Google Cloud Platform Folder
This page shows how to write Terraform for Cloud Platform Folder and write them securely.
google_folder (Terraform)
The Folder in Cloud Platform can be configured in Terraform with the resource name google_folder
. The following sections describe 2 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "google_folder" "Production" {
display_name = "Prod"
parent = var.parent
}
resource "google_folder" "Non-Production" {
resource "google_folder" "tf_gcp_folder" {
display_name = "tf"
parent = "organizations/447686549950"
}
# Second level GCP Folders - to host vanilla Terraform environment
Parameters
-
create_time
optional computed - string
Timestamp when the Folder was created. Assigned by the server. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".
-
display_name
required - string
The folder's display name. A folder's display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters.
-
folder_id
optional computed - string
The folder id from the name "folders/[folder_id]"
-
id
optional computed - string -
lifecycle_state
optional computed - string
The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED.
-
name
optional computed - string
The resource name of the Folder. Its format is folders/[folder_id].
-
parent
required - string
The resource name of the parent Folder or Organization. Must be of the form folders/[folder_id] or organizations/[org_id].
-
timeouts
single block
Explanation in Terraform Registry
Allows management of a Google Cloud Platform folder. For more information see the official documentation and API. A folder can contain projects, other folders, or a combination of both. You can use folders to group projects under an organization in a hierarchy. For example, your organization might contain multiple departments, each with its own set of Cloud Platform resources. Folders allows you to group these resources on a per-department basis. Folders are used to group resources that share common IAM policies. Folders created live inside an Organization. See the Organization documentation for more details. The service account used to run Terraform when creating a
google_folder
resource must haveroles/resourcemanager.folderCreator
. See the Access Control for Folders Using IAM doc for more information. resource "google_folder" "department1" { display_name = "Department 1" parent = "organizations/1234567" } resource "google_folder" "team-abc" { display_name = "Team ABC" parent = google_folder.department1.name }$ terraform import google_folder.department1 1234567 $ terraform import google_folder.department1 folders/1234567
Tips: Best Practices for The Other Google Cloud Platform Resources
In addition to the google_project, Google Cloud Platform has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
google_project
Ensure project-level default network creation is disabled
It is better to disable the auto-creation of default networks. The default network for a GCP project is usually configured coarsely, leaving the risk of unwanted access to resources in the network.
Frequently asked questions
What is Google Cloud Platform Folder?
Google Cloud Platform Folder is a resource for Cloud Platform of Google Cloud Platform. Settings can be wrote in Terraform.
Where can I find the example code for the Google Cloud Platform Folder?
For Terraform, the kujalk/GCP_Folder_Template and SimplifyMyCloud/GCP-InfrastructureState source code examples are useful. See the Terraform Example section for further details.