Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' into enable-cmek-for-state-bucket
Browse files Browse the repository at this point in the history
daniel-cit authored Dec 5, 2023
2 parents 7c35bf3 + 8a4c106 commit 3689018
Showing 17 changed files with 80 additions and 46 deletions.
2 changes: 1 addition & 1 deletion 1-org/envs/shared/README.md
Original file line number Diff line number Diff line change
@@ -22,7 +22,7 @@
| log\_export\_storage\_location | The location of the storage bucket used to export logs. | `string` | `"US"` | no |
| log\_export\_storage\_retention\_policy | Configuration of the bucket's data retention policy for how long objects in the bucket should be retained. | <pre>object({<br> is_locked = bool<br> retention_period_days = number<br> })</pre> | `null` | no |
| log\_export\_storage\_versioning | (Optional) Toggles bucket versioning, ability to retain a non-current object version when the live object version gets replaced or deleted. | `bool` | `false` | no |
| project\_budget | Budget configuration for projects.<br> budget\_amount: The amount to use as the budget.<br> alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br> alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`. | <pre>object({<br> dns_hub_budget_amount = optional(number, 1000)<br> dns_hub_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> dns_hub_alert_pubsub_topic = optional(string, null)<br> base_net_hub_budget_amount = optional(number, 1000)<br> base_net_hub_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> base_net_hub_alert_pubsub_topic = optional(string, null)<br> restricted_net_hub_budget_amount = optional(number, 1000)<br> restricted_net_hub_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> restricted_net_hub_alert_pubsub_topic = optional(string, null)<br> interconnect_budget_amount = optional(number, 1000)<br> interconnect_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> interconnect_alert_pubsub_topic = optional(string, null)<br> org_secrets_budget_amount = optional(number, 1000)<br> org_secrets_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> org_secrets_alert_pubsub_topic = optional(string, null)<br> org_billing_logs_budget_amount = optional(number, 1000)<br> org_billing_logs_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> org_billing_logs_alert_pubsub_topic = optional(string, null)<br> org_audit_logs_budget_amount = optional(number, 1000)<br> org_audit_logs_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> org_audit_logs_alert_pubsub_topic = optional(string, null)<br> scc_notifications_budget_amount = optional(number, 1000)<br> scc_notifications_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> scc_notifications_alert_pubsub_topic = optional(string, null)<br> })</pre> | `{}` | no |
| project\_budget | Budget configuration for projects.<br> budget\_amount: The amount to use as the budget.<br> alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br> alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.<br> alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | <pre>object({<br> dns_hub_budget_amount = optional(number, 1000)<br> dns_hub_alert_spent_percents = optional(list(number), [1.2])<br> dns_hub_alert_pubsub_topic = optional(string, null)<br> dns_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> base_net_hub_budget_amount = optional(number, 1000)<br> base_net_hub_alert_spent_percents = optional(list(number), [1.2])<br> base_net_hub_alert_pubsub_topic = optional(string, null)<br> base_net_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> restricted_net_hub_budget_amount = optional(number, 1000)<br> restricted_net_hub_alert_spent_percents = optional(list(number), [1.2])<br> restricted_net_hub_alert_pubsub_topic = optional(string, null)<br> restricted_net_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> interconnect_budget_amount = optional(number, 1000)<br> interconnect_alert_spent_percents = optional(list(number), [1.2])<br> interconnect_alert_pubsub_topic = optional(string, null)<br> interconnect_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> org_secrets_budget_amount = optional(number, 1000)<br> org_secrets_alert_spent_percents = optional(list(number), [1.2])<br> org_secrets_alert_pubsub_topic = optional(string, null)<br> org_secrets_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> org_billing_logs_budget_amount = optional(number, 1000)<br> org_billing_logs_alert_spent_percents = optional(list(number), [1.2])<br> org_billing_logs_alert_pubsub_topic = optional(string, null)<br> org_billing_logs_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> org_audit_logs_budget_amount = optional(number, 1000)<br> org_audit_logs_alert_spent_percents = optional(list(number), [1.2])<br> org_audit_logs_alert_pubsub_topic = optional(string, null)<br> org_audit_logs_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> scc_notifications_budget_amount = optional(number, 1000)<br> scc_notifications_alert_spent_percents = optional(list(number), [1.2])<br> scc_notifications_alert_pubsub_topic = optional(string, null)<br> scc_notifications_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> })</pre> | `{}` | no |
| remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
| scc\_notification\_filter | Filter used to create the Security Command Center Notification, you can see more details on how to create filters in https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications#create-filter | `string` | `"state = \"ACTIVE\""` | no |
| scc\_notification\_name | Name of the Security Command Center Notification. It must be unique in the organization. Run `gcloud scc notifications describe <scc_notification_name> --organization=org_id` to check if it already exists. | `string` | n/a | yes |
8 changes: 8 additions & 0 deletions 1-org/envs/shared/projects.tf
Original file line number Diff line number Diff line change
@@ -52,6 +52,7 @@ module "org_audit_logs" {
budget_alert_pubsub_topic = var.project_budget.org_audit_logs_alert_pubsub_topic
budget_alert_spent_percents = var.project_budget.org_audit_logs_alert_spent_percents
budget_amount = var.project_budget.org_audit_logs_budget_amount
budget_alert_spend_basis = var.project_budget.org_audit_logs_budget_alert_spend_basis
}

