-
Notifications
You must be signed in to change notification settings - Fork 717
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add bootstrap IAM/services instructions on GCP bootstrap project (the one that is used to create the 2 prj-b-cicd and prj-b-seed projects) #1161
Comments
Testing IAM Role and services enablement on the bootstrap project Continue olxyz org local and cloud shell terraform 1.3 run
Target bootstrap PR for the followingsee scripting example in https://github.com/GoogleCloudPlatform/pubsec-declarative-toolkit/blob/gh766-script/solutions/setup.sh create folder then use script wait 2 min for propagationfolder id in this case is 736660879367 IAM SA roles
bootstrap project
|
see related Note: with the service enablements and role additions (owner on the sa-terraform-bootstrap@seed account we are ok and get past 2-environments
on a 2nd run after enabling roles/securitycenterAdmin on the super admin running the deployment although this sa is only used for 0-bootstrap, as sa-terraform-bootstrap@seed... is used for steps 1+
|
I'll raise in a separate PR but 3-networks-hub-and-spoke also needs the compute.orgSecurityPolicyAdmin or User or more recently compute.orgFirewallPolicyAdmin IAM role on the super admin to be able to view Hierarchical Firewall Policies created under the common branch https://cloud.google.com/firewall/docs/firewall-policies#iam As well as compute api on bootstrap project in step 11 of 3-networks-hub-and-spoke
tested entire 3-networks-hub-and-spoke with these changes including the hierarchical firewall policy retry rename procedure |
fixed by PRs merged to the terraform-example-foundation upstream repo |
TL;DR
add to https://github.com/CloudLandingZone/terraform-example-foundation?tab=readme-ov-file#0-bootstrap
and the roles section https://github.com/terraform-google-modules/terraform-example-foundation/tree/master/0-bootstrap#prerequisites
add bootstrap project to https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/docs/GLOSSARY.md
See service enablements on the project and IAM roles for the super admin or terraform service account being impersonated
details in the list on
#1133 (comment)
Terraform Resources
No response
Detailed design
No response
Additional information
No response
The text was updated successfully, but these errors were encountered: