From ecdd8f23cff5494a5ac2a45e291465a2526c9f0e Mon Sep 17 00:00:00 2001
From: Daniel Andrade <dandrade@ciandt.com>
Date: Fri, 1 Nov 2024 15:02:45 -0300
Subject: [PATCH 01/19] upgrade simple_bucket module

---
 0-bootstrap/cb.tf                                   | 2 +-
 1-org/modules/cai-monitoring/main.tf                | 2 +-
 4-projects/modules/base_env/example_storage_cmek.tf | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/0-bootstrap/cb.tf b/0-bootstrap/cb.tf
index 8c2ba91b4..b91b2fd1e 100644
--- a/0-bootstrap/cb.tf
+++ b/0-bootstrap/cb.tf
@@ -70,7 +70,7 @@ resource "random_string" "suffix" {
 
 module "gcp_projects_state_bucket" {
   source  = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
-  version = "~> 6.0"
+  version = "~> 8.0"
 
   name          = "${var.bucket_prefix}-${module.seed_bootstrap.seed_project_id}-gcp-projects-tfstate"
   project_id    = module.seed_bootstrap.seed_project_id
diff --git a/1-org/modules/cai-monitoring/main.tf b/1-org/modules/cai-monitoring/main.tf
index 22d6425ff..d55bf71e2 100644
--- a/1-org/modules/cai-monitoring/main.tf
+++ b/1-org/modules/cai-monitoring/main.tf
@@ -71,7 +71,7 @@ data "archive_file" "function_source_zip" {
 
 module "cloudfunction_source_bucket" {
   source  = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
-  version = "~> 6.0"
+  version = "~> 8.0"
 
   project_id    = var.project_id
   name          = "bkt-cai-monitoring-${random_id.suffix.hex}-sources-${data.google_project.project.number}-${var.location}"
diff --git a/4-projects/modules/base_env/example_storage_cmek.tf b/4-projects/modules/base_env/example_storage_cmek.tf
index 8b40250a7..ba86b0451 100644
--- a/4-projects/modules/base_env/example_storage_cmek.tf
+++ b/4-projects/modules/base_env/example_storage_cmek.tf
@@ -44,7 +44,7 @@ resource "random_string" "bucket_name" {
 
 module "gcs_buckets" {
   source  = "terraform-google-modules/cloud-storage/google//modules/simple_bucket"
-  version = "~> 6.0"
+  version = "~> 8.0"
 
   project_id              = module.base_shared_vpc_project.project_id
   location                = var.location_gcs

From ebaf7dd908afbf89302ee525a15496db76877656 Mon Sep 17 00:00:00 2001
From: Daniel Andrade <dandrade@ciandt.com>
Date: Fri, 1 Nov 2024 16:23:25 -0300
Subject: [PATCH 02/19] upgrade bootstrap and project-factory modules

---
 0-bootstrap/cb.tf                             |  9 ++++--
 0-bootstrap/github.tf.example                 |  4 ++-
 0-bootstrap/gitlab.tf.example                 |  5 ++--
 0-bootstrap/jenkins.tf.example                |  1 +
 0-bootstrap/main.tf                           |  3 +-
 0-bootstrap/modules/jenkins-agent/main.tf     |  4 ++-
 .../modules/jenkins-agent/variables.tf        |  6 ++++
 0-bootstrap/terraform_cloud.tf.example        |  4 ++-
 0-bootstrap/variables.tf                      |  6 ++++
 1-org/envs/shared/projects.tf                 | 29 +++++++++++++------
 1-org/envs/shared/variables.tf                |  6 ++++
 1-org/modules/network/main.tf                 |  4 +--
 1-org/modules/network/variables.tf            |  6 ++++
 .../business_unit_1/development/main.tf       |  1 +
 .../business_unit_1/development/variables.tf  |  6 ++++
 .../business_unit_1/nonproduction/main.tf     |  1 +
 .../nonproduction/variables.tf                |  6 ++++
 4-projects/business_unit_1/production/main.tf |  1 +
 .../business_unit_1/production/variables.tf   |  6 ++++
 .../shared/example_infra_pipeline.tf          |  3 ++
 .../business_unit_1/shared/variables.tf       |  6 ++++
 .../example_base_shared_vpc_project.tf        |  2 ++
 .../base_env/example_floating_project.tf      |  2 ++
 .../base_env/example_peering_project.tf       |  2 ++
 .../example_restricted_shared_vpc_project.tf  |  1 +
 4-projects/modules/base_env/variables.tf      |  6 ++++
 4-projects/modules/infra_pipelines/main.tf    | 12 +++++---
 4-projects/modules/single_project/main.tf     |  3 +-
 .../modules/single_project/variables.tf       |  6 ++++
 29 files changed, 126 insertions(+), 25 deletions(-)

diff --git a/0-bootstrap/cb.tf b/0-bootstrap/cb.tf
index b91b2fd1e..6c971d5a5 100644
--- a/0-bootstrap/cb.tf
+++ b/0-bootstrap/cb.tf
@@ -86,7 +86,7 @@ module "gcp_projects_state_bucket" {
 
 module "tf_source" {
   source  = "terraform-google-modules/bootstrap/google//modules/tf_cloudbuild_source"
-  version = "~> 8.0"
+  version = "~> 9.0"
 
   org_id                = var.org_id
   folder_id             = google_folder.bootstrap.id
@@ -96,6 +96,9 @@ module "tf_source" {
   group_org_admins      = var.groups.required_groups.group_org_admins
   buckets_force_destroy = var.bucket_force_destroy
 
+  project_deletion_policy = var.project_deletion_policy
+
+
   activate_apis = [
     "serviceusage.googleapis.com",
     "servicenetworking.googleapis.com",
@@ -155,7 +158,7 @@ module "tf_private_pool" {
 
 module "tf_cloud_builder" {
   source  = "terraform-google-modules/bootstrap/google//modules/tf_cloudbuild_builder"
-  version = "~> 8.0"
+  version = "~> 9.0"
 
   project_id                   = module.tf_source.cloudbuild_project_id
   dockerfile_repo_uri          = module.tf_source.csr_repos[local.cloudbuilder_repo].url
@@ -206,7 +209,7 @@ module "build_terraform_image" {
 
 module "tf_workspace" {
   source   = "terraform-google-modules/bootstrap/google//modules/tf_cloudbuild_workspace"
-  version  = "~> 8.0"
+  version  = "~> 9.0"
   for_each = local.granular_sa
 
