Skip to content

subhamay-bhattacharyya-tf/terraform-google-module-template

BranchesTags

Repository files navigation

Terraform Module for GCS Bucket

Release GCP Commit Activity Last Commit Release Date Repo Size File Count Issues Top Language Built with Claude Code Custom Endpoint

A Terraform module for creating and managing a Google Cloud Storage (GCS) bucket on GCP.

Overview

This module provisions a single google_storage_bucket resource via the terraform-google-module-template module. It accepts a small set of flat input variables and assembles the required gcs_config object, enforcing uniform_bucket_level_access = true and public_access_prevention = "enforced" by default.

Requirements

Requirement Version
Terraform >= 1.3.0
Google Provider >= 7.23.0

Usage

module "gcs_bucket" {
  source = "github.com/subhamay-bhattacharyya-tf/terraform-google-module-template"

  bucket_name = "my-portfolio-bucket"
  project_id  = "portfolio-site"
  location    = "US"
  environment = "prod"
}

Input Variables

Name Description Type Default Required
bucket_name Name of the GCS bucket string yes
project_id GCP project ID string "portfolio-site" no
region GCP region string "us-central1" no
location GCS bucket location string "US" no
storage_class Storage class string "STANDARD" no
force_destroy Force-destroy bucket on destroy bool false no
versioning Enable object versioning bool false no
labels Additional labels map(string) {} no
project Project label value string "portfolio-site" no
environment Environment label value string "dev" no

Outputs

Name Description
bucket_id The ID of the GCS bucket
bucket_name The name of the GCS bucket
bucket_project The project ID where the bucket is created
bucket_location The location of the GCS bucket
bucket_url The URL of the GCS bucket
bucket_self_link The self link of the GCS bucket resource
bucket_storage_class The storage class of the GCS bucket
bucket_force_destroy Whether force_destroy is enabled

CI / Workload Identity Federation Setup

The Terratest job authenticates to GCP via Workload Identity Federation (service account impersonation). If the job fails with Permission 'iam.serviceAccounts.getAccessToken' denied, grant the WIF pool principal the required IAM binding:

gcloud iam service-accounts add-iam-policy-binding \
    "sa-17-cloud-storage@prj-17-cloud-storage-16748.iam.gserviceaccount.com" \
    --project="prj-17-cloud-storage-16748" \
    --role="roles/iam.workloadIdentityUser" \
    --member="principalSet://iam.googleapis.com/projects/578842011545/locations/global/workloadIdentityPools/github-actions/attribute.repository/subhamay-bhattacharyya-tf/terraform-google-module-template"

The three repository variables required by the CI workflow are:

Variable Description
GCP_PROJECT_ID GCP project ID passed as GOOGLE_CLOUD_PROJECT to Terratest
GCP_WORKLOAD_IDENTITY_PROVIDER Full WIF provider resource name
GCP_SERVICE_ACCOUNT Service account email to impersonate

License

Apache 2.0 — see LICENSE.

About

✅ A reusable, opinionated Terraform module template for provisioning and managing Google Cloud Platform resources — designed for consistency, scalability, and best practices.

Topics

devops terraform gcp google-cloud iac cloud-infrastructure infrastructure-as-code sre terraform-module platform-engineering terraform-template module-template

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 Latest
Mar 26, 2026

Packages

 
 
 

Contributors

Languages