googleWorkstationsWorkstationConfig
A set of configuration options describing how a workstation will be run. Workstation configurations are intended to be shared across multiple workstations.
\~> Warning: This resource is in beta, and should be used with the terraform-provider-google-beta provider. See Provider Versions for more details on beta resources.
To get more information about WorkstationConfig, see:
- API documentation
- How-to Guides
- Workstations
Example Usage - Workstation Config Basic
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeNetworkDefault = new google.computeNetwork.ComputeNetwork(
this,
"default",
{
auto_create_subnetworks: false,
name: "workstation-cluster",
provider: "${google-beta}",
}
);
const googleComputeSubnetworkDefault =
new google.computeSubnetwork.ComputeSubnetwork(this, "default_1", {
ip_cidr_range: "10.0.0.0/24",
name: "workstation-cluster",
network: googleComputeNetworkDefault.name,
provider: "${google-beta}",
region: "us-central1",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeSubnetworkDefault.overrideLogicalId("default");
const googleWorkstationsWorkstationClusterDefault =
new google.workstationsWorkstationCluster.WorkstationsWorkstationCluster(
this,
"default_2",
{
annotations: [
{
"label-one": "value-one",
},
],
labels: [
{
label: "key",
},
],
location: "us-central1",
network: googleComputeNetworkDefault.id,
provider: "${google-beta}",
subnetwork: googleComputeSubnetworkDefault.id,
workstation_cluster_id: "workstation-cluster",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleWorkstationsWorkstationClusterDefault.overrideLogicalId("default");
const googleWorkstationsWorkstationConfigDefault =
new google.workstationsWorkstationConfig.WorkstationsWorkstationConfig(
this,
"default_3",
{
host: [
{
gce_instance: [
{
boot_disk_size_gb: 35,
disable_public_ip_addresses: true,
machine_type: "e2-standard-4",
},
],
},
],
location: "us-central1",
provider: "${google-beta}",
workstation_cluster_id:
googleWorkstationsWorkstationClusterDefault.workstationClusterId,
workstation_config_id: "workstation-config",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleWorkstationsWorkstationConfigDefault.overrideLogicalId("default");
Example Usage - Workstation Config Container
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeNetworkDefault = new google.computeNetwork.ComputeNetwork(
this,
"default",
{
auto_create_subnetworks: false,
name: "workstation-cluster",
provider: "${google-beta}",
}
);
const googleComputeSubnetworkDefault =
new google.computeSubnetwork.ComputeSubnetwork(this, "default_1", {
ip_cidr_range: "10.0.0.0/24",
name: "workstation-cluster",
network: googleComputeNetworkDefault.name,
provider: "${google-beta}",
region: "us-central1",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeSubnetworkDefault.overrideLogicalId("default");
const googleWorkstationsWorkstationClusterDefault =
new google.workstationsWorkstationCluster.WorkstationsWorkstationCluster(
this,
"default_2",
{
annotations: [
{
"label-one": "value-one",
},
],
labels: [
{
label: "key",
},
],
location: "us-central1",
network: googleComputeNetworkDefault.id,
provider: "${google-beta}",
subnetwork: googleComputeSubnetworkDefault.id,
workstation_cluster_id: "workstation-cluster",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleWorkstationsWorkstationClusterDefault.overrideLogicalId("default");
const googleWorkstationsWorkstationConfigDefault =
new google.workstationsWorkstationConfig.WorkstationsWorkstationConfig(
this,
"default_3",
{
container: [
{
env: [
{
BABE: "bar",
NAME: "FOO",
},
],
image: "intellij",
},
],
host: [
{
gce_instance: [
{
boot_disk_size_gb: 35,
disable_public_ip_addresses: true,
machine_type: "e2-standard-4",
},
],
},
],
location: "us-central1",
provider: "${google-beta}",
workstation_cluster_id:
googleWorkstationsWorkstationClusterDefault.workstationClusterId,
workstation_config_id: "workstation-config",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleWorkstationsWorkstationConfigDefault.overrideLogicalId("default");
Example Usage - Workstation Config Persistent Directories
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeNetworkDefault = new google.computeNetwork.ComputeNetwork(
