Skip to content

altissimo-hq/terraform-google-organization

BranchesTags

Repository files navigation

Requirements

No requirements.

Providers

Name Version
google 5.14.0
google.sa 5.14.0

Modules

Name Source Version
folders altissimo-hq/folders/google 1.0.0
project altissimo-hq/project/google n/a
terraform altissimo-hq/project/google n/a

Resources

Name Type
google_cloud_identity_group.groups resource
google_cloud_identity_group_membership.admin resource
google_cloud_identity_group_membership.terraform resource
google_organization_iam_policy.org resource
google_secret_manager_secret.terraform_sa_key resource
google_secret_manager_secret_version.terraform_sa_key resource
google_service_account_key.terraform resource
google_storage_bucket.terraform resource
google_iam_policy.org data source
google_organization.org data source

Inputs

Name Description Type Default Required
admin_roles IAM Roles to assign to the admin user in the organization (list) list(string) 
[
  "roles/owner",
  "roles/resourcemanager.organizationAdmin"
]
 no
admin_user Admin User Name string "admin" no
billing_account Billing Account ID string n/a yes
create_terraform_project Create Terraform Project bool false no
domain Cloud Identity or Google Workspace Domain Name (e.g. example.com) string n/a yes
domain_roles IAM Roles to assign to every user in the organization (list) list(string) 
[
  "roles/billing.creator",
  "roles/resourcemanager.projectCreator"
]
 no
folders Top-level Folders to create and a map of groups and their roles (map) map(map(list(string))) n/a yes
groups Cloud Identity Groups to create and their org-level IAM roles (map) 
map(object({
    display_name = optional(string)
    description  = optional(string)
    roles        = optional(list(string))
  }))
 
{
  "gcp-billing-admins": {
    "description": "Billing administrators are responsible for setting up billing accounts and monitoring their usage",
    "roles": [
      "roles/billing.admin",
      "roles/billing.creator",
      "roles/resourcemanager.organizationViewer"
    ]
  },
  "gcp-developers": {
    "description": "Developers are responsible for designing, coding, and testing applications",
    "roles": []
  },
  "gcp-devops": {
    "description": "DevOps practitioners create or manage end-to-end pipelines that support continuous integration and delivery, monitoring, and system provisioning",
    "roles": [
      "roles/resourcemanager.folderViewer"
    ]
  },
  "gcp-logging-admins": {
    "description": "Logging administrators have access to all features of Logging",
    "roles": [
      "roles/logging.admin"
    ]
  },
  "gcp-logging-viewers": {
    "description": "Logging viewers have read-only access to a specific subset of logs ingested into Logging",
    "roles": []
  },
  "gcp-monitoring-admins": {
    "description": "Monitoring administrators have access to use and configure all features of Cloud Monitoring",
    "roles": [
      "roles/monitoring.admin"
    ]
  },
  "gcp-network-admins": {
    "description": "Network administrators are responsible for creating networks, subnets, firewall rules, and network devices such as cloud routers, Cloud VPN instances, and load balancers",
    "roles": [
      "roles/compute.networkAdmin",
      "roles/compute.securityAdmin",
      "roles/compute.xpnAdmin",
      "roles/resourcemanager.folderViewer"
    ]
  },
  "gcp-organization-admins": {
    "description": "Organization administrators have access to administer all resources belonging to the organization",
    "roles": [
      "roles/billing.user",
      "roles/cloudsupport.admin",
      "roles/iam.organizationRoleAdmin",
      "roles/orgpolicy.policyAdmin",
      "roles/resourcemanager.folderAdmin",
      "roles/resourcemanager.organizationAdmin",
      "roles/resourcemanager.projectCreator",
      "roles/securitycenter.admin"
    ]
  },
  "gcp-security-admins": {
    "description": "Security administrators are responsible for establishing and managing security policies for the entire organization, including access management and organization constraint policies",
    "roles": [
      "roles/bigquery.dataViewer",
      "roles/compute.viewer",
      "roles/container.viewer",
      "roles/iam.organizationRoleViewer",
      "roles/iam.securityReviewer",
      "roles/logging.configWriter",
      "roles/logging.privateLogViewer",
      "roles/orgpolicy.policyAdmin",
      "roles/orgpolicy.policyViewer",
      "roles/resourcemanager.folderIamAdmin",
      "roles/securitycenter.admin"
    ]
  }
}
 no
labels Labels to apply to all resources map(string) 
{
  "created-by": "terraform-google-organization"
}
 no
project_name_prefix Project Display Name prefix (e.g. 'Company Name') string null no
project_prefix Project ID prefix (e.g. 'company-name') string n/a yes
projects Projects to create (list) 
map(object({
    parent_folder = optional(string)
  }))
 
{
  "logging": {
    "parent_folder": "Common"
  },
  "monitoring-dev": {
    "parent_folder": "Common"
  },
  "monitoring-nonprod": {
    "parent_folder": "Common"
  },
  "monitoring-prod": {
    "parent_folder": "Common"
  },
  "vpc-host-dev": {
    "parent_folder": "Common"
  },
  "vpc-host-nonprod": {
    "parent_folder": "Common"
  },
  "vpc-host-prod": {
    "parent_folder": "Common"
  }
}
 no

Outputs

Name Description
iam_policy_bindings IAM policy bindings for the organization.
org Google Organization Resource
terraform_project Terraform Project Module

About

Manages a Google Cloud Organization

registry.terraform.io/modules/altissimo-hq/organization/google/latest

Topics

google organization terraform terraform-modules

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages