Google AssuredWorkloads Workload

This page shows how to write Terraform for AssuredWorkloads Workload and write them securely.

google_assured_workloads_workload (Terraform)

The Workload in AssuredWorkloads can be configured in Terraform with the resource name google_assured_workloads_workload. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Review your Terraform file for Google best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).


The following arguments are supported:

  • billing_account - (Required) Required. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/[billing_account_id]. For example, 'billingAccounts/012345-567890-ABCDEF`.
  • compliance_regime - (Required) Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS
  • display_name - (Required) Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
  • location - (Required) The location for the resource
  • organization - (Required) The organization for the resource

  • kms_settings - (Optional) Input only. Settings used to create a CMEK crypto key. When set a project with a KMS CMEK key is provisioned. This field is mandatory for a subset of Compliance Regimes.
  • labels - (Optional) Optional. Labels applied to the workload.
  • provisioned_resources_parent - (Optional) Input only. The parent resource for the resources managed by this Assured Workload. May be either an organization or a folder. Must be the same or a child of the Workload parent. If not specified all resources are created under the Workload parent. Formats: folders/[folder_id], organizations/[organization_id]
  • resource_settings - (Optional) Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.

The kms_settings block supports:

  • next_rotation_time - (Required) Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
  • rotation_period - (Required) Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

The resource_settings block supports:

  • resource_id - (Optional) Resource identifier. For a project this represents project_number. If the project is already taken, the workload creation will fail.
  • resource_type - (Optional) Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format organizations/[[organization]]/locations/[[location]]/workloads/[[name]]

  • create_time - Output only. Immutable. The Workload creation timestamp.

  • name - Output only. The resource name of the workload.

  • resources - Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.

Explanation in Terraform Registry

Frequently asked questions

What is Google AssuredWorkloads Workload?

Google AssuredWorkloads Workload is a resource for AssuredWorkloads of Google Cloud Platform. Settings can be wrote in Terraform.


Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.