added second module for creating folder and project structure

.gitignore

@@ -30,6 +30,7 @@ Session.vim
 # .tfstate files
 *.tfstate
 *.tfstate.*
+variables.tfvar
 
 # Crash log files
 crash.log

deployment-templates/Terraform/1-common/backend.tf

@@ -1,6 +1,6 @@
 terraform {
   backend "gcs" {
-    bucket = "bootstrap-landingzone"
+    bucket = "gcp-gc-accelerator"
     prefix = "/orgadmin/seeding/"
   }
 }

deployment-templates/Terraform/1-common/folders.tf

@@ -2,7 +2,7 @@ module "folders" {
   source  = "terraform-google-modules/folders/google"
   version = "~> 3.0"
 
-  parent  = "organizations/${var.org_id}"
+  parent = "organizations/${var.org_id}"
 
   names = [
     "adminstration"

deployment-templates/Terraform/1-common/iam.tf

@@ -85,8 +85,8 @@ resource "google_project_iam_member" "billing_bq_viewer" {
 *****************************************/
 resource "google_organization_iam_member" "ssc-billing" {
   org_id = var.org_id
-  role    = "roles/billing.viewer"
-  member  = "group:${var.ssc_broker_users}"
+  role   = "roles/billing.viewer"
+  member = "group:${var.ssc_broker_users}"
 }
 
 

deployment-templates/Terraform/1-common/log_sinks.tf

@@ -65,6 +65,7 @@ module "bigquery_destination" {
   log_sink_writer_identity   = module.log_export_to_biqquery.writer_identity
   expiration_days            = var.audit_logs_table_expiration_days
   delete_contents_on_destroy = var.audit_logs_table_delete_contents_on_destroy
+  location                   = var.default_region
 }
 
 /******************************************

deployment-templates/Terraform/1-common/org-policy.tf

@@ -3,16 +3,16 @@ Restrict Deployment of Resources to Regions outside of Canada
 ************************/
 
 module "org-policy" {
-  source            = "terraform-google-modules/org-policy/google"
-  version           = "~> 3.0.2"
+  source  = "terraform-google-modules/org-policy/google"
+  version = "~> 3.0.2"
 
   constraint        = "constraints/gcp.resourceLocations"
   policy_type       = "list"
   organization_id   = var.org_id
-  allow = ["northamerica-northeast1","US"]
+  allow             = ["northamerica-northeast1"]
   allow_list_length = 1
   # exclude_folders   = [""]
   # exclude_projects  = [""]
-  policy_for	= "organization"
+  policy_for = "organization"
 }
 

deployment-templates/Terraform/1-common/projects.tf

@@ -13,13 +13,13 @@ module "common" {
   labels = {
     environment       = "production"
     application_name  = "org-logging"
-    billing_code      = "1234" # Replace
+    billing_code      = "1234"     # Replace
     primary_contact   = "example1" # Replace
     secondary_contact = "example2" # Replace
-    business_code     = "abcd" # Replace
-    env_code          = "p" # Replace
+    business_code     = "abcd"     # Replace
+    env_code          = "p"        # Replace
   }
-  
+
   # budget_alert_pubsub_topic   = var.org_audit_logs_project_alert_pubsub_topic
   # budget_alert_spent_percents = var.org_audit_logs_project_alert_spent_percents
   # budget_amount               = var.org_audit_logs_project_budget_amount

deployment-templates/Terraform/1-common/variables.tf

@@ -21,13 +21,13 @@ variable "skip_gcloud_download" {
 
 variable "parent_folder" {
   description = "The resource name of the parent Folder or Organization"
-  default = ""
+  default     = ""
 }
 
 variable "default_region" {
   description = "Default region for BigQuery resources."
   type        = string
-  default = "northamerica-northeast1"
+  default     = "northamerica-northeast1"
 }
 
 variable "dns_hub_project_alert_spent_percents" {

deployment-templates/Terraform/1-common/variables.tfvar.example

@@ -0,0 +1,12 @@
+org_audit_logs_project_alert_spent_percents = [50,25,10]
+org_audit_logs_project_alert_pubsub_topic = "project-alerts"
+admin_group_users="[email protected]"
+audit_data_users="[email protected]"
+org_id="ORG_ID"
+terraform_service_account="[email protected]"
+billing_account="BILLING_ACCOUNT"
+billing_data_users="[email protected]"
+ssc_data_users="[email protected]"
+ssc_broker_users="[email protected]"
+audit_logs_table_delete_contents_on_destroy=true
+log_export_storage_force_destroy=false

deployment-templates/Terraform/2-projects/Host_Project_Dev.tf

@@ -0,0 +1,55 @@
+### DEV Host Project in the Shared VPC setup#######
+
+
+resource "random_id" "default-project-id" {
+  byte_length = 2
+  prefix      = "host-dev"
+}
+
+resource "google_project" "host" {
+  name            = var.project_name
+  project_id      = random_id.default-project-id.hex
+  folder_id       = google_folder.ProB_dev.name
+  billing_account = var.billing_account
+  auto_create_network  = false
+}
+
+resource "google_project_service" "host" {
+  project  = google_project.host.project_id
+
+  service = "compute.googleapis.com"
+  disable_on_destroy = false
+}
+
+data "google_iam_policy" "network-users" {
+  binding {
+    role    = "roles/compute.networkUser"
+    members = "${var.network_users}"
+  }
+}
+
+resource "google_project_iam_policy" "network-users" {
+  project     =  google_project_service.host.project
+  policy_data = data.google_iam_policy.network-users.policy_data
+}
+
+resource "google_compute_shared_vpc_host_project" "host" {
+  project = google_project_service.host.project
+
+  depends_on = [google_project_service.host]
+}
+
+resource "google_compute_network" "svc_network" {
+  project                 = "${google_project.host.project_id}"
+  name                    = "svc-network"
+  auto_create_subnetworks = "false"
+}
+
+resource "google_compute_subnetwork" "service" {
+  project                  = "${google_project.host.project_id}"
+  ip_cidr_range            = "${var.subnet_cidr_dev}"
+  name                     = "service-zone"
+  network                  = "${google_compute_network.svc_network.name}"
+  region                   = "${var.default_region}"
+  private_ip_google_access = true
+}

deployment-templates/Terraform/2-projects/Host_Project_Prod.tf

@@ -0,0 +1,55 @@
+### DEV Host Project in the Shared VPC setup#######
+
+
+resource "random_id" "default-project-id-prd" {
+  byte_length = 2
+  prefix      = "host-prod"
+}
+
+resource "google_project" "host_prod" {
+  name            = "${var.project_name}-Prod"
+  project_id      = random_id.default-project-id-prd.hex
+  folder_id       = google_folder.ProB_Prod.name
+  billing_account = var.billing_account
+  auto_create_network  = false
+}
+
+resource "google_project_service" "host_prod" {
+  project  = "${google_project.host_prod.project_id}"
+
+  service = "compute.googleapis.com"
+  disable_on_destroy = false
+}
+
+data "google_iam_policy" "network-users_prod" {
+  binding {
+    role    = "roles/compute.networkUser"
+    members = "${var.network_users}"
+  }
+}
+
+resource "google_project_iam_policy" "network-users-prod" {
+  project     = "${google_project_service.host_prod.project}"
+  policy_data = "${data.google_iam_policy.network-users_prod.policy_data}"
+}
+
+resource "google_compute_shared_vpc_host_project" "host_prod" {
+  project = "${google_project_service.host_prod.project}"
+
+  depends_on = ["google_project_service.host_prod"]
+}
+
+resource "google_compute_network" "svc_network_prod" {
+  project                 = "${google_project.host_prod.project_id}"
+  name                    = "svc-network"
+  auto_create_subnetworks = "false"
+}
+
+resource "google_compute_subnetwork" "service_prod" {
+  project                  = "${google_project.host_prod.project_id}"
+  ip_cidr_range            = "${var.subnet_cidr_prod}"
+  name                     = "service-zone"
+  network                  = "${google_compute_network.svc_network_prod.name}"
+  region                   = "${var.default_region}"
+  private_ip_google_access = true
+}