Landing Zone

This repository manages centralized audit logging resources. Google Cloud services write audit logs that record administrative activities and access within your Google Cloud resources. Audit logs help you answer "who did what, where, and when?" within your Google Cloud organization.

This repository manages a resource hierarchy and IAM. Metaphorically speaking, the Google Cloud resource hierarchy resembles the file system found in traditional operating systems to organize and manage entities hierarchically. Identity and Access Management (IAM) lets administrators authorize who can take action on specific resources, giving you complete control and visibility to manage Google Cloud resources centrally.

This repository manages network resources like VPC, subnet, DNS, and NAT that can be shared across an organization.

This repository manages the Terraform backend for state management. Terraform uses persisted state data to keep track of the resources it manages. Most non-trivial Terraform configurations use a backend to store state remotely. This lets multiple people access the state data and work together on that collection of infrastructure resources. Terraform uses persisted state data to keep track of the resources it manages. Most non-trivial Terraform configurations use a backend to store state remotely. This lets multiple people access the state data and work together on that collection of infrastructure resources.

This repository configures workload identity federation. With workload identity federation, you can use Identity and Access Management (IAM) to grant external identities IAM roles, including the ability to impersonate service accounts. This lets you access resources directly using a short-lived access token and eliminates the maintenance and security burden associated with service account keys.