project.my_project | data source |
google_service_account.current | data source |
google_storage_bucket.bucket | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
backend_bucket_name | name of the bucket that will hold the terraform state | string |
"slim" |
no |
big_robot_email | email of the top-level service account | string |
n/a | yes |
big_robot_group | group for top-level service accounts | string |
n/a | yes |
big_robot_name | Name of the top-level service account | string |
n/a | yes |
billing_account | the billing account you want all this to go under | string |
n/a | yes |
bucket_path_prefix | path to the terrafom state in the bucket | string |
n/a | yes |
keyring | Name for your keyring decryption key | string |
n/a | yes |
keyring_key | name for the key you will create in the keyring | string |
n/a | yes |
location | geographic location/region | string |
n/a | yes |
main_availability_zone | availability zone within your region/location | string |
n/a | yes |
organization | your GCP organization name | string |
n/a | yes |
organization_id | gcloud projects describe --format='value(parent.id)' | string |
n/a | yes |
project_id | machine readable project name | string |
n/a | yes |
project_name | The human-readbale project name string | string |
n/a | yes |
Name | Description |
---|---|
google_kms_crypto_key_id | n/a |
network_name | n/a |
service_account_key_id | n/a |
subnet_name | n/a |