diff --git a/modules/config-posture/README.md b/modules/config-posture/README.md
new file mode 100644
index 0000000..8ad48fc
--- /dev/null
+++ b/modules/config-posture/README.md
@@ -0,0 +1,79 @@
+# GCP Config Posture Module
+
+This module will deploy Config Posture resources in GCP for a single project, or for a GCP Organization.
+The Config Posture module serves the following functions:
+- retrieving inventory for single project, or for all projects within an Organization.
+- retrieving organization metadata in the case of organizational onboarding within GCP Organization.
+
+If instrumenting a project, the following resources will be created:
+- All the necessary `Service Accounts` and `Policies` to enable the Config posture operation at the project level
+- A `Workload Identity Pool`, `Provider` and added custom role permissions to the `Service Account`, to allow Sysdig to authenticate to GCP on your behalf to validate resources.
+- A cloud account component in the Sysdig Backend, associated with the GCP project and with the required component to serve the config posture functions.
+
+If instrumenting an Organziation, the following resources will be created:
+- All the necessary `Service Accounts` and `Policies` to enable the Config Posture operation at the organization level
+- A `Workload Identity Pool`, `Provider` and added custom role permissions to the `Service Account`, to allow Sysdig to authenticate to GCP on your behalf to validate resources.
+- A cloud account component in the Sysdig Backend, associated with the GCP project and with the required component to serve the config posture functions.
+
+Note:
+- The outputs from the foundational module, such as `sysdig_secure_account_id` are needed as inputs to the other features/integrations modules for subsequent modular installs.
+
+
+## Requirements
+
+| Name | Version |
+|------|-----------|
+| [terraform](#requirement\_terraform) | >= 1.0.0 |
+| [google](#requirement\_google) | >= 4.21.0 |
+| [sysdig](#requirement\_sysdig) | >= 1.34.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [google](#provider\_google) | 5.0.0 |
+| [random](#provider\_random) | >= 3.1 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| [google_service_account.posture_auth](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account) | resource |
+| [google_organization.org](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/organization) | data source |
+| [sysdig_secure_trusted_cloud_identity.trusted_identity](https://registry.terraform.io/providers/sysdiglabs/sysdig/latest/docs/data-sources/secure_trusted_cloud_identity) | data source |
+| [google_project.project](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/project) | data source |
+| [sysdig_secure_tenant_external_id](https://registry.terraform.io/providers/sysdiglabs/sysdig/latest/docs/data-sources/secure_tenant_external_id) | data source |
+| [random_id.suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
+| [google_iam_workload_identity_pool.posture_auth_pool](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/iam_workload_identity_pool) | resource |
+| [google_iam_workload_identity_pool_provider.posture_auth_pool_provider](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/iam_workload_identity_pool_provider) | resource |
+| [google_project_iam_member.cspm](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_project_iam#google_project_iam_member) | resource |
+| [google_service_account_iam_member.custom_posture_auth](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_service_account_iam#google_service_account_iam_member) | resource |
+| [google_organization_iam_member.cspm](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_organization_iam#google_organization_iam_member) | resource |
+| [sysdig_secure_cloud_auth_account_component.google_service_principal](https://registry.terraform.io/providers/sysdiglabs/sysdig/latest/docs/resources/secure_cloud_auth_account_component) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|------|-----------------------------------------------|:--------:|
+| [is\_organizational](#input\_is\_organizational) | (Optional) Set this field to 'true' to deploy secure-for-cloud to a GCP Organization. | `bool` | `false` | no |
+| [organization\_domain](#input\_organization\_domain) | Organization domain. e.g. sysdig.com | `string` | `""` | no |
+| [project\_id](#input\_project\_id) | (Required) Target Project identifier provided by the customer | `string` | n/a | yes |
+| [suffix](#input\_suffix) | (Optional) Suffix to uniquely identify resources during multiple installs. If not provided, random value is autogenerated | `string` | `null` | no |
+| [sysdig\_secure\_account\_id](#input\_sysdig\_secure\_account\_id) | (Required) The GUID of the management project or single project per sysdig representation | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|--------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------|
+| [service\_principal\_component\_id](#output\_service\_principal\_component\_id) | The component id of the config posture service principal with its WIF metadata |
+
+
+## Authors
+
+Module is maintained by [Sysdig](https://sysdig.com).
