diff --git a/.gitignore b/.gitignore
index c5fb326..7dbe3bc 100644
--- a/.gitignore
+++ b/.gitignore
@@ -48,5 +48,9 @@ crash.log
 
 credentials.json
 
+examples/automatic-labelling-folder/function_source.zip
 examples/automatic-labelling-from-localhost/function_source.zip
 examples/automatic-labelling-from-repository/function_source_copy
+
+node_modules
+yarn.lock
diff --git a/README.md b/README.md
index d183e38..e447bd2 100644
--- a/README.md
+++ b/README.md
@@ -86,4 +86,4 @@ following APIs enabled:
 - Cloud Storage API: `storage-component.googleapis.com`
 
 The [Project Factory module][project-factory-module-site] can be used to
-provision projects with specific APIs activated.
\ No newline at end of file
+provision projects with specific APIs activated.
diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml
index 998da2b..acdecf8 100644
--- a/build/int.cloudbuild.yaml
+++ b/build/int.cloudbuild.yaml
@@ -21,9 +21,6 @@ steps:
   - 'TF_VAR_org_id=$_ORG_ID'
   - 'TF_VAR_folder_id=$_FOLDER_ID'
   - 'TF_VAR_billing_account=$_BILLING_ACCOUNT'
-- id: echo
-  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'cat test/source.sh']
 - id: create
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
   args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create']
diff --git a/examples/automatic-labelling-folder/README.md b/examples/automatic-labelling-folder/README.md
new file mode 100644
index 0000000..a5aa92a
--- /dev/null
+++ b/examples/automatic-labelling-folder/README.md
@@ -0,0 +1,69 @@
+# Automatic Labelling for folder projects
+
+This example demonstrates how to use the
+[root module][root-module] and the
+[event-folder-log-entry submodule][event-folder-log-entry-submodule]
+to configure a system
+which responds to project creation events by labelling them with test label.
+
+## Usage
+
+To provision this example, populate `terraform.tfvars` with the [required variables](#inputs) and run the following commands within
+this directory:
+
+- `terraform init` to initialize the directory
+- `terraform plan` to generate the execution plan
+- `terraform apply` to apply the execution plan
+- `terraform destroy` to destroy the infrastructure
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| folder\_id | The ID of the folder to look for changes. | string | n/a | yes |
+| project\_id | The ID of the project to which resources will be applied. | string | n/a | yes |
+| region | The region in which resources will be applied. | string | n/a | yes |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+## Requirements
+
+The following sections describe the requirements which must be met in
+order to invoke this module. The requirements of the
+[root module][root-module-requirements] and the
+[event-folder-log-entry submodule][event-folder-log-entry-submodule-requirements]
+must also be met.
+
+### Software Dependencies
+
+The following software dependencies must be installed on the system
+from which this module will be invoked:
+
+- [Terraform][terraform-site] v0.12.Z
+
+### IAM Roles
+
+The Service Account which will be used to invoke this module must have
+the following IAM roles:
+
+- Logs Configuration Writer: `roles/logging.configWriter`
+- Pub/Sub Admin: `roles/pubsub.admin`
+- Service Account User: `roles/iam.serviceAccountUser`
+
+- Default AppSpot user: `roles/owner`
+- Your user: `roles/resourcemanager.projectCreator`
+
+### APIs
+
+The project against which this module will be invoked must have the
+following APIs enabled:
+
+- Cloud Pub/Sub API: `pubsub.googleapis.com`
+- Stackdriver Logging API: `logging.googleapis.com`
+
+[event-folder-log-entry-submodule-requirements]: ../../modules/event-folder-log-entry/README.md#requirements
+[event-folder-log-entry-submodule]: ../../modules/event-folder-log-entry
+[root-module-requirements]: ../../README.md#requirements
+[root-module]: ../..
+[terraform-site]: https://terraform.io/
diff --git a/examples/automatic-labelling-folder/function_source/index.js b/examples/automatic-labelling-folder/function_source/index.js
new file mode 100644
index 0000000..39d2381
--- /dev/null
+++ b/examples/automatic-labelling-folder/function_source/index.js
@@ -0,0 +1,139 @@
+/**
+ * Copyright 2019 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+const { google } = require("googleapis");
