terraform-google-modules
diff --git a/‎1-org/envs/shared/README.md
Lines changed: 1 addition & 1 deletion b/‎1-org/envs/shared/README.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎1-org/envs/shared/projects.tf
Lines changed: 8 additions & 0 deletions b/‎1-org/envs/shared/projects.tf
Lines changed: 8 additions & 0 deletions
diff --git a/‎1-org/envs/shared/variables.tf
Lines changed: 33 additions & 24 deletions b/‎1-org/envs/shared/variables.tf
Lines changed: 33 additions & 24 deletions
diff --git a/‎2-environments/modules/env_baseline/README.md
Lines changed: 1 addition & 1 deletion b/‎2-environments/modules/env_baseline/README.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎2-environments/modules/env_baseline/monitoring.tf
Lines changed: 1 addition & 0 deletions b/‎2-environments/modules/env_baseline/monitoring.tf
Lines changed: 1 addition & 0 deletions
diff --git a/‎2-environments/modules/env_baseline/networking.tf
Lines changed: 1 addition & 0 deletions b/‎2-environments/modules/env_baseline/networking.tf
Lines changed: 1 addition & 0 deletions
diff --git a/‎2-environments/modules/env_baseline/secrets.tf
Lines changed: 1 addition & 0 deletions b/‎2-environments/modules/env_baseline/secrets.tf
Lines changed: 1 addition & 0 deletions
@@ -22,7 +22,7 @@
 | log\_export\_storage\_location | The location of the storage bucket used to export logs. | `string` | `"US"` | no |
 | log\_export\_storage\_retention\_policy | Configuration of the bucket's data retention policy for how long objects in the bucket should be retained. | <pre>object({<br>    is_locked             = bool<br>    retention_period_days = number<br>  })</pre> | `null` | no |
 | log\_export\_storage\_versioning | (Optional) Toggles bucket versioning, ability to retain a non-current object version when the live object version gets replaced or deleted. | `bool` | `false` | no |
-| project\_budget | Budget configuration for projects.<br>  budget\_amount: The amount to use as the budget.<br>  alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br>  alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`. | <pre>object({<br>    dns_hub_budget_amount                   = optional(number, 1000)<br>    dns_hub_alert_spent_percents            = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br>    dns_hub_alert_pubsub_topic              = optional(string, null)<br>    base_net_hub_budget_amount              = optional(number, 1000)<br>    base_net_hub_alert_spent_percents       = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br>    base_net_hub_alert_pubsub_topic         = optional(string, null)<br>    restricted_net_hub_budget_amount        = optional(number, 1000)<br>    restricted_net_hub_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br>    restricted_net_hub_alert_pubsub_topic   = optional(string, null)<br>    interconnect_budget_amount              = optional(number, 1000)<br>    interconnect_alert_spent_percents       = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br>    interconnect_alert_pubsub_topic         = optional(string, null)<br>    org_secrets_budget_amount               = optional(number, 1000)<br>    org_secrets_alert_spent_percents        = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br>    org_secrets_alert_pubsub_topic          = optional(string, null)<br>    org_billing_logs_budget_amount          = optional(number, 1000)<br>    org_billing_logs_alert_spent_percents   = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br>    org_billing_logs_alert_pubsub_topic     = optional(string, null)<br>    org_audit_logs_budget_amount            = optional(number, 1000)<br>    org_audit_logs_alert_spent_percents     = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br>    org_audit_logs_alert_pubsub_topic       = optional(string, null)<br>    scc_notifications_budget_amount         = optional(number, 1000)<br>    scc_notifications_alert_spent_percents  = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br>    scc_notifications_alert_pubsub_topic    = optional(string, null)<br>  })</pre> | `{}` | no |
+| project\_budget | Budget configuration for projects.<br>  budget\_amount: The amount to use as the budget.<br>  alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br>  alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.<br>  alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | <pre>object({<br>    dns_hub_budget_amount                       = optional(number, 1000)<br>    dns_hub_alert_spent_percents                = optional(list(number), [1.2])<br>    dns_hub_alert_pubsub_topic                  = optional(string, null)<br>    dns_hub_budget_alert_spend_basis            = optional(string, "FORECASTED_SPEND")<br>    base_net_hub_budget_amount                  = optional(number, 1000)<br>    base_net_hub_alert_spent_percents           = optional(list(number), [1.2])<br>    base_net_hub_alert_pubsub_topic             = optional(string, null)<br>    base_net_hub_budget_alert_spend_basis       = optional(string, "FORECASTED_SPEND")<br>    restricted_net_hub_budget_amount            = optional(number, 1000)<br>    restricted_net_hub_alert_spent_percents     = optional(list(number), [1.2])<br>    restricted_net_hub_alert_pubsub_topic       = optional(string, null)<br>    restricted_net_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br>    interconnect_budget_amount                  = optional(number, 1000)<br>    interconnect_alert_spent_percents           = optional(list(number), [1.2])<br>    interconnect_alert_pubsub_topic             = optional(string, null)<br>    interconnect_budget_alert_spend_basis       = optional(string, "FORECASTED_SPEND")<br>    org_secrets_budget_amount                   = optional(number, 1000)<br>    org_secrets_alert_spent_percents            = optional(list(number), [1.2])<br>    org_secrets_alert_pubsub_topic              = optional(string, null)<br>    org_secrets_budget_alert_spend_basis        = optional(string, "FORECASTED_SPEND")<br>    org_billing_logs_budget_amount              = optional(number, 1000)<br>    org_billing_logs_alert_spent_percents       = optional(list(number), [1.2])<br>    org_billing_logs_alert_pubsub_topic         = optional(string, null)<br>    org_billing_logs_budget_alert_spend_basis   = optional(string, "FORECASTED_SPEND")<br>    org_audit_logs_budget_amount                = optional(number, 1000)<br>    org_audit_logs_alert_spent_percents         = optional(list(number), [1.2])<br>    org_audit_logs_alert_pubsub_topic           = optional(string, null)<br>    org_audit_logs_budget_alert_spend_basis     = optional(string, "FORECASTED_SPEND")<br>    scc_notifications_budget_amount             = optional(number, 1000)<br>    scc_notifications_alert_spent_percents      = optional(list(number), [1.2])<br>    scc_notifications_alert_pubsub_topic        = optional(string, null)<br>    scc_notifications_budget_alert_spend_basis  = optional(string, "FORECASTED_SPEND")<br>  })</pre> | `{}` | no |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 | scc\_notification\_filter | Filter used to create the Security Command Center Notification, you can see more details on how to create filters in https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications#create-filter | `string` | `"state = \"ACTIVE\""` | no |
 | scc\_notification\_name | Name of the Security Command Center Notification. It must be unique in the organization. Run `gcloud scc notifications describe <scc_notification_name> --organization=org_id` to check if it already exists. | `string` | n/a | yes |
 
