diff --git a/fast/stages/01-resman/README.md b/fast/stages/01-resman/README.md
index 46a8a383e..b83c17a08 100644
--- a/fast/stages/01-resman/README.md
+++ b/fast/stages/01-resman/README.md
@@ -175,12 +175,12 @@ Due to its simplicity, this stage lends itself easily to customizations: adding
| name | description | sensitive | consumers |
|---|---|:---:|---|
-| [networking](outputs.tf#L84) | Data for the networking stage. | | 02-networking |
-| [project_factories](outputs.tf#L94) | Data for the project factories stage. | | xx-teams |
-| [providers](outputs.tf#L111) | Terraform provider files for this stage and dependent stages. | ✓ | 02-networking · 02-security · xx-sandbox · xx-teams |
-| [sandbox](outputs.tf#L118) | Data for the sandbox stage. | | xx-sandbox |
-| [security](outputs.tf#L128) | Data for the networking stage. | | 02-security |
-| [teams](outputs.tf#L138) | Data for the teams stage. | | |
-| [tfvars](outputs.tf#L151) | Terraform variable files for the following stages. | ✓ | |
+| [networking](outputs.tf#L88) | Data for the networking stage. | | 02-networking |
+| [project_factories](outputs.tf#L98) | Data for the project factories stage. | | xx-teams |
+| [providers](outputs.tf#L115) | Terraform provider files for this stage and dependent stages. | ✓ | 02-networking · 02-security · xx-sandbox · xx-teams |
+| [sandbox](outputs.tf#L122) | Data for the sandbox stage. | | xx-sandbox |
+| [security](outputs.tf#L132) | Data for the networking stage. | | 02-security |
+| [teams](outputs.tf#L142) | Data for the teams stage. | | |
+| [tfvars](outputs.tf#L155) | Terraform variable files for the following stages. | ✓ | |
diff --git a/fast/stages/02-networking-nva/README.md b/fast/stages/02-networking-nva/README.md
index 2f692df5e..1b7f232e0 100644
--- a/fast/stages/02-networking-nva/README.md
+++ b/fast/stages/02-networking-nva/README.md
@@ -321,19 +321,19 @@ Don't forget to add a peering zone in the landing project and point it to the ne
| name | description | type | required | default | producer |
|---|---|:---:|:---:|:---:|:---:|
| [billing_account_id](variables.tf#L17) | Billing account id. | string | ✓ | | 00-bootstrap |
-| [organization](variables.tf#L99) | Organization details. | object({…}) | ✓ | | 00-bootstrap |
-| [prefix](variables.tf#L115) | Prefix used for resources that need unique names. | string | ✓ | | 00-bootstrap |
+| [folder_ids](variables.tf#L59) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | map(string) | ✓ | | 01-resman |
+| [organization](variables.tf#L91) | Organization details. | object({…}) | ✓ | | 00-bootstrap |
+| [prefix](variables.tf#L107) | Prefix used for resources that need unique names. | string | ✓ | | 00-bootstrap |
| [custom_adv](variables.tf#L23) | Custom advertisement definitions in name => range format. | map(string) | | {…} | |
| [data_dir](variables.tf#L45) | Relative path for the folder storing configuration data for network resources. | string | | "data" | |
| [dns](variables.tf#L51) | Onprem DNS resolvers | map(list(string)) | | {…} | |
-| [folder_id](variables.tf#L59) | Folder to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | string | | null | 01-resman |
-| [l7ilb_subnets](variables.tf#L73) | Subnets used for L7 ILBs. | map(list(object({…}))) | | {…} | |
-| [onprem_cidr](variables.tf#L91) | Onprem addresses in name => range format. | map(string) | | {…} | |
-| [outputs_location](variables.tf#L109) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | |
-| [project_factory_sa](variables.tf#L121) | IAM emails for project factory service accounts | map(string) | | {} | 01-resman |
-| [psa_ranges](variables.tf#L128) | IP ranges used for Private Service Access (e.g. CloudSQL). | map(map(string)) | | {…} | |
-| [router_configs](variables.tf#L143) | Configurations for CRs and onprem routers. | map(object({…})) | | {…} | |
-| [vpn_onprem_configs](variables.tf#L166) | VPN gateway configuration for onprem interconnection. | map(object({…})) | | {…} | |
+| [l7ilb_subnets](variables.tf#L65) | Subnets used for L7 ILBs. | map(list(object({…}))) | | {…} | |
+| [onprem_cidr](variables.tf#L83) | Onprem addresses in name => range format. | map(string) | | {…} | |
+| [outputs_location](variables.tf#L101) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | |
+| [project_factory_sa](variables.tf#L113) | IAM emails for project factory service accounts | map(string) | | {} | 01-resman |
+| [psa_ranges](variables.tf#L120) | IP ranges used for Private Service Access (e.g. CloudSQL). | map(map(string)) | | {…} | |
+| [router_configs](variables.tf#L135) | Configurations for CRs and onprem routers. | map(object({…})) | | {…} | |
+| [vpn_onprem_configs](variables.tf#L158) | VPN gateway configuration for onprem interconnection. | map(object({…})) | | {…} | |
## Outputs
diff --git a/fast/stages/02-networking-nva/main.tf b/fast/stages/02-networking-nva/main.tf
index db03c69a1..932191dcb 100644
--- a/fast/stages/02-networking-nva/main.tf
+++ b/fast/stages/02-networking-nva/main.tf
@@ -29,8 +29,8 @@ module "folder" {
source = "../../../modules/folder"
parent = "organizations/${var.organization.id}"
name = "Networking"
- folder_create = var.folder_id == null
- id = var.folder_id
+ folder_create = var.folder_ids.networking == null
+ id = var.folder_ids.networking
firewall_policy_factory = {
cidr_file = "${var.data_dir}/cidrs.yaml"
policy_name = null
diff --git a/fast/stages/02-networking-nva/variables.tf b/fast/stages/02-networking-nva/variables.tf
index 6756e5b62..355eccf47 100644
--- a/fast/stages/02-networking-nva/variables.tf
+++ b/fast/stages/02-networking-nva/variables.tf
@@ -56,18 +56,10 @@ variable "dns" {
}
}
-variable "folder_id" {
+variable "folder_ids" {
# tfdoc:variable:source 01-resman
- description = "Folder to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created."
- type = string
- default = null
- validation {
- condition = (
- var.folder_id == null ||
- can(regex("folders/[0-9]{8,}", var.folder_id))
- )
- error_message = "Invalid folder_id. Should be in 'folders/nnnnnnnnnnn' format."
- }
+ description = "Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created."
+ type = map(string)
}
variable "l7ilb_subnets" {
diff --git a/fast/stages/02-networking-nva/vpc-landing.tf b/fast/stages/02-networking-nva/vpc-landing.tf
index 9f6d0a922..e49c6c57b 100644
--- a/fast/stages/02-networking-nva/vpc-landing.tf
+++ b/fast/stages/02-networking-nva/vpc-landing.tf
@@ -20,7 +20,7 @@ module "landing-project" {
source = "../../../modules/project"
billing_account = var.billing_account_id
name = "prod-net-landing-0"
- parent = var.folder_id
+ parent = var.folder_ids.networking
prefix = var.prefix
service_config = {
disable_on_destroy = false
diff --git a/fast/stages/02-networking-nva/vpc-spoke-dev.tf b/fast/stages/02-networking-nva/vpc-spoke-dev.tf
index 392b57504..628b64901 100644
--- a/fast/stages/02-networking-nva/vpc-spoke-dev.tf
+++ b/fast/stages/02-networking-nva/vpc-spoke-dev.tf
@@ -20,7 +20,7 @@ module "dev-spoke-project" {
source = "../../../modules/project"
billing_account = var.billing_account_id
