Google AssuredWorkloads Workload
This page shows how to write Terraform for AssuredWorkloads Workload and write them securely.
The Workload in AssuredWorkloads can be configured in Terraform with the resource name
google_assured_workloads_workload. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
The following arguments are supported:
billing_account- (Required) Required. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form
billingAccounts/[billing_account_id]. For example, 'billingAccounts/012345-567890-ABCDEF`.
compliance_regime- (Required) Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS
display_name- (Required) Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload
location- (Required) The location for the resource
organization- (Required) The organization for the resource
kms_settings- (Optional) Input only. Settings used to create a CMEK crypto key. When set a project with a KMS CMEK key is provisioned. This field is mandatory for a subset of Compliance Regimes.
labels- (Optional) Optional. Labels applied to the workload.
provisioned_resources_parent- (Optional) Input only. The parent resource for the resources managed by this Assured Workload. May be either an organization or a folder. Must be the same or a child of the Workload parent. If not specified all resources are created under the Workload parent. Formats: folders/[folder_id], organizations/[organization_id]
resource_settings- (Optional) Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.
kms_settings block supports:
next_rotation_time- (Required) Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.
rotation_period- (Required) Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.
resource_settings block supports:
resource_id- (Optional) Resource identifier. For a project this represents project_number. If the project is already taken, the workload creation will fail.
resource_type- (Optional) Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER
In addition to the arguments listed above, the following computed attributes are exported:
id- an identifier for the resource with format
create_time- Output only. Immutable. The Workload creation timestamp.
name- Output only. The resource name of the workload.
resources- Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.