cloud-foundation-fabric/modules

Terraform modules suite for Google Cloud

The modules collected in this folder are designed as a suite: they are meant to be composed together, and are designed to be forked and modified where use of third party code and sources is not allowed.

Modules try to stay close to the low level provider resources they encapsulate, and they all share a similar interface that combines management of one resource or set or resources, and the corresponding IAM bindings.

Authoritative IAM bindings are primarily used (e.g. google_storage_bucket_iam_binding for GCS buckets) so that each module is authoritative for specific roles on the resources it manages, and can neutralize or reconcile IAM changes made elsewhere.

Specific modules also offer support for non-authoritative bindings (e.g. google_storage_bucket_iam_member for service accounts), to allow granular permission management on resources that they don't manage directly.

Foundational modules

• billing budget
• folder
• logging bucket
• naming convention
• organization
• project
• service account

Networking modules

• address reservation
• Cloud DNS
• Cloud NAT
• Cloud Endpoints
• L4 Internal Load Balancer
• Service Directory
• VPC
• VPC firewall
• VPC peering
• VPN static
• VPN dynamic
• VPN HA
• TODO: xLB modules

Compute/Container

• COS container (coredns, mysql, onprem, squid)
• GKE cluster
• GKE nodepool
• Managed Instance Group
• VM/VM group

Data

• BigQuery dataset
• Datafusion
• GCS
• Pub/Sub
• Bigtable instance
• Cloud SQL instance

Development

• Artifact Registry
• Container Registry
• Source Repository
• Apigee Organization
• Apigee X Instance

Security

• Cloud KMS
• Secret Manager
• VPC Service Control

Serverless

• Cloud Functions
• Cloud Run