terraform-gcp-attribute-sensor

The module provisions all required infrastracture resources for the Attribute Sensor to operate. Please, refer to the Input section for the configuration options.

Prerequisites

Except the required inputs, the following resources must be created before using the module:

• Billing Export Dataset
• Billing Export Resource

It usually takes up to 24 hours for the billing export to be created in the BigQuery dataset. For additional details about the billing export, please refer to the Attribute deployment guide provided.

Account types

The module supports two account types: management and sub. You can use a single management account and multiple sub accounts in the same organization.

Management

The following resources are created in the management account:

• Service account with required permissions
• Billing Export Dataset permissions ( optional )

Sub

The following resources are created in the sub account:

• Service account with required permissions

The sub account requires the billing_info input to be provided. The information should contain the billing export table, email and project ID from the management account. It's recommended to use outputs from the management account to populate the input, i.e.:

module "attribute_management" {
  ...
  account_type                = "management"
  billing_export_dataset_name = var.billing_export_dataset_name
  billing_export_table_name   = var.billing_export_table_name
}

module "attribute_subaccount1" {
  ...
  account_type = "sub"
  billing_info = module.attribute_management.billing_info
}

Registration

The registration process is fully automated. The module will register the sensor with the Attribute API via the http provider.

Account name

Account name can be provided via the account_name input, or automatically extracted with the google_projects datasource.

Requirements

Name	Version
terraform	>= 1.9.0
google	>= 5.0, < 8.0

Providers

Name	Version
google	>= 5.0, < 8.0
http	n/a

Modules

No modules.

Resources

Name	Type
google_bigquery_dataset_iam_member.bigquery_internal	resource
google_project_iam_member.internal	resource
google_project_service.this	resource
google_service_account.this	resource
google_service_account_iam_member.impersonator	resource
google_client_config.current	data source
google_project.current	data source
google_projects.current	data source
http_http.attribute_registration	data source

Inputs

Name	Description	Type	Default	Required
account_type	(Required) The GCP Account type. Available options are: 'management' or 'sub'. In case of 'management', the 'billing_export_dataset_name' and 'billing_export_table_name' inputs must be provided.	string	n/a	yes
organization_id	(Required) The Organization ID provided by Attribute.	string	n/a	yes
token	(Required) The token to authenticate with the Attribute API.	string	n/a	yes
account_name	(Optional) The GCP Account name. If not provided, the account name will be extracted with the datasource.	string	""	no
billing_export_dataset_name	(Optional) The name of the billing export dataset.	string	""	no
billing_export_table_name	(Optional) The name of the billing export table.	string	""	no
billing_info	(Optional) The existing billing export information. Required for sub accounts.	object({ billing_export_table = string billing_export_email = string billing_export_project_id = string })	{ "billing_export_email": "", "billing_export_project_id": "", "billing_export_table": "" }	no
enable_required_apis	(Optional) Whether to enabled required GCP APIs. Default is 'false'.	bool	false	no

Outputs

Name	Description
account_id	The ID of the GCP account.
billing_export_table	The billing export table.
billing_info	The billing export information.
service_account_email	The email of the internal service account.