module "org_billing_logs" {
@@ -79,6 +80,7 @@ module "org_billing_logs" {
budget_alert_pubsub_topic = var.project_budget.org_billing_logs_alert_pubsub_topic
budget_alert_spent_percents = var.project_budget.org_billing_logs_alert_spent_percents
budget_amount = var.project_budget.org_billing_logs_budget_amount
budget_alert_spend_basis = var.project_budget.org_billing_logs_budget_alert_spend_basis
}

/******************************************
@@ -110,6 +112,7 @@ module "org_secrets" {
budget_alert_pubsub_topic = var.project_budget.org_secrets_alert_pubsub_topic
budget_alert_spent_percents = var.project_budget.org_secrets_alert_spent_percents
budget_amount = var.project_budget.org_secrets_budget_amount
budget_alert_spend_basis = var.project_budget.org_secrets_budget_alert_spend_basis
}

/******************************************
@@ -141,6 +144,7 @@ module "interconnect" {
budget_alert_pubsub_topic = var.project_budget.interconnect_alert_pubsub_topic
budget_alert_spent_percents = var.project_budget.interconnect_alert_spent_percents
budget_amount = var.project_budget.interconnect_budget_amount
budget_alert_spend_basis = var.project_budget.interconnect_budget_alert_spend_basis
}

/******************************************
@@ -172,6 +176,7 @@ module "scc_notifications" {
budget_alert_pubsub_topic = var.project_budget.scc_notifications_alert_pubsub_topic
budget_alert_spent_percents = var.project_budget.scc_notifications_alert_spent_percents
budget_amount = var.project_budget.scc_notifications_budget_amount
budget_alert_spend_basis = var.project_budget.scc_notifications_budget_alert_spend_basis
}

/******************************************
@@ -211,6 +216,7 @@ module "dns_hub" {
budget_alert_pubsub_topic = var.project_budget.dns_hub_alert_pubsub_topic
budget_alert_spent_percents = var.project_budget.dns_hub_alert_spent_percents
budget_amount = var.project_budget.dns_hub_budget_amount
budget_alert_spend_basis = var.project_budget.dns_hub_budget_alert_spend_basis
}

/******************************************
@@ -251,6 +257,7 @@ module "base_network_hub" {
budget_alert_pubsub_topic = var.project_budget.base_net_hub_alert_pubsub_topic
budget_alert_spent_percents = var.project_budget.base_net_hub_alert_spent_percents
budget_amount = var.project_budget.base_net_hub_budget_amount
budget_alert_spend_basis = var.project_budget.base_net_hub_budget_alert_spend_basis
}

resource "google_project_iam_member" "network_sa_base" {
@@ -299,6 +306,7 @@ module "restricted_network_hub" {
budget_alert_pubsub_topic = var.project_budget.restricted_net_hub_alert_pubsub_topic
budget_alert_spent_percents = var.project_budget.restricted_net_hub_alert_spent_percents
budget_amount = var.project_budget.restricted_net_hub_budget_amount
budget_alert_spend_basis = var.project_budget.restricted_net_hub_budget_alert_spend_basis
}