+
+## License
+
+Apache 2 Licensed. See LICENSE for full details.
\ No newline at end of file
diff --git a/modules/config-posture/main.tf b/modules/config-posture/main.tf
new file mode 100644
index 0000000..87e5a90
--- /dev/null
+++ b/modules/config-posture/main.tf
@@ -0,0 +1,105 @@
+#------------------------------------------------------------------#
+# Fetch and compute required data for Workload Identity Federation #
+#------------------------------------------------------------------#
+
+data "sysdig_secure_trusted_cloud_identity" "trusted_identity" {
+ cloud_provider = "gcp"
+}
+
+data "sysdig_secure_tenant_external_id" "external_id" {}
+
+data "google_project" "project" {
+ project_id = var.project_id
+}
+
+// suffix to uniquely identify WIF pool and provider during multiple installs. If suffix value is not provided, this will generate a random value.
+resource "random_id" "suffix" {
+ count = var.suffix == null ? 1 : 0
+ byte_length = 3
+}
+
+locals {
+ suffix = var.suffix == null ? random_id.suffix[0].hex : var.suffix
+}
+
+resource "google_service_account" "posture_auth" {
+ # service account name cannot be longer than 30 characters
+ account_id = "sysdig-posture-${local.suffix}"
+ display_name = "Sysdig Config Posture Auth Service Account"
+ project = var.project_id
+}
+
+#------------------------------------------------------------#
+# Configure Workload Identity Federation for auth #
+# See https://cloud.google.com/iam/docs/access-resources-aws #
+#------------------------------------------------------------#
+
+resource "google_iam_workload_identity_pool" "posture_auth_pool" {
+ project = var.project_id
+ workload_identity_pool_id = "sysdig-secure-posture-${local.suffix}"
+}
+
+resource "google_iam_workload_identity_pool_provider" "posture_auth_pool_provider" {
+ project = var.project_id
+ workload_identity_pool_id = google_iam_workload_identity_pool.posture_auth_pool.workload_identity_pool_id
+ workload_identity_pool_provider_id = "sysdig-posture-${local.suffix}"
+ display_name = "Sysdigcloud config posture auth"
+ description = "AWS based pool provider for Sysdig Secure Data Config Posture resources"
+ disabled = false
+
+ attribute_condition = "attribute.aws_role==\"arn:aws:sts::${data.sysdig_secure_trusted_cloud_identity.trusted_identity.aws_account_id}:assumed-role/${data.sysdig_secure_trusted_cloud_identity.trusted_identity.aws_role_name}/${data.sysdig_secure_tenant_external_id.external_id.external_id}\""
+
+ attribute_mapping = {
+ "google.subject" = "assertion.arn",
+ "attribute.aws_role" = "assertion.arn"
+ }
+
+ aws {
+ account_id = data.sysdig_secure_trusted_cloud_identity.trusted_identity.aws_account_id
+ }
+}
+
+#---------------------------------------------------------------------------------------------
+# role permissions for CSPM (GCP Predefined Roles for Sysdig Cloud Secure Posture Management)
+#---------------------------------------------------------------------------------------------
+resource "google_project_iam_member" "cspm" {
+ for_each = var.is_organizational ? [] : toset(["roles/cloudasset.viewer", "roles/iam.workloadIdentityUser", "roles/logging.viewer", "roles/cloudfunctions.viewer", "roles/cloudbuild.builds.viewer", "roles/orgpolicy.policyViewer"])
+
+ project = var.project_id
+ role = each.key
+ member = "serviceAccount:${google_service_account.posture_auth.email}"
+}
+
+# attaching WIF as a member to the service account for auth
+resource "google_service_account_iam_member" "custom_posture_auth" {
+ service_account_id = google_service_account.posture_auth.name
+ role = "roles/iam.workloadIdentityUser"
+ member = "principalSet://iam.googleapis.com/projects/${data.google_project.project.number}/locations/global/workloadIdentityPools/${google_iam_workload_identity_pool.posture_auth_pool.workload_identity_pool_id}/attribute.aws_role/arn:aws:sts::${data.sysdig_secure_trusted_cloud_identity.trusted_identity.aws_account_id}:assumed-role/${data.sysdig_secure_trusted_cloud_identity.trusted_identity.aws_role_name}/${data.sysdig_secure_tenant_external_id.external_id.external_id}"
+}
+
+#--------------------------------------------------------------------------------------------------------------
+# Call Sysdig Backend to add the service-principal integration for Config Posture to the Sysdig Cloud Account
+#--------------------------------------------------------------------------------------------------------------
+resource "sysdig_secure_cloud_auth_account_component" "google_service_principal" {
+ account_id = var.sysdig_secure_account_id
+ type = "COMPONENT_SERVICE_PRINCIPAL"
+ instance = "secure-posture"
+ version = "v0.1.0"
+ service_principal_metadata = jsonencode({
+ gcp = {
+ workload_identity_federation = {
+ pool_id = google_iam_workload_identity_pool.posture_auth_pool.workload_identity_pool_id
+ pool_provider_id = google_iam_workload_identity_pool_provider.posture_auth_pool_provider.workload_identity_pool_provider_id
+ project_number = data.google_project.project.number
+ }
+ email = google_service_account.posture_auth.email
+ }
+ })
+ depends_on = [
+ google_service_account.posture_auth,
+ google_iam_workload_identity_pool.posture_auth_pool,
+ google_iam_workload_identity_pool_provider.posture_auth_pool_provider,
+ google_project_iam_member.cspm,
+ google_service_account_iam_member.custom_posture_auth
+ ]
+}
diff --git a/modules/config-posture/organizational.tf b/modules/config-posture/organizational.tf
new file mode 100644
index 0000000..77d85b0
--- /dev/null
+++ b/modules/config-posture/organizational.tf
@@ -0,0 +1,23 @@
+#--------------#
+# Organization #
+#--------------#
+
+data "google_organization" "org" {
+ count = var.is_organizational ? 1 : 0
+ domain = var.organization_domain
+}
+
+###################################################
+# Setup Service Account permissions
+###################################################
+
+#---------------------------------------------------------------------------------------------
+# role permissions for CSPM (GCP Predefined Roles for Sysdig Cloud Secure Posture Management)
+#---------------------------------------------------------------------------------------------
+resource "google_organization_iam_member" "cspm" {
+ for_each = var.is_organizational ? toset(["roles/cloudasset.viewer", "roles/iam.workloadIdentityUser", "roles/logging.viewer", "roles/cloudfunctions.viewer", "roles/cloudbuild.builds.viewer", "roles/orgpolicy.policyViewer"]) : []
+
+ org_id = data.google_organization.org[0].org_id
+ role = each.key
+ member = "serviceAccount:${google_service_account.posture_auth.email}"
+}
\ No newline at end of file
diff --git a/modules/config-posture/outputs.tf b/modules/config-posture/outputs.tf
new file mode 100644
index 0000000..20c9f5d
--- /dev/null
+++ b/modules/config-posture/outputs.tf
@@ -0,0 +1,5 @@
+output "service_principal_component_id" {
+ value = "${sysdig_secure_cloud_auth_account_component.google_service_principal.type}/${sysdig_secure_cloud_auth_account_component.google_service_principal.instance}"
+ description = "Component identifier of Service Principal created in Sysdig Backend for Config Posture"
+ depends_on = [sysdig_secure_cloud_auth_account_component.google_service_principal]
+}
\ No newline at end of file
diff --git a/modules/config-posture/variables.tf b/modules/config-posture/variables.tf
new file mode 100644
index 0000000..b975bc2
--- /dev/null
+++ b/modules/config-posture/variables.tf
@@ -0,0 +1,27 @@
+variable "project_id" {
+ type = string
+ description = "(Required) Target Project identifier provided by the customer"
+}
+
+variable "is_organizational" {
+ description = "(Optional) Set this field to 'true' to deploy secure-for-cloud to a GCP Organization."
