diff --git a/data-solutions/data-platform-foundations/01-environment/README.md b/data-solutions/data-platform-foundations/01-environment/README.md
index 60d4e7159..c621f7d16 100644
--- a/data-solutions/data-platform-foundations/01-environment/README.md
+++ b/data-solutions/data-platform-foundations/01-environment/README.md
@@ -43,6 +43,7 @@ Once done testing, you can clean up resources by running `terraform destroy`.
| *prefix* | Prefix used to generate project id and name. | string | | null |
| *project_names* | Override this variable if you need non-standard names. | object({...}) | | ... |
| *service_account_names* | Override this variable if you need non-standard names. | object({...}) | | ... |
+| *service_encryption_key_ids* | Cloud KMS encryption key in {LOCATION => [KEY_URL]} format. Keys belong to existing project. | object({...}) | | ... |
## Outputs
@@ -50,4 +51,5 @@ Once done testing, you can clean up resources by running `terraform destroy`.
|---|---|:---:|
| project_ids | Project ids for created projects. | |
| service_account | Main service account. | |
+| service_encryption_key_ids | Cloud KMS encryption keys in {LOCATION => [KEY_URL]} format. | |
diff --git a/data-solutions/data-platform-foundations/01-environment/main.tf b/data-solutions/data-platform-foundations/01-environment/main.tf
index e211237d6..d41e19ee9 100644
--- a/data-solutions/data-platform-foundations/01-environment/main.tf
+++ b/data-solutions/data-platform-foundations/01-environment/main.tf
@@ -30,6 +30,7 @@ module "project-datamart" {
"bigquery.googleapis.com",
"bigquerystorage.googleapis.com",
"bigqueryreservation.googleapis.com",
+ "storage.googleapis.com",
"storage-component.googleapis.com",
]
iam = {
diff --git a/data-solutions/data-platform-foundations/01-environment/outputs.tf b/data-solutions/data-platform-foundations/01-environment/outputs.tf
index 555bf6ac6..a008faf96 100644
--- a/data-solutions/data-platform-foundations/01-environment/outputs.tf
+++ b/data-solutions/data-platform-foundations/01-environment/outputs.tf
@@ -26,12 +26,8 @@ output "project_ids" {
}
output "service_encryption_key_ids" {
- description = "Project ids for created projects."
- value = {
- regional = var.service_encryption_key_ids.regional
- multiregional = var.service_encryption_key_ids.multiregional
- global = var.service_encryption_key_ids.global
- }
+ description = "Cloud KMS encryption keys in {LOCATION => [KEY_URL]} format."
+ value = var.service_encryption_key_ids
}
output "service_account" {
diff --git a/data-solutions/data-platform-foundations/01-environment/variables.tf b/data-solutions/data-platform-foundations/01-environment/variables.tf
index ac31fee71..392359988 100644
--- a/data-solutions/data-platform-foundations/01-environment/variables.tf
+++ b/data-solutions/data-platform-foundations/01-environment/variables.tf
@@ -56,14 +56,8 @@ variable "service_account_names" {
}
}
-variable "create_encryption_keys" {
- description = "Cloud KMS encryption key will be created in the Service Project."
- type = bool
- default = false
-}
-
variable "service_encryption_key_ids" {
- description = "Cloud KMS encryption key in {SERVICE => [KEY_URL]} format. Keys belong to existing project."
+ description = "Cloud KMS encryption key in {LOCATION => [KEY_URL]} format. Keys belong to existing project."
type = object({
regional = string
multiregional = string
diff --git a/data-solutions/data-platform-foundations/02-resources/README.md b/data-solutions/data-platform-foundations/02-resources/README.md
index 3f1e6e9ab..1ec7bc80b 100644
--- a/data-solutions/data-platform-foundations/02-resources/README.md
+++ b/data-solutions/data-platform-foundations/02-resources/README.md
@@ -61,6 +61,7 @@ Once done testing, you can clean up resources by running `terraform destroy`.
| *landing_pubsub* | List of landing pubsub topics and subscriptions to create | map(map(object({...}))) | | ... |
| *landing_service_account* | landing service accounts list. | string | | sa-landing |
| *service_account_names* | Project service accounts list. | object({...}) | | ... |
+| *service_encryption_key_ids* | Cloud KMS encryption key in {LOCATION => [KEY_URL]} format. Keys belong to existing project. | object({...}) | | ... |
| *transformation_buckets* | List of transformation buckets to create | map(object({...})) | | ... |
| *transformation_subnets* | List of subnets to create in the transformation Project. | list(object({...})) | | ... |
| *transformation_vpc_name* | Name of the VPC created in the transformation Project. | string | | transformation-vpc |
diff --git a/data-solutions/data-platform-foundations/02-resources/variables.tf b/data-solutions/data-platform-foundations/02-resources/variables.tf
index 56588a609..e949a2196 100644
--- a/data-solutions/data-platform-foundations/02-resources/variables.tf
+++ b/data-solutions/data-platform-foundations/02-resources/variables.tf
@@ -171,7 +171,7 @@ variable "transformation_vpc_name" {
}
variable "service_encryption_key_ids" {
- description = "Cloud KMS encryption key in {SERVICE => [KEY_URL]} format."
+ description = "Cloud KMS encryption key in {LOCATION => [KEY_URL]} format. Keys belong to existing project."
type = object({
regional = string
multiregional = string