+const { auth } = google;
+const crm = google.cloudresourcemanager("v1");
+
+/**
+ * Authenticates with Google Cloud Platform.
+ *
+ * @param {!Function} callback A callback function to signal completion.
+ */
+authenticate = callback => {
+  console.log("Authenticating");
+  auth.getApplicationDefault((error, authClient) => {
+    if (error) {
+      console.error("Error while authenticating");
+
+      return callback(error);
+    }
+    console.log("Authenticated");
+
+    return callback(null, authClient);
+  });
+};
+
+/**
+ * Fetches fields from a given project.
+ *
+ * @param {!Object} authClient An authenticated client for GCP.
+ * label.
+ * @param {!String} projectId The identity of the project to fetch fields for.
+ * @param {!Function} callback A callback function to signal completion.
+ */
+fetchFields = ({ authClient, projectId }, callback) => {
+  console.log("Fetching fields for " + projectId);
+  crm.projects.get(
+    { auth: authClient, projectId }, (error, response) => {
+      if (error) {
+        console.error("Error while fetching fields");
+
+        return callback(error);
+      }
+
+      const fields = response.data || {};
+
+      console.log("Fetched labels:", fields);
+
+      return callback(null, fields);
+    });
+};
+
+/**
+ * Stores fields on a given project.
+ *
+ * @param {!Object} authClient An authenticated client for GCP.
+ * @param {!Object} fields Fields to be stored on the project.
+ * @param {!String} projectId The identity of the project to save fields to.
+ * @param {!Function} callback A callback function to signal completion.
+ */
+storeFields =
+  ({ authClient, fields, projectId },
+    callback) => {
+    console.log("Storing fields for " + projectId);
+    crm.projects.update(
+      {
+        auth: authClient,
+        projectId,
+        resource: fields
+      },
+      error => {
+        if (error) {
+          console.error("Error while storing fields");
+
+          return callback(error);
+        }
+        console.log("Stored fields:", fields);
+
+        return callback(null);
+      });
+  };
+
+/**
+ * Triggered from a message on a Cloud Pub/Sub topic.
+ *
+ * @param {!Object} event Event payload and metadata.
+ * @param {!Function} callback Callback function to signal completion.
+ */
+exports.labelResource = (data, context, callback)=> {
+  const eventData =
+    JSON.parse(Buffer.from(data.data, "base64").toString());
+
+  console.log("Received event");
+  console.log(eventData);
+  authenticate((error, authClient) => {
+    if (error) {
+      return callback(error);
+    }
+
+    const projectId = eventData.resource.labels.project_id;
+
+    fetchFields(
+      { authClient, projectId },
+      (error, fields, labelFingerprint) => {
+        if (error) {
+          return callback(error);
+        }
+
+        const labelKey = process.env.LABEL_KEY;
+        const labelValue = process.env.LABEL_VALUE;
+
+        storeFields(
+          {
+            authClient,
+            fields: {
+              name: fields.name,
+              parent: fields.parent,
+              labels:
+                Object.assign(fields.labels || {}, { [labelKey]: labelValue })
+            },
+            projectId
+          },
+          callback);
+      });
+  });
+};
diff --git a/examples/automatic-labelling-folder/function_source/package.json b/examples/automatic-labelling-folder/function_source/package.json
new file mode 100644
index 0000000..3993eb1
--- /dev/null
+++ b/examples/automatic-labelling-folder/function_source/package.json
@@ -0,0 +1,7 @@
+{
+  "name": "label-resource",
+  "version": "0.0.1",
+  "dependencies": {
+    "googleapis": "^36.0"
+  }
+}
diff --git a/examples/automatic-labelling-folder/main.tf b/examples/automatic-labelling-folder/main.tf
new file mode 100644
index 0000000..4ea2532
--- /dev/null
+++ b/examples/automatic-labelling-folder/main.tf
@@ -0,0 +1,107 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  required_version = "~> 0.12.0"
+}
+
+provider "archive" {
+  version = "~> 1.0"
+}
+
+provider "google" {
+  version = "~> 2.1"
+}
+
+provider "random" {
+  version = "~> 2.0"
+}
+
+provider "null" {
+  version = "~> 2.1"
+}
+
+resource "random_pet" "main" {
+  length    = 2
+  separator = "-"
+}
+
+module "event_folder_log_entry" {
+  source = "../../modules/event-folder-log-entry"
+
+  filter     = <<EOF
+resource.type="project" AND
+protoPayload.serviceName="cloudresourcemanager.googleapis.com" AND
+protoPayload.methodName="CreateProject"
+EOF
+  name       = random_pet.main.id
+  project_id = var.project_id
+  folder_id  = var.folder_id
+}
+
+module "localhost_function" {
+  source = "../.."
+
+  description = "Labels resource with owner information."
+  entry_point = "labelResource"
+
+  environment_variables = {
+    FOLDER_ID   = var.folder_id
+    LABEL_KEY   = "test"
+    LABEL_VALUE = "foobar"
+  }
+
+  event_trigger    = module.event_folder_log_entry.function_event_trigger
+  name             = random_pet.main.id
+  project_id       = var.project_id
+  region           = var.region
+  source_directory = "${path.module}/function_source"
+  runtime          = "nodejs8"
+}
+
+resource "null_resource" "wait_for_function" {
+  provisioner "local-exec" {
+    command = "sleep 60"
+  }
+
+  depends_on = [module.localhost_function]
+}
+
+resource "random_pet" "project_id" {
+  length    = 1
+  separator = "-"
+  prefix    = random_pet.main.id
+}
+
+resource "google_project" "test" {
+  name       = random_pet.project_id.id
+  project_id = random_pet.project_id.id
+  folder_id  = var.folder_id
+
+  lifecycle {
+    ignore_changes = [
+      labels,
+    ]
+  }
+
+  depends_on = [null_resource.wait_for_function]
+}
+
+resource "google_project_iam_member" "test_project_iam" {
+  project = google_project.test.project_id
+  role    = "roles/owner"
+  member  = "serviceAccount:${var.project_id}@appspot.gserviceaccount.com"
+}
\ No newline at end of file
diff --git a/examples/automatic-labelling-folder/outputs.tf b/examples/automatic-labelling-folder/outputs.tf
new file mode 100644
index 0000000..d9d04ec
--- /dev/null
+++ b/examples/automatic-labelling-folder/outputs.tf
@@ -0,0 +1,30 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "project_id" {
+  value       = var.project_id
+  description = "The ID of the project to which resources are applied."
+}
+
+output "region" {
+  value       = var.region
+  description = "The region in which resources are applied."
+}
+
+output "test_project_id" {
+  value       = google_project.test.project_id
+  description = "The ID of the project to test."
+}
diff --git a/examples/automatic-labelling-folder/variables.tf b/examples/automatic-labelling-folder/variables.tf
new file mode 100644
index 0000000..27b3a91
--- /dev/null
+++ b/examples/automatic-labelling-folder/variables.tf
@@ -0,0 +1,30 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project_id" {
+  type        = string
+  description = "The ID of the project to which resources will be applied."
+}
+
+variable "folder_id" {
+  type        = string
+  description = "The ID of the folder to look for changes."
+}
+
+variable "region" {
+  type        = string
+  description = "The region in which resources will be applied."
+}
diff --git a/examples/automatic-labelling-from-localhost/function_source/package.json b/examples/automatic-labelling-from-localhost/function_source/package.json
index a3edb7d..3993eb1 100644
--- a/examples/automatic-labelling-from-localhost/function_source/package.json
+++ b/examples/automatic-labelling-from-localhost/function_source/package.json
@@ -4,4 +4,4 @@
   "dependencies": {
     "googleapis": "^36.0"
   }
-}
\ No newline at end of file
+}
diff --git a/examples/automatic-labelling-from-repository/function_source/package.json b/examples/automatic-labelling-from-repository/function_source/package.json
index a3edb7d..3993eb1 100644
--- a/examples/automatic-labelling-from-repository/function_source/package.json
+++ b/examples/automatic-labelling-from-repository/function_source/package.json
@@ -4,4 +4,4 @@
   "dependencies": {
     "googleapis": "^36.0"
   }
-}
\ No newline at end of file
+}
diff --git a/examples/automatic-labelling-from-repository/scripts/configure_repository.sh b/examples/automatic-labelling-from-repository/scripts/configure_repository.sh
index 228687c..0098a28 100755
--- a/examples/automatic-labelling-from-repository/scripts/configure_repository.sh
+++ b/examples/automatic-labelling-from-repository/scripts/configure_repository.sh
@@ -19,6 +19,7 @@ set -x
 