   project_id                = module.tf_source.cloudbuild_project_id
diff --git a/0-bootstrap/github.tf.example b/0-bootstrap/github.tf.example
index 7f5a0e3f3..df996af94 100644
--- a/0-bootstrap/github.tf.example
+++ b/0-bootstrap/github.tf.example
@@ -70,7 +70,7 @@ locals {
 
 module "gh_cicd" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   name              = "${var.project_prefix}-b-cicd-wif-gh"
   random_project_id = true
@@ -87,6 +87,8 @@ module "gh_cicd" {
     "cloudresourcemanager.googleapis.com",
     "iamcredentials.googleapis.com",
   ]
+
+  deletion_policy = var.project_deletion_policy
 }
 
 module "gh_oidc" {
diff --git a/0-bootstrap/gitlab.tf.example b/0-bootstrap/gitlab.tf.example
index 579e84b21..1f0346cfc 100644
--- a/0-bootstrap/gitlab.tf.example
+++ b/0-bootstrap/gitlab.tf.example
@@ -81,7 +81,7 @@ provider "gitlab" {
 
 module "gitlab_cicd" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   name              = "${var.project_prefix}-b-cicd-wif-gl"
   random_project_id = true
@@ -100,8 +100,9 @@ module "gitlab_cicd" {
     "sts.googleapis.com",
     "dns.googleapis.com",
     "secretmanager.googleapis.com",
-
   ]
+
+  deletion_policy = var.project_deletion_policy
 }
 
 module "gitlab_oidc" {
diff --git a/0-bootstrap/jenkins.tf.example b/0-bootstrap/jenkins.tf.example
index 7e9413ffb..8a17ad374 100644
--- a/0-bootstrap/jenkins.tf.example
+++ b/0-bootstrap/jenkins.tf.example
@@ -46,6 +46,7 @@ module "jenkins_bootstrap" {
   tunnel0_bgp_session_range                = var.tunnel0_bgp_session_range
   tunnel1_bgp_peer_address                 = var.tunnel1_bgp_peer_address
   tunnel1_bgp_session_range                = var.tunnel1_bgp_session_range
+  project_deletion_policy                  = var.project_deletion_policy
 }
 
 resource "google_organization_iam_member" "org_jenkins_sa_browser" {
diff --git a/0-bootstrap/main.tf b/0-bootstrap/main.tf
index f61eb8c77..03a500605 100644
--- a/0-bootstrap/main.tf
+++ b/0-bootstrap/main.tf
@@ -41,7 +41,7 @@ resource "google_folder" "bootstrap" {
 
 module "seed_bootstrap" {
   source  = "terraform-google-modules/bootstrap/google"
-  version = "~> 8.0"
+  version = "~> 9.0"
 
   org_id                         = var.org_id
   folder_id                      = google_folder.bootstrap.id
@@ -61,6 +61,7 @@ module "seed_bootstrap" {
   encrypt_gcs_bucket_tfstate     = true
   key_rotation_period            = "7776000s"
   kms_prevent_destroy            = !var.bucket_tfstate_kms_force_destroy
+  project_deletion_policy        = var.project_deletion_policy
 
   project_labels = {
     environment       = "bootstrap"
diff --git a/0-bootstrap/modules/jenkins-agent/main.tf b/0-bootstrap/modules/jenkins-agent/main.tf
index d18397c6b..c9651b743 100644
--- a/0-bootstrap/modules/jenkins-agent/main.tf
+++ b/0-bootstrap/modules/jenkins-agent/main.tf
@@ -29,7 +29,7 @@ resource "random_id" "suffix" {
 *******************************************/
 module "cicd_project" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   name                        = local.cicd_project_name
   random_project_id           = true
@@ -40,6 +40,8 @@ module "cicd_project" {
   billing_account             = var.billing_account
   activate_apis               = local.activate_apis
   labels                      = var.project_labels
+
+  deletion_policy = var.project_deletion_policy
 }
 
 /******************************************
diff --git a/0-bootstrap/modules/jenkins-agent/variables.tf b/0-bootstrap/modules/jenkins-agent/variables.tf
index 13c90a059..80b1f53db 100644
--- a/0-bootstrap/modules/jenkins-agent/variables.tf
+++ b/0-bootstrap/modules/jenkins-agent/variables.tf
@@ -39,6 +39,12 @@ variable "default_region" {
   default     = "us-central1"
 }
 
+variable "project_deletion_policy" {
+  description = "The deletion policy for the project created."
+  type        = string
+  default     = "PREVENT"
+}
+
 /* ----------------------------------------
     Specific to CICD Project
    ---------------------------------------- */
diff --git a/0-bootstrap/terraform_cloud.tf.example b/0-bootstrap/terraform_cloud.tf.example
index ab999e239..27d9e05a8 100644
--- a/0-bootstrap/terraform_cloud.tf.example
+++ b/0-bootstrap/terraform_cloud.tf.example
@@ -230,7 +230,7 @@ resource "tfe_run_trigger" "projects_bu2_shared_production" {
 
 module "tfc_cicd" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   name              = "${var.project_prefix}-b-cicd-wif-tfc"
   random_project_id = true
@@ -251,6 +251,8 @@ module "tfc_cicd" {
     "gkehub.googleapis.com",
     "connectgateway.googleapis.com"
   ]
+
+  deletion_policy = var.project_deletion_policy
 }
 
 module "tfc-oidc" {
diff --git a/0-bootstrap/variables.tf b/0-bootstrap/variables.tf
index 39b993abb..ee20bba69 100644
--- a/0-bootstrap/variables.tf
+++ b/0-bootstrap/variables.tf
@@ -90,6 +90,12 @@ variable "bucket_tfstate_kms_force_destroy" {
   default     = false
 }
 
+variable "project_deletion_policy" {
+  description = "The deletion policy for the project created."
+  type        = string
+  default     = "PREVENT"
+}
+
 /* ----------------------------------------
     Specific to Groups creation
    ---------------------------------------- */
diff --git a/1-org/envs/shared/projects.tf b/1-org/envs/shared/projects.tf
index 60e9e9e87..2cf27b963 100644
--- a/1-org/envs/shared/projects.tf
+++ b/1-org/envs/shared/projects.tf
@@ -34,7 +34,7 @@ locals {
 
 module "org_audit_logs" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   random_project_id        = true
   random_project_id_length = 4
@@ -43,6 +43,7 @@ module "org_audit_logs" {
   org_id                   = local.org_id
   billing_account          = local.billing_account
   folder_id                = google_folder.common.id
+  deletion_policy          = var.project_deletion_policy
   activate_apis            = ["logging.googleapis.com", "bigquery.googleapis.com", "billingbudgets.googleapis.com"]
 
   labels = {
@@ -67,7 +68,7 @@ module "org_audit_logs" {
 
 module "org_billing_export" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   random_project_id        = true
   random_project_id_length = 4
@@ -76,6 +77,7 @@ module "org_billing_export" {
   org_id                   = local.org_id
   billing_account          = local.billing_account
   folder_id                = google_folder.common.id
+  deletion_policy          = var.project_deletion_policy
   activate_apis            = ["logging.googleapis.com", "bigquery.googleapis.com", "billingbudgets.googleapis.com"]
 
   labels = {
@@ -100,7 +102,7 @@ module "org_billing_export" {
 
 module "common_kms" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   random_project_id        = true
   random_project_id_length = 4
@@ -109,6 +111,7 @@ module "common_kms" {
   org_id                   = local.org_id
   billing_account          = local.billing_account
   folder_id                = google_folder.common.id
+  deletion_policy          = var.project_deletion_policy
   activate_apis            = ["logging.googleapis.com", "cloudkms.googleapis.com", "billingbudgets.googleapis.com"]
 
   labels = {
@@ -134,7 +137,7 @@ module "common_kms" {
 
 module "org_secrets" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   random_project_id        = true
   random_project_id_length = 4
@@ -143,6 +146,7 @@ module "org_secrets" {
   org_id                   = local.org_id
   billing_account          = local.billing_account
   folder_id                = google_folder.common.id
+  deletion_policy          = var.project_deletion_policy
   activate_apis            = ["logging.googleapis.com", "secretmanager.googleapis.com", "billingbudgets.googleapis.com"]
 
   labels = {
@@ -167,7 +171,7 @@ module "org_secrets" {
 
 module "interconnect" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   random_project_id        = true
   random_project_id_length = 4
@@ -176,6 +180,7 @@ module "interconnect" {
   org_id                   = local.org_id
   billing_account          = local.billing_account
   folder_id                = google_folder.network.id
+  deletion_policy          = var.project_deletion_policy
   activate_apis            = ["billingbudgets.googleapis.com", "compute.googleapis.com"]
 
   labels = {
@@ -200,7 +205,7 @@ module "interconnect" {
 
 module "scc_notifications" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   random_project_id        = true
   random_project_id_length = 4
@@ -209,6 +214,7 @@ module "scc_notifications" {
   org_id                   = local.org_id
   billing_account          = local.billing_account
   folder_id                = google_folder.common.id
+  deletion_policy          = var.project_deletion_policy
   activate_apis            = ["logging.googleapis.com", "pubsub.googleapis.com", "securitycenter.googleapis.com", "billingbudgets.googleapis.com", "cloudkms.googleapis.com"]
 
   labels = {
@@ -233,7 +239,7 @@ module "scc_notifications" {
 
 module "dns_hub" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   random_project_id        = true
   random_project_id_length = 4
@@ -242,6 +248,7 @@ module "dns_hub" {
   org_id                   = local.org_id
   billing_account          = local.billing_account
   folder_id                = google_folder.network.id
+  deletion_policy          = var.project_deletion_policy
 
   activate_apis = [
     "compute.googleapis.com",
@@ -274,7 +281,7 @@ module "dns_hub" {
 
 module "base_network_hub" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
   count   = var.enable_hub_and_spoke ? 1 : 0
 
   random_project_id        = true
@@ -284,6 +291,7 @@ module "base_network_hub" {
   org_id                   = local.org_id
   billing_account          = local.billing_account
   folder_id                = google_folder.network.id
+  deletion_policy          = var.project_deletion_policy
 
   activate_apis = [
     "compute.googleapis.com",
@@ -324,7 +332,7 @@ resource "google_project_iam_member" "network_sa_base" {
 
 module "restricted_network_hub" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
   count   = var.enable_hub_and_spoke ? 1 : 0
 
   random_project_id        = true
@@ -334,6 +342,7 @@ module "restricted_network_hub" {
   org_id                   = local.org_id
   billing_account          = local.billing_account
   folder_id                = google_folder.network.id
+  deletion_policy          = var.project_deletion_policy
 
   activate_apis = [
     "compute.googleapis.com",
@@ -373,6 +382,8 @@ module "base_restricted_environment_network" {
   project_prefix  = local.project_prefix
   folder_id       = google_folder.network.id
 
+  project_deletion_policy = var.project_deletion_policy
+
   env      = each.key
   env_code = each.value
 
diff --git a/1-org/envs/shared/variables.tf b/1-org/envs/shared/variables.tf
index 01ba2a832..7c261c109 100644
--- a/1-org/envs/shared/variables.tf
+++ b/1-org/envs/shared/variables.tf
@@ -193,3 +193,9 @@ variable "tfc_org_name" {
   type        = string
   default     = ""
 }
+
+variable "project_deletion_policy" {
+  description = "The deletion policy for the project created."
+  type        = string
+  default     = "PREVENT"
+}
diff --git a/1-org/modules/network/main.tf b/1-org/modules/network/main.tf
index 15c771d00..0d4c108ed 100644
--- a/1-org/modules/network/main.tf
+++ b/1-org/modules/network/main.tf
@@ -20,7 +20,7 @@
 
 module "base_shared_vpc_host_project" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   random_project_id           = true
   random_project_id_length    = 4
@@ -56,7 +56,7 @@ module "base_shared_vpc_host_project" {
 
 module "restricted_shared_vpc_host_project" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   random_project_id           = true
   random_project_id_length    = 4
diff --git a/1-org/modules/network/variables.tf b/1-org/modules/network/variables.tf
index 9de1cfc26..32887bad5 100644
--- a/1-org/modules/network/variables.tf
+++ b/1-org/modules/network/variables.tf
@@ -45,6 +45,12 @@ variable "env_code" {
   description = "A short form of the environment to prepare within the Google Cloud organization (ex. d)."
 }
 
+variable "project_deletion_policy" {
+  description = "The deletion policy for the project created."
+  type        = string
+  default     = "PREVENT"
+}
+
 variable "project_budget" {
   description = <<EOT
   Budget configuration for projects.
diff --git a/4-projects/business_unit_1/development/main.tf b/4-projects/business_unit_1/development/main.tf
index b2efde30d..edc631b99 100644
--- a/4-projects/business_unit_1/development/main.tf
+++ b/4-projects/business_unit_1/development/main.tf
@@ -34,4 +34,5 @@ module "env" {
   peering_iap_fw_rules_enabled = true
   subnet_region                = coalesce(var.instance_region, local.default_region)
   subnet_ip_range              = "10.3.64.0/21"
+  project_deletion_policy      = var.project_deletion_policy
 }
diff --git a/4-projects/business_unit_1/development/variables.tf b/4-projects/business_unit_1/development/variables.tf
index 0b055e98f..435a765cc 100644
--- a/4-projects/business_unit_1/development/variables.tf
+++ b/4-projects/business_unit_1/development/variables.tf
@@ -56,3 +56,9 @@ variable "instance_region" {
   type        = string
   default     = null
 }
+
+variable "project_deletion_policy" {
+  description = "The deletion policy for the project created."
+  type        = string
+  default     = "PREVENT"
+}
diff --git a/4-projects/business_unit_1/nonproduction/main.tf b/4-projects/business_unit_1/nonproduction/main.tf
index ef954c892..f39ee8313 100644
--- a/4-projects/business_unit_1/nonproduction/main.tf
+++ b/4-projects/business_unit_1/nonproduction/main.tf
@@ -34,4 +34,5 @@ module "env" {
   peering_iap_fw_rules_enabled = true
   subnet_region                = coalesce(var.instance_region, local.default_region)
   subnet_ip_range              = "10.3.128.0/21"
+  project_deletion_policy      = var.project_deletion_policy
 }
diff --git a/4-projects/business_unit_1/nonproduction/variables.tf b/4-projects/business_unit_1/nonproduction/variables.tf
index 0b055e98f..435a765cc 100644
--- a/4-projects/business_unit_1/nonproduction/variables.tf
+++ b/4-projects/business_unit_1/nonproduction/variables.tf
@@ -56,3 +56,9 @@ variable "instance_region" {
   type        = string
   default     = null
 }
+
+variable "project_deletion_policy" {
+  description = "The deletion policy for the project created."
+  type        = string
+  default     = "PREVENT"
+}
diff --git a/4-projects/business_unit_1/production/main.tf b/4-projects/business_unit_1/production/main.tf
index cdc136052..a60881e93 100644
--- a/4-projects/business_unit_1/production/main.tf
+++ b/4-projects/business_unit_1/production/main.tf
@@ -34,4 +34,5 @@ module "env" {
   peering_iap_fw_rules_enabled = true
   subnet_region                = coalesce(var.instance_region, local.default_region)
   subnet_ip_range              = "10.3.192.0/21"
+  project_deletion_policy      = var.project_deletion_policy
 }
diff --git a/4-projects/business_unit_1/production/variables.tf b/4-projects/business_unit_1/production/variables.tf
index 0b055e98f..435a765cc 100644
--- a/4-projects/business_unit_1/production/variables.tf
+++ b/4-projects/business_unit_1/production/variables.tf
@@ -56,3 +56,9 @@ variable "instance_region" {
   type        = string
   default     = null
 }
+
+variable "project_deletion_policy" {
+  description = "The deletion policy for the project created."
+  type        = string
+  default     = "PREVENT"
+}
diff --git a/4-projects/business_unit_1/shared/example_infra_pipeline.tf b/4-projects/business_unit_1/shared/example_infra_pipeline.tf
index 7b09e6cd6..013b80bd4 100644
--- a/4-projects/business_unit_1/shared/example_infra_pipeline.tf
+++ b/4-projects/business_unit_1/shared/example_infra_pipeline.tf
@@ -28,6 +28,9 @@ module "app_infra_cloudbuild_project" {
   environment     = "common"
   project_budget  = var.project_budget
   project_prefix  = local.project_prefix
+
+  project_deletion_policy = var.project_deletion_policy
+
   activate_apis = [
     "cloudbuild.googleapis.com",
     "sourcerepo.googleapis.com",
diff --git a/4-projects/business_unit_1/shared/variables.tf b/4-projects/business_unit_1/shared/variables.tf
index 5f08bcddf..b372391ef 100644
--- a/4-projects/business_unit_1/shared/variables.tf
+++ b/4-projects/business_unit_1/shared/variables.tf
@@ -47,3 +47,9 @@ variable "tfc_org_name" {
   type        = string
   default     = ""
 }
+
+variable "project_deletion_policy" {
+  description = "The deletion policy for the project created."
+  type        = string
+  default     = "PREVENT"
+}
diff --git a/4-projects/modules/base_env/example_base_shared_vpc_project.tf b/4-projects/modules/base_env/example_base_shared_vpc_project.tf
index 2b7c5e7ba..297c10fe5 100644
--- a/4-projects/modules/base_env/example_base_shared_vpc_project.tf
+++ b/4-projects/modules/base_env/example_base_shared_vpc_project.tf
@@ -29,6 +29,8 @@ module "base_shared_vpc_project" {
   enable_cloudbuild_deploy            = local.enable_cloudbuild_deploy
   app_infra_pipeline_service_accounts = local.app_infra_pipeline_service_accounts
 
+  project_deletion_policy = var.project_deletion_policy
+
   // The roles defined in "sa_roles" will be used to grant the necessary permissions
   // to deploy the resources, a Compute Engine instance for each environment, defined
   // in 5-app-infra step (5-app-infra/modules/env_base/main.tf).
diff --git a/4-projects/modules/base_env/example_floating_project.tf b/4-projects/modules/base_env/example_floating_project.tf
index d3188c7af..e8bbe7406 100644
--- a/4-projects/modules/base_env/example_floating_project.tf
+++ b/4-projects/modules/base_env/example_floating_project.tf
@@ -24,6 +24,8 @@ module "floating_project" {
   project_budget  = var.project_budget
   project_prefix  = local.project_prefix
 
+  project_deletion_policy = var.project_deletion_policy
+
   # Metadata
   project_suffix    = "sample-floating"
   application_name  = "${var.business_code}-sample-application"
diff --git a/4-projects/modules/base_env/example_peering_project.tf b/4-projects/modules/base_env/example_peering_project.tf
index e0e387abf..862836007 100644
--- a/4-projects/modules/base_env/example_peering_project.tf
+++ b/4-projects/modules/base_env/example_peering_project.tf
@@ -40,6 +40,8 @@ module "peering_project" {
   project_budget  = var.project_budget
   project_prefix  = local.project_prefix
 
+  project_deletion_policy = var.project_deletion_policy
+
   // Enabling Cloud Build Deploy to use Service Accounts during the build and give permissions to the SA.
   // The permissions will be the ones necessary for the deployment of the step 5-app-infra
   enable_cloudbuild_deploy = local.enable_cloudbuild_deploy
diff --git a/4-projects/modules/base_env/example_restricted_shared_vpc_project.tf b/4-projects/modules/base_env/example_restricted_shared_vpc_project.tf
index 252d4ec70..5244a53b7 100644
--- a/4-projects/modules/base_env/example_restricted_shared_vpc_project.tf
+++ b/4-projects/modules/base_env/example_restricted_shared_vpc_project.tf
@@ -27,6 +27,7 @@ module "restricted_shared_vpc_project" {
   project_budget             = var.project_budget
   project_prefix             = local.project_prefix
 
