set the location for cloud build related buckets in step4 based in the default region

4-projects/business_unit_1/shared/example_infra_pipeline.tf

@@ -50,6 +50,7 @@ module "infra_pipelines" {
   project_prefix              = var.project_prefix
   billing_account             = var.billing_account
   default_region              = var.default_region
+  bucket_region               = var.default_region
   app_infra_repos             = ["bu1-example-app"]
 }
 

4-projects/business_unit_2/shared/example_infra_pipeline.tf

@@ -49,6 +49,7 @@ module "infra_pipelines" {
   project_prefix              = var.project_prefix
   billing_account             = var.billing_account
   default_region              = var.default_region
+  bucket_region               = var.default_region
   app_infra_repos             = ["bu2-example-app"]
 }
 

4-projects/modules/infra_pipelines/main.tf

@@ -15,12 +15,14 @@
  */
 
 locals {
-  gar_repo_name        = var.gar_repo_name != "" ? var.gar_repo_name : format("%s-%s", var.project_prefix, "tf-runners")
-  gar_name             = split("/", google_artifact_registry_repository.tf-image-repo.name)[length(split("/", google_artifact_registry_repository.tf-image-repo.name)) - 1]
-  created_csrs         = toset([for repo in google_sourcerepo_repository.app_infra_repo : repo.name])
-  artifact_buckets     = { for created_csr in local.created_csrs : "${created_csr}-ab" => format("%s-%s-%s", created_csr, "cloudbuild-artifacts", random_id.suffix.hex) }
-  state_buckets        = { for created_csr in local.created_csrs : "${created_csr}-tfstate" => format("%s-%s-%s", created_csr, "tfstate", random_id.suffix.hex) }
-  apply_branches_regex = "^(${join("|", var.terraform_apply_branches)})$"
+  gar_repo_name          = var.gar_repo_name != "" ? var.gar_repo_name : format("%s-%s", var.project_prefix, "tf-runners")
+  gar_name               = split("/", google_artifact_registry_repository.tf-image-repo.name)[length(split("/", google_artifact_registry_repository.tf-image-repo.name)) - 1]
+  created_csrs           = toset([for repo in google_sourcerepo_repository.app_infra_repo : repo.name])
+  artifact_buckets       = { for created_csr in local.created_csrs : "${created_csr}-ab" => format("%s-%s-%s", created_csr, "cloudbuild-artifacts", random_id.suffix.hex) }
+  state_buckets          = { for created_csr in local.created_csrs : "${created_csr}-tfstate" => format("%s-%s-%s", created_csr, "tfstate", random_id.suffix.hex) }
+  apply_branches_regex   = "^(${join("|", var.terraform_apply_branches)})$"
+  cloudbuild_bucket_name = "${var.cloudbuild_project_id}_cloudbuild"
+  cloudbuild_bucket      = { "cloudbuild" = local.cloudbuild_bucket_name }
 }
 
 # Create CSRs
@@ -44,35 +46,30 @@ resource "random_id" "suffix" {
   byte_length = 2
 }
 
-resource "google_storage_bucket" "tfstate" {
-  for_each                    = local.state_buckets
-  project                     = var.cloudbuild_project_id
-  name                        = each.value
-  location                    = var.bucket_region
-  uniform_bucket_level_access = true
-  versioning {
-    enabled = true
-  }
-}
+resource "google_storage_bucket" "pipeline_infra" {
+  for_each = merge(local.artifact_buckets, local.state_buckets, local.cloudbuild_bucket)
+
+  project  = var.cloudbuild_project_id
+  name     = each.value
+  location = var.bucket_region
 
-resource "google_storage_bucket" "cloudbuild_artifacts" {
-  for_each                    = local.artifact_buckets
-  project                     = var.cloudbuild_project_id
-  name                        = each.value
-  location                    = var.bucket_region
   uniform_bucket_level_access = true
+  force_destroy               = true
   versioning {
     enabled = true
   }
 }
 
 # IAM for Cloud Build SA to access cloudbuild_artifacts and tfstate buckets
 resource "google_storage_bucket_iam_member" "cloudbuild_artifacts_iam" {
-  for_each   = merge(local.artifact_buckets, local.state_buckets)
-  bucket     = each.value
-  role       = "roles/storage.admin"
-  member     = "serviceAccount:${data.google_project.cloudbuild_project.number}@cloudbuild.gserviceaccount.com"
-  depends_on = [google_storage_bucket.cloudbuild_artifacts, google_storage_bucket.tfstate]
+  for_each = merge(local.artifact_buckets, local.state_buckets, local.cloudbuild_bucket)
+  bucket   = each.value
+  role     = "roles/storage.admin"
+  member   = "serviceAccount:${data.google_project.cloudbuild_project.number}@cloudbuild.gserviceaccount.com"
+
+  depends_on = [
+    google_storage_bucket.pipeline_infra
+  ]
 }
 
 # Cloud Build plan/apply triggers
@@ -90,8 +87,8 @@ resource "google_cloudbuild_trigger" "main_trigger" {
     _BILLING_ID           = var.billing_account
     _DEFAULT_REGION       = var.default_region
     _GAR_REPOSITORY       = local.gar_name
-    _STATE_BUCKET_NAME    = google_storage_bucket.tfstate["${each.value}-tfstate"].name
-    _ARTIFACT_BUCKET_NAME = google_storage_bucket.cloudbuild_artifacts["${each.value}-ab"].name
+    _STATE_BUCKET_NAME    = google_storage_bucket.pipeline_infra["${each.value}-tfstate"].name
+    _ARTIFACT_BUCKET_NAME = google_storage_bucket.pipeline_infra["${each.value}-ab"].name
     _TF_ACTION            = "apply"
   }
 
@@ -116,8 +113,8 @@ resource "google_cloudbuild_trigger" "non_main_trigger" {
     _BILLING_ID           = var.billing_account
     _DEFAULT_REGION       = var.default_region
     _GAR_REPOSITORY       = local.gar_name
-    _STATE_BUCKET_NAME    = google_storage_bucket.tfstate["${each.value}-tfstate"].name
-    _ARTIFACT_BUCKET_NAME = google_storage_bucket.cloudbuild_artifacts["${each.value}-ab"].name
+    _STATE_BUCKET_NAME    = google_storage_bucket.pipeline_infra["${each.value}-tfstate"].name
+    _ARTIFACT_BUCKET_NAME = google_storage_bucket.pipeline_infra["${each.value}-ab"].name
     _TF_ACTION            = "plan"
   }