Skip to content

CrowdStrike/terraform-google-cloud-registration

BranchesTags

Repository files navigation

Description

This Terraform module provides automated registration and configuration of Google Cloud Platform (GCP) organizations, folders, and projects with CrowdStrike's Cloud Security Posture Management (CSPM) platform.

The module enables keyless authentication through GCP's Workload Identity Federation and provides security monitoring capabilities including asset inventory and optional real-time log ingestion for threat detection.

Key Features

  • Multi-Scope Registration: Support for organization, folder, and project-level registrations
  • Workload Identity Federation: Secure, keyless authentication using GCP's identity federation
  • Asset Inventory: Monitoring of GCP resources for security posture assessment
  • Real Time Visibility & Detection (Optional): Real-time log streaming for threat detection

Architecture Overview

The module creates the following GCP resources:

  • Workload Identity Pool and Provider for authentication
  • IAM role bindings for CrowdStrike service principals across target scopes
  • Pub/Sub topics and subscriptions for log ingestion (when RTV&D is enabled)
  • Log sinks for audit log streaming (when RTV&D is enabled)

Prerequisites

Before using this module, ensure you have:

  1. CrowdStrike Requirements:

    • Falcon Console access with CSPM enabled
    • API credentials with CSPM registration (Read & Write) and Cloud Security Google Cloud Registration (Read & Write) scopes

  2. GCP Requirements:

    • GCP project for CrowdStrike infrastructure resources
    • Appropriate IAM permissions for the deployment service account
    • Required GCP APIs enabled

Usage

terraform {
  required_version = ">= 1.5.0"

  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "~> 5.0"
    }
  }
}

provider "google" {
  project = "your-csmp-infrastructure-project"
}

module "crowdstrike_gcp_registration" {
  source = "CrowdStrike/terraform-google-cloud-registration"

  # CrowdStrike API Configuration
  falcon_client_id     = "<Falcon API client ID>"
  falcon_client_secret = "<Falcon API client secret>"

  # GCP Infrastructure Project
  infra_project_id = "your-csmp-infrastructure-project"

  # Registration Scope - Organization Level
  registration_type = "organization"
  organization_id   = "123456789012"

  # CrowdStrike Role ARN
  role_arn = "arn:aws:sts::111111111111:assumed-role/CrowdStrikeConnectorRoleName"

  # Optional: Enable Real Time Visibility & Detection
  enable_realtime_visibility = true

  # Optional: Log Ingestion Configuration
  log_ingestion_settings = {
    message_retention_duration       = "1209600s"  # 14 days
    ack_deadline_seconds             = 300         # 5 minutes
    topic_message_retention_duration = "2592000s"  # 30 days
    audit_log_types                  = ["activity", "system_event", "policy"]
    exclusion_filters = [
      "resource.labels.environment=\"test\"",
      "resource.labels.temporary=\"true\""
    ]
  }

  # Optional: Resource Naming
  resource_prefix = "cs-"
  resource_suffix = "-prod"

  # Optional: Resource Labels
  labels = {
    environment = "production"
    project     = "crowdstrike-integration"
    cstagvendor = "crowdstrike"
  }
}

Providers

Name Version
crowdstrike ~> 0.0.55
google ~> 5.0

Resources

Name Type
crowdstrike_cloud_google_registration.main resource
crowdstrike_cloud_google_registration_settings.main resource
google_project.wif_project data source

Inputs

Name Description Type Default Required
deployment_method Deployment method for the CrowdStrike GCP registration string "terraform-native" no
enable_realtime_visibility Enable Real Time Visibility and Detection (RTV&D) features via log ingestion bool false no
excluded_project_patterns List of shell-style patterns to exclude specific projects from CSPM registration. Supports wildcards (* and ?). Projects matching these patterns will be excluded from asset inventory and log ingestion. Examples: 'sys-*', 'dev-?'. list(string) [] no
folder_ids List of Google Cloud folders being registered list(string) [] no
infra_project_id Google Cloud Project ID where CrowdStrike infrastructure resources will be deployed string n/a yes
infrastructure_manager_region The Google Cloud region for Infrastructure Manager. Required when deployment_method is infrastructure-manager string null no
labels Map of labels to be applied to all resources created by this module map(string) {} no
log_ingestion_settings Configuration settings for log ingestion. Controls Pub/Sub topic and subscription settings, audit log types, schema validation, and allows using existing resources. 
object({
    message_retention_duration       = optional(string, "604800s")
    ack_deadline_seconds             = optional(number, 600)
    topic_message_retention_duration = optional(string, "604800s")
    audit_log_types                  = optional(list(string), ["activity", "system_event", "policy"])
    topic_storage_regions            = optional(list(string), [])
    enable_schema_validation         = optional(bool, false)
    schema_type                      = optional(string, "AVRO")
    schema_definition                = optional(string)
    existing_topic_name              = optional(string)
    existing_subscription_name       = optional(string)
    exclusion_filters                = optional(list(string), [])
  })
 {} no
organization_id GCP Organization ID for organization-level registration string null no
project_ids List of Google Cloud projects being registered list(string) [] no
registration_name Name for the CrowdStrike GCP registration string n/a yes
registration_type Type of registration: organization, folder, or project string n/a yes
resource_prefix Prefix to be added to all created resource names for identification string null no
resource_suffix Suffix to be added to all created resource names for identification string null no
role_arn AWS Role ARN used by CrowdStrike for authentication string n/a yes
wif_project_id Google Cloud Project ID where the CrowdStrike workload identity federation pool resources are deployed. Defaults to infra_project_id if not specified string null no

Outputs

Name Description
discovered_projects Detailed information about discovered and registered projects
log_sink_names Names of the created log sinks (if RTV&D enabled)
log_subscription_id The ID of the Pub/Sub subscription for log ingestion (if RTV&D enabled)
log_topic_id The ID of the Pub/Sub topic for log ingestion (if RTV&D enabled)
registration_id The unique CrowdStrike registration ID for this GCP setup
wif_iam_principal The IAM principal that CrowdStrike uses to access GCP resources
wif_pool_id The ID of the created Workload Identity Pool
wif_pool_provider_id The ID of the created Workload Identity Pool Provider
wif_project_id The GCP Project ID where Workload Identity resources were created
wif_project_number The GCP Project Number for the Workload Identity project

About

registry.terraform.io/modules/CrowdStrike/cloud-registration/google/latest

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases 5

v0.1.3 Latest
Feb 3, 2026
+ 4 releases

Packages

No packages published

Contributors 6

Languages