+  project_deletion_policy = var.project_deletion_policy
 
   activate_apis                      = ["accesscontextmanager.googleapis.com"]
   vpc_service_control_attach_enabled = local.enforce_vpcsc ? "true" : "false"
diff --git a/4-projects/modules/base_env/variables.tf b/4-projects/modules/base_env/variables.tf
index 384d35d05..e8ee1845b 100644
--- a/4-projects/modules/base_env/variables.tf
+++ b/4-projects/modules/base_env/variables.tf
@@ -180,3 +180,9 @@ variable "vpc_service_control_attach_dry_run" {
   type        = bool
   default     = false
 }
+
+variable "project_deletion_policy" {
+  description = "The deletion policy for the project created."
+  type        = string
+  default     = "PREVENT"
+}
diff --git a/4-projects/modules/infra_pipelines/main.tf b/4-projects/modules/infra_pipelines/main.tf
index 036ff505e..123b5514b 100644
--- a/4-projects/modules/infra_pipelines/main.tf
+++ b/4-projects/modules/infra_pipelines/main.tf
@@ -54,12 +54,14 @@ resource "google_storage_bucket" "cloudbuild_bucket" {
 }
 
 module "tf_workspace" {
-  source   = "terraform-google-modules/bootstrap/google//modules/tf_cloudbuild_workspace"
-  version  = "~> 8.0"
+  source  = "terraform-google-modules/bootstrap/google//modules/tf_cloudbuild_workspace"
+  version = "~> 9.0"
+
   for_each = toset(var.app_infra_repos)
 
-  project_id = var.cloudbuild_project_id
-  location   = var.default_region
+  project_id       = var.cloudbuild_project_id
+  location         = var.default_region
+  trigger_location = var.default_region
 
   # using bucket custom names for compliance with bucket naming conventions
   create_state_bucket       = true
@@ -76,6 +78,8 @@ module "tf_workspace" {
   diff_sa_project           = true
   buckets_force_destroy     = true
 
+
+
   substitutions = {
     "_BILLING_ID"                   = var.billing_account
     "_GAR_REGION"                   = local.gar_region
diff --git a/4-projects/modules/single_project/main.tf b/4-projects/modules/single_project/main.tf
index 529eb24a9..eda1b55f5 100644
--- a/4-projects/modules/single_project/main.tf
+++ b/4-projects/modules/single_project/main.tf
@@ -46,7 +46,7 @@ locals {
 
 module "project" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   random_project_id        = true
   random_project_id_length = 4
@@ -55,6 +55,7 @@ module "project" {
   org_id                   = var.org_id
   billing_account          = var.billing_account
   folder_id                = var.folder_id
+  deletion_policy          = var.project_deletion_policy
 
   svpc_host_project_id = var.shared_vpc_host_project_id
   shared_vpc_subnets   = var.shared_vpc_subnets # Optional: To enable subnetting, replace to "module.networking_project.subnetwork_self_link"
diff --git a/4-projects/modules/single_project/variables.tf b/4-projects/modules/single_project/variables.tf
index 429f6d08f..00d68d1de 100644
--- a/4-projects/modules/single_project/variables.tf
+++ b/4-projects/modules/single_project/variables.tf
@@ -160,3 +160,9 @@ variable "enable_cloudbuild_deploy" {
   type        = bool
   default     = false
 }
+
+variable "project_deletion_policy" {
+  description = "The deletion policy for the project created."
+  type        = string
+  default     = "PREVENT"
+}

From 3e4302d81f6cc5a11ba62776bc0e0298c051d22c Mon Sep 17 00:00:00 2001
From: Daniel Andrade <dandrade@ciandt.com>
Date: Mon, 4 Nov 2024 17:54:40 -0300
Subject: [PATCH 03/19] chore: upgrade module version to allow terraform Google
 provider v6

---
 0-bootstrap/README.md                              |  1 +
 0-bootstrap/modules/jenkins-agent/README.md        |  1 +
 1-org/envs/shared/README.md                        |  1 +
 1-org/modules/cai-monitoring/main.tf               |  2 +-
 1-org/modules/centralized-logging/main.tf          | 14 +++++++-------
 2-environments/envs/development/README.md          |  1 +
 2-environments/envs/development/main.tf            |  2 ++
 2-environments/envs/development/variables.tf       |  6 ++++++
 2-environments/envs/nonproduction/README.md        |  1 +
 2-environments/envs/nonproduction/main.tf          |  2 ++
 2-environments/envs/nonproduction/variables.tf     |  6 ++++++
 2-environments/envs/production/README.md           |  1 +
 2-environments/envs/production/main.tf             |  2 ++
 2-environments/envs/production/variables.tf        |  6 ++++++
 2-environments/modules/env_baseline/README.md      |  1 +
 2-environments/modules/env_baseline/kms.tf         |  3 ++-
 2-environments/modules/env_baseline/secrets.tf     |  3 ++-
 2-environments/modules/env_baseline/variables.tf   |  6 ++++++
 .../modules/transitivity/main.tf                   |  4 ++--
 4-projects/business_unit_1/development/README.md   |  1 +
 4-projects/business_unit_1/nonproduction/README.md |  1 +
 4-projects/business_unit_1/production/README.md    |  1 +
 4-projects/business_unit_1/shared/README.md        |  1 +
 4-projects/modules/base_env/README.md              |  1 +
 4-projects/modules/single_project/README.md        |  1 +
 test/setup/main.tf                                 |  3 ++-
 test/setup/outputs.tf                              |  5 +++++
 27 files changed, 64 insertions(+), 13 deletions(-)

diff --git a/0-bootstrap/README.md b/0-bootstrap/README.md
index 2b5b5c58c..dd93e13b7 100644
--- a/0-bootstrap/README.md
+++ b/0-bootstrap/README.md
@@ -367,6 +367,7 @@ Each step has instructions for this change.
 | org\_id | GCP Organization ID | `string` | n/a | yes |
 | org\_policy\_admin\_role | Additional Org Policy Admin role for admin group. You can use this for testing purposes. | `bool` | `false` | no |
 | parent\_folder | Optional - for an organization with existing projects or for development/validation. It will place all the example foundation resources under the provided folder instead of the root organization. The value is the numeric folder ID. The folder must already exist. | `string` | `""` | no |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | project\_prefix | Name prefix to use for projects created. Should be the same in all steps. Max size is 3 characters. | `string` | `"prj"` | no |
 
