Skip to content

sleterrier/terraform-google-org-policy

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

38 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 
exclusions.tf
exclusions.tf
 
 
folder.tf
folder.tf
 
 
main.tf
main.tf
 
 
organization.tf
organization.tf
 
 
project.tf
project.tf
 
 
variables.tf
variables.tf
 
 
versions.tf
versions.tf
 
 

Repository files navigation

Google Cloud Organization Policy Terraform Module

This Terraform module makes it easier to manage to manage organization policies for your Google Cloud environment, particularly when you want to have exclusion rules. This module will allow you to set a top-level org policy and then disable it on individual projects or folders easily.

Disclaimer: this module is a for_each/dynamic blocks rewrite of terraform-google-org-policy.

Compatibility

This module is meant for use with Terraform 0.12.6. If you haven't upgraded and need a Terraform 0.11.x-compatible version of this module, you're out of luck!

Usage

Many examples are included in the examples folder, but simle usage is as follows:

variable iam_policy_constraints {
  default = {
    "iam.allowedPolicyMemberDomains" = {
       #allow             = [ "all" ]
       allow             = [ "test", "test2" ]
       #deny              = [ "test", "test2" ]
       #deny              = [ "all" ]
       exclude_folders   = ["folders/folder-1-id", "folders/folder-2-id"]
       exclude_projects  = ["project1-id", "project2-id"]
    }

    "compute.disableSerialPortAccess" = {
       enforced        = true
       exclude_folders = ["folders/folder-1-id", "folders/folder-2-id"]
    }
  }
}

module "org-policy" {
  source = "../modules/gcp-org-policy"

  org_id            = "123456789"
  policy_constraint = var.iam_policy_constraints
}

Variables

To control module's behavior, change variables' values regarding the following:

  • policy_constraints: set this variable with constraints values. See examples above.
  • Policies Root: set one of the following values to determine where the policy is applied:
    • org_id
    • project
    • folder

Inputs

Name Description Type Default Required
folder The folder id the policy constraints are applied to string "" no
org_id The organization id the policy constraints are applied to string "" no
policy_constraints Maps of maps defining policy constraints to be applied map n/a yes
project The project id the policy constraints are applied to string "" no

Requirements

Terraform plugins

Permissions

In order to execute this module, the Service Account you run as must have the Organization Policy Administrator (roles/orgpolicy.PolicyAdmin) role.

Install

Terraform

Be sure you have the correct Terraform version (>=0.12.6), you can choose the binary here:

Terraform plugins

About

A Terraform module for managing GCP org policies.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

 
 
 

Languages

  • HCL 100.0%