Terraform blueprints and modules for Google Cloud

Stay organized with collections Save and categorize content based on your preferences.

Blueprints and modules help you automate provisioning and managing Google Cloud resources at scale.

A module is a reusable set of Terraform configuration files that creates a logical abstraction of Terraform resources.

A blueprint is a package of deployable, reusable modules and policy that implements and documents a specific opinionated solution. Deployable configuration for all Terraform blueprints are packaged as Terraform modules. For more information, see the blueprints overview.

Category Blueprints and modules Description
End-to-end, Data analytics ai-notebook Demonstrates how to protect confidential data in Vertex AI Workbench notebooks
End-to-end, Operations example-foundation Shows how the CFT modules can be composed to build a secure cloud foundation
End-to-end fabric Provides advanced examples designed for prototyping
Developer tools, End-to-end, Security and identity secure-cicd Builds a secure CI/CD pipeline on Google Cloud
End-to-end, Data analytics secured-data-warehouse Deploys a secured BigQuery data warehouse
Networking address Manages Google Cloud IP addresses
Compute anthos-vm Creates VMs on Anthos on bare metal clusters
Developer tools, Operations, Security and identity bastion-host Generates a bastion host VM compatible with OS Login and IAP tunneling that can be used to access internal VMs
Data analytics bigquery Creates opinionated BigQuery datasets and tables
Developer tools, Operations bootstrap Bootstraps Terraform usage and related CI/CD in a new Google Cloud organization
Databases cloud-datastore Manages Datastore
Networking cloud-dns Creates and manages Cloud DNS public or private zones and their records
Networking cloud-nat Creates and configures Cloud NAT
Operations cloud-operations Manages Google Cloud's operations suite (Cloud Logging and Cloud Monitoring)
Networking cloud-router Manages a Cloud Router on Google Cloud
Serverless computing cloud-run Deploys apps to Cloud Run, along with option to map custom domain
Storage cloud-storage Creates one or more Cloud Storage buckets and assigns basic permissions on them to arbitrary users
End-to-end, Data analytics, Operations composer Manages Cloud Composer v1 and v2 along with option to manage networking
Compute, Containers container-vm Deploys containers on Compute Engine instances
Data analytics data-fusion Manages Cloud Data Fusion
Data analytics dataflow Handles opinionated Dataflow job configuration and deployments
Data analytics datalab Creates DataLab instances with support for GPU instances
Serverless computing event-function Responds to logging events with a Cloud Functions
Developer tools folders Creates several Google Cloud folders under the same parent
Developer tools gcloud Executes Google Cloud CLI commands within Terraform
Developer tools github-actions-runners Creates self-hosted GitHub Actions Runners on Google Cloud
Developer tools gke-gitlab Installs GitLab on Kubernetes Engine
Workspace group Manages Google Groups
Operations, Workspace gsuite-export Creates a Compute Engine VM instance and sets up a cronjob to export Google Workspace Admin SDK data to Cloud Logging on a schedule
Healthcare and life sciences healthcare Handles opinionated Google Cloud Healthcare datasets and stores
Security and identity iam Manages multiple IAM roles for resources on Google Cloud
Developer tools jenkins Creates a Compute Engine instance running Jenkins
Security and identity kms Allows managing a keyring, zero or more keys in the keyring, and IAM role bindings on individual keys
Compute, Containers kubernetes-engine Configures opinionated GKE clusters
Networking lb Creates a regional TCP proxy load balancer for Compute Engine by using target pools and forwarding rules
Networking lb-http Creates a global HTTP load balancer for Compute Engine by using forwarding rules
Networking lb-internal Creates an internal load balancer for Compute Engine by using forwarding rules
Networking load-balanced-vms Creates a managed instance group with a loadbalancer
Data analytics log-analysis Stores and analyzes log data
Operations log-export Creates log exports at the project, folder, or organization level
Operations media-cdn-vod Deploys Media CDN video-on-demand
Databases memorystore Creates a fully functional Google Memorystore (redis) instance
Networking network Sets up a new VPC network on Google Cloud
Networking network-forensics Deploys Zeek on Google Cloud
Security and identity org-policy Manages Google Cloud organization policies
Operations project-factory Creates an opinionated Google Cloud project by using Shared VPC, IAM, and Google Cloud APIs
Data analytics Pub/Sub Creates Pub/Sub topic and subscriptions associated with the topic
Compute sap Deploys SAP products
Serverless computing scheduled-function Sets up a scheduled job to trigger events and run functions
Security and identity secret-manager Creates one or more Google Secret Manager secrets and manages basic permissions for them
Security and identity service-accounts Creates one or more service accounts and grants them basic roles
Operations slo Creates SLOs on Google Cloud from custom Stackdriver metrics capability to export SLOs to Google Cloud services and other systems
Databases sql-db Creates a Cloud SQL database instance
Compute startup-scripts Provides a library of useful startup scripts to embed in VMs
Databases, Serverless computing three-tier-web-app Deploys a three-tier web application using Cloud Run and Cloud SQL
Operations utils Gets the short names for a given Google Cloud region
Developer tools, Operations, Security and identity vault Deploys Vault on Compute Engine
Compute vm Provisions VMs in Google Cloud
Networking vpc-service-controls Handles opinionated VPC Service Controls and Access Context Manager configuration and deployments
Networking vpn Sets up a Cloud VPN gateway