From 54e4155ae8b1251ce00f5eda9d336b0d8fe2abf7 Mon Sep 17 00:00:00 2001
From: Lorenzo Caggioni <lorenzo.caggioni@gmail.com>
Date: Fri, 9 Jul 2021 10:52:52 +0200
Subject: [PATCH] Add details on VPC-SC and CMEK in README files

---
 .../01-environment/README.md                         | 12 ++++++++++++
 .../data-platform-foundations/02-resources/README.md |  3 +++
 2 files changed, 15 insertions(+)

diff --git a/data-solutions/data-platform-foundations/01-environment/README.md b/data-solutions/data-platform-foundations/01-environment/README.md
index 8aaf482a..44328009 100644
--- a/data-solutions/data-platform-foundations/01-environment/README.md
+++ b/data-solutions/data-platform-foundations/01-environment/README.md
@@ -33,6 +33,18 @@ parent          = "folders/12345678"
 
 Once done testing, you can clean up resources by running `terraform destroy`.
 
+### CMEK configuration
+You can configure GCP resources to use existing CMEK keys configuring the 'service_encryption_key_ids' variable. You need to specify a 'global' and a 'multiregional' key.
+
+### VPC-SC configuration
+You can assign projects to an existing VPC-SC standard perimeter configuring the 'service_perimeter_standard' variable. You can retrieve the list of existing perimeters from the GCP console or using the following command:
+
+'''
+gcloud access-context-manager perimeters list --format="json" | grep name
+'''
+
+The script use 'google_access_context_manager_service_perimeter_resource' terraform resource. If this resource is used alongside the 'vpc-sc' module, remember to uncomment the lifecycle block in the 'vpc-sc' module so they don't fight over which resources should be in the perimeter. 
+
 <!-- BEGIN TFDOC -->
 ## Variables
 
diff --git a/data-solutions/data-platform-foundations/02-resources/README.md b/data-solutions/data-platform-foundations/02-resources/README.md
index 915684b8..a54e87d5 100644
--- a/data-solutions/data-platform-foundations/02-resources/README.md
+++ b/data-solutions/data-platform-foundations/02-resources/README.md
@@ -49,6 +49,9 @@ project_ids = {
 
 Once done testing, you can clean up resources by running `terraform destroy`.
 
+### CMEK configuration
+You can configure GCP resources to use existing CMEK keys configuring the 'service_encryption_key_ids' variable. You need to specify a 'global' and a 'multiregional' key.
+
 <!-- BEGIN TFDOC -->
 ## Variables