Generic Google Cloud IAM Terramate Module

A Terramate module used to generate Terraform modules for Google Cloud IAM for different services on Google Cloud Services (GCP).

This module is part of our Infrastructure as Code (IaC) framework that enables our users and customers to easily deploy and manage reusable, secure, and production-grade cloud infrastructure.

Current List of Generated Modules

• google_cloud_run_v2_job_iam
• google_cloud_run_v2_service_iam
• google_dns_managed_zone_iam
• google_artifact_registry_repository_iam
• google_cloud_run_service_iam
• google_cloud_tasks_queue_iam

Usage - How to Generate New IAM Modules

1. Create a new Terramate stack under modules/{provider} Example: terramate create --no-generate modules/google/google_storage_bucket_iam The stack folder name must match the Terraform resource name with the _iam suffix attached to it.
2. Edit the file stack.tm.hcl to match the following template:

stack {
  name        = "google_storage_bucket_iam"
  description = "Google Storage Bucket IAM Terraform Module"
  id          = "randomly_generated_do_not_edit"
}

globals {
  is_regional = true
  region_attribute = "location"
  resource_parent = {
    variable      = "bucket" # Refer to the terraform provider documentation to get this attribute
    resource_name = "google_storage_bucket"
    description   = "Name of Storage Bucket resource the IAM is applied to"
  }
  documentation = {
    service_name      = "Google Storage Bucket"
    google_docs_url   = "https://cloud.google.com/storage/docs/access-control/iam-roles"
    provider_docs_url = "https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_iam"
    example_role      = "storage.admin"
  }
}

3. Generate code:

• terramate fmt
• terramate generate
• pre-commit run -a (this command may need to be run twice, validate once all output is green)