Foundations: pre-requisites for SCA

[memes]

Customers should be using a project factory to ensure birthright accounts are created consistently in sandbox, dev, test, and production environments - these customers will need to know the service accounts needed along with roles. For customers that are not using a project factory, sample Terraform to setup the foundational resources should be provided - something like https://github.com/memes/f5-bootstrap-gcp-project but focused only on SCA needs.

As an SCA deployer, I need to understand the foundational resources that are expected to be in-place before these SCA components can be effectively used. I must also understand the compromises that may be inherent if I do not use the recommended configurations.

Required

• [ ] APIs to be enabled on target project
• [ ] Terraform service account with set of required roles in target project and impersonation enabled
• [ ] BIG-IP service account with correct roles, assuming BIG-IP is to be deployed
• [ ] NGINX service account with correct roles, if NGINX to be deployed

Recommended

• [ ] Dedicated GCS bucket for SCA Terraform state, with object admin rights granted to Terraform service account above
• [ ] User group allowed to impersonate Terraform service account

Optional

• [ ] BYOL licenses for BIG-IP
• [ ] NGINX customer certificate and key
• [ ] Cloud Build enabled and with ability to impersonate Terraform service account
• [ ] Terraform Cloud service account with ability to impersonate fully-privileged service account