+ type = bool
+ default = false
+}
+
+variable "organization_domain" {
+ type = string
+ description = "(Optional) Organization domain. e.g. sysdig.com"
+ default = ""
+}
+
+variable "suffix" {
+ type = string
+ description = "Suffix to uniquely identify resources during multiple installs. If not provided, random value is autogenerated"
+ default = null
+}
+
+variable "sysdig_secure_account_id" {
+ type = string
+ description = "ID of the Sysdig Cloud Account to enable Config Posture for (in case of organization, ID of the Sysdig management account)"
+}
\ No newline at end of file
diff --git a/modules/config-posture/versions.tf b/modules/config-posture/versions.tf
new file mode 100644
index 0000000..adb6e1a
--- /dev/null
+++ b/modules/config-posture/versions.tf
@@ -0,0 +1,18 @@
+terraform {
+ required_version = ">= 1.0.0"
+
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.21.0"
+ }
+ sysdig = {
+ source = "sysdiglabs/sysdig"
+ version = ">= 1.34.0"
+ }
+ random = {
+ source = "hashicorp/random"
+ version = ">= 3.1"
+ }
+ }
+}
\ No newline at end of file
diff --git a/modules/onboarding/README.md b/modules/onboarding/README.md
new file mode 100644
index 0000000..d865008
--- /dev/null
+++ b/modules/onboarding/README.md
@@ -0,0 +1,82 @@
+# GCP Onboarding Module
+
+This module will deploy Foundational Onboarding resources in GCP for a single project, or for a GCP Organization.
+The Foundational Onboarding module serves the following functions:
+- retrieving inventory for single project, or for all projects within an Organization.
+- running organization scraping in the case of organizational onboarding within GCP Organization.
+
+If instrumenting a project, the following resources will be created:
+- All the necessary `Service Accounts` and `Policies` to enable the Onboarding operation at the project level
+- A `Service Account key` and added role permissions to the `Service Account`, to allow Sysdig to authenticate to GCP on your behalf to validate resources.
+- A cloud account in the Sysdig Backend, associated with the GCP project and with the required component to serve the foundational functions.
+
+If instrumenting an Organziation, the following resources will be created:
+- All the necessary `Service Accounts` and `Policies` to enable the Onboarding operation at the organization level
+- A `Service Account key` and added role permissions to the `Service Account`, to allow Sysdig to authenticate to GCP on your behalf to validate resources.
+- A cloud account in the Sysdig Backend, associated with the management project and with the required component to serve the foundational functions.
+- A cloud organization in the Sysdig Backend, associated with the GCP Organization to fetch the organization structure to install Sysdig Secure for Cloud on.
+
+Note:
+- The outputs from the foundational module, such as `sysdig_secure_account_id` are needed as inputs to the other features/integrations modules for subsequent modular installs.
