Skip to content

stacklet/terraform-gcp-stacklet-cost-setup

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
.github
.github
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
output.tf
output.tf
 
 
provider.tf
provider.tf
 
 
vars.tf
vars.tf
 
 

Repository files navigation

terraform-gcp-stacklet-cost-setup

This repository provides automation for granting Stacklet access to pre-existing billing data exports in BigQuery, via Workload Identity Federation.

Overview

The terraform in this repository allows a single Stacklet-controlled AWS IAM role to execute BigQuery jobs against any number of billing data exports in GCP. Suitable configuration variables will be supplied by Stacklet, and the resulting outputs must be communicated back to Stacklet.

Requirements

It must be applied by an identity with sufficient privileges to:

  • grant roles/bigquery.dataViewer on each configured billing export table
  • (if create_project is set) create a project and associate a billing account id

Providers

Name Version
google 6.23.0
time 0.12.1

Modules

No modules.

Resources

Name Type
google_bigquery_table_iam_member.sa_bq_tables resource
google_iam_workload_identity_pool.stacklet_access resource
google_iam_workload_identity_pool_provider.stacklet_account resource
google_project.billing_export resource
google_project_iam_member.sa_bq_jobs resource
google_project_service.bigquery resource
google_project_service.iamcredentials resource
google_service_account.billing_access resource
google_service_account_iam_policy.billing_access resource
time_sleep.stacklet_access_creation_delay resource
google_bigquery_dataset.table_datasets data source
google_iam_policy.stacklet_role_access data source
google_project.existing_project data source

Inputs

Name Description Type Default Required
billing_tables Billing export tables in '<project_id>.<dataset_id>.<table_id>' format. list(string) n/a yes
create_project To create resources in a pre-existing project, set this to false.

The pre-existing project must have the 'iamcredentials' and 'bigquery' services enabled.		 bool true no
project_billing_account_id Billing account responsible for any costs incurred. string null no
project_folder_id Where to create the project (optional, exclusive of project_org_id). string null no
project_id ID of project to hold all resources. string n/a yes
project_org_id Where to create the project (optional, exclusive of project_folder_id). string null no
resource_labels Labels to apply to the project and applicable resources. map(string) {} no
resource_prefix If set, prepended to all non-project resource identifiers. string "" no
roundtrip_digest Token used by the Stacklet Platform to detect mismatch between customerConfig and accessConfig. string null no
stacklet_aws_account_id AWS account which will use WIF to query billing data (chosen by Stacklet). string n/a yes
stacklet_aws_role_name AWS IAM role which will use WIF to query billing data (chosen by Stacklet). string n/a yes

Outputs

Name Description
access_blob n/a
project_id n/a
table_locations n/a
wif_audience n/a
wif_impersonation_url n/a

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

9 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages