Topics on this page
Convert the GCP stacks from GCP Deployment Manager to Terraform
If you deployed GCP stacks using the GCP deployment manager, we encourage you to convert your deployment to Terraform for better support of stack management and stack updates.
The steps of converting the GCP stacks from GCP Deployment Manager to Terraform
- Follow the steps of adding the stacks until the step 5.d. Add the
customRolePrefixvariable with the value of prefix in
terraform.tfvars.json. After the step 5.d is done. The new custom roles will distinguish from the roles created by GCP Deployment Manager.
- At step 5.e of the steps of adding the stacks, add the
customRolePrefixvariable with the value of the prefix in
terraform.tfvars.json. After the step 5.e is done, the all-in-one stack will use the new custom roles.
disableScanningBucketIAMBindingof the storage stack to
terraform.tfvars.json. This variable helps prevent overwriting the old IAM bindings on the scanning bucket.
- Follow the remaining steps of adding the stacks until you finish step 6. Ensure that the stacks are created on File Storage Security web console.
- Set the
disableScanningBucketIAMBindingvariable of the storage stack to
terraform applyagain to add new IAM bindings on the scanning bucket.
- After the new IAM bindings are done, the file event of the bucket will pass to the stacks of Terraform deployment. Upload a file and check the logs of the scanner function to confirm that the conversion is successful.
- Check the uploaded file has tag in the object metadata.
- Delete the old stacks which created by GCP Deployment Manager.
- Ensure all the stacks in your GCP project are converted. After that, you can delete the old custom roles by executing the following command:
gcloud deployment-manager deployments delete trend-micro-file-storage-security-roles