this,
"default",
{
auto_create_subnetworks: false,
name: "workstation-cluster",
provider: "${google-beta}",
}
);
const googleComputeSubnetworkDefault =
new google.computeSubnetwork.ComputeSubnetwork(this, "default_1", {
ip_cidr_range: "10.0.0.0/24",
name: "workstation-cluster",
network: googleComputeNetworkDefault.name,
provider: "${google-beta}",
region: "us-central1",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeSubnetworkDefault.overrideLogicalId("default");
const googleWorkstationsWorkstationClusterDefault =
new google.workstationsWorkstationCluster.WorkstationsWorkstationCluster(
this,
"default_2",
{
annotations: [
{
"label-one": "value-one",
},
],
labels: [
{
label: "key",
},
],
location: "us-central1",
network: googleComputeNetworkDefault.id,
provider: "${google-beta}",
subnetwork: googleComputeSubnetworkDefault.id,
workstation_cluster_id: "workstation-cluster",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleWorkstationsWorkstationClusterDefault.overrideLogicalId("default");
const googleWorkstationsWorkstationConfigDefault =
new google.workstationsWorkstationConfig.WorkstationsWorkstationConfig(
this,
"default_3",
{
host: [
{
gce_instance: [
{
boot_disk_size_gb: 35,
disable_public_ip_addresses: true,
machine_type: "e2-standard-4",
shielded_instance_config: [
{
enable_secure_boot: true,
enable_vtpm: true,
},
],
},
],
},
],
location: "us-central1",
persistent_directories: [
{
gce_pd: [
{
reclaim_policy: "DELETE",
size_gb: 200,
},
],
mount_path: "/home",
},
],
provider: "${google-beta}",
workstation_cluster_id:
googleWorkstationsWorkstationClusterDefault.workstationClusterId,
workstation_config_id: "workstation-config",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleWorkstationsWorkstationConfigDefault.overrideLogicalId("default");
Example Usage - Workstation Config Shielded Instance Config
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeNetworkDefault = new google.computeNetwork.ComputeNetwork(
this,
"default",
{
auto_create_subnetworks: false,
name: "workstation-cluster",
provider: "${google-beta}",
}
);
const googleComputeSubnetworkDefault =
new google.computeSubnetwork.ComputeSubnetwork(this, "default_1", {
ip_cidr_range: "10.0.0.0/24",
name: "workstation-cluster",
network: googleComputeNetworkDefault.name,
provider: "${google-beta}",
region: "us-central1",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeSubnetworkDefault.overrideLogicalId("default");
const googleWorkstationsWorkstationClusterDefault =
new google.workstationsWorkstationCluster.WorkstationsWorkstationCluster(
this,
"default_2",
{
annotations: [
{
"label-one": "value-one",
},
],
labels: [
{
label: "key",
},
],
location: "us-central1",
network: googleComputeNetworkDefault.id,
provider: "${google-beta}",
subnetwork: googleComputeSubnetworkDefault.id,
workstation_cluster_id: "workstation-cluster",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleWorkstationsWorkstationClusterDefault.overrideLogicalId("default");
const googleWorkstationsWorkstationConfigDefault =
new google.workstationsWorkstationConfig.WorkstationsWorkstationConfig(
this,
"default_3",
{
host: [
{
gce_instance: [
{
boot_disk_size_gb: 35,
disable_public_ip_addresses: true,
machine_type: "e2-standard-4",
shielded_instance_config: [
{
enable_secure_boot: true,
enable_vtpm: true,
},
],
},
],
},
],
location: "us-central1",
provider: "${google-beta}",
workstation_cluster_id:
googleWorkstationsWorkstationClusterDefault.workstationClusterId,
workstation_config_id: "workstation-config",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleWorkstationsWorkstationConfigDefault.overrideLogicalId("default");
Example Usage - Workstation Config Encryption Key
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeNetworkDefault = new google.computeNetwork.ComputeNetwork(
this,
"default",
{
auto_create_subnetworks: false,
name: "workstation-cluster",
provider: "${google-beta}",
}
);
const googleComputeSubnetworkDefault =
new google.computeSubnetwork.ComputeSubnetwork(this, "default_1", {
ip_cidr_range: "10.0.0.0/24",
name: "workstation-cluster",
network: googleComputeNetworkDefault.name,
provider: "${google-beta}",
