zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/blueprints/data-solutions
History
Ludovico Magnocavallo fae5654e33
Refactor VPC firewall module for Terraform 1.3 (#949) 
* module and module tests/examples

* align blueprints and fast

* fix null ranges

* make ports optional

* tfdoc

* make rules optional defaulting to all protocols

* review comments

* last round of comments

* invert precedence of template variables

* add option to disable all default rules

* add option to disable all default rules

* split egress/ingress

* tests

* fix tests
 		2022-11-04 13:56:07 +01:00
..
cloudsql-multiregion Refactor VPC firewall module for Terraform 1.3 (#949) 2022-11-04 13:56:07 +01:00
cmek-via-centralized-kms Refactor VPC firewall module for Terraform 1.3 (#949) 2022-11-04 13:56:07 +01:00
composer-2 Do not modify in parameters in format_* functions 2022-10-20 18:56:54 +02:00
data-platform-foundations Refactor VPC firewall module for Terraform 1.3 (#949) 2022-11-04 13:56:07 +01:00
data-playground Refactor VPC firewall module for Terraform 1.3 (#949) 2022-11-04 13:56:07 +01:00
gcs-to-bq-with-least-privileges Refactor VPC firewall module for Terraform 1.3 (#949) 2022-11-04 13:56:07 +01:00
sqlserver-alwayson Refactor VPC firewall module for Terraform 1.3 (#949) 2022-11-04 13:56:07 +01:00
README.md Align documentation, move glb blueprint (#921) 2022-10-26 14:31:04 +02:00

README.md

GCP Data Services blueprints

The blueprints in this folder implement typical data service topologies and end-to-end scenarios, that allow testing specific features like Cloud KMS to encrypt your data, or VPC-SC to mitigate data exfiltration.

They are meant to be used as minimal but complete starting points to create actual infrastructure, and as playgrounds to experiment with specific Google Cloud features.

Blueprints

Cloud SQL instance with multi-region read replicas

This blueprint creates a Cloud SQL instance with multi-region read replicas as described in the Cloud SQL for PostgreSQL disaster recovery article.


GCE and GCS CMEK via centralized Cloud KMS

This blueprint implements CMEK for GCS and GCE, via keys hosted in KMS running in a centralized project. The blueprint shows the basic resources and permissions for the typical use case of application projects implementing encryption at rest via a centrally managed KMS service.


Cloud Composer version 2 private instance, supporting Shared VPC and external CMEK key

This blueprint creates a Cloud Composer version 2 instance on a VPC with a dedicated service account. The solution supports as inputs: a Shared VPC and Cloud KMS CMEK keys.


Data Platform Foundations

This blueprint implements a robust and flexible Data Foundation on GCP that provides opinionated defaults, allowing customers to build and scale out additional data pipelines quickly and reliably.


Data Playground starter with Cloud Vertex AI Notebook and GCS

This blueprint creates a Vertex AI Notebook running on a VPC with a private IP and a dedicated Service Account. A GCS bucket and a BigQuery dataset are created to store inputs and outputs of data experiments.


Cloud Storage to Bigquery with Cloud Dataflow with least privileges

This blueprint implements resources required to run GCS to BigQuery Dataflow pipelines. The solution rely on a set of Services account created with the least privileges principle.


SQL Server Always On Availability Groups

This blueprint implements SQL Server Always On Availability Groups using Fabric modules. It builds a two node cluster with a fileshare witness instance in an existing VPC and adds the necessary firewalling. The actual setup process (apart from Active Directory operations) has been scripted, so that least amount of manual works needs to performed.