zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/cloud-operations/scheduled-asset-inventory-e...
History
Andras Gyomrey 4d278d62e4 Default for output_file_mode 2021-11-07 13:20:00 +00:00
..
cf Update copyright to 2021 2021-02-15 09:38:10 +01:00
README.md Fix documentation. 2021-09-02 09:45:51 +02:00
backend.tf.sample Update copyright to 2021 2021-02-15 09:38:10 +01:00
diagram.png update diagram 2020-09-17 17:51:32 +02:00
main.tf Default for output_file_mode 2021-11-07 13:20:00 +00:00
outputs.tf Update copyright to 2021 2021-02-15 09:38:10 +01:00
variables.tf Fix example 2021-09-01 11:17:06 +02:00
versions.tf Use the same versions file everywhere, pin to tf 1.0+ provider 4.0+ (#355) 2021-11-03 15:05:43 +01:00

README.md

Scheduled Cloud Asset Inventory Export to Bigquery

This example shows how to leverage Cloud Asset Inventory Exporting to Bigquery feature to keep track of your project wide assets over time storing information in Bigquery.

The data stored in Bigquery can then be used for different purposes:

  • dashboarding
  • analysis

The example uses export resources at the project level for ease of testing, in actual use a few changes are needed to operate at the resource hierarchy level:

  • the export should be set at the folder or organization level
  • the roles/cloudasset.viewer on the service account should be set at the folder or organization level

The resources created in this example are shown in the high level diagram below:

Prerequisites

Ensure that you grant your account one of the following roles on your project, folder, or organization:

  • Cloud Asset Viewer role (roles/cloudasset.viewer)
  • Owner primitive role (roles/owner)

Running the example

Clone this repository, specify your variables in a terraform.tvars and then go through the following steps to create resources:

  • terraform init
  • terraform apply

Once done testing, you can clean up resources by running terraform destroy. To persist state, check out the backend.tf.sample file.

Testing the example

Once resources are created, you can run queries on the data you exported on Bigquery. Here you can find some example of queries you can run.

You can also create a dashboard connecting Datalab or any other BI tools of your choice to your Bigquery datase.

Variables

name description type required default
cai_config Cloud Asset inventory export config. object({...})
project_id Project id that references existing project. string
billing_account Billing account id used as default for new projects. string null
bundle_path Path used to write the intermediate Cloud Function code bundle. string ./bundle.zip
location Appe Engine location used in the example. string europe-west
name Arbitrary string used to name created resources. string asset-inventory
project_create Create project instead ofusing an existing one. bool true
region Compute region used in the example. string europe-west1
root_node The resource name of the parent folder or organization for project creation, in 'folders/folder_id' or 'organizations/org_id' format. string null

Outputs

name description sensitive
bq-dataset Bigquery instance details.
cloud-function Cloud Function instance details.