https://github.com/osinfra-io/google-cloud-hierarchy
Infrastructure as Code (IaC) example for Google Cloud Platform Hierarchy.
https://github.com/osinfra-io/google-cloud-hierarchy
google-cloud-landing-zone-platform google-cloud-platform infrastructure-as-code osinfra platform-team terraform
Last synced: 3 months ago
JSON representation
Infrastructure as Code (IaC) example for Google Cloud Platform Hierarchy.
- Host: GitHub
- URL: https://github.com/osinfra-io/google-cloud-hierarchy
- Owner: osinfra-io
- License: gpl-2.0
- Created: 2022-09-24T18:41:25.000Z (almost 3 years ago)
- Default Branch: main
- Last Pushed: 2025-03-13T23:12:58.000Z (3 months ago)
- Last Synced: 2025-03-14T00:26:01.610Z (3 months ago)
- Topics: google-cloud-landing-zone-platform, google-cloud-platform, infrastructure-as-code, osinfra, platform-team, terraform
- Language: HCL
- Homepage: https://www.osinfra.io
- Size: 431 KB
- Stars: 2
- Watchers: 0
- Forks: 0
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Codeowners: .github/CODEOWNERS
- Security: SECURITY.md
Awesome Lists containing this project
README
# 
Google Cloud Platform - Hierarchy
**[GitHub Actions](https://github.com/osinfra-io/google-cloud-hierarchy/actions):**
[](https://github.com/osinfra-io/google-cloud-hierarchy/actions/workflows/dependabot.yml)
**[Infracost](https://www.infracost.io):**
[](https://dashboard.infracost.io/org/osinfra-io/repos/57318eb1-8a72-432f-8305-4ac7b10c9495?tab=settings)
💵 Monthly estimates based on Infracost baseline costs.
## 📄 Repository Description
This repository creates a resource hierarchy and manages IAM. It aligns with our [Google Cloud landing zone platform](https://docs.osinfra.io/google-cloud-platform/landing-zone) design. A landing zone should be a prerequisite to deploying enterprise workloads in a cloud environment.
## 🏭 Platform Information
- Documentation: [docs.osinfra.io](https://docs.osinfra.io/product-guides/google-cloud-platform/landing-zone/google-cloud-hierarchy)
- Service Interfaces: [github.com](https://github.com/osinfra-io/google-cloud-hierarchy/issues/new/choose)
## 
Development
Our focus is on the core fundamental practice of platform engineering, Infrastructure as Code.
>Open Source Infrastructure (as Code) is a development model for infrastructure that focuses on open collaboration and applying relative lessons learned from software development practices that organizations can use internally at scale. - [Open Source Infrastructure (as Code)](https://www.osinfra.io)
To avoid slowing down stream-aligned teams, we want to open up the possibility for contributions. The Open Source Infrastructure (as Code) model allows team members external to the platform team to contribute with only a slight increase in cognitive load. This section is for developers who want to contribute to this repository, describing the tools used, the skills, and the knowledge required, along with Terraform documentation.
See the documentation for setting up a development environment [here](https://docs.osinfra.io/fundamentals/development-setup).
### 🛠️ Tools
- [checkov](https://github.com/bridgecrewio/checkov)
- [infracost](https://github.com/infracost/infracost)
- [pre-commit](https://github.com/pre-commit/pre-commit)
- [pre-commit-terraform](https://github.com/antonbabenko/pre-commit-terraform)
- [terraform-docs](https://github.com/terraform-docs/terraform-docs)
### 📋 Skills and Knowledge
Links to documentation and other resources required to develop and iterate in this repository successfully.
- [resource hierarchy](https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy)
- [groups](https://cloud.google.com/identity/docs/groups)
- [iam](https://cloud.google.com/iam/docs/overview)
### 📓 Terraform Documentation
#### Providers
| Name | Version |
|------|---------|
| google | 6.16.0 |
#### Resources
| Name | Type |
|------|------|
| [google_billing_budget.organization](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/billing_budget) | resource |
| [google_billing_budget.services](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/billing_budget) | resource |
| [google_cloud_identity_group.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_identity_group) | resource |
| [google_cloud_identity_group_membership.managers](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_identity_group_membership) | resource |
| [google_cloud_identity_group_membership.members](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_identity_group_membership) | resource |
| [google_cloud_identity_group_membership.owners](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/cloud_identity_group_membership) | resource |
| [google_folder.environment](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/folder) | resource |
| [google_folder.service](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/folder) | resource |
| [google_folder.team](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/folder) | resource |
| [google_folder_iam_policy.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/folder_iam_policy) | resource |
| [google_organization_iam_custom_role.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/organization_iam_custom_role) | resource |
| [google_organization_iam_member.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/organization_iam_member) | resource |
| [google_iam_policy.this](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/iam_policy) | data source |
#### Inputs
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| billing\_account | The alphanumeric ID of the billing account this project belongs to | `string` | `"01C550-A2C86B-B8F16B"` | no |
| customer\_id | The unique customer ID assigned to you when you signed up for Google Workspace or Cloud Identity. You can look up this ID in your Admin console | `string` | `"C01hd34v8"` | no |
| folder\_iam\_policies | A map of authoritative IAM policies for the folder, replaces any existing policy already attached | ```map(object({ service = string environment = string bindings = list(object({ members = list(string) role = string })) }))``` | n/a | yes |
| folder\_services | A map of folder services to create | ```map(object({ display_name = string environments = list(string) monthly_budget_amount = optional(number, 10) parent = string }))``` | n/a | yes |
| folder\_teams | A map of folder teams to create | ```map(object({ display_name = string }))``` | n/a | yes |
| identity\_groups | A map of identity groups to create | ```map(object({ description = string display_name = string managers = list(string) members = list(string) owners = list(string) roles = list(string) }))``` | n/a | yes |
| organization\_custom\_iam\_roles | A map of organization custom IAM roles to create | ```map(object({ description = optional(string, null) permissions = list(string) role_id = string title = string }))``` | n/a | yes |
| organization\_id | The organization ID to create the hierarchy under | `string` | `"163313809793"` | no |
| organization\_monthly\_budget\_amount | The organization monthly budget amount in USD | `number` | `100` | no |
| primary\_domain | The main domain associated with your Google Workspace account. By default, your users get a username at this domain | `string` | `"osinfra.io"` | no |