Google Cloud Platform Folder

google_folder (Terraform)

The Folder in Cloud Platform can be configured in Terraform with the resource name google_folder. The following sections describe 2 examples of how to use the resource and its parameters.

Example Usage from GitHub

kujalk/GCP_Folder_Template

resource "google_folder" "Production" {
  display_name = "Prod"
  parent       = var.parent
}

resource "google_folder" "Non-Production" {

SimplifyMyCloud/GCP-InfrastructureState

resource "google_folder" "tf_gcp_folder" {
  display_name = "tf"
  parent = "organizations/447686549950"
}

# Second level GCP Folders - to host vanilla Terraform environment

Parameters

• create_time optional computed - string

Timestamp when the Folder was created. Assigned by the server. A timestamp in RFC3339 UTC "Zulu" format, accurate to nanoseconds. Example: "2014-10-02T15:01:23.045123456Z".

• display_name required - string

The folder's display name. A folder's display name must be unique amongst its siblings, e.g. no two folders with the same parent can share the same display name. The display name must start and end with a letter or digit, may contain letters, digits, spaces, hyphens and underscores and can be no longer than 30 characters.

• folder_id optional computed - string

The folder id from the name "folders/[folder_id]"

• id optional computed - string
• lifecycle_state optional computed - string

The lifecycle state of the folder such as ACTIVE or DELETE_REQUESTED.

• name optional computed - string

The resource name of the Folder. Its format is folders/[folder_id].

• parent required - string

The resource name of the parent Folder or Organization. Must be of the form folders/[folder_id] or organizations/[org_id].

• timeouts single block
  • create optional - string
  • delete optional - string
  • read optional - string
  • update optional - string

Explanation in Terraform Registry

Allows management of a Google Cloud Platform folder. For more information see the official documentation and API. A folder can contain projects, other folders, or a combination of both. You can use folders to group projects under an organization in a hierarchy. For example, your organization might contain multiple departments, each with its own set of Cloud Platform resources. Folders allows you to group these resources on a per-department basis. Folders are used to group resources that share common IAM policies. Folders created live inside an Organization. See the Organization documentation for more details. The service account used to run Terraform when creating a google_folder resource must have roles/resourcemanager.folderCreator. See the Access Control for Folders Using IAM doc for more information. resource "google_folder" "department1" { display_name = "Department 1" parent = "organizations/1234567" } resource "google_folder" "team-abc" { display_name = "Team ABC" parent = google_folder.department1.name }

$ terraform import google_folder.department1 1234567
$ terraform import google_folder.department1 folders/1234567

Tips: Best Practices for The Other Google Cloud Platform Resources

In addition to the google_project, Google Cloud Platform has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

google_project

Ensure project-level default network creation is disabled

It is better to disable the auto-creation of default networks. The default network for a GCP project is usually configured coarsely, leaving the risk of unwanted access to resources in the network.