Terraform blueprints and modules for Google Cloud
Blueprints and modules help you automate provisioning and managing Google Cloud resources at scale.
A module is a reusable set of Terraform configuration files that creates alogical abstraction of Terraform resources.
A blueprint is a package of deployable, reusable modules and policy thatimplements and documents a specific opinionated solution. Deployableconfiguration for all Terraform blueprints are packaged as Terraform modules.
| Category | Blueprints and modules | Description |
|---|---|---|
| End-to-end, Data analytics | ai-notebook | Demonstrates how to protect confidential data in Vertex AI Workbench notebooks |
| Data analytics, End-to-end | crmint | Deploy the marketing analytics application, CRMint |
| End-to-end, Operations | enterprise-application | Deploy an enterprise developer platform on Google Cloud |
| End-to-end, Operations | example-foundation | Shows how the CFT modules can be composed to build a secure cloud foundation |
| End-to-end | fabric | Provides advanced examples designed for prototyping |
| Developer tools, End-to-end, Security and identity | secure-cicd | Builds a secure CI/CD pipeline on Google Cloud |
| End-to-end, Data analytics | secured-data-warehouse | Deploys a secured BigQuery data warehouse |
| Data analytics, End-to-end, Security and identity | secured-data-warehouse-onprem-ingest | Deploys a secured data warehouse variant for ingesting encrypted data from on-prem sources |
| End-to-end | vertex-mlops | Create a Vertex AI environment needed for MLOps |
| Networking | address | Manages Google Cloud IP addresses |
| Databases | alloy-db | Creates an AlloyDB for PostgreSQL instance |
| Data analytics | analytics-lakehouse | Deploys a Lakehouse Architecture Solution |
| Compute | anthos-vm | Creates VMs on Google Distributed Cloud clusters |
| Developer tools | apphub | Creates and manages App Hub resources |
| Containers, Developer tools | artifact-registry | Create and manage Artifact Registry repositories |
| Developer tools, Operations, Security and identity | bastion-host | Generates a bastion host VM compatible with OS Login and IAP tunneling that can be used to access internal VMs |
| Compute, Operations | backup-dr | Deploy Backup and DR appliances |
| Data analytics | bigquery | Creates opinionated BigQuery datasets and tables |
| Data analytics | bigtable | Create and manage Google Bigtable resources |
| Developer tools, Operations | bootstrap | Bootstraps Terraform usage and related CI/CD in a new Google Cloud organization |
| Compute, Networking | cloud-armor | Deploy Google Cloud Armor security policy |
| Databases | cloud-datastore | Manages Datastore |
| Developer tools | cloud-deploy | Create Cloud Deploy pipelines and targets |
| Networking | cloud-dns | Creates and manages Cloud DNS public or private zones and their records |
| Serverless computing | cloud-functions | Deploys Cloud Run functions (Gen 2) |
| Networking, Security and identity | cloud-ids | Deploys a Cloud IDS instance and associated resources |
| Networking | cloud-nat | Creates and configures Cloud NAT |
| Operations | cloud-operations | Manages Cloud Logging and Cloud Monitoring |
| Networking | cloud-router | Manages a Cloud Router on Google Cloud |
| Serverless computing | cloud-run | Deploys apps to Cloud Run, along with option to map custom domain |
| Databases | cloud-spanner | Deploys Spanner instances |
| Storage | cloud-storage | Creates one or more Cloud Storage buckets and assigns basic permissions on them to arbitrary users |
| Developer tools, Serverless computing | cloud-workflows | Manage Workflows with optional Cloud Scheduler or Eventarc triggers |
| End-to-end, Data analytics, Operations | composer | Manages Cloud Composer v1 and v2 along with option to manage networking |
| Compute, Containers | container-vm | Deploys containers on Compute Engine instances |
| Data analytics | data-fusion | Manages Cloud Data Fusion |
| Data analytics | dataflow | Handles opinionated Dataflow job configuration and deployments |
| Data analytics | datalab | Creates DataLab instances with support for GPU instances |
| Data analytics | dataplex-auto-data-quality | Deploys data quality rules on BigQuery tables across development and production environments using Cloud Build |
| Serverless computing | event-function | Responds to logging events with a Cloud Run functions |
| Developer tools | folders | Creates several Google Cloud folders under the same parent |
| Developer tools | gcloud | Executes Google Cloud CLI commands within Terraform |
| Developer tools | github-actions-runners | Creates self-hosted GitHub Actions Runners on Google Cloud |
| Developer tools | gke-gitlab | Installs GitLab on Kubernetes Engine |
| Workspace | group | Manages Google Groups |
| Operations, Workspace | gsuite-export | Creates a Compute Engine VM instance and sets up a cronjob to export Google Workspace Admin SDK data to Cloud Logging on a schedule |
| Healthcare and life sciences | healthcare | Handles opinionated Google Cloud Healthcare datasets and stores |
| Security and identity | iam | Manages multiple IAM roles for resources on Google Cloud |
| Developer tools | jenkins | Creates a Compute Engine instance running Jenkins |
| Security and identity | kms | Allows managing a keyring, zero or more keys in the keyring, and IAM role bindings on individual keys |
| Compute, Containers | kubernetes-engine | Configures opinionated GKE clusters |
| Networking | lb | Creates a regional TCP proxy load balancer for Compute Engine by using target pools and forwarding rules |
| Networking | lb-http | Creates a global HTTP load balancer for Compute Engine by using forwarding rules |
| Networking | lb-internal | Creates an internal load balancer for Compute Engine by using forwarding rules |
| Networking | load-balanced-vms | Creates a managed instance group with a load balancer |
| Data analytics | log-analysis | Stores and analyzes log data |
| Operations | log-export | Creates log exports at the project, folder, or organization level |
| Operations | media-cdn-vod | Deploys Media CDN video-on-demand |
| Databases | memorystore | Creates a fully functional Google Memorystore (redis) instance |
| Compute, Networking | netapp-volumes | Deploy Google Cloud NetApp Volumes |
| Networking | network | Sets up a new VPC network on Google Cloud |
| Networking | network-forensics | Deploys Zeek on Google Cloud |
| Security and identity | org-policy | Manages Google Cloud organization policies |
| Networking | out-of-band-security-3P | Creates a 3P out-of-band security appliance deployment |
| Security and identity | pam | Deploy Privileged Access Manager |
| Operations | project-factory | Creates an opinionated Google Cloud project by using Shared VPC, IAM, and Google Cloud APIs |
| Data analytics | Pub/Sub | Creates Pub/Sub topic and subscriptions associated with the topic |
| Compute | sap | Deploys SAP products |
| Serverless computing | scheduled-function | Sets up a scheduled job to trigger events and run functions |
| Security and identity | secret-manager | Creates one or more Google Secret Manager secrets and manages basic permissions for them |
| Networking, Security and identity | secure-web-proxy | Create and manage Secure Web Proxy on Google Cloud for secured egress web traffic |
| Security and identity | service-accounts | Creates one or more service accounts and grants them basic roles |
| Operations | slo | Creates SLOs on Google Cloud from custom Stackdriver metrics capability to export SLOs to Google Cloud services and other systems |
| Databases | sql-db | Creates a Cloud SQL database instance |
| Compute | startup-scripts | Provides a library of useful startup scripts to embed in VMs |
| Operations, Security and identity | tags | Create and manage Google Cloud Tags |
| Developer tools, Operations, Security and identity | tf-cloud-agents | Creates self-hosted Terraform Cloud Agent on Google Cloud |
| Databases, Serverless computing | three-tier-web-app | Deploys a three-tier web application using Cloud Run and Cloud SQL |
| Operations | utils | Gets the short names for a given Google Cloud region |
| Developer tools, Operations, Security and identity | vault | Deploys Vault on Compute Engine |
| Compute | vertex-ai | Deploy Vertex AI resources |
| Compute | vm | Provisions VMs in Google Cloud |
| Networking | vpc-service-controls | Handles opinionated VPC Service Controls and Access Context Manager configuration and deployments |
| Networking | vpn | Sets up a Cloud VPN gateway |
| Operations | waap | Deploys the WAAP solution on Google Cloud |
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-12-15 UTC.