configure staging gcp backup account

terragrunt/accounts/rust-backup-staging/account.json

@@ -0,0 +1 @@
+{}

terragrunt/accounts/rust-backup-staging/rust-assets-backup/terragrunt.hcl

@@ -0,0 +1,39 @@
+terraform {
+  source = "../../../modules//rust-assets-backup"
+}
+
+include {
+  path = find_in_parent_folders()
+  merge_strategy = "deep"
+}
+
+inputs = {
+  project_id  = "concrete-racer-468119-m7"
+  region      = "europe-west1"
+
+  # Source buckets to backup - staging AWS S3 buckets
+  source_buckets = {
+    crates-io = {
+      bucket_name       = "staging-crates-io"
+      cloudfront_domain = "cloudfront-static.staging.crates.io"
+      description       = "Staging crates for testing"
+    }
+    static-rust-lang-org = {
+      bucket_name       = "dev-static-rust-lang-org"
+      cloudfront_domain = "cloudfront-dev-static.rust-lang.org"
+      description       = "Development Rust releases"
+    }
+  }
+
+  # TODO: add the rest of the infra admins
+  # infra admins can have admin access to staging for testing/development
+  admins = [
+    "[email protected]",
+    "[email protected]",
+    "[email protected]",
+    "[email protected]"
+  ]
+
+  viewers = [
+  ]
+}

terragrunt/modules/rust-assets-backup/_terraform.tf

@@ -0,0 +1,42 @@
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 6.49"
+    }
+  }
+}
+
+variable "project_id" {
+  description = "GCP project ID for the backup"
+  type        = string
+}
+
+variable "region" {
+  description = "GCP region for the backup"
+  type        = string
+}
+
+variable "source_buckets" {
+  description = "Map of source AWS S3 buckets to backup"
+  type = map(object({
+    bucket_name       = string
+    cloudfront_domain = string
+    description       = string
+  }))
+}
+
+variable "admins" {
+  description = "List of email addresses of users with admin access"
+  type        = list(string)
+}
+
+variable "viewers" {
+  description = "List of email addresses of users with read-only access"
+  type        = list(string)
+}
+
+provider "google" {
+  project = var.project_id
+  region  = "europe-west1"
+}

terragrunt/modules/rust-assets-backup/iam.tf

@@ -0,0 +1,15 @@
+resource "google_project_iam_member" "iam_admins" {
+  for_each = toset(var.admins)
+
+  project = var.project_id
+  role    = "roles/owner"
+  member  = "user:${each.value}"
+}
+
+resource "google_project_iam_member" "iam_viewers" {
+  for_each = toset(var.viewers)
+
+  project = var.project_id
+  role    = "roles/viewer"
+  member  = "user:${each.value}"
+}

terragrunt/modules/rust-assets-backup/storage.tf

@@ -0,0 +1,28 @@
+# Create GCS buckets for backup storage
+resource "google_storage_bucket" "backup_buckets" {
+  for_each = var.source_buckets
+
+  name     = "backup-${each.key}"
+  location = var.region
+  project  = var.project_id
+
+  # Use Archive storage class for cost optimization
+  storage_class = "ARCHIVE"
+
+  # Enable versioning to protect against accidental deletion/modification
+  versioning {
+    enabled = true
+  }
+
+  # Configure soft delete policy to retain deleted objects for recovery
+  # for a certain period of time
+  soft_delete_policy {
+    retention_duration_seconds = 7776000 # 90 days
+  }
+
+  labels = {
+    purpose    = "rust-assets-backup"
+    source     = each.key
+    managed-by = "terraform"
+  }
+}