Add details on VPC-SC and CMEK in README files

2021-07-09 10:52:52 +02:00 · 2021-07-09 10:52:52 +02:00 · 54e4155ae8
parent 15d3742b06
commit 54e4155ae8
2 changed files with 15 additions and 0 deletions
--- a/data-solutions/data-platform-foundations/01-environment/README.md
+++ b/data-solutions/data-platform-foundations/01-environment/README.md
@ -33,6 +33,18 @@ parent          = "folders/12345678"

 Once done testing, you can clean up resources by running `terraform destroy`.

+### CMEK configuration
+You can configure GCP resources to use existing CMEK keys configuring the 'service_encryption_key_ids' variable. You need to specify a 'global' and a 'multiregional' key.
+
+### VPC-SC configuration
+You can assign projects to an existing VPC-SC standard perimeter configuring the 'service_perimeter_standard' variable. You can retrieve the list of existing perimeters from the GCP console or using the following command:
+
+'''
+gcloud access-context-manager perimeters list --format="json" | grep name
+'''
+
+The script use 'google_access_context_manager_service_perimeter_resource' terraform resource. If this resource is used alongside the 'vpc-sc' module, remember to uncomment the lifecycle block in the 'vpc-sc' module so they don't fight over which resources should be in the perimeter. 
+
 <!-- BEGIN TFDOC -->
 ## Variables

--- a/data-solutions/data-platform-foundations/02-resources/README.md
+++ b/data-solutions/data-platform-foundations/02-resources/README.md
@ -49,6 +49,9 @@ project_ids = {

 Once done testing, you can clean up resources by running `terraform destroy`.

+### CMEK configuration
+You can configure GCP resources to use existing CMEK keys configuring the 'service_encryption_key_ids' variable. You need to specify a 'global' and a 'multiregional' key.
+
 <!-- BEGIN TFDOC -->
 ## Variables