This module will showcase our new privilege access management product with examples of deployments at the organization, folder, and project levels. This new capability is critical for customers who want to improve their security posture for human access to their Google Cloud environment. The capability can expand to robot accounts, but this demo will focus on human access.
The resources/services/activations/deletions that this module will create/trigger are:
- Create PAM Entitlement for either organization, folder, and project.
- No cost during public preview
- Clone repo
git clone https://github.com/jasonbisson/terraform-google-pam.git
- Rename and update required variables in terraform.tvfars.template
Change directory to modules and select the level (organization, folder, and project) to deploy.
mv terraform.tfvars.template terraform.tfvars
#Update required variables
- Execute Terraform commands with existing identity (human or service account) to build Vertex Workbench Infrastructure
terraform init
terraform plan
terraform apply
Listed under each module
These sections describe requirements for using this module.
The following dependencies must be available:
- [Terraform][terraform] v0.13
- [Terraform Provider for GCP][terraform-provider-gcp] plugin v3.0
A service account or human user with the following roles must be used to provision the resources of this module:
- Privelege Access Management Admin:
roles/privilegedaccessmanager.admin
A project level deployment with the following APIs enabled must be used to host the resources of this module:
- Privelege Access Management API:
privilegedaccessmanager.googleapis.com
Refer to the contribution guidelines for information on contributing to this module. [terraform-provider-gcp]: https://www.terraform.io/docs/providers/google/index.html [terraform]: https://www.terraform.io/downloads.html
Please see our security disclosure process.