Skip to content

stacklet/terraform-gcp-stacklet-cost-setup

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
.github
.github
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
main.tf
main.tf
 
 
output.tf
output.tf
 
 
provider.tf
provider.tf
 
 
vars.tf
vars.tf
 
 

Repository files navigation

terraform-gcp-stacklet-cost-setup

This repository provides automation for granting Stacklet access to pre-existing billing data exports in BigQuery, via Workload Identity Federation.

Overview

The terraform in this repository allows a single Stacklet-controlled AWS IAM role to execute BigQuery jobs against any number of billing data exports in GCP. Suitable configuration variables will be supplied by Stacklet, and the resulting outputs must be communicated back to Stacklet.

It must be applied by an identity with sufficient privileges to:

  • create a project and associate a billing account id
  • grant roles/bigquery.dataViewer on each configured billing export table

Requirements

No requirements.

Providers

Name Version
google 6.18.1

Modules

No modules.

Resources

Name Type
google_bigquery_table_iam_member.sa_bq_tables resource
google_iam_workload_identity_pool.stacklet_access resource
google_iam_workload_identity_pool_provider.stacklet_account resource
google_project.billing_export resource
google_project_iam_member.sa_bq_jobs resource
google_project_service.bigquery resource
google_project_service.iamcredentials resource
google_service_account.billing_access resource
google_service_account_iam_policy.billing_access resource
google_iam_policy.stacklet_role_access data source

Inputs

Name Description Type Default Required
billing_tables Billing export tables in <project_id>.<dataset_id>.<table_id> format. list(string) n/a yes
project_billing_account_id Billing account responsible for any costs incurred string null no
project_folder_id Where to create the project (optional, exclusive of project_org_id) string null no
project_id ID of project to hold all resources string n/a yes
project_org_id Where to create the project (optional, exclusive of project_folder_id) string null no
resource_labels Labels to apply to the project and applicable resources map {} no
stacklet_aws_account_id AWS account which will use WIF to query billing data (chosen by Stacklet) string n/a yes
stacklet_aws_role_name AWS IAM role which will use WIF to query billing data (chosen by Stacklet) string n/a yes

Outputs

Name Description
access_blob n/a
project_id n/a
table_locations n/a
wif_audience n/a
wif_impersonation_url n/a

About

No description or website provided.

Topics

terraform prod prod-public

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

9 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages