Rough outline of terraform

deployment/live/example-gcp/terragrunt.hcl

@@ -0,0 +1,28 @@
+terraform {
+  source = "${get_repo_root()}/deployment/modules/gcs"
+}
+
+locals {
+  project_id  = "trillian-tessera"
+  location      = "us-central1"
+  base_name = "example-gcs"
+}
+
+inputs = merge(
+  local,
+  {}
+)
+
+remote_state {
+  backend = "gcs"
+
+  config = {
+    project  = local.project_id
+    location = local.location
+    bucket   = "${local.project_id}-${local.base_name}-terraform-state"
+
+    gcs_bucket_labels = {
+      name  = "terraform_state_storage"
+    }
+  }
+}

deployment/modules/gcs/main.tf

@@ -0,0 +1,73 @@
+terraform {
+  backend "gcs" {}
+}
+
+# Services
+resource "google_project_service" "serviceusage_googleapis_com" {
+  service = "serviceusage.googleapis.com"
+}
+resource "google_project_service" "storage_api_googleapis_com" {
+  service = "storage-api.googleapis.com"
+}
+resource "google_project_service" "storage_component_googleapis_com" {
+  service = "storage-component.googleapis.com"
+}
+resource "google_project_service" "storage_googleapis_com" {
+  service = "storage.googleapis.com"
+}
+
+## Resources
+
+# Service accounts
+
+resource "google_service_account" "log_writer" {
+  account_id   = "${var.base_name}-writer"
+  display_name = "Log writer service account"
+}
+
+
+# Buckets
+
+resource "google_storage_bucket" "log_bucket" {
+  name                        = "${var.project_id}-${var.base_name}-bucket"
+  location                    = var.location
+  storage_class               = "STANDARD"
+  uniform_bucket_level_access = true
+}
+
+resource "google_storage_bucket_iam_binding" "log_bucket_writer" {
+  bucket = google_storage_bucket.log_bucket.name
+  role   = "roles/storage.legacyBucketWriter"
+  members = [
+    google_service_account.log_writer.member
+  ]
+}
+
+# Spanner
+
+resource "google_spanner_instance" "log_spanner" {
+  name             = var.base_name
+  config           = "regional-${var.location}"
+  display_name     = "${var.base_name} Spanner Instance"
+  processing_units = 100
+}
+
+resource "google_spanner_database" "log_db" {
+  instance = google_spanner_instance.log_spanner.name
+  name     = "${var.base_name}-db"
+  ddl = [
+    "CREATE TABLE SeqCoord (id INT64 NOT NULL, next INT64 NOT NULL,) PRIMARY KEY (id)",
+    "CREATE TABLE Seq (id INT64 NOT NULL, seq INT64 NOT NULL, v BYTES(MAX),) PRIMARY KEY (id, seq)",
+    "CREATE TABLE IntCoord (id INT64 NOT NULL, seq INT64 NOT NULL,) PRIMARY KEY (id)",
+  ]
+}
+
+resource "google_spanner_database_iam_binding" "database" {
+  instance = google_spanner_instance.log_spanner.name
+  database = google_spanner_database.log_db.name
+  role     = "roles/compute.networkUser"
+
+  members = [
+    google_service_account.log_writer.member
+  ]
+}

deployment/modules/gcs/outputs.tf

@@ -0,0 +1,4 @@
+output "log_bucket" {
+  description = "Log GCS bucket"
+  value       = google_storage_bucket.log_bucket
+}

deployment/modules/gcs/variables.tf

@@ -0,0 +1,14 @@
+variable "project_id" {
+  description = "GCP project ID where the log is hosted"
+  type        = string
+}
+
+variable "base_name" {
+  description = "Base name to use when naming resources"
+  type        = string
+}
+
+variable "location" {
+  description = "Location in which to create resources"
+  type        = string
+}