name = "dev-net-spoke-0"
- parent = var.folder_id
+ parent = var.folder_ids.networking-dev
prefix = var.prefix
service_config = {
disable_on_destroy = false
diff --git a/fast/stages/02-networking-nva/vpc-spoke-prod.tf b/fast/stages/02-networking-nva/vpc-spoke-prod.tf
index 320175dc0..f05552635 100644
--- a/fast/stages/02-networking-nva/vpc-spoke-prod.tf
+++ b/fast/stages/02-networking-nva/vpc-spoke-prod.tf
@@ -20,7 +20,7 @@ module "prod-spoke-project" {
source = "../../../modules/project"
billing_account = var.billing_account_id
name = "prod-net-spoke-0"
- parent = var.folder_id
+ parent = var.folder_ids.networking-prod
prefix = var.prefix
service_config = {
disable_on_destroy = false
diff --git a/fast/stages/02-networking-vpn/README.md b/fast/stages/02-networking-vpn/README.md
index a485d1c70..c32cd2f53 100644
--- a/fast/stages/02-networking-vpn/README.md
+++ b/fast/stages/02-networking-vpn/README.md
@@ -309,20 +309,20 @@ DNS configurations are centralised in the `dns.tf` file. Spokes delegate DNS res
| name | description | type | required | default | producer |
|---|---|:---:|:---:|:---:|:---:|
| [billing_account_id](variables.tf#L17) | Billing account id. | string | ✓ | | 00-bootstrap |
-| [organization](variables.tf#L93) | Organization details. | object({…}) | ✓ | | 00-bootstrap |
-| [prefix](variables.tf#L109) | Prefix used for resources that need unique names. | string | ✓ | | 00-bootstrap |
+| [folder_idd](variables.tf#L61) | Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | map(string) | ✓ | | 01-resman |
+| [organization](variables.tf#L85) | Organization details. | object({…}) | ✓ | | 00-bootstrap |
+| [prefix](variables.tf#L101) | Prefix used for resources that need unique names. | string | ✓ | | 00-bootstrap |
| [custom_adv](variables.tf#L23) | Custom advertisement definitions in name => range format. | map(string) | | {…} | |
| [custom_roles](variables.tf#L40) | Custom roles defined at the org level, in key => id format. | map(string) | | {} | 00-bootstrap |
| [data_dir](variables.tf#L47) | Relative path for the folder storing configuration data for network resources. | string | | "data" | |
| [dns](variables.tf#L53) | Onprem DNS resolvers. | map(list(string)) | | {…} | |
-| [folder_id](variables.tf#L61) | Folder to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created. | string | | null | 01-resman |
-| [l7ilb_subnets](variables.tf#L75) | Subnets used for L7 ILBs. | map(list(object({…}))) | | {…} | |
-| [outputs_location](variables.tf#L103) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | |
-| [project_factory_sa](variables.tf#L115) | IAM emails for project factory service accounts. | map(string) | | {} | 01-resman |
-| [psa_ranges](variables.tf#L122) | IP ranges used for Private Service Access (e.g. CloudSQL). | map(map(string)) | | {…} | |
-| [router_configs](variables.tf#L137) | Configurations for CRs and onprem routers. | map(object({…})) | | {…} | |
-| [vpn_onprem_configs](variables.tf#L161) | VPN gateway configuration for onprem interconnection. | map(object({…})) | | {…} | |
-| [vpn_spoke_configs](variables.tf#L217) | VPN gateway configuration for spokes. | map(object({…})) | | {…} | |
+| [l7ilb_subnets](variables.tf#L67) | Subnets used for L7 ILBs. | map(list(object({…}))) | | {…} | |
+| [outputs_location](variables.tf#L95) | Path where providers and tfvars files for the following stages are written. Leave empty to disable. | string | | null | |
+| [project_factory_sa](variables.tf#L107) | IAM emails for project factory service accounts. | map(string) | | {} | 01-resman |
