💵 Monthly estimates based on Infracost baseline costs.
This repository creates a resource hierarchy and manages IAM. It aligns with our Google Cloud landing zone platform design. A landing zone should be a prerequisite to deploying enterprise workloads in a cloud environment.
- Documentation: docs.osinfra.io
- Service Interfaces: github.com
Our focus is on the core fundamental practice of platform engineering, Infrastructure as Code.
Open Source Infrastructure (as Code) is a development model for infrastructure that focuses on open collaboration and applying relative lessons learned from software development practices that organizations can use internally at scale. - Open Source Infrastructure (as Code)
To avoid slowing down stream-aligned teams, we want to open up the possibility for contributions. The Open Source Infrastructure (as Code) model allows team members external to the platform team to contribute with only a slight increase in cognitive load. This section is for developers who want to contribute to this repository, describing the tools used, the skills, and the knowledge required, along with Terraform documentation.
See the documentation for setting up a development environment here.
Links to documentation and other resources required to develop and iterate in this repository successfully.
| Name | Version |
|---|---|
| 6.3.0 |
| Name | Type |
|---|---|
| google_billing_budget.organization | resource |
| google_billing_budget.services | resource |
| google_cloud_identity_group.this | resource |
| google_cloud_identity_group_membership.managers | resource |
| google_cloud_identity_group_membership.members | resource |
| google_cloud_identity_group_membership.owners | resource |
| google_folder.environment | resource |
| google_folder.service | resource |
| google_folder.team | resource |
| google_folder_iam_policy.this | resource |
| google_organization_iam_custom_role.this | resource |
| google_organization_iam_member.this | resource |
| google_iam_policy.this | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| billing_account | The alphanumeric ID of the billing account this project belongs to | string |
"01C550-A2C86B-B8F16B" |
no |
| customer_id | The unique customer ID assigned to you when you signed up for Google Workspace or Cloud Identity. You can look up this ID in your Admin console | string |
n/a | yes |
| folder_iam_policies | A map of authoritative IAM policies for the folder, replaces any existing policy already attached | map(object({ service = string environment = string bindings = list(object({ members = list(string) role = string })) })) |
n/a | yes |
| folder_services | A map of folder services to create | map(object({ display_name = string environments = list(string) monthly_budget_amount = optional(number, 10) parent = string })) |
n/a | yes |
| folder_teams | A map of folder teams to create | map(object({ display_name = string })) |
n/a | yes |
| identity_groups | A map of identity groups to create | map(object({ description = string display_name = string managers = list(string) members = list(string) owners = list(string) roles = list(string) })) |
n/a | yes |
| organization_custom_iam_roles | A map of organization custom IAM roles to create | map(object({ description = optional(string, null) permissions = list(string) role_id = string title = string })) |
n/a | yes |
| organization_id | The organization ID to create the hierarchy under | string |
n/a | yes |
| organization_monthly_budget_amount | The organization monthly budget amount in USD | number |
100 |
no |
| primary_domain | The main domain associated with your Google Workspace account. By default, your users get a username at this domain | string |
"osinfra.io" |
no |