+
+
+## Requirements
+
+| Name | Version |
+|------|-----------|
+| [terraform](#requirement\_terraform) | >= 1.0.0 |
+| [google](#requirement\_google) | >= 4.21.0 |
+| [sysdig](#requirement\_sysdig) | >= 1.34.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| [google](#provider\_google) | 5.0.0 |
+| [random](#provider\_random) | >= 3.1 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| [google_service_account.onboarding_auth](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account) | resource |
+| [google_organization.org](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/organization) | data source |
+| [google_project.project](https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/project) | data source |
+| [random_id.suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
+| [google_project_iam_member.browser](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_project_iam#google_project_iam_member) | resource |
+| [google_organization_iam_member.browser](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/google_organization_iam#google_organization_iam_member) | resource |
+| [google_service_account_key.onboarding_service_account_key](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/service_account_key) | resource |
+| [sysdig_secure_cloud_auth_account.google_account](https://registry.terraform.io/providers/sysdiglabs/sysdig/latest/docs/resources/secure_cloud_auth_account) | resource |
+| [sysdig_secure_organization.google_organization](https://registry.terraform.io/providers/sysdiglabs/sysdig/latest/docs/resources/secure_organization) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|-----------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|------|---------|:--------:|
+| [is\_organizational](#input\_is\_organizational) | (Optional) Set this field to 'true' to deploy secure-for-cloud to a GCP Organization. | `bool` | `false` | no |
+| [organization\_domain](#input\_organization\_domain) | Organization domain. e.g. sysdig.com | `string` | `""` | no |
+| [project\_id](#input\_project\_id) | (Required) Target Project identifier provided by the customer | `string` | n/a | yes |
+| [suffix](#input\_suffix) | (Optional) Suffix to uniquely identify resources during multiple installs. If not provided, random value is autogenerated | `string` | `null` | no |
+| [suffix](#input\_management\_group\_ids) | (Optional) List of management group ids w.r.t an org install. If not provided, set to empty by default | `string` | `null` | no |
+
+
+
+## Outputs
+
+| Name | Description |
+|--------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------|
+| [sysdig\_secure\_account\_id](#output\_sysdig\_secure\_account\_id) | ID of the Sysdig Cloud Account created |
+| [is\_organizational](#output\_is\_organizational) | Boolean value to indicate if secure-for-cloud is deployed to an entire GCP organization or not |
+| [organization\_domain](#output\_organization\_domain) | Organization domain of the GCP org being onboarded |
+| [project\_id](#output\_project\_id) | The management project id chosen during install, where global resources are deployed |
+
+
+## Authors
+
+Module is maintained by [Sysdig](https://sysdig.com).
+
+## License
+
+Apache 2 Licensed. See LICENSE for full details.
\ No newline at end of file
diff --git a/modules/onboarding/main.tf b/modules/onboarding/main.tf
new file mode 100644
index 0000000..50b2e15
--- /dev/null
+++ b/modules/onboarding/main.tf
@@ -0,0 +1,80 @@
+#------------------------------------------------------------------#
+# Fetch and compute required data for Service Account Key #
+#------------------------------------------------------------------#
+
+data "google_project" "project" {
+ project_id = var.project_id
+}
+
+// suffix to uniquely identify onboarding service account during multiple installs. If suffix value is not provided, this will generate a random value.
+resource "random_id" "suffix" {
+ count = var.suffix == null ? 1 : 0
+ byte_length = 3
+}
+
+locals {
+ suffix = var.suffix == null ? random_id.suffix[0].hex : var.suffix
+}
+
+resource "google_service_account" "onboarding_auth" {
+ # service account name cannot be longer than 30 characters
+ account_id = "sysdig-onboarding-${local.suffix}"
+ display_name = "Sysdig Onboarding Auth Service Account"
+ project = var.project_id
+}
+
+#---------------------------------
+# role permissions for onboarding
+#---------------------------------
