Terraform blueprints and modules for Google Cloud

Blueprints and modules help you automate provisioning and managing Google Cloud resources at scale.

A module is a reusable set of Terraform configuration files that creates a logical abstraction of Terraform resources.

A blueprint is a package of deployable, reusable modules and policy that implements and documents a specific opinionated solution. Deployable configuration for all Terraform blueprints are packaged as Terraform modules.

Category Blueprints and modules Description
End-to-end, Data analytics ai-notebook Demonstrates how to protect confidential data in Vertex AI Workbench notebooks
Data analytics, End-to-end crmint Deploy the marketing analytics application, CRMint
End-to-end, Operations example-foundation Shows how the CFT modules can be composed to build a secure cloud foundation
End-to-end fabric Provides advanced examples designed for prototyping
Developer tools, End-to-end, Security and identity secure-cicd Builds a secure CI/CD pipeline on Google Cloud
End-to-end, Data analytics secured-data-warehouse Deploys a secured BigQuery data warehouse
End-to-end vertex-mlops Create a Vertex AI environment needed for MLOps
Networking address Manages Google Cloud IP addresses
Databases alloy-db Creates an AlloyDB for PostgreSQL instance
Data analytics analytics-lakehouse Deploys a Lakehouse Architecture Solution
Compute anthos-vm Creates VMs on Google Distributed Cloud Virtual for Bare Metal clusters
Developer tools, Operations, Security and identity bastion-host Generates a bastion host VM compatible with OS Login and IAP tunneling that can be used to access internal VMs
Compute, Operations backup-dr Deploy Backup and DR appliances
Data analytics bigquery Creates opinionated BigQuery datasets and tables
Developer tools, Operations bootstrap Bootstraps Terraform usage and related CI/CD in a new Google Cloud organization
Compute, Networking cloud-armor Deploy Google Cloud Armor security policy
Databases cloud-datastore Manages Datastore
Developer tools cloud-deploy Create Cloud Deploy pipelines and targets
Networking cloud-dns Creates and manages Cloud DNS public or private zones and their records
Serverless computing cloud-functions Deploys Cloud Functions (Gen 2)
Networking, Security and identity cloud-ids Deploys a Cloud IDS instance and associated resources
Networking cloud-nat Creates and configures Cloud NAT
Operations cloud-operations Manages Cloud Logging and Cloud Monitoring
Networking cloud-router Manages a Cloud Router on Google Cloud
Serverless computing cloud-run Deploys apps to Cloud Run, along with option to map custom domain
Storage cloud-storage Creates one or more Cloud Storage buckets and assigns basic permissions on them to arbitrary users
Developer tools, Serverless computing cloud-workflows Manage Workflows with optional Cloud Scheduler or Eventarc triggers
End-to-end, Data analytics, Operations composer Manages Cloud Composer v1 and v2 along with option to manage networking
Compute, Containers container-vm Deploys containers on Compute Engine instances
Data analytics data-fusion Manages Cloud Data Fusion
Data analytics dataflow Handles opinionated Dataflow job configuration and deployments
Data analytics datalab Creates DataLab instances with support for GPU instances
Serverless computing event-function Responds to logging events with a Cloud Functions
Developer tools folders Creates several Google Cloud folders under the same parent
Developer tools gcloud Executes Google Cloud CLI commands within Terraform
Developer tools github-actions-runners Creates self-hosted GitHub Actions Runners on Google Cloud
Developer tools gke-gitlab Installs GitLab on Kubernetes Engine
Workspace group Manages Google Groups
Operations, Workspace gsuite-export Creates a Compute Engine VM instance and sets up a cronjob to export Google Workspace Admin SDK data to Cloud Logging on a schedule
Healthcare and life sciences healthcare Handles opinionated Google Cloud Healthcare datasets and stores
Security and identity iam Manages multiple IAM roles for resources on Google Cloud
Developer tools jenkins Creates a Compute Engine instance running Jenkins
Security and identity kms Allows managing a keyring, zero or more keys in the keyring, and IAM role bindings on individual keys
Compute, Containers kubernetes-engine Configures opinionated GKE clusters
Networking lb Creates a regional TCP proxy load balancer for Compute Engine by using target pools and forwarding rules
Networking lb-http Creates a global HTTP load balancer for Compute Engine by using forwarding rules
Networking lb-internal Creates an internal load balancer for Compute Engine by using forwarding rules
Networking load-balanced-vms Creates a managed instance group with a load balancer
Data analytics log-analysis Stores and analyzes log data
Operations log-export Creates log exports at the project, folder, or organization level
Operations media-cdn-vod Deploys Media CDN video-on-demand
Databases memorystore Creates a fully functional Google Memorystore (redis) instance
Networking network Sets up a new VPC network on Google Cloud
Networking network-forensics Deploys Zeek on Google Cloud
Security and identity org-policy Manages Google Cloud organization policies
Networking out-of-band-security-3P Creates a 3P out-of-band security appliance deployment
Operations project-factory Creates an opinionated Google Cloud project by using Shared VPC, IAM, and Google Cloud APIs
Data analytics Pub/Sub Creates Pub/Sub topic and subscriptions associated with the topic
Compute sap Deploys SAP products
Serverless computing scheduled-function Sets up a scheduled job to trigger events and run functions
Security and identity secret-manager Creates one or more Google Secret Manager secrets and manages basic permissions for them
Security and identity service-accounts Creates one or more service accounts and grants them basic roles
Operations slo Creates SLOs on Google Cloud from custom Stackdriver metrics capability to export SLOs to Google Cloud services and other systems
Databases sql-db Creates a Cloud SQL database instance
Compute startup-scripts Provides a library of useful startup scripts to embed in VMs
Databases, Serverless computing three-tier-web-app Deploys a three-tier web application using Cloud Run and Cloud SQL
Operations utils Gets the short names for a given Google Cloud region
Developer tools, Operations, Security and identity vault Deploys Vault on Compute Engine
Compute vm Provisions VMs in Google Cloud
Networking vpc-service-controls Handles opinionated VPC Service Controls and Access Context Manager configuration and deployments
Networking vpn Sets up a Cloud VPN gateway