+| [psa_ranges](variables.tf#L114) | IP ranges used for Private Service Access (e.g. CloudSQL). | map(map(string)) | | {…} | |
+| [router_configs](variables.tf#L129) | Configurations for CRs and onprem routers. | map(object({…})) | | {…} | |
+| [vpn_onprem_configs](variables.tf#L153) | VPN gateway configuration for onprem interconnection. | map(object({…})) | | {…} | |
+| [vpn_spoke_configs](variables.tf#L209) | VPN gateway configuration for spokes. | map(object({…})) | | {…} | |
## Outputs
diff --git a/fast/stages/02-networking-vpn/main.tf b/fast/stages/02-networking-vpn/main.tf
index 4a3f4748f..fcca88673 100644
--- a/fast/stages/02-networking-vpn/main.tf
+++ b/fast/stages/02-networking-vpn/main.tf
@@ -53,8 +53,8 @@ module "folder" {
source = "../../../modules/folder"
parent = "organizations/${var.organization.id}"
name = "Networking"
- folder_create = var.folder_id == null
- id = var.folder_id
+ folder_create = var.folder_ids.networking == null
+ id = var.folder_ids.networking
firewall_policy_factory = {
cidr_file = "${var.data_dir}/cidrs.yaml"
policy_name = null
diff --git a/fast/stages/02-networking-vpn/variables.tf b/fast/stages/02-networking-vpn/variables.tf
index 4c134e2f9..30af80f1a 100644
--- a/fast/stages/02-networking-vpn/variables.tf
+++ b/fast/stages/02-networking-vpn/variables.tf
@@ -58,18 +58,10 @@ variable "dns" {
}
}
-variable "folder_id" {
+variable "folder_idd" {
# tfdoc:variable:source 01-resman
- description = "Folder to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created."
- type = string
- default = null
- validation {
- condition = (
- var.folder_id == null ||
- can(regex("folders/[0-9]{8,}", var.folder_id))
- )
- error_message = "Invalid folder_id. Should be in 'folders/nnnnnnnnnnn' format."
- }
+ description = "Folders to be used for the networking resources in folders/nnnnnnnnnnn format. If null, folder will be created."
+ type = map(string)
}
variable "l7ilb_subnets" {
diff --git a/fast/stages/02-networking-vpn/vpc-landing.tf b/fast/stages/02-networking-vpn/vpc-landing.tf
index 5b6673f71..595055257 100644
--- a/fast/stages/02-networking-vpn/vpc-landing.tf
+++ b/fast/stages/02-networking-vpn/vpc-landing.tf
@@ -20,7 +20,7 @@ module "landing-project" {
source = "../../../modules/project"
billing_account = var.billing_account_id
name = "prod-net-landing-0"
- parent = var.folder_id
+ parent = var.folder_ids.networking
prefix = var.prefix
service_config = {
disable_on_destroy = false
diff --git a/fast/stages/02-networking-vpn/vpc-spoke-dev.tf b/fast/stages/02-networking-vpn/vpc-spoke-dev.tf
index 90d11f163..9b3c0f9e8 100644
--- a/fast/stages/02-networking-vpn/vpc-spoke-dev.tf
+++ b/fast/stages/02-networking-vpn/vpc-spoke-dev.tf
@@ -20,7 +20,7 @@ module "dev-spoke-project" {
source = "../../../modules/project"
billing_account = var.billing_account_id
name = "dev-net-spoke-0"
- parent = var.folder_id
+ parent = var.folder_ids.networking-dev
prefix = var.prefix
service_config = {
disable_on_destroy = false
diff --git a/fast/stages/02-networking-vpn/vpc-spoke-prod.tf b/fast/stages/02-networking-vpn/vpc-spoke-prod.tf
index 0132d8fd7..7f42ab2ca 100644
--- a/fast/stages/02-networking-vpn/vpc-spoke-prod.tf
+++ b/fast/stages/02-networking-vpn/vpc-spoke-prod.tf
@@ -20,7 +20,7 @@ module "prod-spoke-project" {
source = "../../../modules/project"
billing_account = var.billing_account_id
name = "prod-net-spoke-0"
- parent = var.folder_id
+ parent = var.folder_ids.networking-prod
prefix = var.prefix
service_config = {
disable_on_destroy = false