This module will showcase our new privilege access management product with examples of deployments at the organization, folder, and project levels. This new capability is critical for customers who want to improve their security posture for human access to their Google Cloud environment. The capability can expand to robot accounts, but this demo will focus on human access.

The resources/services/activations/deletions that this module will create/trigger are:

• Create PAM Entitlement for either organization, folder, and project.

• PAM Overview

• No cost during public preview

1. Clone repo

git clone https://github.com/jasonbisson/terraform-google-pam.git

2. Rename and update required variables in terraform.tvfars.template

Change directory to modules and select the level (organization, folder, and project)  to deploy.
mv terraform.tfvars.template terraform.tfvars
#Update required variables

3. Execute Terraform commands with existing identity (human or service account) to build Vertex Workbench Infrastructure

terraform init
terraform plan
terraform apply

Listed under each module

These sections describe requirements for using this module.

The following dependencies must be available:

• [Terraform][terraform] v0.13
• [Terraform Provider for GCP][terraform-provider-gcp] plugin v3.0

A service account or human user with the following roles must be used to provision the resources of this module:

• Privelege Access Management Admin: roles/privilegedaccessmanager.admin

A project level deployment with the following APIs enabled must be used to host the resources of this module:

• Privelege Access Management API: privilegedaccessmanager.googleapis.com

Refer to the contribution guidelines for information on contributing to this module. [terraform-provider-gcp]: https://www.terraform.io/docs/providers/google/index.html [terraform]: https://www.terraform.io/downloads.html

Please see our security disclosure process.