Blueprints and modules help you automate provisioning and managing Google Cloud resources at scale.
A module is a reusable set of Terraform configuration files that creates a logical abstraction of Terraform resources.
A blueprint is a package of deployable, reusable modules and policy that implements and documents a specific opinionated solution. Deployable configuration for all Terraform blueprints are packaged as Terraform modules. For more information, see the blueprints overview.
| Category | Blueprints and modules | Description |
|---|---|---|
| End-to-end, Data analytics | ai-notebook | Demonstrates how to protect confidential data in Vertex AI Workbench notebooks |
| End-to-end, Operations | example-foundation | Shows how the CFT modules can be composed to build a secure cloud foundation |
| End-to-end | fabric | Provides advanced examples designed for prototyping |
| Developer tools, End-to-end, Security and identity | secure-cicd | Builds a secure CI/CD pipeline on Google Cloud |
| End-to-end, Data analytics | secured-data-warehouse | Deploys a secured BigQuery data warehouse |
| Networking | address | Manages Google Cloud IP addresses |
| Compute | anthos-vm | Creates VMs on Anthos on bare metal clusters |
| Developer tools, Operations, Security and identity | bastion-host | Generates a bastion host VM compatible with OS Login and IAP tunneling that can be used to access internal VMs |
| Data analytics | bigquery | Creates opinionated BigQuery datasets and tables |
| Developer tools, Operations | bootstrap | Bootstraps Terraform usage and related CI/CD in a new Google Cloud organization |
| Databases | cloud-datastore | Manages Datastore |
| Networking | cloud-dns | Creates and manages Cloud DNS public or private zones and their records |
| Networking | cloud-nat | Creates and configures Cloud NAT |
| Operations | cloud-operations | Manages Google Cloud's operations suite (Cloud Logging and Cloud Monitoring) |
| Networking | cloud-router | Manages a Cloud Router on Google Cloud |
| Serverless computing | cloud-run | Deploys apps to Cloud Run, along with option to map custom domain |
| Storage | cloud-storage | Creates one or more Cloud Storage buckets and assigns basic permissions on them to arbitrary users |
| End-to-end, Data analytics, Operations | composer | Manages Cloud Composer v1 and v2 along with option to manage networking |
| Compute, Containers | container-vm | Deploys containers on Compute Engine instances |
| Data analytics | data-fusion | Manages Cloud Data Fusion |
| Data analytics | dataflow | Handles opinionated Dataflow job configuration and deployments |
| Data analytics | datalab | Creates DataLab instances with support for GPU instances |
| Serverless computing | event-function | Responds to logging events with a Cloud Functions |
| Developer tools | folders | Creates several Google Cloud folders under the same parent |
| Developer tools | gcloud | Executes Google Cloud CLI commands within Terraform |
| Developer tools | github-actions-runners | Creates self-hosted GitHub Actions Runners on Google Cloud |
| Developer tools | gke-gitlab | Installs GitLab on Kubernetes Engine |
| Workspace | group | Manages Google Groups |
| Operations, Workspace | gsuite-export | Creates a Compute Engine VM instance and sets up a cronjob to export Google Workspace Admin SDK data to Cloud Logging on a schedule |
| Healthcare and life sciences | healthcare | Handles opinionated Google Cloud Healthcare datasets and stores |
| Security and identity | iam | Manages multiple IAM roles for resources on Google Cloud |
| Developer tools | jenkins | Creates a Compute Engine instance running Jenkins |
| Security and identity | kms | Allows managing a keyring, zero or more keys in the keyring, and IAM role bindings on individual keys |
| Compute, Containers | kubernetes-engine | Configures opinionated GKE clusters |
| Networking | lb | Creates a regional TCP proxy load balancer for Compute Engine by using target pools and forwarding rules |
| Networking | lb-http | Creates a global HTTP load balancer for Compute Engine by using forwarding rules |
| Networking | lb-internal | Creates an internal load balancer for Compute Engine by using forwarding rules |
| Networking | load-balanced-vms | Creates a managed instance group with a loadbalancer |
| Data analytics | log-analysis | Stores and analyzes log data |
| Operations | log-export | Creates log exports at the project, folder, or organization level |
| Operations | media-cdn-vod | Deploys Media CDN video-on-demand |
| Databases | memorystore | Creates a fully functional Google Memorystore (redis) instance |
| Networking | network | Sets up a new VPC network on Google Cloud |
| Networking | network-forensics | Deploys Zeek on Google Cloud |
| Security and identity | org-policy | Manages Google Cloud organization policies |
| Operations | project-factory | Creates an opinionated Google Cloud project by using Shared VPC, IAM, and Google Cloud APIs |
| Data analytics | Pub/Sub | Creates Pub/Sub topic and subscriptions associated with the topic |
| Compute | sap | Deploys SAP products |
| Serverless computing | scheduled-function | Sets up a scheduled job to trigger events and run functions |
| Security and identity | secret-manager | Creates one or more Google Secret Manager secrets and manages basic permissions for them |
| Security and identity | service-accounts | Creates one or more service accounts and grants them basic roles |
| Operations | slo | Creates SLOs on Google Cloud from custom Stackdriver metrics capability to export SLOs to Google Cloud services and other systems |
| Databases | sql-db | Creates a Cloud SQL database instance |
| Compute | startup-scripts | Provides a library of useful startup scripts to embed in VMs |
| Databases, Serverless computing | three-tier-web-app | Deploys a three-tier web application using Cloud Run and Cloud SQL |
| Operations | utils | Gets the short names for a given Google Cloud region |
| Developer tools, Operations, Security and identity | vault | Deploys Vault on Compute Engine |
| Compute | vm | Provisions VMs in Google Cloud |
| Networking | vpc-service-controls | Handles opinionated VPC Service Controls and Access Context Manager configuration and deployments |
| Networking | vpn | Sets up a Cloud VPN gateway |