 ## Outputs
diff --git a/0-bootstrap/modules/jenkins-agent/README.md b/0-bootstrap/modules/jenkins-agent/README.md
index 09f72a5aa..10c713ea4 100644
--- a/0-bootstrap/modules/jenkins-agent/README.md
+++ b/0-bootstrap/modules/jenkins-agent/README.md
@@ -68,6 +68,7 @@ module "jenkins_bootstrap" {
 | on\_prem\_vpn\_public\_ip\_address | The public IP Address of the Jenkins Controller. | `string` | n/a | yes |
 | on\_prem\_vpn\_public\_ip\_address2 | The secondpublic IP Address of the Jenkins Controller. | `string` | n/a | yes |
 | org\_id | GCP Organization ID | `string` | n/a | yes |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | project\_labels | Labels to apply to the project. | `map(string)` | `{}` | no |
 | project\_prefix | Name prefix to use for projects created. | `string` | `"prj"` | no |
 | router\_asn | BGP ASN for cloud routes. | `number` | `"64515"` | no |
diff --git a/1-org/envs/shared/README.md b/1-org/envs/shared/README.md
index e260c67ca..8fe1ace97 100644
--- a/1-org/envs/shared/README.md
+++ b/1-org/envs/shared/README.md
@@ -18,6 +18,7 @@
 | log\_export\_storage\_retention\_policy | Configuration of the bucket's data retention policy for how long objects in the bucket should be retained. | <pre>object({<br>    is_locked             = bool<br>    retention_period_days = number<br>  })</pre> | `null` | no |
 | log\_export\_storage\_versioning | (Optional) Toggles bucket versioning, ability to retain a non-current object version when the live object version gets replaced or deleted. | `bool` | `false` | no |
 | project\_budget | Budget configuration for projects.<br>  budget\_amount: The amount to use as the budget.<br>  alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br>  alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.<br>  alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | <pre>object({<br>    dns_hub_budget_amount                       = optional(number, 1000)<br>    dns_hub_alert_spent_percents                = optional(list(number), [1.2])<br>    dns_hub_alert_pubsub_topic                  = optional(string, null)<br>    dns_hub_budget_alert_spend_basis            = optional(string, "FORECASTED_SPEND")<br>    base_net_hub_budget_amount                  = optional(number, 1000)<br>    base_net_hub_alert_spent_percents           = optional(list(number), [1.2])<br>    base_net_hub_alert_pubsub_topic             = optional(string, null)<br>    base_net_hub_budget_alert_spend_basis       = optional(string, "FORECASTED_SPEND")<br>    base_network_budget_amount                  = optional(number, 1000)<br>    base_network_alert_spent_percents           = optional(list(number), [1.2])<br>    base_network_alert_pubsub_topic             = optional(string, null)<br>    base_network_budget_alert_spend_basis       = optional(string, "FORECASTED_SPEND")<br>    restricted_net_hub_budget_amount            = optional(number, 1000)<br>    restricted_net_hub_alert_spent_percents     = optional(list(number), [1.2])<br>    restricted_net_hub_alert_pubsub_topic       = optional(string, null)<br>    restricted_net_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br>    restricted_network_budget_amount            = optional(number, 1000)<br>    restricted_network_alert_spent_percents     = optional(list(number), [1.2])<br>    restricted_network_alert_pubsub_topic       = optional(string, null)<br>    restricted_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br>    interconnect_budget_amount                  = optional(number, 1000)<br>    interconnect_alert_spent_percents           = optional(list(number), [1.2])<br>    interconnect_alert_pubsub_topic             = optional(string, null)<br>    interconnect_budget_alert_spend_basis       = optional(string, "FORECASTED_SPEND")<br>    org_secrets_budget_amount                   = optional(number, 1000)<br>    org_secrets_alert_spent_percents            = optional(list(number), [1.2])<br>    org_secrets_alert_pubsub_topic              = optional(string, null)<br>    org_secrets_budget_alert_spend_basis        = optional(string, "FORECASTED_SPEND")<br>    org_billing_export_budget_amount            = optional(number, 1000)<br>    org_billing_export_alert_spent_percents     = optional(list(number), [1.2])<br>    org_billing_export_alert_pubsub_topic       = optional(string, null)<br>    org_billing_export_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br>    org_audit_logs_budget_amount                = optional(number, 1000)<br>    org_audit_logs_alert_spent_percents         = optional(list(number), [1.2])<br>    org_audit_logs_alert_pubsub_topic           = optional(string, null)<br>    org_audit_logs_budget_alert_spend_basis     = optional(string, "FORECASTED_SPEND")<br>    common_kms_budget_amount                    = optional(number, 1000)<br>    common_kms_alert_spent_percents             = optional(list(number), [1.2])<br>    common_kms_alert_pubsub_topic               = optional(string, null)<br>    common_kms_budget_alert_spend_basis         = optional(string, "FORECASTED_SPEND")<br>    scc_notifications_budget_amount             = optional(number, 1000)<br>    scc_notifications_alert_spent_percents      = optional(list(number), [1.2])<br>    scc_notifications_alert_pubsub_topic        = optional(string, null)<br>    scc_notifications_budget_alert_spend_basis  = optional(string, "FORECASTED_SPEND")<br>  })</pre> | `{}` | no |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 | scc\_notification\_filter | Filter used to create the Security Command Center Notification, you can see more details on how to create filters in https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications#create-filter | `string` | `"state = \"ACTIVE\""` | no |
 | scc\_notification\_name | Name of the Security Command Center Notification. It must be unique in the organization. Run `gcloud scc notifications describe <scc_notification_name> --organization=org_id` to check if it already exists. | `string` | n/a | yes |
diff --git a/1-org/modules/cai-monitoring/main.tf b/1-org/modules/cai-monitoring/main.tf
index d55bf71e2..a7261493b 100644
--- a/1-org/modules/cai-monitoring/main.tf
+++ b/1-org/modules/cai-monitoring/main.tf
@@ -121,7 +121,7 @@ resource "google_cloud_asset_organization_feed" "organization_feed" {
 
 module "pubsub_cai_feed" {
   source  = "terraform-google-modules/pubsub/google"
-  version = "~> 6.0"
+  version = "~> 7.0"
 
   topic              = "top-cai-monitoring-${random_id.suffix.hex}-event"
   project_id         = var.project_id
diff --git a/1-org/modules/centralized-logging/main.tf b/1-org/modules/centralized-logging/main.tf
index 58bebc7c5..75cad1c1d 100644
--- a/1-org/modules/centralized-logging/main.tf
+++ b/1-org/modules/centralized-logging/main.tf
@@ -83,7 +83,7 @@ resource "random_string" "suffix" {
 
 module "log_export" {
   source  = "terraform-google-modules/log-export/google"
-  version = "~> 8.0"
+  version = "~> 10.0"
 
   for_each = local.log_exports
 
@@ -98,7 +98,7 @@ module "log_export" {
 
 module "log_export_billing" {
   source  = "terraform-google-modules/log-export/google"
-  version = "~> 8.0"
+  version = "~> 10.0"
 
   for_each = var.enable_billing_account_sink ? local.destination_resource_name : {}
 