region: "us-central1",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeSubnetworkDefault.overrideLogicalId("default");
const googleKmsKeyRingDefault = new google.kmsKeyRing.KmsKeyRing(
this,
"default_2",
{
location: "global",
name: "workstation-cluster",
provider: "${google-beta}",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleKmsKeyRingDefault.overrideLogicalId("default");
const googleServiceAccountDefault = new google.serviceAccount.ServiceAccount(
this,
"default_3",
{
account_id: "my-account",
display_name: "Service Account",
provider: "${google-beta}",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleServiceAccountDefault.overrideLogicalId("default");
const googleWorkstationsWorkstationClusterDefault =
new google.workstationsWorkstationCluster.WorkstationsWorkstationCluster(
this,
"default_4",
{
annotations: [
{
"label-one": "value-one",
},
],
labels: [
{
label: "key",
},
],
location: "us-central1",
network: googleComputeNetworkDefault.id,
provider: "${google-beta}",
subnetwork: googleComputeSubnetworkDefault.id,
workstation_cluster_id: "workstation-cluster",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleWorkstationsWorkstationClusterDefault.overrideLogicalId("default");
const googleKmsCryptoKeyDefault = new google.kmsCryptoKey.KmsCryptoKey(
this,
"default_5",
{
key_ring: googleKmsKeyRingDefault.id,
name: "workstation-cluster",
provider: "${google-beta}",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleKmsCryptoKeyDefault.overrideLogicalId("default");
const googleWorkstationsWorkstationConfigDefault =
new google.workstationsWorkstationConfig.WorkstationsWorkstationConfig(
this,
"default_6",
{
encryption_key: [
{
kms_key: googleKmsCryptoKeyDefault.id,
kms_key_service_account: googleServiceAccountDefault.email,
},
],
host: [
{
gce_instance: [
{
boot_disk_size_gb: 35,
disable_public_ip_addresses: true,
machine_type: "e2-standard-4",
shielded_instance_config: [
{
enable_secure_boot: true,
enable_vtpm: true,
},
],
},
],
},
],
location: "us-central1",
provider: "${google-beta}",
workstation_cluster_id:
googleWorkstationsWorkstationClusterDefault.workstationClusterId,
workstation_config_id: "workstation-config",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleWorkstationsWorkstationConfigDefault.overrideLogicalId("default");
Argument Reference
The following arguments are supported:
-
workstationConfigId- (Required) The ID of the workstation cluster config. -
workstationClusterId- (Required) The name of the workstation cluster. -
location- (Required) The location where the workstation cluster config should reside.
-
displayName- (Optional) Human-readable name for this resource. -
labels- (Optional) Client-specified labels that are applied to the resource and that are also propagated to the underlying Compute Engine resources. -
annotations- (Optional) Client-specified annotations. This is distinct from labels. -
host- (Optional) Runtime host for a workstation. Structure is documented below. -
persistentDirectories- (Optional) Directories to persist across workstation sessions. Structure is documented below. -
container- (Optional) Container that will be run for each workstation using this configuration when that workstation is started. Structure is documented below. -
encryptionKey- (Optional) Encrypts resources of this workstation configuration using a customer-managed encryption key. If specified, the boot disk of the Compute Engine instance and the persistent disk are encrypted using this encryption key. If this field is not set, the disks are encrypted using a generated key. Customer-managed encryption keys do not protect disk metadata. If the customer-managed encryption key is rotated, when the workstation instance is stopped, the system attempts to recreate the persistent disk with the new version of the key. Be sure to keep older versions of the key until the persistent disk is recreated. Otherwise, data on the persistent disk will be lost. If the encryption key is revoked, the workstation session will automatically be stopped within 7 hours. Structure is documented below. -
project- (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
gceInstance- (Optional) Specifies a Compute Engine instance as the host. Structure is documented below.