 cp -R "$REPOSITORY_DIRECTORY" "$REPOSITORY_COPY_DIRECTORY"
 cd "$REPOSITORY_COPY_DIRECTORY"
+rm -rf .git # clean up .git folder from previouse runs
 git init
 git config user.name "Terraform"
 git config user.email "terraform@example.com"
diff --git a/kitchen.yml b/kitchen.yml
index 4822946..0e55f1c 100644
--- a/kitchen.yml
+++ b/kitchen.yml
@@ -23,17 +23,30 @@ verifier:
   name: terraform
 
 platforms:
-  - name: from-localhost
+  - name: default
+
+suites:
+  - name: automatic-labelling-from-localhost
     driver:
       root_module_directory: test/fixtures/automatic-labelling-from-localhost
-  - name: from-repository
+    verifier:
+      color: false
+      systems:
+        - name: automatic-labelling-instances
+          backend: gcp
+  - name: automatic-labelling-from-repository
     driver:
       root_module_directory: test/fixtures/automatic-labelling-from-repository
-
-suites:
-  - name: automatic-labelling
     verifier:
       color: false
       systems:
-        - name: automatic-labelling
+        - name: automatic-labelling-instances
+          backend: gcp
+  - name: automatic-labelling-folder
+    driver:
+      root_module_directory: test/fixtures/automatic-labelling-folder
+    verifier:
+      color: false
+      systems:
+        - name: automatic-labelling-projects
           backend: gcp
diff --git a/test/fixtures/automatic-labelling-folder/main.tf b/test/fixtures/automatic-labelling-folder/main.tf
new file mode 100644
index 0000000..30b07c7
--- /dev/null
+++ b/test/fixtures/automatic-labelling-folder/main.tf
@@ -0,0 +1,23 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "automatic_labelling_folder" {
+  source = "../../../examples/automatic-labelling-folder"
+
+  project_id = var.project_id
+  folder_id  = var.folder_id
+  region     = var.region
+}
diff --git a/test/fixtures/automatic-labelling-folder/outputs.tf b/test/fixtures/automatic-labelling-folder/outputs.tf
new file mode 100644
index 0000000..5d5a66f
--- /dev/null
+++ b/test/fixtures/automatic-labelling-folder/outputs.tf
@@ -0,0 +1,30 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "project_id" {
+  value       = var.project_id
+  description = "The ID of the project to which resources are applied."
+}
+
+output "region" {
+  value       = var.region
+  description = "The region in which resources are applied."
+}
+
+output "test_project_id" {
+  value       = module.automatic_labelling_folder.test_project_id
+  description = "The ID of the project to test."
+}
diff --git a/test/fixtures/automatic-labelling-folder/variables.tf b/test/fixtures/automatic-labelling-folder/variables.tf
new file mode 100644
index 0000000..27b3a91
--- /dev/null
+++ b/test/fixtures/automatic-labelling-folder/variables.tf
@@ -0,0 +1,30 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project_id" {
+  type        = string
+  description = "The ID of the project to which resources will be applied."
+}
+
+variable "folder_id" {
+  type        = string
+  description = "The ID of the folder to look for changes."
+}
+
+variable "region" {
+  type        = string
+  description = "The region in which resources will be applied."
+}
diff --git a/test/integration/automatic-labelling-folder b/test/integration/automatic-labelling-folder
new file mode 120000
index 0000000..3f5080a
--- /dev/null
+++ b/test/integration/automatic-labelling-folder
@@ -0,0 +1 @@
+automatic-labelling-projects
\ No newline at end of file
diff --git a/test/integration/automatic-labelling-from-localhost b/test/integration/automatic-labelling-from-localhost
new file mode 120000
index 0000000..a1b6748
--- /dev/null
+++ b/test/integration/automatic-labelling-from-localhost
@@ -0,0 +1 @@
+automatic-labelling-instances
\ No newline at end of file
diff --git a/test/integration/automatic-labelling-from-repository b/test/integration/automatic-labelling-from-repository
new file mode 120000
index 0000000..a1b6748
--- /dev/null
+++ b/test/integration/automatic-labelling-from-repository
@@ -0,0 +1 @@
+automatic-labelling-instances
\ No newline at end of file
diff --git a/test/integration/automatic-labelling/controls/automatically_labelled.rb b/test/integration/automatic-labelling-instances/controls/automatically_labelled.rb
similarity index 100%
rename from test/integration/automatic-labelling/controls/automatically_labelled.rb
rename to test/integration/automatic-labelling-instances/controls/automatically_labelled.rb
index fdba818..399569c 100644
--- a/test/integration/automatic-labelling/controls/automatically_labelled.rb
+++ b/test/integration/automatic-labelling-instances/controls/automatically_labelled.rb
@@ -1,5 +1,3 @@
-# frozen_string_literal: true
-
 # Copyright 2019 Google Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -14,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+
+# frozen_string_literal: true
 require "json"
 
 control "automatically labelled" do
diff --git a/test/integration/automatic-labelling/inspec.yml b/test/integration/automatic-labelling-instances/inspec.yml
similarity index 96%
rename from test/integration/automatic-labelling/inspec.yml
rename to test/integration/automatic-labelling-instances/inspec.yml
index e27db83..4f44a53 100644
--- a/test/integration/automatic-labelling/inspec.yml
+++ b/test/integration/automatic-labelling-instances/inspec.yml
@@ -13,7 +13,7 @@
 # limitations under the License.
 
 ---
-name: automatic_labelling
+name: automatic_labelling_instances
 version: 0.1.0
 depends:
   - name: inspec-gcp
diff --git a/test/integration/automatic-labelling-projects/controls/automatically_labelled.rb b/test/integration/automatic-labelling-projects/controls/automatically_labelled.rb
new file mode 100644
index 0000000..79b4db9
--- /dev/null
+++ b/test/integration/automatic-labelling-projects/controls/automatically_labelled.rb
@@ -0,0 +1,23 @@
+# Copyright 2019 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# frozen_string_literal: true
+require "json"
+
+control "automatically labelled" do
+  describe google_project(project: attribute("test_project_id")).label_value_by_key('test') do
+    it {should match '^(foobar)$' }
+  end
+end
diff --git a/test/integration/automatic-labelling-projects/inspec.yml b/test/integration/automatic-labelling-projects/inspec.yml
new file mode 100644
index 0000000..dd753d3
--- /dev/null
+++ b/test/integration/automatic-labelling-projects/inspec.yml
@@ -0,0 +1,26 @@
+# Copyright 2019 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+name: automatic_labelling_projects
+version: 0.1.0
+depends:
+  - name: inspec-gcp
+    git: https://github.com/inspec/inspec-gcp.git
+    tag: v0.10.0
+attributes:
+  - name: test_project_id
+    type: string
+    required: true
+    description: "The ID of the project to check for labels."
diff --git a/test/setup/iam.tf b/test/setup/iam.tf
index 5ce270e..6e1201f 100644
--- a/test/setup/iam.tf
+++ b/test/setup/iam.tf
@@ -22,7 +22,19 @@ locals {
     "roles/pubsub.admin",
     "roles/logging.configWriter",
     "roles/source.admin",
-    "roles/iam.serviceAccountUser"
+    "roles/iam.serviceAccountUser",
+  ]
+
+  int_required_folder_roles = [
+    "roles/owner",
+    "roles/resourcemanager.projectCreator",
+    "roles/resourcemanager.folderAdmin",
+    "roles/resourcemanager.folderIamAdmin",
+    "roles/billing.projectManager",
+  ]
+
+  int_required_folder_cloud_function_roles = [
+    "roles/owner",
   ]
 }
 
