Skip to content

googleAssuredWorkloadsWorkload

The AssuredWorkloads Workload resource

Example Usage - basic_workload

A basic test of a assuredworkloads api

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
new google.assuredWorkloadsWorkload.AssuredWorkloadsWorkload(this, "primary", {
  billing_account: "billingAccounts/000000-0000000-0000000-000000",
  compliance_regime: "FEDRAMP_MODERATE",
  display_name: "Workload Example",
  kms_settings: [
    {
      next_rotation_time: "9999-10-02T15:01:23Z",
      rotation_period: "10368000s",
    },
  ],
  labels: [
    {
      "label-one": "value-one",
    },
  ],
  location: "us-west1",
  organization: "123456789",
  provisioned_resources_parent: "folders/519620126891",
  resource_settings: [
    {
      resource_type: "CONSUMER_PROJECT",
    },
    {
      resource_type: "ENCRYPTION_KEYS_PROJECT",
    },
    {
      resource_id: "ring",
      resource_type: "KEYRING",
    },
  ],
});

Argument Reference

The following arguments are supported:

  • billingAccount - (Required) Required. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form billingAccounts/{billingAccountId}. For example, 'billingAccounts/012345-567890-ABCDEF`.

  • complianceRegime - (Required) Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS

  • displayName - (Required) Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload

  • location - (Required) The location for the resource

  • organization - (Required) The organization for the resource

  • kmsSettings - (Optional) Input only. Settings used to create a CMEK crypto key. When set a project with a KMS CMEK key is provisioned. This field is mandatory for a subset of Compliance Regimes.

  • labels - (Optional) Optional. Labels applied to the workload.

  • provisionedResourcesParent - (Optional) Input only. The parent resource for the resources managed by this Assured Workload. May be either an organization or a folder. Must be the same or a child of the Workload parent. If not specified all resources are created under the Workload parent. Formats: folders/{folder_id}, organizations/{organization_id}

  • resourceSettings - (Optional) Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.

The kmsSettings block supports:

  • nextRotationTime - (Required) Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.

  • rotationPeriod - (Required) Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.

The resourceSettings block supports:

  • resourceId - (Optional) Resource identifier. For a project this represents project_number. If the project is already taken, the workload creation will fail.

  • resourceType - (Optional) Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format organizations/{{organization}}/locations/{{location}}/workloads/{{name}}

  • createTime - Output only. Immutable. The Workload creation timestamp.

  • name - Output only. The resource name of the workload.

  • resources - Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.

Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 20 minutes.
  • update - Default is 20 minutes.
  • delete - Default is 20 minutes.

Import

Workload can be imported using any of these accepted formats:

$ terraform import google_assured_workloads_workload.default organizations/{{organization}}/locations/{{location}}/workloads/{{name}}
$ terraform import google_assured_workloads_workload.default {{organization}}/{{location}}/{{name}}