Add details on VPC-SC and CMEK in README files
This commit is contained in:
parent
15d3742b06
commit
54e4155ae8
|
@ -33,6 +33,18 @@ parent = "folders/12345678"
|
||||||
|
|
||||||
Once done testing, you can clean up resources by running `terraform destroy`.
|
Once done testing, you can clean up resources by running `terraform destroy`.
|
||||||
|
|
||||||
|
### CMEK configuration
|
||||||
|
You can configure GCP resources to use existing CMEK keys configuring the 'service_encryption_key_ids' variable. You need to specify a 'global' and a 'multiregional' key.
|
||||||
|
|
||||||
|
### VPC-SC configuration
|
||||||
|
You can assign projects to an existing VPC-SC standard perimeter configuring the 'service_perimeter_standard' variable. You can retrieve the list of existing perimeters from the GCP console or using the following command:
|
||||||
|
|
||||||
|
'''
|
||||||
|
gcloud access-context-manager perimeters list --format="json" | grep name
|
||||||
|
'''
|
||||||
|
|
||||||
|
The script use 'google_access_context_manager_service_perimeter_resource' terraform resource. If this resource is used alongside the 'vpc-sc' module, remember to uncomment the lifecycle block in the 'vpc-sc' module so they don't fight over which resources should be in the perimeter.
|
||||||
|
|
||||||
<!-- BEGIN TFDOC -->
|
<!-- BEGIN TFDOC -->
|
||||||
## Variables
|
## Variables
|
||||||
|
|
||||||
|
|
|
@ -49,6 +49,9 @@ project_ids = {
|
||||||
|
|
||||||
Once done testing, you can clean up resources by running `terraform destroy`.
|
Once done testing, you can clean up resources by running `terraform destroy`.
|
||||||
|
|
||||||
|
### CMEK configuration
|
||||||
|
You can configure GCP resources to use existing CMEK keys configuring the 'service_encryption_key_ids' variable. You need to specify a 'global' and a 'multiregional' key.
|
||||||
|
|
||||||
<!-- BEGIN TFDOC -->
|
<!-- BEGIN TFDOC -->
|
||||||
## Variables
|
## Variables
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue