Terraform module for GCP Logwarden
| Name | Version |
|---|---|
| terraform | >= 1.4.0 |
| >=4.61.0 |
| Name | Version |
|---|---|
| >=4.61.0 |
No modules.
| Name | Type |
|---|---|
| google_cloud_run_v2_service.main | resource |
| google_logging_organization_sink.audit_logs | resource |
| google_project_iam_member.service | resource |
| google_project_service.cloudrun | resource |
| google_pubsub_subscription.logwarden | resource |
| google_pubsub_subscription_iam_member.pubsub | resource |
| google_pubsub_topic.audit_logs | resource |
| google_pubsub_topic_iam_member.logging_sink | resource |
| google_pubsub_topic_iam_member.subscription | resource |
| google_secret_manager_secret_iam_member.config | resource |
| google_service_account.main | resource |
| google_storage_bucket.rego_policies | resource |
| google_storage_bucket_iam_member.policies | resource |
| google_storage_bucket_object.policies | resource |
| google_project.main | data source |
| google_secret_manager_secret.config | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| config_secret_id | GCP Secret Manager secret name/id for environment variable string. | string |
n/a | yes |
| container_args | Runtime arguments for logwarden | list(string) |
[] |
no |
| docker_image | Docker image for the logwarden tool. Used by Cloud Run | string |
n/a | yes |
| environment | Environment of app, service, or context using this module. | string |
n/a | yes |
| ingress | Ingress settings for the Google Cloud Run service | string |
"INGRESS_TRAFFIC_INTERNAL_ONLY" |
no |
| logging_sink_filter | n/a | string |
"LOG_ID(\"cloudaudit.googleapis.com/activity\") OR LOG_ID(\"externalaudit.googleapis.com/activity\") OR LOG_ID(\"cloudaudit.googleapis.com/system_event\") OR LOG_ID(\"externalaudit.googleapis.com/system_event\") OR LOG_ID(\"cloudaudit.googleapis.com/access_transparency\") OR LOG_ID(\"externalaudit.googleapis.com/access_transparency\")\n-protoPayload.serviceName=\"k8s.io\"\n" |
no |
| organization_id | ID of the parent organization. | string |
n/a | yes |
| policy_source_dir | Repository folder where rego policies are stored. | string |
n/a | yes |
| project_id | ID of the parent project. Needed for service account IAM bindings. | string |
n/a | yes |
| region | Region to place the CloudRun function in. | string |
n/a | yes |
| Name | Description |
|---|---|
| cloud_run_url | URL of the deployed Cloud Run service |
| policy_bucket_name | Name of the GCS bucket where rego policies are uploaded. |
| topic_name | Name of the PubSub topic where log messages are consumed. |