The gceInstance block supports:
-
machineType- (Optional) The name of a Compute Engine machine type. -
serviceAccount- (Optional) Email address of the service account that will be used on VM instances used to support this config. This service account must have permission to pull the specified container image. If not set, VMs will run without a service account, in which case the image must be publicly accessible. -
poolSize- (Optional) Number of instances to pool for faster workstation startup. -
bootDiskSizeGb- (Optional) Size of the boot disk in GB. -
tags- (Optional) Network tags to add to the Compute Engine machines backing the Workstations. -
disablePublicIpAddresses- (Optional) Whether instances have no public IP address. -
shieldedInstanceConfig- (Optional) A set of Compute Engine Shielded instance options. Structure is documented below. -
confidentialInstanceConfig- (Optional) A set of Compute Engine Confidential VM instance options. Structure is documented below.
The shieldedInstanceConfig block supports:
-
enableSecureBoot- (Optional) Whether the instance has Secure Boot enabled. -
enableVtpm- (Optional) Whether the instance has the vTPM enabled. -
enableIntegrityMonitoring- (Optional) Whether the instance has integrity monitoring enabled.
The confidentialInstanceConfig block supports:
enableConfidentialCompute- (Optional) Whether the instance has confidential compute enabled.
The persistentDirectories block supports:
-
mountPath- (Optional) Location of this directory in the running workstation. -
gcePd- (Optional) PersistentDirectory backed by a Compute Engine regional persistent disk. Structure is documented below.
-
fsType- (Optional) Type of file system that the disk should be formatted with. The workstation image must support this file system type. Must be empty if sourceSnapshot is set. -
diskType- (Optional) Type of the disk to use. -
sizeGb- (Optional) Size of the disk in GB. Must be empty if sourceSnapshot is set. -
reclaimPolicy- (Optional) What should happen to the disk after the workstation is deleted. Defaults to DELETE. Possible values arereclaimPolicyUnspecified,delete, andretain.
-
image- (Optional) Docker image defining the container. This image must be accessible by the config"s service account. -
command- (Optional) If set, overrides the default ENTRYPOINT specified by the image. -
args- (Optional) Arguments passed to the entrypoint. -
workingDir- (Optional) If set, overrides the default DIR specified by the image. -
env- (Optional) Environment variables passed to the container. The elements are of the form "KEY=VALUE" for the environment variable "KEY" being given the value "VALUE". -
runAsUser- (Optional) If set, overrides the USER specified in the image with the given uid.
The encryptionKey block supports:
-
kmsKey- (Required) The name of the Google Cloud KMS encryption key. -
kmsKeyServiceAccount- (Required) The service account to use with the specified KMS key.
Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
-
id- an identifier for the resource with formatprojects/{{project}}/locations/{{location}}/workstationClusters/{{workstationClusterId}}/workstationConfigs/{{workstationConfigId}} -
name- Full name of this resource. -
uid- The system-generated UID of the resource. -
etag- Checksum computed by the server. May be sent on update and delete requests to ensure that the client has an up-to-date value before proceeding. -
createTime- Time the Instance was created in UTC. -
degraded- Whether this resource is in degraded mode, in which case it may require user action to restore full functionality. Details can be found in the conditions field. -
conditions- Status conditions describing the current resource state. Structure is documented below.
The conditions block contains:
-
code- (Output) The status code, which should be an enum value of google.rpc.Code. -
message- (Output) Human readable message indicating details about the current status. -
details- (Output) A list of messages that carry the error details.
Timeouts
This resource provides the following Timeouts configuration options:
create- Default is 30 minutes.update- Default is 30 minutes.delete- Default is 30 minutes.
Import
WorkstationConfig can be imported using any of these accepted formats:
$ terraform import google_workstations_workstation_config.default projects/{{project}}/locations/{{location}}/workstationClusters/{{workstation_cluster_id}}/workstationConfigs/{{workstation_config_id}}
$ terraform import google_workstations_workstation_config.default {{project}}/{{location}}/{{workstation_cluster_id}}/{{workstation_config_id}}
$ terraform import google_workstations_workstation_config.default {{location}}/{{workstation_cluster_id}}/{{workstation_config_id}}
User Project Overrides
This resource supports User Project Overrides.