152 lines
5.6 KiB
YAML
152 lines
5.6 KiB
YAML
# Copyright 2023 Google LLC
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# values:
|
|
# module.folder-workload.google_folder.folder[0]:
|
|
# display_name: prefix-workload
|
|
# timeouts: null
|
|
# module.folder.google_bigquery_dataset_iam_member.bq-sinks-binding["audit-logs"]:
|
|
# condition: []
|
|
# role: roles/bigquery.dataEditor
|
|
# module.folder.google_bigquery_dataset_iam_member.bq-sinks-binding["vpc-sc"]:
|
|
# condition: []
|
|
# role: roles/bigquery.dataEditor
|
|
# module.folder.google_folder.folder[0]:
|
|
# display_name: ShieldedMVP
|
|
# parent: organizations/1054601055974
|
|
# timeouts: null
|
|
# module.folder.google_folder_iam_binding.authoritative["roles/editor"]:
|
|
# condition: []
|
|
# members:
|
|
# - group:gcp-data-engineers@example.com
|
|
# role: roles/editor
|
|
# module.folder.google_logging_folder_sink.sink["audit-logs"]:
|
|
# description: audit-logs (Terraform-managed).
|
|
# disabled: false
|
|
# exclusions: []
|
|
# filter: logName:"/logs/cloudaudit.googleapis.com%2Factivity" OR logName:"/logs/cloudaudit.googleapis.com%2Fsystem_event"
|
|
# include_children: true
|
|
# name: audit-logs
|
|
# module.folder.google_logging_folder_sink.sink["vpc-sc"]:
|
|
# description: vpc-sc (Terraform-managed).
|
|
# disabled: false
|
|
# exclusions: []
|
|
# filter: protoPayload.metadata.@type="type.googleapis.com/google.cloud.audit.VpcServiceControlAuditMetadata"
|
|
# include_children: true
|
|
# name: vpc-sc
|
|
# module.log-export-dataset[0].google_bigquery_dataset.default:
|
|
# dataset_id: prefix_audit_export
|
|
# default_encryption_configuration:
|
|
# - kms_key_name: 'false'
|
|
# default_partition_expiration_ms: null
|
|
# default_table_expiration_ms: null
|
|
# delete_contents_on_destroy: false
|
|
# description: Terraform managed.
|
|
# friendly_name: Audit logs export.
|
|
# location: EU
|
|
# max_time_travel_hours: null
|
|
# project: prefix-audit-logs
|
|
# timeouts: null
|
|
# module.log-export-project[0].data.google_bigquery_default_service_account.bq_sa[0]:
|
|
# project: prefix-audit-logs
|
|
# module.log-export-project[0].data.google_storage_project_service_account.gcs_sa[0]:
|
|
# project: prefix-audit-logs
|
|
# user_project: null
|
|
# module.log-export-project[0].google_project.project[0]:
|
|
# auto_create_network: false
|
|
# billing_account: 123456-123456-123456
|
|
# labels: null
|
|
# name: prefix-audit-logs
|
|
# project_id: prefix-audit-logs
|
|
# skip_delete: false
|
|
# timeouts: null
|
|
# module.log-export-project[0].google_project_service.project_services["bigquery.googleapis.com"]:
|
|
# disable_dependent_services: false
|
|
# disable_on_destroy: false
|
|
# project: prefix-audit-logs
|
|
# service: bigquery.googleapis.com
|
|
# timeouts: null
|
|
# module.log-export-project[0].google_project_service.project_services["pubsub.googleapis.com"]:
|
|
# disable_dependent_services: false
|
|
# disable_on_destroy: false
|
|
# project: prefix-audit-logs
|
|
# service: pubsub.googleapis.com
|
|
# timeouts: null
|
|
# module.log-export-project[0].google_project_service.project_services["stackdriver.googleapis.com"]:
|
|
# disable_dependent_services: false
|
|
# disable_on_destroy: false
|
|
# project: prefix-audit-logs
|
|
# service: stackdriver.googleapis.com
|
|
# timeouts: null
|
|
# module.log-export-project[0].google_project_service.project_services["storage.googleapis.com"]:
|
|
# disable_dependent_services: false
|
|
# disable_on_destroy: false
|
|
# project: prefix-audit-logs
|
|
# service: storage.googleapis.com
|
|
# timeouts: null
|
|
# module.log-export-project[0].google_project_service_identity.jit_si["pubsub.googleapis.com"]:
|
|
# project: prefix-audit-logs
|
|
# service: pubsub.googleapis.com
|
|
# timeouts: null
|
|
# module.vpc-sc[0].google_access_context_manager_access_policy.default[0]:
|
|
# parent: organizations/1122334455
|
|
# timeouts: null
|
|
# title: shielded-folder
|
|
# module.vpc-sc[0].google_access_context_manager_service_perimeter.regular["shielded"]:
|
|
# description: null
|
|
# perimeter_type: PERIMETER_TYPE_REGULAR
|
|
# spec:
|
|
# - access_levels: []
|
|
# egress_policies: []
|
|
# ingress_policies:
|
|
# - ingress_from:
|
|
# - identity_type: null
|
|
# sources:
|
|
# - access_level: '*'
|
|
# resource: null
|
|
# ingress_to:
|
|
# - operations:
|
|
# - method_selectors: []
|
|
# service_name: '*'
|
|
# restricted_services: null
|
|
# vpc_accessible_services:
|
|
# - allowed_services: null
|
|
# enable_restriction: true
|
|
# status: []
|
|
# timeouts: null
|
|
# title: shielded
|
|
# use_explicit_dry_run_spec: true
|
|
|
|
counts:
|
|
google_access_context_manager_access_policy: 1
|
|
google_access_context_manager_service_perimeter: 1
|
|
google_bigquery_dataset: 1
|
|
google_bigquery_dataset_iam_member: 2
|
|
google_bigquery_default_service_account: 1
|
|
google_folder: 2
|
|
google_folder_iam_binding: 2
|
|
google_logging_folder_sink: 2
|
|
google_project: 1
|
|
google_project_iam_binding: 1
|
|
google_project_service: 4
|
|
google_project_service_identity: 1
|
|
google_projects: 1
|
|
google_storage_project_service_account: 1
|
|
modules: 5
|
|
resources: 21
|
|
|
|
outputs:
|
|
folders: __missing__
|
|
folders_sink_writer_identities: __missing__
|