Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/altissimo-hq/terraform-google-organization
Manages a Google Cloud Organization
https://github.com/altissimo-hq/terraform-google-organization
google organization terraform terraform-modules
Last synced: 1 day ago
JSON representation
Manages a Google Cloud Organization
- Host: GitHub
- URL: https://github.com/altissimo-hq/terraform-google-organization
- Owner: altissimo-hq
- License: gpl-3.0
- Created: 2023-04-18T19:18:03.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-02-24T20:00:48.000Z (9 months ago)
- Last Synced: 2024-02-24T21:20:51.138Z (9 months ago)
- Topics: google, organization, terraform, terraform-modules
- Language: HCL
- Homepage: https://registry.terraform.io/modules/altissimo-hq/organization/google/latest
- Size: 27.3 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
## Requirements
No requirements.
## Providers
| Name | Version |
|------|---------|
| [google](#provider\_google) | 5.14.0 |
| [google.sa](#provider\_google.sa) | 5.14.0 |
## Modules
| Name | Source | Version |
|------|--------|---------|
| [folders](#module\_folders) | altissimo-hq/folders/google | 1.0.0 |
| [project](#module\_project) | altissimo-hq/project/google | n/a |
| [terraform](#module\_terraform) | altissimo-hq/project/google | n/a |
## Resources
| Name | Type |
|------|------|
| [google_cloud_identity_group.groups](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_identity_group) | resource |
| [google_cloud_identity_group_membership.admin](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_identity_group_membership) | resource |
| [google_cloud_identity_group_membership.terraform](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_identity_group_membership) | resource |
| [google_organization_iam_policy.org](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/organization_iam_policy) | resource |
| [google_secret_manager_secret.terraform_sa_key](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/secret_manager_secret) | resource |
| [google_secret_manager_secret_version.terraform_sa_key](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/secret_manager_secret_version) | resource |
| [google_service_account_key.terraform](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account_key) | resource |
| [google_storage_bucket.terraform](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket) | resource |
| [google_iam_policy.org](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/iam_policy) | data source |
| [google_organization.org](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/organization) | data source |
## Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| [admin\_roles](#input\_admin\_roles) | IAM Roles to assign to the admin user in the organization (list) | `list(string)` |
[
"roles/owner",
"roles/resourcemanager.organizationAdmin"
]
| no |
| [admin\_user](#input\_admin\_user) | Admin User Name | `string` | `"admin"` | no |
| [billing\_account](#input\_billing\_account) | Billing Account ID | `string` | n/a | yes |
| [create\_terraform\_project](#input\_create\_terraform\_project) | Create Terraform Project | `bool` | `false` | no |
| [domain](#input\_domain) | Cloud Identity or Google Workspace Domain Name (e.g. example.com) | `string` | n/a | yes |
| [domain\_roles](#input\_domain\_roles) | IAM Roles to assign to every user in the organization (list) | `list(string)` | [
"roles/billing.creator",
"roles/resourcemanager.projectCreator"
]
| no |
| [folders](#input\_folders) | Top-level Folders to create and a map of groups and their roles (map) | `map(map(list(string)))` | n/a | yes |
| [groups](#input\_groups) | Cloud Identity Groups to create and their org-level IAM roles (map) | map(object({
display_name = optional(string)
description = optional(string)
roles = optional(list(string))
})) | {
"gcp-billing-admins": {
"description": "Billing administrators are responsible for setting up billing accounts and monitoring their usage",
"roles": [
"roles/billing.admin",
"roles/billing.creator",
"roles/resourcemanager.organizationViewer"
]
},
"gcp-developers": {
"description": "Developers are responsible for designing, coding, and testing applications",
"roles": []
},
"gcp-devops": {
"description": "DevOps practitioners create or manage end-to-end pipelines that support continuous integration and delivery, monitoring, and system provisioning",
"roles": [
"roles/resourcemanager.folderViewer"
]
},
"gcp-logging-admins": {
"description": "Logging administrators have access to all features of Logging",
"roles": [
"roles/logging.admin"
]
},
"gcp-logging-viewers": {
"description": "Logging viewers have read-only access to a specific subset of logs ingested into Logging",
"roles": []
},
"gcp-monitoring-admins": {
"description": "Monitoring administrators have access to use and configure all features of Cloud Monitoring",
"roles": [
"roles/monitoring.admin"
]
},
"gcp-network-admins": {
"description": "Network administrators are responsible for creating networks, subnets, firewall rules, and network devices such as cloud routers, Cloud VPN instances, and load balancers",
"roles": [
"roles/compute.networkAdmin",
"roles/compute.securityAdmin",
"roles/compute.xpnAdmin",
"roles/resourcemanager.folderViewer"
]
},
"gcp-organization-admins": {
"description": "Organization administrators have access to administer all resources belonging to the organization",
"roles": [
"roles/billing.user",
"roles/cloudsupport.admin",
"roles/iam.organizationRoleAdmin",
"roles/orgpolicy.policyAdmin",
"roles/resourcemanager.folderAdmin",
"roles/resourcemanager.organizationAdmin",
"roles/resourcemanager.projectCreator",
"roles/securitycenter.admin"
]
},
"gcp-security-admins": {
"description": "Security administrators are responsible for establishing and managing security policies for the entire organization, including access management and organization constraint policies",
"roles": [
"roles/bigquery.dataViewer",
"roles/compute.viewer",
"roles/container.viewer",
"roles/iam.organizationRoleViewer",
"roles/iam.securityReviewer",
"roles/logging.configWriter",
"roles/logging.privateLogViewer",
"roles/orgpolicy.policyAdmin",
"roles/orgpolicy.policyViewer",
"roles/resourcemanager.folderIamAdmin",
"roles/securitycenter.admin"
]
}
} | no |
| [labels](#input\_labels) | Labels to apply to all resources | `map(string)` | {
"created-by": "terraform-google-organization"
} | no |
| [project\_name\_prefix](#input\_project\_name\_prefix) | Project Display Name prefix (e.g. 'Company Name') | `string` | `null` | no |
| [project\_prefix](#input\_project\_prefix) | Project ID prefix (e.g. 'company-name') | `string` | n/a | yes |
| [projects](#input\_projects) | Projects to create (list) | map(object({
parent_folder = optional(string)
})) | {
"logging": {
"parent_folder": "Common"
},
"monitoring-dev": {
"parent_folder": "Common"
},
"monitoring-nonprod": {
"parent_folder": "Common"
},
"monitoring-prod": {
"parent_folder": "Common"
},
"vpc-host-dev": {
"parent_folder": "Common"
},
"vpc-host-nonprod": {
"parent_folder": "Common"
},
"vpc-host-prod": {
"parent_folder": "Common"
}
} | no |
## Outputs
| Name | Description |
|------|-------------|
| [iam\_policy\_bindings](#output\_iam\_policy\_bindings) | IAM policy bindings for the organization. |
| [org](#output\_org) | Google Organization Resource |
| [terraform\_project](#output\_terraform\_project) | Terraform Project Module |