Skip to content
/ terraform-gcp-config Public
forked from lacework/terraform-gcp-config

Terraform module for integrating Google Cloud Platform Organziations and Projects with Lacework for cloud resource configuration assessment

0 stars 12 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mr-menno/terraform-gcp-config

BranchesTags
 
 

Repository files navigation

terraform-gcp-config

GitHub release Codefresh build status

Terraform module for integrating Google Cloud Platform Organizations and Projects with Lacework for cloud resource configuration assessment.

⚠️ - NOTE: When using an existing Service Account, Terraform cannot work out whether a role has already been applied. This means when running the destroy step, existing roles may be removed from the Service Account. If this Service Account is managed by another Terraform module, you can re-run apply on the other module and this will re-add the role.

Alternatively, it is possible to remove the offending roles from the state file before destroy, preventing the role(s) from being removed.

e.g. terraform state rm 'google_project_iam_binding.for_lacework_service_account'

Required Roles

roles/browser
roles/iam.securityReviewer

Required APIs

iam.googleapis.com
cloudkms.googleapis.com
dns.googleapis.com
pubsub.googleapis.com
compute.googleapis.com
logging.googleapis.com
bigquery.googleapis.com
sqladmin.googleapis.com
container.googleapis.com
serviceusage.googleapis.com
cloudresourcemanager.googleapis.com
storage-component.googleapis.com

Inputs

Name Description Type Default Required
org_integration If set to true, configure an organization level integration bool false false
organization_id The organization ID, required if org_integration is set to true string "" false
project_id A project ID different from the default defined inside the provider string "" false
use_existing_service_account Set this to true to use an existing Service Account. When using an existing service account, the required roles must be added manually. bool false false
service_account_name The Service Account name (required when use_existing_service_account is set to true). This can also be used to specify the new service account name when use_existing_service_account is set to false string "" false
service_account_private_key The private key in JSON format, base64 encoded (required when use_existing_service_account is set to true) string "" false
lacework_integration_name The integration name displayed in the Lacework UI. string TF config false
required_config_apis The APIs that should be enabled for this integration to be successful. map See the Required APIs section false
prefix The prefix that will be used at the beginning of every generated resource string lw-cfg false
wait_time Amount of time to wait before the next resource is provisioned. string 10s false

Outputs

Name Description
service_account_name The Service Account name
service_account_private_key The private key in JSON format, base64 encoded

About

Terraform module for integrating Google Cloud Platform Organziations and Projects with Lacework for cloud resource configuration assessment

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

4 tags

Packages

No packages published

Languages

  • Shell 65.3%
  • HCL 34.3%
  • Makefile 0.4%