@@ -123,7 +123,7 @@ resource "time_sleep" "wait_sa_iam_membership" {
 
 module "destination_project" {
   source  = "terraform-google-modules/log-export/google//modules/project"
-  version = "~> 8.0"
+  version = "~> 10.0"
   count   = var.project_options != null ? 1 : 0
 
   project_id               = var.logging_destination_project_id
@@ -151,7 +151,7 @@ resource "google_project_iam_member" "project_sink_member" {
 
 module "internal_project_log_export" {
   source  = "terraform-google-modules/log-export/google"
-  version = "~> 8.0"
+  version = "~> 10.0"
   count   = var.project_options != null ? 1 : 0
 
   destination_uri        = "logging.googleapis.com/projects/${var.logging_destination_project_id}/locations/${var.project_options.location}/buckets/${coalesce(var.project_options.log_bucket_id, "AggregatedLogs")}"
@@ -164,7 +164,7 @@ module "internal_project_log_export" {
 
 module "destination_aggregated_logs" {
   source  = "terraform-google-modules/log-export/google//modules/logbucket"
-  version = "~> 8.0"
+  version = "~> 10.0"
   count   = var.project_options != null ? 1 : 0
 
   project_id                    = var.logging_destination_project_id
@@ -238,7 +238,7 @@ resource "google_project_iam_member" "project_sink_member_billing" {
 #----------------------#
 module "destination_storage" {
   source  = "terraform-google-modules/log-export/google//modules/storage"
-  version = "~> 8.0"
+  version = "~> 10.0"
 
   count = var.storage_options != null ? 1 : 0
 
@@ -289,7 +289,7 @@ resource "google_storage_bucket_iam_member" "storage_sink_member_billing" {
 #----------------------#
 module "destination_pubsub" {
   source  = "terraform-google-modules/log-export/google//modules/pubsub"
-  version = "~> 8.0"
+  version = "~> 10.0"
 
   count = var.pubsub_options != null ? 1 : 0
 
diff --git a/2-environments/envs/development/README.md b/2-environments/envs/development/README.md
index 15e492c25..cf01bc7f7 100644
--- a/2-environments/envs/development/README.md
+++ b/2-environments/envs/development/README.md
@@ -3,6 +3,7 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 | tfc\_org\_name | Name of the TFC organization | `string` | `""` | no |
 
diff --git a/2-environments/envs/development/main.tf b/2-environments/envs/development/main.tf
index c8502a9a6..2f66c50dc 100644
--- a/2-environments/envs/development/main.tf
+++ b/2-environments/envs/development/main.tf
@@ -21,4 +21,6 @@ module "env" {
   environment_code    = "d"
   remote_state_bucket = var.remote_state_bucket
   tfc_org_name        = var.tfc_org_name
+
+  project_deletion_policy = var.project_deletion_policy
 }
diff --git a/2-environments/envs/development/variables.tf b/2-environments/envs/development/variables.tf
index 5b2c5e365..db3da85da 100644
--- a/2-environments/envs/development/variables.tf
+++ b/2-environments/envs/development/variables.tf
@@ -24,3 +24,9 @@ variable "tfc_org_name" {
   type        = string
   default     = ""
 }
+
+variable "project_deletion_policy" {
+  description = "The deletion policy for the project created."
+  type        = string
+  default     = "PREVENT"
+}
diff --git a/2-environments/envs/nonproduction/README.md b/2-environments/envs/nonproduction/README.md
index 15e492c25..cf01bc7f7 100644
--- a/2-environments/envs/nonproduction/README.md
+++ b/2-environments/envs/nonproduction/README.md
@@ -3,6 +3,7 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 | tfc\_org\_name | Name of the TFC organization | `string` | `""` | no |
 
diff --git a/2-environments/envs/nonproduction/main.tf b/2-environments/envs/nonproduction/main.tf
index b7684243b..350e72ec0 100644
--- a/2-environments/envs/nonproduction/main.tf
+++ b/2-environments/envs/nonproduction/main.tf
@@ -21,4 +21,6 @@ module "env" {
   environment_code    = "n"
   remote_state_bucket = var.remote_state_bucket
   tfc_org_name        = var.tfc_org_name
+
+  project_deletion_policy = var.project_deletion_policy
 }
diff --git a/2-environments/envs/nonproduction/variables.tf b/2-environments/envs/nonproduction/variables.tf
index 5b2c5e365..db3da85da 100644
--- a/2-environments/envs/nonproduction/variables.tf
+++ b/2-environments/envs/nonproduction/variables.tf
@@ -24,3 +24,9 @@ variable "tfc_org_name" {
   type        = string
   default     = ""
 }
+
+variable "project_deletion_policy" {
+  description = "The deletion policy for the project created."
+  type        = string
+  default     = "PREVENT"
+}
diff --git a/2-environments/envs/production/README.md b/2-environments/envs/production/README.md
index 99e479ae3..19cb9a2f1 100644
--- a/2-environments/envs/production/README.md
+++ b/2-environments/envs/production/README.md
@@ -3,6 +3,7 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 | tfc\_org\_name | Name of the TFC organization | `string` | `""` | no |
 
diff --git a/2-environments/envs/production/main.tf b/2-environments/envs/production/main.tf
index 95ecdd724..deba01685 100644
--- a/2-environments/envs/production/main.tf
+++ b/2-environments/envs/production/main.tf
@@ -22,6 +22,8 @@ module "env" {
   remote_state_bucket = var.remote_state_bucket
   tfc_org_name        = var.tfc_org_name
 
+  project_deletion_policy = var.project_deletion_policy
+
   assured_workload_configuration = {
     enabled           = false
     location          = "us-central1"
diff --git a/2-environments/envs/production/variables.tf b/2-environments/envs/production/variables.tf
index 15cef8a0c..1cb41ac55 100644
--- a/2-environments/envs/production/variables.tf
+++ b/2-environments/envs/production/variables.tf
@@ -25,3 +25,9 @@ variable "tfc_org_name" {
   default     = ""
 }
 