@@ -52,6 +52,7 @@ module "org_audit_logs" {
   budget_alert_pubsub_topic   = var.project_budget.org_audit_logs_alert_pubsub_topic
   budget_alert_spent_percents = var.project_budget.org_audit_logs_alert_spent_percents
   budget_amount               = var.project_budget.org_audit_logs_budget_amount
+  budget_alert_spend_basis    = var.project_budget.org_audit_logs_budget_alert_spend_basis
 }
 
 module "org_billing_logs" {
@@ -79,6 +80,7 @@ module "org_billing_logs" {
   budget_alert_pubsub_topic   = var.project_budget.org_billing_logs_alert_pubsub_topic
   budget_alert_spent_percents = var.project_budget.org_billing_logs_alert_spent_percents
   budget_amount               = var.project_budget.org_billing_logs_budget_amount
+  budget_alert_spend_basis    = var.project_budget.org_billing_logs_budget_alert_spend_basis
 }
 
 /******************************************
@@ -110,6 +112,7 @@ module "org_secrets" {
   budget_alert_pubsub_topic   = var.project_budget.org_secrets_alert_pubsub_topic
   budget_alert_spent_percents = var.project_budget.org_secrets_alert_spent_percents
   budget_amount               = var.project_budget.org_secrets_budget_amount
+  budget_alert_spend_basis    = var.project_budget.org_secrets_budget_alert_spend_basis
 }
 
 /******************************************
@@ -141,6 +144,7 @@ module "interconnect" {
   budget_alert_pubsub_topic   = var.project_budget.interconnect_alert_pubsub_topic
   budget_alert_spent_percents = var.project_budget.interconnect_alert_spent_percents
   budget_amount               = var.project_budget.interconnect_budget_amount
+  budget_alert_spend_basis    = var.project_budget.interconnect_budget_alert_spend_basis
 }
 
 /******************************************
@@ -172,6 +176,7 @@ module "scc_notifications" {
   budget_alert_pubsub_topic   = var.project_budget.scc_notifications_alert_pubsub_topic
   budget_alert_spent_percents = var.project_budget.scc_notifications_alert_spent_percents
   budget_amount               = var.project_budget.scc_notifications_budget_amount
+  budget_alert_spend_basis    = var.project_budget.scc_notifications_budget_alert_spend_basis
 }
 
 /******************************************
@@ -211,6 +216,7 @@ module "dns_hub" {
   budget_alert_pubsub_topic   = var.project_budget.dns_hub_alert_pubsub_topic
   budget_alert_spent_percents = var.project_budget.dns_hub_alert_spent_percents
   budget_amount               = var.project_budget.dns_hub_budget_amount
+  budget_alert_spend_basis    = var.project_budget.dns_hub_budget_alert_spend_basis
 }
 
 /******************************************
@@ -251,6 +257,7 @@ module "base_network_hub" {
   budget_alert_pubsub_topic   = var.project_budget.base_net_hub_alert_pubsub_topic
   budget_alert_spent_percents = var.project_budget.base_net_hub_alert_spent_percents
   budget_amount               = var.project_budget.base_net_hub_budget_amount
+  budget_alert_spend_basis    = var.project_budget.base_net_hub_budget_alert_spend_basis
 }
 
 resource "google_project_iam_member" "network_sa_base" {
@@ -299,6 +306,7 @@ module "restricted_network_hub" {
   budget_alert_pubsub_topic   = var.project_budget.restricted_net_hub_alert_pubsub_topic
   budget_alert_spent_percents = var.project_budget.restricted_net_hub_alert_spent_percents
   budget_amount               = var.project_budget.restricted_net_hub_budget_amount
+  budget_alert_spend_basis    = var.project_budget.restricted_net_hub_budget_alert_spend_basis
 }
 
 resource "google_project_iam_member" "network_sa_restricted" {
 
@@ -115,32 +115,41 @@ variable "project_budget" {
   budget_amount: The amount to use as the budget.
   alert_spent_percents: A list of percentages of the budget to alert on when threshold is exceeded.
   alert_pubsub_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.
+  alert_spend_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default).
   EOT
   type = object({
-    dns_hub_budget_amount                   = optional(number, 1000)
-    dns_hub_alert_spent_percents            = optional(list(number), [0.5, 0.75, 0.9, 0.95])
-    dns_hub_alert_pubsub_topic              = optional(string, null)
-    base_net_hub_budget_amount              = optional(number, 1000)
-    base_net_hub_alert_spent_percents       = optional(list(number), [0.5, 0.75, 0.9, 0.95])
-    base_net_hub_alert_pubsub_topic         = optional(string, null)
-    restricted_net_hub_budget_amount        = optional(number, 1000)
-    restricted_net_hub_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])
-    restricted_net_hub_alert_pubsub_topic   = optional(string, null)
-    interconnect_budget_amount              = optional(number, 1000)
-    interconnect_alert_spent_percents       = optional(list(number), [0.5, 0.75, 0.9, 0.95])
-    interconnect_alert_pubsub_topic         = optional(string, null)
-    org_secrets_budget_amount               = optional(number, 1000)
-    org_secrets_alert_spent_percents        = optional(list(number), [0.5, 0.75, 0.9, 0.95])
-    org_secrets_alert_pubsub_topic          = optional(string, null)
-    org_billing_logs_budget_amount          = optional(number, 1000)
-    org_billing_logs_alert_spent_percents   = optional(list(number), [0.5, 0.75, 0.9, 0.95])
-    org_billing_logs_alert_pubsub_topic     = optional(string, null)
-    org_audit_logs_budget_amount            = optional(number, 1000)
-    org_audit_logs_alert_spent_percents     = optional(list(number), [0.5, 0.75, 0.9, 0.95])
-    org_audit_logs_alert_pubsub_topic       = optional(string, null)
-    scc_notifications_budget_amount         = optional(number, 1000)
-    scc_notifications_alert_spent_percents  = optional(list(number), [0.5, 0.75, 0.9, 0.95])
-    scc_notifications_alert_pubsub_topic    = optional(string, null)
+    dns_hub_budget_amount                       = optional(number, 1000)
+    dns_hub_alert_spent_percents                = optional(list(number), [1.2])
+    dns_hub_alert_pubsub_topic                  = optional(string, null)
+    dns_hub_budget_alert_spend_basis            = optional(string, "FORECASTED_SPEND")
+    base_net_hub_budget_amount                  = optional(number, 1000)
+    base_net_hub_alert_spent_percents           = optional(list(number), [1.2])
+    base_net_hub_alert_pubsub_topic             = optional(string, null)
+    base_net_hub_budget_alert_spend_basis       = optional(string, "FORECASTED_SPEND")
+    restricted_net_hub_budget_amount            = optional(number, 1000)
+    restricted_net_hub_alert_spent_percents     = optional(list(number), [1.2])
+    restricted_net_hub_alert_pubsub_topic       = optional(string, null)
+    restricted_net_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
+    interconnect_budget_amount                  = optional(number, 1000)
+    interconnect_alert_spent_percents           = optional(list(number), [1.2])
+    interconnect_alert_pubsub_topic             = optional(string, null)
+    interconnect_budget_alert_spend_basis       = optional(string, "FORECASTED_SPEND")
+    org_secrets_budget_amount                   = optional(number, 1000)
+    org_secrets_alert_spent_percents            = optional(list(number), [1.2])
+    org_secrets_alert_pubsub_topic              = optional(string, null)
+    org_secrets_budget_alert_spend_basis        = optional(string, "FORECASTED_SPEND")
+    org_billing_logs_budget_amount              = optional(number, 1000)
+    org_billing_logs_alert_spent_percents       = optional(list(number), [1.2])
+    org_billing_logs_alert_pubsub_topic         = optional(string, null)
+    org_billing_logs_budget_alert_spend_basis   = optional(string, "FORECASTED_SPEND")
+    org_audit_logs_budget_amount                = optional(number, 1000)
+    org_audit_logs_alert_spent_percents         = optional(list(number), [1.2])
+    org_audit_logs_alert_pubsub_topic           = optional(string, null)
+    org_audit_logs_budget_alert_spend_basis     = optional(string, "FORECASTED_SPEND")
+    scc_notifications_budget_amount             = optional(number, 1000)
+    scc_notifications_alert_spent_percents      = optional(list(number), [1.2])
+    scc_notifications_alert_pubsub_topic        = optional(string, null)
+    scc_notifications_budget_alert_spend_basis  = optional(string, "FORECASTED_SPEND")
   })
   default = {}
 }
 
@@ -7,7 +7,7 @@
 | env | The environment to prepare (ex. development) | `string` | n/a | yes |
 | environment\_code | A short form of the folder level resources (environment) within the Google Cloud organization (ex. d). | `string` | n/a | yes |
 | monitoring\_workspace\_users | Google Workspace or Cloud Identity group that have access to Monitoring Workspaces. | `string` | n/a | yes |
-| project\_budget | Budget configuration for projects.<br>  budget\_amount: The amount to use as the budget.<br>  alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br>  alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`. | <pre>object({<br>    base_network_budget_amount              = optional(number, 1000)<br>    base_network_alert_spent_percents       = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br>    base_network_alert_pubsub_topic         = optional(string, null)<br>    restricted_network_budget_amount        = optional(number, 1000)<br>    restricted_network_alert_spent_percents = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br>    restricted_network_alert_pubsub_topic   = optional(string, null)<br>    monitoring_budget_amount                = optional(number, 1000)<br>    monitoring_alert_spent_percents         = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br>    monitoring_alert_pubsub_topic           = optional(string, null)<br>    secret_budget_amount                    = optional(number, 1000)<br>    secret_alert_spent_percents             = optional(list(number), [0.5, 0.75, 0.9, 0.95])<br>    secret_alert_pubsub_topic               = optional(string, null)<br>  })</pre> | `{}` | no |
+| project\_budget | Budget configuration for projects.<br>  budget\_amount: The amount to use as the budget.<br>  alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br>  alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.<br>  alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | <pre>object({<br>    base_network_budget_amount                  = optional(number, 1000)<br>    base_network_alert_spent_percents           = optional(list(number), [1.2])<br>    base_network_alert_pubsub_topic             = optional(string, null)<br>    base_network_budget_alert_spend_basis       = optional(string, "FORECASTED_SPEND")<br>    restricted_network_budget_amount            = optional(number, 1000)<br>    restricted_network_alert_spent_percents     = optional(list(number), [1.2])<br>    restricted_network_alert_pubsub_topic       = optional(string, null)<br>    restricted_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br>    monitoring_budget_amount                    = optional(number, 1000)<br>    monitoring_alert_spent_percents             = optional(list(number), [1.2])<br>    monitoring_alert_pubsub_topic               = optional(string, null)<br>    monitoring_budget_alert_spend_basis         = optional(string, "FORECASTED_SPEND")<br>    secret_budget_amount                        = optional(number, 1000)<br>    secret_alert_spent_percents                 = optional(list(number), [1.2])<br>    secret_alert_pubsub_topic                   = optional(string, null)<br>    secret_budget_alert_spend_basis             = optional(string, "FORECASTED_SPEND")<br>  })</pre> | `{}` | no |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 
 ## Outputs
 
@@ -48,4 +48,5 @@ module "monitoring_project" {
   budget_alert_pubsub_topic   = var.project_budget.monitoring_alert_pubsub_topic
   budget_alert_spent_percents = var.project_budget.monitoring_alert_spent_percents
   budget_amount               = var.project_budget.monitoring_budget_amount
+  budget_alert_spend_basis    = var.project_budget.monitoring_budget_alert_spend_basis
 }
@@ -88,4 +88,5 @@ module "restricted_shared_vpc_host_project" {
   budget_alert_pubsub_topic   = var.project_budget.restricted_network_alert_pubsub_topic
   budget_alert_spent_percents = var.project_budget.restricted_network_alert_spent_percents
   budget_amount               = var.project_budget.restricted_network_budget_amount
+  budget_alert_spend_basis    = var.project_budget.restricted_network_budget_alert_spend_basis
 }
@@ -46,4 +46,5 @@ module "env_secrets" {
   budget_alert_pubsub_topic   = var.project_budget.secret_alert_pubsub_topic
   budget_alert_spent_percents = var.project_budget.secret_alert_spent_percents
   budget_amount               = var.project_budget.secret_budget_amount
+  budget_alert_spend_basis    = var.project_budget.secret_budget_alert_spend_basis
 }
Original file line number	Diff line number	Diff line change
`@@ -48,4 +48,5 @@ module "monitoring_project" {`
`48`	`48`	`budget_alert_pubsub_topic = var.project_budget.monitoring_alert_pubsub_topic`
`49`	`49`	`budget_alert_spent_percents = var.project_budget.monitoring_alert_spent_percents`
`50`	`50`	`budget_amount = var.project_budget.monitoring_budget_amount`
	`51`	`+ budget_alert_spend_basis = var.project_budget.monitoring_budget_alert_spend_basis`
`51`	`52`	`}`
Original file line number	Diff line number	Diff line change
`@@ -88,4 +88,5 @@ module "restricted_shared_vpc_host_project" {`
`88`	`88`	`budget_alert_pubsub_topic = var.project_budget.restricted_network_alert_pubsub_topic`
`89`	`89`	`budget_alert_spent_percents = var.project_budget.restricted_network_alert_spent_percents`
`90`	`90`	`budget_amount = var.project_budget.restricted_network_budget_amount`
	`91`	`+ budget_alert_spend_basis = var.project_budget.restricted_network_budget_alert_spend_basis`
`91`	`92`	`}`
Original file line number	Diff line number	Diff line change
`@@ -46,4 +46,5 @@ module "env_secrets" {`
`46`	`46`	`budget_alert_pubsub_topic = var.project_budget.secret_alert_pubsub_topic`
`47`	`47`	`budget_alert_spent_percents = var.project_budget.secret_alert_spent_percents`
`48`	`48`	`budget_amount = var.project_budget.secret_budget_amount`
	`49`	`+ budget_alert_spend_basis = var.project_budget.secret_budget_alert_spend_basis`
`49`	`50`	`}`