Google Cloud Provider Support
Terratags supports the Google Cloud provider for validating labels on GCP resources.
Overview
Google Cloud Platform uses labels instead of tags for resource metadata. Terratags treats labels the same way as tags for validation purposes, ensuring consistent tag/label compliance across AWS, Azure, and Google Cloud.
Supported Features
- ✅ Label validation on 244+ Google Cloud resources
- ✅ Provider-level
default_labelssupport - ✅ Pattern matching for label values
- ✅ HTML report generation
- ✅ Terraform plan validation
- ✅ Module resource validation
Label Format
Google Cloud resources use a map of key/value pairs for labels:
resource "google_compute_instance" "example" {
name = "example-instance"
machine_type = "e2-medium"
zone = "us-central1-a"
boot_disk {
initialize_params {
image = "debian-cloud/debian-11"
}
}
network_interface {
network = "default"
}
labels = {
environment = "production"
project = "terratags"
name = "example-instance"
}
}
Provider Default Labels
The Google provider supports default_labels at the provider level, similar to AWS default_tags:
provider "google" {
project = "my-project-id"
region = "us-central1"
default_labels = {
environment = "production"
owner = "team-a"
}
}
resource "google_storage_bucket" "example" {
name = "example-bucket"
location = "US"
labels = {
name = "example-bucket"
project = "demo"
}
}
In this example, the bucket will have all four labels: - name and project from resource-level labels - environment and owner from provider's default_labels
Label Inheritance
Terratags tracks label sources and inheritance:
- Provider default_labels: Applied to all resources created by the provider
- Resource labels: Specified directly on the resource
- Module labels: Inherited from module blocks
Resources only need to specify labels not covered by default_labels.
Validation Example
Configuration File
required_tags:
name: {}
environment:
pattern: "^(dev|test|staging|prod)$"
owner:
pattern: "^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$"
project: {}
Terraform File
provider "google" {
project = "my-project-id"
region = "us-central1"
default_labels = {
environment = "prod"
owner = "devops@company.com"
}
}
# Compliant - has all required labels
resource "google_compute_disk" "compliant" {
name = "test-disk"
type = "pd-ssd"
zone = "us-central1-a"
size = 10
labels = {
name = "test-disk"
project = "demo"
}
}
# Non-compliant - missing project label
resource "google_storage_bucket" "non_compliant" {
name = "my-bucket"
location = "US"
labels = {
name = "my-bucket"
}
}
Validation Output
$ terratags -config config.yaml -dir ./gcp-infra
Tag validation issues found:
Resource google_storage_bucket 'non_compliant' is missing required tags: project
Summary: 1/2 resources compliant (50.0%)
Supported Resources
Terratags supports 244+ Google Cloud resources that have labels support, including:
- Compute Engine (instances, disks, images)
- Cloud Storage (buckets)
- BigQuery (datasets, tables)
- Cloud SQL (instances)
- GKE (clusters, node pools)
- Cloud Functions
- Cloud Run
- And many more...
For the complete list, see the Supported Providers documentation.
Key Differences from AWS/Azure
| Feature | AWS | Azure | Google Cloud |
|---|---|---|---|
| Terminology | tags | tags | labels |
| Provider defaults | default_tags | default_tags (azapi only) | default_labels |
| Format | Map | Map | Map |
| Validation | ✅ | ✅ | ✅ |
Usage Examples
Basic Validation
Generate Report
Validate Terraform Plan
terraform plan -out=tfplan
terraform show -json tfplan > plan.json
terratags -config config.yaml -plan plan.json
With Exemptions
Best Practices
- Use default_labels: Define common labels at the provider level
- Pattern validation: Use regex patterns to enforce label value formats
- Consistent naming: Use the same label keys across AWS, Azure, and GCP
- Documentation: Document your labeling strategy
- Automation: Integrate terratags into CI/CD pipelines
Limitations
- Provider aliases are not tested and behavior cannot be guaranteed
- Labels must follow GCP label requirements
See Also
- Configuration - Configure required labels
- Pattern Matching - Validate label values with regex
- Default Tags - Learn about default_labels inheritance
- Examples - More usage examples