+resource "google_project_iam_member" "browser" {
+ count = var.is_organizational ? 0 : 1
+
+ project = var.project_id
+ role = "roles/browser"
+ member = "serviceAccount:${google_service_account.onboarding_auth.email}"
+}
+
+#--------------------------------
+# service account private key
+
+#--------------------------------
+resource "google_service_account_key" "onboarding_service_account_key" {
+ service_account_id = google_service_account.onboarding_auth.name
+}
+
+#---------------------------------------------------------------------------------------------
+# Call Sysdig Backend to create account with foundational onboarding
+# (ensure it is called after all above cloud resources are created using explicit depends_on)
+#---------------------------------------------------------------------------------------------
+
+resource "sysdig_secure_cloud_auth_account" "google_account" {
+ enabled = true
+ provider_id = var.project_id
+ provider_type = "PROVIDER_GCP"
+ provider_alias = data.google_project.project.name
+ provider_tenant_id = var.organization_domain
+
+ component {
+ type = "COMPONENT_SERVICE_PRINCIPAL"
+ instance = "secure-onboarding"
+ version = "v0.1.0"
+ service_principal_metadata = jsonencode({
+ gcp = {
+ key = google_service_account_key.onboarding_service_account_key.private_key
+ }
+ })
+ }
+
+ depends_on = [
+ google_service_account.onboarding_auth,
+ google_project_iam_member.browser,
+ google_service_account_key.onboarding_service_account_key
+ ]
+
+ lifecycle {
+ ignore_changes = [
+ component,
+ feature
+ ]
+ }
+}
\ No newline at end of file
diff --git a/modules/onboarding/organizational.tf b/modules/onboarding/organizational.tf
new file mode 100644
index 0000000..09554ea
--- /dev/null
+++ b/modules/onboarding/organizational.tf
@@ -0,0 +1,35 @@
+#--------------#
+# Organization #
+#--------------#
+
+data "google_organization" "org" {
+ count = var.is_organizational ? 1 : 0
+ domain = var.organization_domain
+}
+
+###################################################
+# Setup Service Account permissions
+###################################################
+
+#---------------------------------
+# role permissions for onboarding
+#---------------------------------
+resource "google_organization_iam_member" "browser" {
+ count = var.is_organizational ? 1 : 0
+
+ org_id = data.google_organization.org[0].org_id
+ role = "roles/browser"
+ member = "serviceAccount:${google_service_account.onboarding_auth.email}"
+}
+
+#---------------------------------------------------------------------------------------------
+# Call Sysdig Backend to create organization with foundational onboarding
+# (ensure it is called after all above cloud resources are created)
+#---------------------------------------------------------------------------------------------
+resource "sysdig_secure_organization" "google_organization" {
+ count = var.is_organizational ? 1 : 0
+
+ management_account_id = sysdig_secure_cloud_auth_account.google_account.id
+ organizational_unit_ids = var.management_group_ids
+ depends_on = [google_organization_iam_member.browser]
+}
\ No newline at end of file
diff --git a/modules/onboarding/outputs.tf b/modules/onboarding/outputs.tf
new file mode 100644
index 0000000..7db7f22
--- /dev/null
+++ b/modules/onboarding/outputs.tf
@@ -0,0 +1,19 @@
+output "project_id" {
+ value = var.project_id
+ description = "Project ID in which secure-for-cloud onboarding resources are created. For organizational installs it is the Management Project ID selected during install"
+}
+
+output "sysdig_secure_account_id" {
+ value = sysdig_secure_cloud_auth_account.google_account.id
+ description = "ID of the Sysdig Cloud Account created"
+}
+
+output "is_organizational" {
+ value = var.is_organizational
+ description = "Boolean value to indicate if secure-for-cloud is deployed to an entire GCP organization or not"
+}
+
+output "organization_domain" {
+ value = var.organization_domain
+ description = "Organization domain. e.g. sysdig.com"
+}
diff --git a/modules/onboarding/variables.tf b/modules/onboarding/variables.tf
new file mode 100644
index 0000000..9571e7e
--- /dev/null
+++ b/modules/onboarding/variables.tf
@@ -0,0 +1,28 @@
+variable "project_id" {
+ type = string
+ description = "(Required) Target Project identifier provided by the customer"
+}
+
+variable "is_organizational" {
+ description = "(Optional) Set this field to 'true' to deploy secure-for-cloud to a GCP Organization."
