| access_context_manager_policy_id |
The ID of the access context manager policy the perimeter lies in. Can be obtained by running gcloud access-context-manager policies list --organization YOUR_ORGANIZATION_ID --format="value(name)". |
string |
n/a |
yes |
| alert_pubsub_topic |
The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of projects/{project_id}/topics/{topic_id} |
string |
null |
no |
| alert_spent_percents |
A list of percentages of the budget to alert on when threshold is exceeded |
list(number) |
[
0.5,
0.75,
0.9,
0.95
] |
no |
| app_infra_pipeline_cloudbuild_sa |
Cloud Build SA used for deploying infrastructure |
string |
n/a |
yes |
| billing_account |
The ID of the billing account to associated this project with |
string |
n/a |
yes |
| budget_amount |
The amount to use as the budget |
number |
1000 |
no |
| enable_hub_and_spoke |
Enable Hub-and-Spoke architecture. |
bool |
false |
no |
| firewall_enable_logging |
Toggle firewall logging for VPC Firewalls. |
bool |
true |
no |
| folder_prefix |
Name prefix to use for folders created. Should be the same in all steps. |
string |
"fldr" |
no |
| gcs_bucket_prefix |
Name prefix to be used for GCS Bucket |
string |
"cmek-encrypted-bucket" |
no |
| key_name |
Name to be used for KMS Key |
string |
"crypto-key-example" |
no |
| key_rotation_period |
Rotation period in seconds to be used for KMS Key |
string |
"7776000s" |
no |
| keyring_name |
Name to be used for KMS Keyring |
string |
"sample-keyring" |
no |
| location_gcs |
Case-Sensitive Location for GCS Bucket (Should be same region as the KMS Keyring) |
string |
"US" |
no |
| location_kms |
Case-Sensitive Location for KMS Keyring (Should be same region as the GCS Bucket) |
string |
"us" |
no |
| optional_fw_rules_enabled |
Toggle creation of optional firewall rules: IAP SSH, IAP RDP and Internal & Global load balancing health check and load balancing IP ranges. |
bool |
false |
no |
| org_id |
The organization id for the associated services |
string |
n/a |
yes |
| parent_folder |
Optional - for an organization with existing projects or for development/validation. It will place all the example foundation resources under the provided folder instead of the root organization. The value is the numeric folder ID. The folder must already exist. Must be the same value used in previous step. |
string |
"" |
no |
| peering_module_depends_on |
List of modules or resources peering module depends on. |
list |
[] |
no |
| perimeter_name |
Access context manager service perimeter name to attach the restricted svpc project. |
string |
n/a |
yes |
| project_prefix |
Name prefix to use for projects created. Should be the same in all steps. Max size is 3 characters. |
string |
"prj" |
no |
| secrets_prj_suffix |
Name suffix to use for secrets project created. |
string |
"env-secrets" |
no |
| terraform_service_account |
Service account email of the account to impersonate to run Terraform |
string |
n/a |
yes |
| windows_activation_enabled |
Enable Windows license activation for Windows workloads. |
bool |
false |
no |