Cloud Monitoring, Alerting & Log Export

gcp-monitoring

A standalone Cloud Operations (observability) bundle that applies on its own with nothing pre-existing: a metric-threshold alert policy, a Cloud Monitoring dashboard, and a log-export sink that ships matching log entries to a dedicated, locked-down GCS bucket the module creates. Works with Terraform and OpenTofu (>= 1.6), Google provider >= 7.0, < 8.0.

The grant hand-rolled sink configs always miss is wired in: the sink runs as its own unique writer identity, and that identity is granted objectCreator on the destination bucket — without it the export silently writes nothing. The bucket has uniform bucket-level access, public-access prevention, and a lifecycle rule so exported logs age out.

What you get per module call:

• A GCS log-export bucket (UBLA, public access prevented, lifecycle expiry)
• A project log sink with a unique writer identity + the bucket IAM grant
• A metric-threshold alert policy (CPU-utilization by default; fully overridable)
• A dashboard (minimal CPU dashboard by default; supply your own dashboard_json)

Requirements

Requirement	Version
Terraform / OpenTofu	>= 1.6
hashicorp/google	>= 7.0, < 8.0

The Monitoring (monitoring.googleapis.com) and Logging (logging.googleapis.com) APIs must be enabled on the project.

Verification

Static-validated (fmt, validate, tflint). Live apply/destroy testing pending cloud sandbox availability — see catalog status.

License

Commercial — IaC Bazaar EULA. © IaC Bazaar. Original work (not derived from a third-party module).