resource "google_project_iam_member" "network_sa_restricted" {
57 changes: 33 additions & 24 deletions 1-org/envs/shared/variables.tf
Original file line number Diff line number Diff line change
@@ -115,32 +115,41 @@ variable "project_budget" {
budget_amount: The amount to use as the budget.
alert_spent_percents: A list of percentages of the budget to alert on when threshold is exceeded.
alert_pubsub_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.
alert_spend_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default).
EOT
type = object({
dns_hub_budget_amount = optional(number, 1000)
dns_hub_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])
dns_hub_alert_pubsub_topic = optional(string, null)
base_net_hub_budget_amount = optional(number, 1000)
base_net_hub_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])
base_net_hub_alert_pubsub_topic = optional(string, null)
restricted_net_hub_budget_amount = optional(number, 1000)
restricted_net_hub_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])
restricted_net_hub_alert_pubsub_topic = optional(string, null)
interconnect_budget_amount = optional(number, 1000)
interconnect_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])
interconnect_alert_pubsub_topic = optional(string, null)
org_secrets_budget_amount = optional(number, 1000)
org_secrets_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])
org_secrets_alert_pubsub_topic = optional(string, null)
org_billing_logs_budget_amount = optional(number, 1000)
org_billing_logs_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])
org_billing_logs_alert_pubsub_topic = optional(string, null)
org_audit_logs_budget_amount = optional(number, 1000)
org_audit_logs_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])
org_audit_logs_alert_pubsub_topic = optional(string, null)
scc_notifications_budget_amount = optional(number, 1000)
scc_notifications_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])
scc_notifications_alert_pubsub_topic = optional(string, null)
dns_hub_budget_amount = optional(number, 1000)
dns_hub_alert_spent_percents = optional(list(number), [1.2])
dns_hub_alert_pubsub_topic = optional(string, null)
dns_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
base_net_hub_budget_amount = optional(number, 1000)
base_net_hub_alert_spent_percents = optional(list(number), [1.2])
base_net_hub_alert_pubsub_topic = optional(string, null)
base_net_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
restricted_net_hub_budget_amount = optional(number, 1000)
restricted_net_hub_alert_spent_percents = optional(list(number), [1.2])
restricted_net_hub_alert_pubsub_topic = optional(string, null)
restricted_net_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
interconnect_budget_amount = optional(number, 1000)
interconnect_alert_spent_percents = optional(list(number), [1.2])
interconnect_alert_pubsub_topic = optional(string, null)
interconnect_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
org_secrets_budget_amount = optional(number, 1000)
org_secrets_alert_spent_percents = optional(list(number), [1.2])
org_secrets_alert_pubsub_topic = optional(string, null)
org_secrets_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
org_billing_logs_budget_amount = optional(number, 1000)
org_billing_logs_alert_spent_percents = optional(list(number), [1.2])
org_billing_logs_alert_pubsub_topic = optional(string, null)
org_billing_logs_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
org_audit_logs_budget_amount = optional(number, 1000)
org_audit_logs_alert_spent_percents = optional(list(number), [1.2])
org_audit_logs_alert_pubsub_topic = optional(string, null)
org_audit_logs_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
scc_notifications_budget_amount = optional(number, 1000)
scc_notifications_alert_spent_percents = optional(list(number), [1.2])
scc_notifications_alert_pubsub_topic = optional(string, null)
scc_notifications_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
})
default = {}
}
2 changes: 1 addition & 1 deletion 2-environments/modules/env_baseline/README.md
Original file line number Diff line number Diff line change
@@ -7,7 +7,7 @@
| env | The environment to prepare (ex. development) | `string` | n/a | yes |
| environment\_code | A short form of the folder level resources (environment) within the Google Cloud organization (ex. d). | `string` | n/a | yes |
| monitoring\_workspace\_users | Google Workspace or Cloud Identity group that have access to Monitoring Workspaces. | `string` | n/a | yes |
| project\_budget | Budget configuration for projects.<br> budget\_amount: The amount to use as the budget.<br> alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br> alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`. | <pre>object({<br> base_network_budget_amount = optional(number, 1000)<br> base_network_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> base_network_alert_pubsub_topic = optional(string, null)<br> restricted_network_budget_amount = optional(number, 1000)<br> restricted_network_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> restricted_network_alert_pubsub_topic = optional(string, null)<br> monitoring_budget_amount = optional(number, 1000)<br> monitoring_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> monitoring_alert_pubsub_topic = optional(string, null)<br> secret_budget_amount = optional(number, 1000)<br> secret_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> secret_alert_pubsub_topic = optional(string, null)<br> })</pre> | `{}` | no |
| project\_budget | Budget configuration for projects.<br> budget\_amount: The amount to use as the budget.<br> alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br> alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.<br> alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | <pre>object({<br> base_network_budget_amount = optional(number, 1000)<br> base_network_alert_spent_percents = optional(list(number), [1.2])<br> base_network_alert_pubsub_topic = optional(string, null)<br> base_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> restricted_network_budget_amount = optional(number, 1000)<br> restricted_network_alert_spent_percents = optional(list(number), [1.2])<br> restricted_network_alert_pubsub_topic = optional(string, null)<br> restricted_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> monitoring_budget_amount = optional(number, 1000)<br> monitoring_alert_spent_percents = optional(list(number), [1.2])<br> monitoring_alert_pubsub_topic = optional(string, null)<br> monitoring_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> secret_budget_amount = optional(number, 1000)<br> secret_alert_spent_percents = optional(list(number), [1.2])<br> secret_alert_pubsub_topic = optional(string, null)<br> secret_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> })</pre> | `{}` | no |
| remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |

## Outputs
1 change: 1 addition & 0 deletions 2-environments/modules/env_baseline/monitoring.tf
Original file line number Diff line number Diff line change
@@ -48,4 +48,5 @@ module "monitoring_project" {
budget_alert_pubsub_topic = var.project_budget.monitoring_alert_pubsub_topic
budget_alert_spent_percents = var.project_budget.monitoring_alert_spent_percents
budget_amount = var.project_budget.monitoring_budget_amount
budget_alert_spend_basis = var.project_budget.monitoring_budget_alert_spend_basis
}
1 change: 1 addition & 0 deletions 2-environments/modules/env_baseline/networking.tf
Original file line number Diff line number Diff line change
@@ -88,4 +88,5 @@ module "restricted_shared_vpc_host_project" {
budget_alert_pubsub_topic = var.project_budget.restricted_network_alert_pubsub_topic
budget_alert_spent_percents = var.project_budget.restricted_network_alert_spent_percents
budget_amount = var.project_budget.restricted_network_budget_amount
budget_alert_spend_basis = var.project_budget.restricted_network_budget_alert_spend_basis
}
1 change: 1 addition & 0 deletions 2-environments/modules/env_baseline/secrets.tf
Original file line number Diff line number Diff line change
@@ -46,4 +46,5 @@ module "env_secrets" {
budget_alert_pubsub_topic = var.project_budget.secret_alert_pubsub_topic
budget_alert_spent_percents = var.project_budget.secret_alert_spent_percents
budget_amount = var.project_budget.secret_budget_amount
budget_alert_spend_basis = var.project_budget.secret_budget_alert_spend_basis
}
29 changes: 17 additions & 12 deletions 2-environments/modules/env_baseline/variables.tf
Original file line number Diff line number Diff line change
@@ -40,20 +40,25 @@ variable "project_budget" {
budget_amount: The amount to use as the budget.
alert_spent_percents: A list of percentages of the budget to alert on when threshold is exceeded.
alert_pubsub_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.
alert_spend_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default).
EOT
type = object({
base_network_budget_amount = optional(number, 1000)
base_network_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])
base_network_alert_pubsub_topic = optional(string, null)
restricted_network_budget_amount = optional(number, 1000)
restricted_network_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])
restricted_network_alert_pubsub_topic = optional(string, null)
monitoring_budget_amount = optional(number, 1000)
monitoring_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])
monitoring_alert_pubsub_topic = optional(string, null)
secret_budget_amount = optional(number, 1000)
secret_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])
secret_alert_pubsub_topic = optional(string, null)
base_network_budget_amount = optional(number, 1000)
base_network_alert_spent_percents = optional(list(number), [1.2])
base_network_alert_pubsub_topic = optional(string, null)
base_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
restricted_network_budget_amount = optional(number, 1000)
restricted_network_alert_spent_percents = optional(list(number), [1.2])
restricted_network_alert_pubsub_topic = optional(string, null)
restricted_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
monitoring_budget_amount = optional(number, 1000)
monitoring_alert_spent_percents = optional(list(number), [1.2])
monitoring_alert_pubsub_topic = optional(string, null)
monitoring_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
secret_budget_amount = optional(number, 1000)
secret_alert_spent_percents = optional(list(number), [1.2])
secret_alert_pubsub_topic = optional(string, null)
secret_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
})
default = {}
}
2 changes: 1 addition & 1 deletion 4-projects/business_unit_1/shared/README.md
Original file line number Diff line number Diff line change
@@ -4,7 +4,7 @@
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| default\_region | Default region to create resources where applicable. | `string` | `"us-central1"` | no |
| project\_budget | Budget configuration.<br> budget\_amount: The amount to use as the budget.<br> alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br> alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`. | <pre>object({<br> budget_amount = optional(number, 1000)<br> alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> alert_pubsub_topic = optional(string, null)<br> })</pre> | `{}` | no |
| project\_budget | Budget configuration.<br> budget\_amount: The amount to use as the budget.<br> alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br> alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.<br> alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | <pre>object({<br> budget_amount = optional(number, 1000)<br> alert_spent_percents = optional(list(number), [1.2])<br> alert_pubsub_topic = optional(string, null)<br> alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> })</pre> | `{}` | no |
| remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |

## Outputs
4 changes: 3 additions & 1 deletion 4-projects/business_unit_1/shared/variables.tf
Original file line number Diff line number Diff line change
@@ -26,11 +26,13 @@ variable "project_budget" {
budget_amount: The amount to use as the budget.
alert_spent_percents: A list of percentages of the budget to alert on when threshold is exceeded.
alert_pubsub_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.
alert_spend_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default).
EOT
type = object({
budget_amount = optional(number, 1000)
alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])
alert_spent_percents = optional(list(number), [1.2])
alert_pubsub_topic = optional(string, null)
alert_spend_basis = optional(string, "FORECASTED_SPEND")
})
default = {}
}
2 changes: 1 addition & 1 deletion 4-projects/business_unit_2/shared/README.md
Original file line number Diff line number Diff line change
@@ -4,7 +4,7 @@
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| default\_region | Default region to create resources where applicable. | `string` | `"us-central1"` | no |
| project\_budget | Budget configuration.<br> budget\_amount: The amount to use as the budget.<br> alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br> alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`. | <pre>object({<br> budget_amount = optional(number, 1000)<br> alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> alert_pubsub_topic = optional(string, null)<br> })</pre> | `{}` | no |
| project\_budget | Budget configuration.<br> budget\_amount: The amount to use as the budget.<br> alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br> alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.<br> alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | <pre>object({<br> budget_amount = optional(number, 1000)<br> alert_spent_percents = optional(list(number), [1.2])<br> alert_pubsub_topic = optional(string, null)<br> alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> })</pre> | `{}` | no |
| remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |

## Outputs
4 changes: 3 additions & 1 deletion 4-projects/business_unit_2/shared/variables.tf
Original file line number Diff line number Diff line change
@@ -26,11 +26,13 @@ variable "project_budget" {
budget_amount: The amount to use as the budget.
alert_spent_percents: A list of percentages of the budget to alert on when threshold is exceeded.
alert_pubsub_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.
alert_spend_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default).
EOT
type = object({
budget_amount = optional(number, 1000)
alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])
alert_spent_percents = optional(list(number), [1.2])
alert_pubsub_topic = optional(string, null)
alert_spend_basis = optional(string, "FORECASTED_SPEND")
})
default = {}
}
2 changes: 1 addition & 1 deletion 4-projects/modules/base_env/README.md
Original file line number Diff line number Diff line change
@@ -16,7 +16,7 @@
| optional\_fw\_rules\_enabled | Toggle creation of optional firewall rules: Internal & Global load balancing health check and load balancing IP ranges. | `bool` | `false` | no |
| peering\_iap\_fw\_rules\_enabled | Toggle creation of optional IAP firewall rules: SSH, RDP. | `bool` | `false` | no |
| peering\_module\_depends\_on | List of modules or resources peering module depends on. | `list(any)` | `[]` | no |
| project\_budget | Budget configuration.<br> budget\_amount: The amount to use as the budget.<br> alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br> alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`. | <pre>object({<br> budget_amount = optional(number, 1000)<br> alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> alert_pubsub_topic = optional(string, null)<br> })</pre> | `{}` | no |
| project\_budget | Budget configuration.<br> budget\_amount: The amount to use as the budget.<br> alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br> alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.<br> alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | <pre>object({<br> budget_amount = optional(number, 1000)<br> alert_spent_percents = optional(list(number), [1.2])<br> alert_pubsub_topic = optional(string, null)<br> alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> })</pre> | `{}` | no |
| remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
| secrets\_prj\_suffix | Name suffix to use for secrets project created. | `string` | `"env-secrets"` | no |
| subnet\_ip\_range | IP range for the peered subnetwork. If "peering\_iap\_fw\_rules\_enabled" is true, this field should not be null. | `string` | `null` | no |
4 changes: 3 additions & 1 deletion 4-projects/modules/base_env/variables.tf
Original file line number Diff line number Diff line change
@@ -59,11 +59,13 @@ variable "project_budget" {
budget_amount: The amount to use as the budget.
alert_spent_percents: A list of percentages of the budget to alert on when threshold is exceeded.
alert_pubsub_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.
alert_spend_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default).
EOT
type = object({
budget_amount = optional(number, 1000)
alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])
alert_spent_percents = optional(list(number), [1.2])
alert_pubsub_topic = optional(string, null)
alert_spend_basis = optional(string, "FORECASTED_SPEND")
})
default = {}
}
2 changes: 1 addition & 1 deletion 4-projects/modules/single_project/README.md
Original file line number Diff line number Diff line change
@@ -14,7 +14,7 @@
| folder\_id | The folder id where project will be created | `string` | n/a | yes |
| org\_id | The organization id for the associated services | `string` | n/a | yes |
| primary\_contact | The primary email contact for the project | `string` | n/a | yes |
| project\_budget | Budget configuration.<br> budget\_amount: The amount to use as the budget.<br> alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br> alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`. | <pre>object({<br> budget_amount = optional(number, 1000)<br> alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br> alert_pubsub_topic = optional(string, null)<br> })</pre> | `{}` | no |
| project\_budget | Budget configuration.<br> budget\_amount: The amount to use as the budget.<br> alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br> alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.<br> alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | <pre>object({<br> budget_amount = optional(number, 1000)<br> alert_spent_percents = optional(list(number), [1.2])<br> alert_pubsub_topic = optional(string, null)<br> alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> })</pre> | `{}` | no |
| project\_prefix | Name prefix to use for projects created. | `string` | `"prj"` | no |
| project\_suffix | The name of the GCP project. Max 16 characters with 3 character business unit code. | `string` | n/a | yes |
| sa\_roles | A list of roles to give the Service Account from App Infra Pipeline. | `map(list(string))` | `{}` | no |
1 change: 1 addition & 0 deletions 4-projects/modules/single_project/main.tf
Original file line number Diff line number Diff line change
@@ -76,6 +76,7 @@ module "project" {
budget_alert_pubsub_topic = var.project_budget.alert_pubsub_topic
budget_alert_spent_percents = var.project_budget.alert_spent_percents
budget_amount = var.project_budget.budget_amount
budget_alert_spend_basis = var.project_budget.alert_spend_basis
}

# Additional roles to the App Infra Pipeline service account
4 changes: 3 additions & 1 deletion 4-projects/modules/single_project/variables.tf
Original file line number Diff line number Diff line change
@@ -114,11 +114,13 @@ variable "project_budget" {
budget_amount: The amount to use as the budget.
alert_spent_percents: A list of percentages of the budget to alert on when threshold is exceeded.
alert_pubsub_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.
alert_spend_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default).
EOT
type = object({
budget_amount = optional(number, 1000)
alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])
alert_spent_percents = optional(list(number), [1.2])
alert_pubsub_topic = optional(string, null)
alert_spend_basis = optional(string, "FORECASTED_SPEND")
})
default = {}
}

0 comments on commit 3689018

Please sign in to comment.