This Terraform module makes it easier to manage organization policies for your Google Cloud environment, particularly when you want to have exclusion rules. This module will allow you to set a top-level org policy and then disable it on individual projects or folders easily. Coalfire has tested this module with Terraform version 1.5.0 and the Hashicorp Google provider versions 4.70 - 5.0.
FedRAMP Compliance: High (included as a part of Identity & Access Management)
module "organization_policies_type_boolean" {
source = "github.com/Coalfire-CF/terraform-gcp-org-policy"
for_each = toset(var.boolean_type_organization_policies)
organization_id = var.org_id
policy_for = "organization"
policy_type = "boolean"
enforce = "true"
constraint = "constraints/${each.value}"
}
No requirements.
Name | Version |
---|---|
n/a |
No modules.
Name | Description | Type | Default | Required |
---|---|---|---|---|
allow | (Only for list constraints) List of values which should be allowed | list(string) |
[ |
no |
allow_list_length | The number of elements in the allow list | number |
0 |
no |
constraint | The constraint to be applied | string |
n/a | yes |
deny | (Only for list constraints) List of values which should be denied | list(string) |
[ |
no |
deny_list_length | The number of elements in the deny list | number |
0 |
no |
enforce | If boolean constraint, whether the policy is enforced at the root; if list constraint, whether to deny all (true) or allow all | bool |
null |
no |
exclude_folders | Set of folders to exclude from the policy | set(string) |
[] |
no |
exclude_projects | Set of projects to exclude from the policy | set(string) |
[] |
no |
folder_id | The folder id for putting the policy | string |
null |
no |
organization_id | The organization id for putting the policy | string |
null |
no |
policy_for | Resource hierarchy node to apply the policy to: can be one of organization , folder , or project . |
string |
n/a | yes |
policy_type | The constraint type to work with (either 'boolean' or 'list') | string |
"list" |
no |
project_id | The project id for putting the policy | string |
null |
no |
No outputs.