You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+8-7Lines changed: 8 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,13 +1,13 @@
1
1
# terraform-example-foundation
2
2
This is an example repo showing how the CFT Terraform modules can be composed to build a secure GCP foundation.
3
-
The supplied structure and code is intended to form a starting point for building your own foundation with pragmatic defaults you can customize to meet your own requirements. Currently, the code leverages Google Cloud Build for deployment of the Terraform from step 2 onwards.
3
+
The supplied structure and code is intended to form a starting point for building your own foundation with pragmatic defaults you can customize to meet your own requirements. Currently, the code leverages Google Cloud Build for deployment of the Terraform from step 1 onwards.
4
4
Cloud Build has been chosen to allow teams to quickly get started without needing to deploy a CI/CD tool, although it is worth noting the code can easily be executed by your preferred tool.
5
5
6
6
## Overview
7
7
This repo contains several distinct Terraform projects each within their own directory that must be applied seperately, but in sequence.
8
8
Each of these Terraform projects are to be layered on top of each other, running in the following order.
9
9
10
-
### 0. [bootstrap](./0-bootstrap/README.md)
10
+
### [0. bootstrap](./0-bootstrap/)
11
11
12
12
This stage executes the [CFT Bootstrap module](https://github.com/terraform-google-modules/terraform-google-bootstrap) which bootstraps an existing GCP organization, creating all the required GCP resources & permissions to start using the Cloud Foundation Toolkit (CFT).
13
13
This includes; projects, service accounts and a Terraform state bucket. After executing this step, you will have the following structure:
@@ -22,7 +22,7 @@ In addition, this step uses the optional Cloud Build submodule, which sets up Cl
22
22
A simple trigger mechanism is configured, which runs a `terraform plan` for any non master branch and `terraform apply` when changes are merged to the master branch.
23
23
Usage instructions are available in the bootstrap [README](./0-bootstrap/README.md).
24
24
25
-
### 1. [org](./1-org/README.md)
25
+
### [1. org](./1-org/)
26
26
27
27
The purpose of this stage is to set up top level folders used to house projects which contain shared resources such as monitoring, networking, org level logging and also to set baseline security settings through organizational policy.
28
28
This will create the following folder & project structure:
@@ -40,6 +40,7 @@ example-organization
40
40
├── org-shared-vpc-nonprod
41
41
└── org-shared-vpc-prod
42
42
```
43
+
43
44
#### Logs
44
45
45
46
Under the logs folder, two projects are created. One for organization wide audit logs and another for billing logs.
@@ -59,15 +60,15 @@ If you have strong IAM requirements for these monitoring workspaces, it is worth
59
60
Under the networking folder, a project is created per environment (prod & nonprod) which is intended to be used as a [Shared VPC Host project](https://cloud.google.com/vpc/docs/shared-vpc) for all projects in that environment.
60
61
This stage only creates the projects and enables the correct APIs, the following networks stage creates the actual Shared VPC networks.
61
62
62
-
#### Organization policy
63
+
#### Organization Policies
63
64
64
65
Finally, the this step also applies a number of baseline [Organizational Policies](https://cloud.google.com/resource-manager/docs/organization-policy/overview).
65
66
It is important to understand what restrictions these policies are applying within your GCP organization, so please take the time to review and update these restrictions to meet your own requirements.
66
67
A full list of policies is [available here](https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints).
67
68
68
69
Usage instructions are available for the org step in the [README](./1-org/README.md).
69
70
70
-
### 2. [networks](./2-networks/README.md)
71
+
### [2. networks](./2-networks/)
71
72
72
73
This step focuses on creating a Shared VPC per environment (prod & nonprod) in a standard configuration with a reasonable security baseline. Currently this includes:
73
74
@@ -83,7 +84,7 @@ This step focuses on creating a Shared VPC per environment (prod & nonprod) in a
83
84
84
85
Usage instructions are available for the network step in the [README](./2-networks/README.md).
85
86
86
-
### 3. [projects](./3-projects/README.md)
87
+
### [3. projects](./3-projects/)
87
88
88
89
This step, is focused on creating service projects in a standard configuration that are attached to the Shared VPC created in the previous step.
89
90
Running this code as-is should generate a structure as shown below:
@@ -104,7 +105,7 @@ If relevant for your use case, there are also two optional submodules which can
104
105
105
106
Usage instructions are available for the network step in the [README](./3-projects/README.md).
106
107
107
-
### Final view
108
+
### Final View
108
109
109
110
Once all steps above have been executed your GCP organization should represent the structure shown below, with projects being the lowest nodes in the tree.
0 commit comments