@@ -40,6 +52,22 @@ resource "google_project_iam_member" "int_test" {
   member  = "serviceAccount:${google_service_account.int_test.email}"
 }
 
+resource "google_folder_iam_member" "int_test_folder" {
+  count = length(local.int_required_folder_roles)
+
+  folder = google_folder.ci_event_func_subfolder.name
+  role   = local.int_required_folder_roles[count.index]
+  member = "serviceAccount:${google_service_account.int_test.email}"
+}
+
+resource "google_folder_iam_member" "int_test_sub_folder_cloud_function" {
+  count = length(local.int_required_folder_cloud_function_roles)
+
+  folder = google_folder.ci_event_func_subfolder.name
+  role   = local.int_required_folder_cloud_function_roles[count.index]
+  member = "serviceAccount:${module.project.project_id}@appspot.gserviceaccount.com"
+}
+
 resource "google_service_account_key" "int_test" {
   service_account_id = google_service_account.int_test.id
 }
diff --git a/test/setup/main.tf b/test/setup/main.tf
index af49689..a29e733 100644
--- a/test/setup/main.tf
+++ b/test/setup/main.tf
@@ -15,9 +15,18 @@
  */
 
 locals {
-  project_name = "ci-event-function"
+  project_name   = "ci-event-function"
+  subfolder_name = "${local.project_name}-${random_id.folder_rand.hex}"
 }
 
+resource "random_id" "folder_rand" {
+  byte_length = 2
+}
+
+resource "google_folder" "ci_event_func_subfolder" {
+  display_name = local.subfolder_name
+  parent       = "folders/${var.folder_id}"
+}
 
 module "project" {
   source  = "terraform-google-modules/project-factory/google"
diff --git a/test/setup/make_source.sh b/test/setup/make_source.sh
index c91886f..53a98af 100755
--- a/test/setup/make_source.sh
+++ b/test/setup/make_source.sh
@@ -17,12 +17,14 @@
 project_id=$(terraform output project_id)
 region=$(terraform output region)
 zone=$(terraform output zone)
+sub_folder_id=$(terraform output sub_folder_id)
 
 {
   echo "#!/usr/bin/env bash"
   echo "export TF_VAR_project_id='$project_id'"
   echo "export TF_VAR_region='$region'"
   echo "export TF_VAR_zone='$zone'"
+  echo "export TF_VAR_folder_id='$sub_folder_id'"
 } > ../source.sh
 
 sa_json=$(terraform output sa_key)
diff --git a/test/setup/outputs.tf b/test/setup/outputs.tf
index 628b854..1384ba4 100644
--- a/test/setup/outputs.tf
+++ b/test/setup/outputs.tf
@@ -18,6 +18,10 @@ output "project_id" {
   value = module.project.project_id
 }
 
+output "sub_folder_id" {
+  value = google_folder.ci_event_func_subfolder.id
+}
+
 output "sa_key" {
   value     = google_service_account_key.int_test.private_key
   sensitive = true