The modules collected in this folder are designed as a suite: they are meant to be composed together, and are designed to be forked and modified where use of third party code and sources is not allowed.
Modules try to stay close to the low level provider resources they encapsulate, and they all share a similar interface that combines management of one resource or set or resources, and the corresponding IAM bindings.
Authoritative IAM bindings are primarily used (e.g. google_storage_bucket_iam_binding for GCS buckets) so that each module is authoritative for specific roles on the resources it manages, and can neutralize or reconcile IAM changes made elsewhere.
Specific modules also offer support for non-authoritative bindings (e.g. google_storage_bucket_iam_member for service accounts), to allow granular permission management on resources that they don't manage directly.
- address reservation
- Cloud DNS
- Cloud NAT
- L4 Internal Load Balancer
- VPC
- VPC firewall
- VPC peering
- VPN static
- VPN dynamic
- VPN HA)
- TODO: xLB modules
- COS container (coredns, mysql, onprem, squid)
- GKE cluster
- GKE nodepool
- Managed Instance Group
- VM/VM group