This module schedules a job to clean up GCP projects older than a specified length of time, that match a particular labels. This job runs every 5 minutes via Google Cloud Scheduled Functions. Please see the utility's readme for more information as to its operation and configuration.
Running this module requires an App Engine app in the specified project/region. More information is in the root readme.
The following services must be enabled on the project housing the cleanup function prior to invoking this module:
- Artifact Registry API (
artifactregistry.googleapis.com) - Cloud Functions (
cloudfunctions.googleapis.com) - Cloud Scheduler (
cloudscheduler.googleapis.com) - Cloud Resource Manager (
cloudresourcemanager.googleapis.com) - Compute Engine API (
compute.googleapis.com) - Cloud Asset API (
cloudasset.googleapis.com) - Security Command Center API (
securitycenter.googleapis.com) - Cloud Logging API (
logging.googleapis.com)
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| billing_account | Billing Account used to provision resources. | string |
"" |
no |
| clean_up_billing_sinks | Clean up Billing Account Sinks. | bool |
false |
no |
| clean_up_org_level_cai_feeds | Clean up organization level Cloud Asset Inventory Feeds. | bool |
false |
no |
| clean_up_org_level_scc_notifications | Clean up organization level Security Command Center notifications. | bool |
false |
no |
| clean_up_org_level_tag_keys | Clean up organization level Tag Keys. | bool |
false |
no |
| function_docker_registry | Docker Registry to use for storing the function's Docker images. Allowed values are CONTAINER_REGISTRY (default) and ARTIFACT_REGISTRY. | string |
null |
no |
| function_timeout_s | The amount of time in seconds allotted for the execution of the function. | number |
500 |
no |
| job_schedule | Cleaner function run frequency, in cron syntax | string |
"*/5 * * * *" |
no |
| list_billing_sinks_page_size | The maximum number of Billing Account Log Sinks to return in the call to BillingAccountsSinksService.List service. |
number |
200 |
no |
| list_scc_notifications_page_size | The maximum number of notification configs to return in the call to ListNotificationConfigs service. The minimun value is 1 and the maximum value is 1000. |
number |
500 |
no |
| max_project_age_in_hours | The maximum number of hours that a GCP project, selected by target_tag_name and target_tag_value, can exist |
number |
6 |
no |
| organization_id | The organization ID whose projects to clean up | string |
n/a | yes |
| project_id | The project ID to host the scheduled function in | string |
n/a | yes |
| region | The region the project is in (App Engine specific) | string |
n/a | yes |
| target_billing_sinks | List of Billing Account Log Sinks names regex that will be deleted. Regex example: .*/sinks/sk-c-logging-.*-billing-.* |
list(string) |
[] |
no |
| target_excluded_labels | Map of project lablels that won't be deleted. | map(string) |
{} |
no |
| target_excluded_tagkeys | List of organization Tag Key short names that won't be deleted. | list(string) |
[] |
no |
| target_folder_id | Folder ID to delete all projects under. | string |
"" |
no |
| target_included_feeds | List of organization level Cloud Asset Inventory feeds that should be deleted. Regex example: .*/feeds/fd-cai-monitoring-.* |
list(string) |
[] |
no |
| target_included_labels | Map of project lablels that will be deleted. | map(string) |
{} |
no |
| target_included_scc_notifications | List of organization Security Command Center notifications names regex that will be deleted. Regex example: .*/notificationConfigs/scc-notify-.* |
list(string) |
[] |
no |
| target_tag_name | The name of a tag to filter GCP projects on for consideration by the cleanup utility (legacy, use target_included_labels map instead). |
string |
"" |
no |
| target_tag_value | The value of a tag to filter GCP projects on for consideration by the cleanup utility (legacy, use target_included_labels map instead). |
string |
"" |
no |
| topic_name | Name of pubsub topic connecting the scheduled projects cleanup function | string |
"pubsub_scheduled_project_cleaner" |
no |
| Name | Description |
|---|---|
| name | The name of the job created |
| project_id | The project ID |