Top / Google Cloud Platform / Google Cloud Platform / Project

Google Cloud Platform Project

This page shows how to write Terraform for Cloud Platform Project and write them securely.

terraform-logo

Review your .tf file for Google best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

google_project (Terraform)

The Project in Cloud Platform can be configured in Terraform with the resource name google_project. The following sections describe 5 examples of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L1
resource "google_project" "project_good" {
  name = "good"
  project_id = "123456"
}

resource "google_project" "project_bad_1" {
google_project.tf#L1
resource "google_project" "tftest-20181128d" {
  name            = "tftest-20181128d"
  project_id      = "tftest-20181128d"
  org_id          = "190932998497"
  billing_account = "00B800-C1B810-4248C9"
}
projects.tf#L4
resource "google_project" "shared_network_production" {
  name      = "shared-nw-prod"
  folder_id = google_folder.shared_services.name
  project_id = format(
    "shared-nw-prod-%s",
    var.shared_suffix,
main.tf#L1
resource "google_project" "project_good_1" {
  name       = "My Project"
  project_id = "good"
  org_id     = "1234567"
}
project.tf#L2
resource "google_project" "data-lake" {
  name       = "Data Lake"
  project_id = "cloud-iac-data-lake" # Replace with an unique project ID
  billing_account = "" # Replace with your billing ID
}

Review your Terraform file for Google best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Security Best Practices for google_project

There is 1 setting in google_project that should be taken care of for security reasons. The following section explain an overview and example code.

risk-label

Ensure project-level default network creation is disabled

It is better to disable the auto-creation of default networks. The default network for a GCP project is usually configured coarsely, leaving the risk of unwanted access to resources in the network.

Review your Google Cloud Platform settings

You can check if the google_project setting in your .tf file is correct in 3 min with Shisho Cloud.

Parameters

Create the 'default' network automatically. Default true. If set to false, the default network will be deleted. Note that, for quota purposes, you will still need to have 1 network slot available to create the project successfully, even if you set auto_create_network to false, since the network will exist momentarily.

The alphanumeric ID of the billing account this project belongs to. The user or service account performing this operation with Terraform must have Billing Account Administrator privileges (roles/billing.admin) in the organization. See Google Cloud Billing API Access Control for more details.

The numeric ID of the folder this project should be created under. Only one of org_id or folder_id may be specified. If the folder_id is specified, then the project is created under the specified folder. Changing this forces the project to be migrated to the newly specified folder.

  • id optional computed - string
  • labels optional - map from string to string

A set of key/value label pairs to assign to the project.

The display name of the project.

  • number optional computed - string

The numeric identifier of the project.

  • org_id optional computed - string

The numeric ID of the organization this project belongs to. Changing this forces a new project to be created. Only one of org_id or folder_id may be specified. If the org_id is specified then the project is created at the top level. Changing this forces the project to be migrated to the newly specified organization.

The project ID. Changing this forces a new project to be created.

If true, the Terraform resource can be deleted without deleting the Project via the Google API.

>> from Terraform Registry

Explanation in Terraform Registry

Allows creation and management of a Google Cloud Platform project. Projects created with this resource must be associated with an Organization. See the Organization documentation for more details. The user or service account that is running Terraform when creating a google_project resource must have roles/resourcemanager.projectCreator on the specified organization. See the Access Control for Organizations Using IAM doc for more information.

This resource reads the specified billing account on every terraform apply and plan operation so you must have permissions on the specified billing account. It is recommended to use the constraints/compute.skipDefaultNetworkCreation constraint to remove the default network instead of setting auto_create_network to false. To get more information about projects, see:

>> from Terraform Registry

The Other Related Google Cloud Platform Resources

Frequently asked questions

What is Google Cloud Platform Project?

Google Cloud Platform Project is a resource for Cloud Platform of Google Cloud Platform. Settings can be wrote in Terraform.

Where can I find the example code for the Google Cloud Platform Project?

For Terraform, the melscoop-test/check, sinmetal/godtf and doitintl/terraform-gcp-templates source code examples are useful. See the Terraform Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents