Glossary
Overview
This article contain the various terms and variables described in the following instructions.
Integration steps
Choose your onboarding approach:
- Organization
- Multiple Folders
- Multiple Projects
| Default Module Parameters | |
|---|---|
project | Ensure the parameter is set with the Google Cloud project ID used for provisioning. This is required in the provider block to target the correct Google Cloud project. |
upwind_organization_id | Ensure the parameter is set with your Upwind Organization ID. This ID typically starts with org_ and uniquely identifies your organization in the Upwind platform. |
upwind_client_id | Ensure the parameter is set with the GoogleCloudOrgConnectionCredentials client ID generated in the Upwind Console. |
upwind_client_secret | Ensure the parameter is set with the GoogleCloudOrgConnectionCredentials client secret generated in the Upwind Console. Must be used in conjunction with upwind_client_id. |
scanner_client_id | Ensure the parameter is set with the GoogleCloudScannersReportingCredentials client ID generated in the Upwind Console. Only required if enable_cloudscanners is true |
scanner_client_secret | Ensure the parameter is set with the GoogleCloudScannersReportingCredentials client secret generated in the Upwind Console. Must be used in conjunction with scanner_client_id. Only required if enable_cloudscanners is true |
gcp_organization_id | Ensure the parameter is set with your Google Cloud Organization ID, typically a numeric string that uniquely identifies your Google Cloud environment. |
upwind_orchestrator_project | Ensure the parameter is set with the Google Cloud project ID designated to act as the orchestrator. This project will host the Upwind service account and coordinate scanning operations. |
enable_cloudscanners | Ensure the parameter is set to true if you want to enable deployment of Cloud Scanner infrastructure for continuous scanning of Google Cloud projects. |
enable_dspm_scanning | Ensure the parameter is set to true if you want to enable deployment of Cloud Scanner infrastructure for continuous scanning of buckets. This requires `enable_cloudscanners to be true |
google_service_account_display_name (Optional) | Ensure the parameter is set if you wish to define a custom display name for the Upwind service account in Google Cloud. |
resource_suffix (Optional) | Ensure the parameter is set with a short, alphanumeric string (max 10 characters) if you want to customize the suffix used in Upwind resource naming to prevent naming collisions. |
workload_identity_pool_project (Optional) | Ensure the parameter is set if you wish to define a custom location for Workload Identity Federation resources. |
workload_identity_trusted_account | The 12-digit AWS account ID that is trusted to federate into your Google Cloud environment via Workload Identity Federation. This is the Upwind platform's AWS account, which is permitted to impersonate the Upwind service accounts created by this module. Required. |
| Default Module Parameters | |
|---|---|
project | Ensure the parameter is set with the Google Cloud project ID used for provisioning. This is required in the provider block to target the correct Google Cloud project. |
upwind_organization_id | Ensure the parameter is set with your Upwind Organization ID. This ID typically starts with org_ and uniquely identifies your organization in the Upwind platform. |
upwind_client_id | Ensure the parameter is set with the GoogleCloudFolderConnectionCredentials client ID generated in the previous step. |
upwind_client_secret | Ensure the parameter is set with the GoogleCloudFolderConnectionCredentials client secret generated in the previous step. Must be used in conjunction with Upwind Client ID. |
scanner_client_id | Ensure the parameter is set with the GoogleCloudScannersReportingCredentials client ID generated in the Upwind Console. Only required if enable_cloudscanners is true |
scanner_client_secret | Ensure the parameter is set with the GoogleCloudScannersReportingCredentials client secret generated in the Upwind Console. Must be used in conjunction with scanner_client_id. Only required if enable_cloudscanners is true |
gcp_organization_id | Ensure the parameter is set with your Google Cloud Organization ID, typically a numeric string that uniquely identifies your Google Cloud environment. |
target_folder_ids | Ensure the parameter is set with your Google Cloud Folder IDs, typically numeric strings that uniquely identify your Google Cloud folders. |
upwind_orchestrator_project | Ensure the parameter is set with the Google Cloud project ID designated to act as the orchestrator. This project will host the Upwind service account and coordinate scanning operations. |
enable_cloudscanners | Ensure the parameter is set to true if you want to enable deployment of Cloud Scanner infrastructure for continuous scanning of Google Cloud projects. |
google_service_account_display_name (Optional) | Ensure the parameter is set if you wish to define a custom display name for the Upwind service account in Google Cloud. |
resource_suffix (Optional) | Ensure the parameter is set with a short, alphanumeric string (max 10 characters) if you want to customize the suffix used in Upwind resource naming to prevent naming collisions. |
workload_identity_pool_project (Optional) | Ensure the parameter is set if you wish to define a custom location for Workload Identity Federation resources. |
workload_identity_trusted_account | The 12-digit AWS account ID that is trusted to federate into your Google Cloud environment via Workload Identity Federation. This is the Upwind platform's AWS account, which is permitted to impersonate the Upwind service accounts created by this module. Required. |
| Default Module Parameters | |
|---|---|
project | Ensure the parameter is set with the Google Cloud project ID used for provisioning. This is required in the provider block to target the correct Google Cloud project. |
upwind_organization_id | Ensure the parameter is set with your Upwind Organization ID. This ID typically starts with org_ and uniquely identifies your organization in the Upwind platform. |
upwind_client_id | Ensure the parameter is set with the GoogleCloudProjectConnectionCredentials client ID generated in the previous step. |
upwind_client_secret | Ensure the parameter is set with the GoogleCloudProjectConnectionCredentials client secret generated in the previous step. Must be used in conjunction with Upwind Client ID. |
scanner_client_id | Ensure the parameter is set with the GoogleCloudScannersReportingCredentials client ID generated in the Upwind Console. Only required if enable_cloudscanners is true |
scanner_client_secret | Ensure the parameter is set with the GoogleCloudScannersReportingCredentials client secret generated in the Upwind Console. Must be used in conjunction with scanner_client_id. Only required if enable_cloudscanners is true |
target_project_ids | Ensure the parameter is set with your Google Cloud Project IDs, typically alphanumeric strings that uniquely identify your Google Cloud projects. This value must contain the Orchestrator project. |
upwind_orchestrator_project | Ensure the parameter is set with the Google Cloud project ID designated to act as the orchestrator. This project will host the Upwind service account and coordinate scanning operations. |
enable_cloudscanners | Ensure the parameter is set to true if you want to enable deployment of Cloud Scanner infrastructure for continuous scanning of Google Cloud projects. |
google_service_account_display_name (Optional) | Ensure the parameter is set if you wish to define a custom display name for the Upwind service account in Google Cloud. |
resource_suffix (Optional) | Ensure the parameter is set with a short, alphanumeric string (max 10 characters) if you want to customize the suffix used in Upwind resource naming to prevent naming collisions. |
workload_identity_pool_project (Optional) | Ensure the parameter is set if you wish to define a custom location for Workload Identity Federation resources. |
workload_identity_trusted_account | The 12-digit AWS account ID that is trusted to federate into your Google Cloud environment via Workload Identity Federation. This is the Upwind platform's AWS account, which is permitted to impersonate the Upwind service accounts created by this module. Required. |
Troubleshooting
If you encounter issues during deployment or operation, consult the Troubleshooting guide for solutions and best practices.