zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/modules/organization
History
Lorenzo Caggioni 35571096ca Update READMEs 2020-07-06 15:30:29 +02:00
..
README.md Update READMEs 2020-07-06 15:30:29 +02:00
main.tf Remove create/no_create logic. I will add it in a future PR. 2020-07-06 15:28:23 +02:00
outputs.tf Add Project level support for VPC-SC 2020-07-02 19:01:36 +02:00
variables.tf Remove create/no_create logic. I will add it in a future PR. 2020-07-06 15:28:23 +02:00
versions.tf Update organization/versions.tf copyright 2020-04-08 10:23:23 +02:00

README.md

Organization Module

This module allows managing several organization properties:

  • IAM bindings, both authoritative and additive
  • custom IAM roles
  • audit logging configuration for services
  • organization policies

Example

module "org" {
  source      = "./modules/organization"
  org_id      = 1234567890
  iam_roles   = ["roles/projectCreator"]
  iam_members = { "roles/projectCreator" = ["group:cloud-admins@example.org"] }
  policy_boolean = {
    "constraints/compute.disableGuestAttributesAccess" = true
    "constraints/compute.skipDefaultNetworkCreation" = true
  }
  policy_list = {
    "constraints/compute.trustedImageProjects" = {
      inherit_from_parent = null
      suggested_value = null
      status = true
      values = ["projects/my-project"]
    }
  }
}

Variables

name description type required default
org_id Organization id in nnnnnn format. number
access_policy_title Access Policy title to be created. string
custom_roles Map of role name => list of permissions to create in this project. map(list(string)) {}
iam_additive_bindings Map of roles lists used to set non authoritative bindings, keyed by members. map(list(string)) {}
iam_audit_config Service audit logging configuration. Service as key, map of log permission (eg DATA_READ) and excluded members as value for each service. map(map(list(string))) {}
iam_members Map of member lists used to set authoritative bindings, keyed by role. map(list(string)) {}
iam_roles List of roles used to set authoritative bindings. list(string) []
policy_boolean Map of boolean org policies and enforcement value, set value to null for policy restore. map(bool) {}
policy_list Map of list org policies, status is true for allow, false for deny, null for restore. Values can only be used for allow or deny. map(object({...})) {}
vpc_sc_perimeters Set of Perimeters. map(object({...})) {}
vpc_sc_perimeters_projects Perimeter - Project Number mapping in projects/project_number format. map(list(string)) {}

Outputs

name description sensitive
access_policy Access Policy name.
org_id Organization id dependent on module resources.