google_firestore_database

A Cloud Firestore Database.

If you wish to use Firestore with App Engine, use the google_app_engine_application resource instead. If you were previously using the google_app_engine_application resource exclusively for managing a Firestore database and would like to use the google_firestore_database resource instead, please follow the instructions here.

To get more information about Database, see:

Example Usage - Firestore Default Database

resource "google_firestore_database" "database" {
  project     = "my-project-name"
  name        = "(default)"
  location_id = "nam5"
  type        = "FIRESTORE_NATIVE"
}

Example Usage - Firestore Database

resource "google_firestore_database" "database" {
  project                           = "my-project-name"
  name                              = "database-id"
  location_id                       = "nam5"
  type                              = "FIRESTORE_NATIVE"
  concurrency_mode                  = "OPTIMISTIC"
  app_engine_integration_mode       = "DISABLED"
  point_in_time_recovery_enablement = "POINT_IN_TIME_RECOVERY_ENABLED"
  delete_protection_state           = "DELETE_PROTECTION_ENABLED"
  deletion_policy                   = "DELETE"
}

Example Usage - Firestore Cmek Database

data "google_project" "project" {
  provider = google-beta
}

resource "google_firestore_database" "database" {
  provider = google-beta

  project                           = "my-project-name"
  name                              = "cmek-database-id"
  location_id                       = "nam5"
  type                              = "FIRESTORE_NATIVE"
  concurrency_mode                  = "OPTIMISTIC"
  app_engine_integration_mode       = "DISABLED"
  point_in_time_recovery_enablement = "POINT_IN_TIME_RECOVERY_ENABLED"
  delete_protection_state           = "DELETE_PROTECTION_ENABLED"
  deletion_policy                   = "DELETE"
  cmek_config {
    kms_key_name                    = google_kms_crypto_key.crypto_key.id
  }

  depends_on = [
    google_kms_crypto_key_iam_binding.firestore_cmek_keyuser
  ]
}

resource "google_kms_crypto_key" "crypto_key" {
  provider = google-beta

  name     = "kms-key"
  key_ring = google_kms_key_ring.key_ring.id
  purpose  = "ENCRYPT_DECRYPT"
}

resource "google_kms_key_ring" "key_ring" {
  provider = google-beta

  name     = "kms-key-ring"
  location = "us"
}

resource "google_kms_crypto_key_iam_binding" "firestore_cmek_keyuser" {
  provider = google-beta

  crypto_key_id = google_kms_crypto_key.crypto_key.id
  role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"

  members = [
    "serviceAccount:service-${data.google_project.project.number}@gcp-sa-firestore.iam.gserviceaccount.com",
  ]
}

Example Usage - Firestore Default Database In Datastore Mode

resource "google_firestore_database" "datastore_mode_database" {
  project     = "my-project-name"
  name        = "(default)"
  location_id = "nam5"
  type        = "DATASTORE_MODE"
}

Example Usage - Firestore Database In Datastore Mode

resource "google_firestore_database" "datastore_mode_database" {
  project                           = "my-project-name"
  name                              = "database-id"
  location_id                       = "nam5"
  type                              = "DATASTORE_MODE"
  concurrency_mode                  = "OPTIMISTIC"
  app_engine_integration_mode       = "DISABLED"
  point_in_time_recovery_enablement = "POINT_IN_TIME_RECOVERY_ENABLED"
  delete_protection_state           = "DELETE_PROTECTION_ENABLED"
  deletion_policy                   = "DELETE"
}

Example Usage - Firestore Cmek Database In Datastore Mode

data "google_project" "project" {
  provider = google-beta
}

resource "google_firestore_database" "database" {
  provider = google-beta

  project                           = "my-project-name"
  name                              = "cmek-database-id"
  location_id                       = "nam5"
  type                              = "DATASTORE_MODE"
  concurrency_mode                  = "OPTIMISTIC"
  app_engine_integration_mode       = "DISABLED"
  point_in_time_recovery_enablement = "POINT_IN_TIME_RECOVERY_ENABLED"
  delete_protection_state           = "DELETE_PROTECTION_ENABLED"
  deletion_policy                   = "DELETE"
  cmek_config {
    kms_key_name                    = google_kms_crypto_key.crypto_key.id
  }

  depends_on = [
    google_kms_crypto_key_iam_binding.firestore_cmek_keyuser
  ]
}

resource "google_kms_crypto_key" "crypto_key" {
  provider = google-beta

  name     = "kms-key"
  key_ring = google_kms_key_ring.key_ring.id
  purpose  = "ENCRYPT_DECRYPT"
}

resource "google_kms_key_ring" "key_ring" {
  provider = google-beta

  name     = "kms-key-ring"
  location = "us"
}

resource "google_kms_crypto_key_iam_binding" "firestore_cmek_keyuser" {
  provider = google-beta

  crypto_key_id = google_kms_crypto_key.crypto_key.id
  role          = "roles/cloudkms.cryptoKeyEncrypterDecrypter"

  members = [
    "serviceAccount:service-${data.google_project.project.number}@gcp-sa-firestore.iam.gserviceaccount.com",
  ]
}

Argument Reference

The following arguments are supported:


The cmek_config block supports:

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

Database can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import Database using one of the formats above. For example:

import {
  id = "projects/{{project}}/databases/{{name}}"
  to = google_firestore_database.default
}

When using the terraform import command, Database can be imported using one of the formats above. For example:

$ terraform import google_firestore_database.default projects/{{project}}/databases/{{name}}
$ terraform import google_firestore_database.default {{project}}/{{name}}
$ terraform import google_firestore_database.default {{name}}

User Project Overrides

This resource supports User Project Overrides.