History

Ludovico Magnocavallo 819894d2ba IAM interface refactor (#1595 ) * IAM modules refactor proposal * policy * subheading * Update 20230816-iam-refactor.md * log Julio's +1 * data-catalog-policy-tag * dataproc * dataproc * folder * folder * folder * folder * project * better filtering in test examples * project * folder * folder * organization * fix variable descriptions * kms * net-vpc * dataplex-datascan * modules/iam-service-account * modules/source-repository/ * blueprints/cloud-operations/vm-migration/ * blueprints/third-party-solutions/wordpress * dataplex-datascan * blueprints/cloud-operations/workload-identity-federation * blueprints/data-solutions/cloudsql-multiregion/ * blueprints/data-solutions/composer-2 * Update 20230816-iam-refactor.md * Update 20230816-iam-refactor.md * capture discussion in architectural doc * update variable names and refactor proposal * project * blueprints first round * folder * organization * data-catalog-policy-tag * re-enable folder inventory * project module style fix * dataproc * source-repository * source-repository tests * dataplex-datascan * dataplex-datascan tests * net-vpc * net-vpc test examples * iam-service-account * iam-service-account test examples * kms * boilerplate * tfdoc * fix module tests * more blueprint fixes * fix typo in data blueprints * incomplete refactor of data platform foundations * tfdoc * data platform foundation * refactor data platform foundation iam locals * remove redundant example test * shielded folder fix * fix typo * project factory * project factory outputs * tfdoc * test workflow: less verbose tests, fix tf version * re-enable -vv, shorter traceback, fix action version * ignore github extension warning, re-enable action version * fast bootstrap IAM, untested * bootstrap stage IAM fixes * stage 0 tests * fast stage 1 * tenant stage 1 * minor changes to fast stage 0 and 1 * fast security stage * fast mt stage 0 * fast mt stage 0 * fast pf		2023-08-20 09:44:20 +02:00
..
README.md	IAM interface refactor (#1595 )	2023-08-20 09:44:20 +02:00
backend.tf.sample	Rename examples folder to blueprints	2022-09-09 16:38:43 +02:00
diagram.png	Rename examples folder to blueprints	2022-09-09 16:38:43 +02:00
main.tf	IAM interface refactor (#1595 )	2023-08-20 09:44:20 +02:00
outputs.tf	Enforce nonempty descriptions ending in a colon	2022-11-24 18:56:01 +01:00
variables.tf	IAM interface refactor (#1595 )	2023-08-20 09:44:20 +02:00

README.md

M4CE(v5) - Host and Target Projects with Shared VPC

This blueprint creates a Migrate for Compute Engine (v5) environment deployed on an host project with multiple target projects and shared VPCs.

The blueprint is designed to implement a M4CE (v5) environment on-top of complex migration landing environment where VMs have to be migrated to multiple target projects. In this blueprint targets are also service projects for a shared VPC. It also includes the IAM wiring needed to make such scenarios work.

This is the high level diagram:

Managed resources and services

This sample creates\update several distinct groups of resources:

projects
- M4CE host project with required services deployed on a new or existing project.
- M4CE target project prerequisites deployed on existing projects.
IAM
- Create a service account used at runtime by the M4CE connector for data replication
- Grant migration admin roles to provided user or group.
- Grant migration viewer role to provided user or group.
- Grant roles on shared VPC to migration user or group

Variables

name	description	type	required	default
migration_admin	User or group who can create a new M4CE sources and perform all other migration operations, in IAM format (`group:foo@example.com`).	`string`	✓
migration_target_projects	List of target projects for m4ce workload migrations.	`list(string)`	✓
sharedvpc_host_projects	List of host projects that share a VPC with the selected target projects.	`list(string)`	✓
migration_viewer	User or group authorized to retrieve information about M4CE in the Google Cloud Console, in IAM format (`group:foo@example.com`).	`string`		`null`
project_create	Parameters for the creation of the new project to host the M4CE backend.	`object({…})`		`null`
project_name	Name of an existing project or of the new project assigned as M4CE host project.	`string`		`"m4ce-host-project-000"`

Outputs

name	description	sensitive
m4ce_gmanaged_service_account	Google managed service account created automatically during the migrate connector registration. It is used by M4CE to perform activities on target projects.

Manual Steps

Once this blueprint is deployed the M4CE m4ce_gmanaged_service_account has to be configured to grant the access to the shared VPC and allow the deploy of Compute Engine instances as the result of the migration.

Test

module "test" {
  source = "./fabric/blueprints/cloud-operations/vm-migration/host-target-sharedvpc"
  project_create = {
    billing_account_id = "1234-ABCD-1234"
    parent             = "folders/1234563"
  }
  migration_admin           = "user:admin@example.com"
  migration_viewer          = "user:viewer@example.com"
  migration_target_projects = [module.test-target-project.name]
  sharedvpc_host_projects   = [module.test-sharedvpc-host-project.name]
  depends_on = [
    module.test-target-project,
    module.test-sharedvpc-host-project,
  ]
}

module "test-target-project" {
  source          = "./fabric/modules/project"
  billing_account = "1234-ABCD-1234"
  name            = "test-target-project"
  project_create  = true
}

module "test-sharedvpc-host-project" {
  source          = "./fabric/modules/project"
  billing_account = "1234-ABCD-1234"
  name            = "test-sharedvpc-host-project"
  project_create  = true
}

# tftest modules=7 resources=25