A Google Cloud Looker instance.
To get more information about Instance, see:
resource "google_looker_instance" "looker-instance" {
name = "my-instance"
platform_edition = "LOOKER_CORE_STANDARD_ANNUAL"
region = "us-central1"
oauth_config {
client_id = "my-client-id"
client_secret = "my-client-secret"
}
}
resource "google_looker_instance" "looker-instance" {
name = "my-instance"
platform_edition = "LOOKER_CORE_STANDARD_ANNUAL"
region = "us-central1"
public_ip_enabled = true
admin_settings {
allowed_email_domains = ["google.com"]
}
maintenance_window {
day_of_week = "THURSDAY"
start_time {
hours = 22
minutes = 0
seconds = 0
nanos = 0
}
}
deny_maintenance_period {
start_date {
year = 2050
month = 1
day = 1
}
end_date {
year = 2050
month = 2
day = 1
}
time {
hours = 10
minutes = 0
seconds = 0
nanos = 0
}
}
oauth_config {
client_id = "my-client-id"
client_secret = "my-client-secret"
}
}
resource "google_looker_instance" "looker-instance" {
name = "my-instance"
platform_edition = "LOOKER_CORE_ENTERPRISE_ANNUAL"
region = "us-central1"
private_ip_enabled = true
public_ip_enabled = false
reserved_range = "${google_compute_global_address.looker_range.name}"
consumer_network = google_compute_network.looker_network.id
admin_settings {
allowed_email_domains = ["google.com"]
}
encryption_config {
kms_key_name = "looker-kms-key"
}
maintenance_window {
day_of_week = "THURSDAY"
start_time {
hours = 22
minutes = 0
seconds = 0
nanos = 0
}
}
deny_maintenance_period {
start_date {
year = 2050
month = 1
day = 1
}
end_date {
year = 2050
month = 2
day = 1
}
time {
hours = 10
minutes = 0
seconds = 0
nanos = 0
}
}
oauth_config {
client_id = "my-client-id"
client_secret = "my-client-secret"
}
depends_on = [
google_service_networking_connection.looker_vpc_connection
]
}
resource "google_service_networking_connection" "looker_vpc_connection" {
network = google_compute_network.looker_network.id
service = "servicenetworking.googleapis.com"
reserved_peering_ranges = [google_compute_global_address.looker_range.name]
}
resource "google_compute_global_address" "looker_range" {
name = "looker-range"
purpose = "VPC_PEERING"
address_type = "INTERNAL"
prefix_length = 20
network = google_compute_network.looker_network.id
}
data "google_project" "project" {}
resource "google_compute_network" "looker_network" {
name = "looker-network"
}
resource "google_kms_crypto_key_iam_member" "crypto_key" {
crypto_key_id = "looker-kms-key"
role = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-looker.iam.gserviceaccount.com"
}
resource "google_looker_instance" "looker-instance" {
name = "my-instance"
platform_edition = "LOOKER_CORE_STANDARD_ANNUAL"
region = "us-central1"
oauth_config {
client_id = "my-client-id"
client_secret = "my-client-secret"
}
// After your Looker (Google Cloud core) instance has been created, you can set up, view information about, or delete a custom domain for your instance.
// Therefore 2 terraform applies, one to create the instance, then another to set up the custom domain.
custom_domain {
domain = "my-custom-domain.com"
}
}
The following arguments are supported:
name
-
(Required)
The ID of the instance or a fully qualified identifier for the instance.admin_settings
-
(Optional)
Looker instance Admin settings.
Structure is documented below.
consumer_network
-
(Optional)
Network name in the consumer project in the format of: projects/{project}/global/networks/{network}
Note that the consumer network may be in a different GCP project than the consumer
project that is hosting the Looker Instance.
deny_maintenance_period
-
(Optional)
Maintenance denial period for this instance.
You must allow at least 14 days of maintenance availability
between any two deny maintenance periods.
Structure is documented below.
encryption_config
-
(Optional)
Looker instance encryption settings.
Structure is documented below.
maintenance_window
-
(Optional)
Maintenance window for an instance.
Maintenance of your instance takes place once a month, and will require
your instance to be restarted during updates, which will temporarily
disrupt service.
Structure is documented below.
oauth_config
-
(Optional)
Looker Instance OAuth login settings.
Structure is documented below.
platform_edition
-
(Optional)
Platform editions for a Looker instance. Each edition maps to a set of instance features, like its size. Must be one of these values:
LOOKER_CORE_TRIAL
.
Possible values are: LOOKER_CORE_TRIAL
, LOOKER_CORE_STANDARD
, LOOKER_CORE_STANDARD_ANNUAL
, LOOKER_CORE_ENTERPRISE_ANNUAL
, LOOKER_CORE_EMBED_ANNUAL
.private_ip_enabled
-
(Optional)
Whether private IP is enabled on the Looker instance.
public_ip_enabled
-
(Optional)
Whether public IP is enabled on the Looker instance.
reserved_range
-
(Optional)
Name of a reserved IP address range within the consumer network, to be used for
private service access connection. User may or may not specify this in a request.
user_metadata
-
(Optional)
Metadata about users for a Looker instance.
These settings are only available when platform edition LOOKER_CORE_STANDARD is set.
There are ten Standard and two Developer users included in the cost of the product.
You can allocate additional Standard, Viewer, and Developer users for this instance.
It is an optional step and can be modified later.
With the Standard edition of Looker (Google Cloud core), you can provision up to 50
total users, distributed across Viewer, Standard, and Developer.
Structure is documented below.
custom_domain
-
(Optional)
Custom domain settings for a Looker instance.
Structure is documented below.
region
-
(Optional)
The name of the Looker region of the instance.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
The admin_settings
block supports:
allowed_email_domains
-
(Optional)
Email domain allowlist for the instance.
Define the email domains to which your users can deliver Looker (Google Cloud core) content.
Updating this list will restart the instance. Updating the allowed email domains from terraform
means the value provided will be considered as the entire list and not an amendment to the
existing list of allowed email domains.The deny_maintenance_period
block supports:
start_date
-
(Required)
Required. Start date of the deny maintenance period
Structure is documented below.
end_date
-
(Required)
Required. Start date of the deny maintenance period
Structure is documented below.
time
-
(Required)
Required. Start time of the window in UTC time.
Structure is documented below.
The start_date
block supports:
year
-
(Optional)
Year of the date. Must be from 1 to 9999, or 0 to specify a date without
a year.
month
-
(Optional)
Month of a year. Must be from 1 to 12, or 0 to specify a year without a
month and day.
day
-
(Optional)
Day of a month. Must be from 1 to 31 and valid for the year and month, or 0
to specify a year by itself or a year and month where the day isn't significant.
year
-
(Optional)
Year of the date. Must be from 1 to 9999, or 0 to specify a date without
a year.
month
-
(Optional)
Month of a year. Must be from 1 to 12, or 0 to specify a year without a
month and day.
day
-
(Optional)
Day of a month. Must be from 1 to 31 and valid for the year and month, or 0
to specify a year by itself or a year and month where the day isn't significant.
hours
-
(Optional)
Hours of day in 24 hour format. Should be from 0 to 23.
minutes
-
(Optional)
Minutes of hour of day. Must be from 0 to 59.
seconds
-
(Optional)
Seconds of minutes of the time. Must normally be from 0 to 59.
nanos
-
(Optional)
Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
The encryption_config
block supports:
kms_key_name
-
(Optional)
Name of the customer managed encryption key (CMEK) in KMS.
kms_key_state
-
(Output)
Status of the customer managed encryption key (CMEK) in KMS.
kms_key_name_version
-
(Output)
Full name and version of the CMEK key currently in use to encrypt Looker data.
The maintenance_window
block supports:
day_of_week
-
(Required)
Required. Day of the week for this MaintenanceWindow (in UTC).
MONDAY
, TUESDAY
, WEDNESDAY
, THURSDAY
, FRIDAY
, SATURDAY
, SUNDAY
.start_time
-
(Required)
Required. Start time of the window in UTC time.
Structure is documented below.
The start_time
block supports:
hours
-
(Optional)
Hours of day in 24 hour format. Should be from 0 to 23.
minutes
-
(Optional)
Minutes of hour of day. Must be from 0 to 59.
seconds
-
(Optional)
Seconds of minutes of the time. Must normally be from 0 to 59.
nanos
-
(Optional)
Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999.
The oauth_config
block supports:
client_id
-
(Required)
The client ID for the Oauth config.
client_secret
-
(Required)
The client secret for the Oauth config.
The user_metadata
block supports:
additional_viewer_user_count
-
(Optional)
Number of additional Viewer Users to allocate to the Looker Instance.
additional_standard_user_count
-
(Optional)
Number of additional Standard Users to allocate to the Looker Instance.
additional_developer_user_count
-
(Optional)
Number of additional Developer Users to allocate to the Looker Instance.
The custom_domain
block supports:
domain
-
(Optional)
Domain name
state
-
(Output)
Status of the custom domain.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/locations/{{region}}/instances/{{name}}
create_time
-
The time the instance was created in RFC3339 UTC "Zulu" format,
accurate to nanoseconds.
egress_public_ip
-
Public Egress IP (IPv4).
ingress_private_ip
-
Private Ingress IP (IPv4).
ingress_public_ip
-
Public Ingress IP (IPv4).
looker_version
-
The Looker version that the instance is using.
looker_uri
-
Looker instance URI which can be used to access the Looker Instance UI.
update_time
-
The time the instance was updated in RFC3339 UTC "Zulu" format,
accurate to nanoseconds.
This resource provides the following Timeouts configuration options:
create
- Default is 90 minutes.update
- Default is 90 minutes.delete
- Default is 90 minutes.Instance can be imported using any of these accepted formats:
projects/{{project}}/locations/{{region}}/instances/{{name}}
{{project}}/{{region}}/{{name}}
{{region}}/{{name}}
{{name}}
In Terraform v1.5.0 and later, use an import
block to import Instance using one of the formats above. For example:
import {
id = "projects/{{project}}/locations/{{region}}/instances/{{name}}"
to = google_looker_instance.default
}
When using the terraform import
command, Instance can be imported using one of the formats above. For example:
$ terraform import google_looker_instance.default projects/{{project}}/locations/{{region}}/instances/{{name}}
$ terraform import google_looker_instance.default {{project}}/{{region}}/{{name}}
$ terraform import google_looker_instance.default {{region}}/{{name}}
$ terraform import google_looker_instance.default {{name}}
This resource supports User Project Overrides.