+ type = bool
+ default = false
+}
+
+variable "organization_domain" {
+ type = string
+ description = "(Optional) Organization domain. e.g. sysdig.com"
+ default = ""
+}
+
+variable "management_group_ids" {
+ type = set(string)
+ description = "(Optional) Management group id to onboard. e.g. [organizations/123456789012], [folders/123456789012]"
+ default = []
+}
+
+variable "suffix" {
+ type = string
+ description = "Suffix to uniquely identify resources during multiple installs. If not provided, random value is autogenerated"
+ default = null
+}
\ No newline at end of file
diff --git a/modules/onboarding/versions.tf b/modules/onboarding/versions.tf
new file mode 100644
index 0000000..adb6e1a
--- /dev/null
+++ b/modules/onboarding/versions.tf
@@ -0,0 +1,18 @@
+terraform {
+ required_version = ">= 1.0.0"
+
+ required_providers {
+ google = {
+ source = "hashicorp/google"
+ version = ">= 4.21.0"
+ }
+ sysdig = {
+ source = "sysdiglabs/sysdig"
+ version = ">= 1.34.0"
+ }
+ random = {
+ source = "hashicorp/random"
+ version = ">= 3.1"
+ }
+ }
+}
\ No newline at end of file
diff --git a/test/examples/modular_organization/onboarding_with_posture.tf b/test/examples/modular_organization/onboarding_with_posture.tf
new file mode 100644
index 0000000..214c779
--- /dev/null
+++ b/test/examples/modular_organization/onboarding_with_posture.tf
@@ -0,0 +1,41 @@
+terraform {
+ required_providers {
+ sysdig = {
+ source = "sysdiglabs/sysdig"
+ version = "~> 1.34.0"
+ }
+ }
+}
+
+provider "sysdig" {
+ sysdig_secure_url = "https://secure-staging.sysdig.com"
+ sysdig_secure_api_token = "API_TOKEN"
+}
+
+provider "google" {
+ project = "org-child-project-3"
+ region = "us-west1"
+}
+
+module "onboarding" {
+ source = "../../../modules/onboarding"
+ project_id = "org-child-project-3"
+ is_organizational = true
+ organization_domain = "draios.com"
+}
+
+module "config-posture" {
+ source = "../../../modules/config-posture"
+ project_id = module.onboarding.project_id
+ is_organizational = module.onboarding.is_organizational
+ organization_domain = module.onboarding.organization_domain
+ sysdig_secure_account_id = module.onboarding.sysdig_secure_account_id
+}
+
+resource "sysdig_secure_cloud_auth_account_feature" "config_posture" {
+ account_id = module.onboarding.sysdig_secure_account_id
+ type = "FEATURE_SECURE_CONFIG_POSTURE"
+ enabled = true
+ components = [module.config-posture.service_principal_component_id]
+ depends_on = [module.config-posture]
+}
\ No newline at end of file
diff --git a/test/examples/modular_single_project/onboarding_with_posture.tf b/test/examples/modular_single_project/onboarding_with_posture.tf
new file mode 100644
index 0000000..b46b41d
--- /dev/null
+++ b/test/examples/modular_single_project/onboarding_with_posture.tf
@@ -0,0 +1,37 @@
+terraform {
+ required_providers {
+ sysdig = {
+ source = "sysdiglabs/sysdig"
+ version = "~> 1.34.0"
+ }
+ }
+}
+
+provider "sysdig" {
+ sysdig_secure_url = "https://secure-staging.sysdig.com"
+ sysdig_secure_api_token = "API_TOKEN"
+}
+
+provider "google" {
+ project = "org-child-project-3"
+ region = "us-west1"
+}
+
+module "onboarding" {
+ source = "../../../modules/onboarding"
+ project_id = "org-child-project-3"
+}
+
+module "config-posture" {
+ source = "../../../modules/config-posture"
+ project_id = module.onboarding.project_id
+ sysdig_secure_account_id = module.onboarding.sysdig_secure_account_id
+}
+
+resource "sysdig_secure_cloud_auth_account_feature" "config_posture" {
+ account_id = module.onboarding.sysdig_secure_account_id
+ type = "FEATURE_SECURE_CONFIG_POSTURE"
+ enabled = true
+ components = [module.config-posture.service_principal_component_id]
+ depends_on = [module.config-posture]
+}
\ No newline at end of file