README.txt
Example account provisioning based off Google Cloud Project Factory Terraform Module https://github.com/terraform-google-modules/terraform-google-project-factory Look at the GCP enterprise onboarding documentation for greater details of initial setup of GCP, also the example use case requires some folder structure based on security risk, but modifiy it what ever structure best fits your organization. Use existing Script in the terraform-google-project-factory git project to deploy project with rights to be central to provisioning. Suggest looking at running a small host with ONLY access via the IAP (Identity Aware Proxy) and storing the generated secret in GCP Secrets, auto patching and such to keep system secure. Lay out on the provisioning host: we keep a copy of the terraform binary in /provisioning/bin Configuration repo with three folders mapping to three risk levels (inspired by NIST 800-53) /provisioning/GCP-provisioning/ (this repo) /provisioning/GCP-provisioning/low-risk /provisioning/GCP-provisioning/medium-risk /provisioning/GCP-provisioning/high-risk /provisioning/GCP-provisioning/template-low ==== Our implementation using Git as master of all configuration ==== Initial setup: organizationID: ######### Project ID: project Billing account ID: ######-######-###### folder ID: ############ Example workflow: git status cp -r template-low/ low-risk/test2 cd low-risk/test2 vim terraform.tfvars project_name cd /provisioning/gcp-provisioning/low-risk/test2 /provisioning/bin/terraform init /provisioning/bin/terraform validate /provisioning/bin/terraform plan /provisioning/bin/terraform apply git add . git commit -m "added gcp project for CUSTOMER" git push
Releases
No releases published