+variable "project_deletion_policy" {
+  description = "The deletion policy for the project created."
+  type        = string
+  default     = "PREVENT"
+}
+
diff --git a/2-environments/modules/env_baseline/README.md b/2-environments/modules/env_baseline/README.md
index 1dfb1317a..de489bdbc 100644
--- a/2-environments/modules/env_baseline/README.md
+++ b/2-environments/modules/env_baseline/README.md
@@ -7,6 +7,7 @@
 | env | The environment to prepare (ex. development) | `string` | n/a | yes |
 | environment\_code | A short form of the folder level resources (environment) within the Google Cloud organization (ex. d). | `string` | n/a | yes |
 | project\_budget | Budget configuration for projects.<br>  budget\_amount: The amount to use as the budget.<br>  alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br>  alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.<br>  alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | <pre>object({<br>    base_network_budget_amount                  = optional(number, 1000)<br>    base_network_alert_spent_percents           = optional(list(number), [1.2])<br>    base_network_alert_pubsub_topic             = optional(string, null)<br>    base_network_budget_alert_spend_basis       = optional(string, "FORECASTED_SPEND")<br>    restricted_network_budget_amount            = optional(number, 1000)<br>    restricted_network_alert_spent_percents     = optional(list(number), [1.2])<br>    restricted_network_alert_pubsub_topic       = optional(string, null)<br>    restricted_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br>    secret_budget_amount                        = optional(number, 1000)<br>    secret_alert_spent_percents                 = optional(list(number), [1.2])<br>    secret_alert_pubsub_topic                   = optional(string, null)<br>    secret_budget_alert_spend_basis             = optional(string, "FORECASTED_SPEND")<br>    kms_budget_amount                           = optional(number, 1000)<br>    kms_alert_spent_percents                    = optional(list(number), [1.2])<br>    kms_alert_pubsub_topic                      = optional(string, null)<br>    kms_budget_alert_spend_basis                = optional(string, "FORECASTED_SPEND")<br>  })</pre> | `{}` | no |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 | tfc\_org\_name | Name of the TFC organization | `string` | n/a | yes |
 
diff --git a/2-environments/modules/env_baseline/kms.tf b/2-environments/modules/env_baseline/kms.tf
index e6e4d992f..01dc42f26 100644
--- a/2-environments/modules/env_baseline/kms.tf
+++ b/2-environments/modules/env_baseline/kms.tf
@@ -21,7 +21,7 @@
 
 module "env_kms" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   random_project_id           = true
   random_project_id_length    = 4
@@ -33,6 +33,7 @@ module "env_kms" {
   disable_services_on_destroy = false
   depends_on                  = [time_sleep.wait_60_seconds]
   activate_apis               = ["logging.googleapis.com", "cloudkms.googleapis.com", "billingbudgets.googleapis.com"]
+  deletion_policy             = var.project_deletion_policy
 
   labels = {
     environment       = var.env
diff --git a/2-environments/modules/env_baseline/secrets.tf b/2-environments/modules/env_baseline/secrets.tf
index fa875c67a..6ff24a4ec 100644
--- a/2-environments/modules/env_baseline/secrets.tf
+++ b/2-environments/modules/env_baseline/secrets.tf
@@ -21,7 +21,7 @@
 
 module "env_secrets" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   random_project_id           = true
   random_project_id_length    = 4
@@ -33,6 +33,7 @@ module "env_secrets" {
   disable_services_on_destroy = false
   depends_on                  = [time_sleep.wait_60_seconds]
   activate_apis               = ["logging.googleapis.com", "secretmanager.googleapis.com"]
+  deletion_policy             = var.project_deletion_policy
 
   labels = {
     environment       = var.env
diff --git a/2-environments/modules/env_baseline/variables.tf b/2-environments/modules/env_baseline/variables.tf
index 400479c0e..6aa14afc4 100644
--- a/2-environments/modules/env_baseline/variables.tf
+++ b/2-environments/modules/env_baseline/variables.tf
@@ -81,3 +81,9 @@ variable "assured_workload_configuration" {
   })
   default = {}
 }
+
+variable "project_deletion_policy" {
+  description = "The deletion policy for the project created."
+  type        = string
+  default     = "PREVENT"
+}
diff --git a/3-networks-hub-and-spoke/modules/transitivity/main.tf b/3-networks-hub-and-spoke/modules/transitivity/main.tf
index 92cafdf2f..1b082e482 100644
--- a/3-networks-hub-and-spoke/modules/transitivity/main.tf
+++ b/3-networks-hub-and-spoke/modules/transitivity/main.tf
@@ -37,7 +37,7 @@ module "service_account" {
 
 module "templates" {
   source   = "terraform-google-modules/vm/google//modules/instance_template"
-  version  = "~> 11.0"
+  version  = "~> 12.0"
   for_each = toset(var.regions)
 
   can_ip_forward = true
@@ -65,7 +65,7 @@ module "templates" {
 
 module "migs" {
   source   = "terraform-google-modules/vm/google//modules/mig"
-  version  = "~> 11.1"
+  version  = "~> 12.1"
   for_each = toset(var.regions)
 
   project_id        = var.project_id
diff --git a/4-projects/business_unit_1/development/README.md b/4-projects/business_unit_1/development/README.md
index e1fa6e324..25eaa0408 100644
--- a/4-projects/business_unit_1/development/README.md
+++ b/4-projects/business_unit_1/development/README.md
@@ -8,6 +8,7 @@
 | location\_gcs | Case-Sensitive Location for GCS Bucket (Should be same region as the KMS Keyring) | `string` | `null` | no |
 | location\_kms | Case-Sensitive Location for KMS Keyring (Should be same region as the GCS Bucket) | `string` | `null` | no |
 | peering\_module\_depends\_on | List of modules or resources peering module depends on. | `list(any)` | `[]` | no |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 | tfc\_org\_name | Name of the TFC organization. | `string` | `""` | no |
 
diff --git a/4-projects/business_unit_1/nonproduction/README.md b/4-projects/business_unit_1/nonproduction/README.md
index e1fa6e324..25eaa0408 100644
--- a/4-projects/business_unit_1/nonproduction/README.md
+++ b/4-projects/business_unit_1/nonproduction/README.md
@@ -8,6 +8,7 @@
 | location\_gcs | Case-Sensitive Location for GCS Bucket (Should be same region as the KMS Keyring) | `string` | `null` | no |
 | location\_kms | Case-Sensitive Location for KMS Keyring (Should be same region as the GCS Bucket) | `string` | `null` | no |
 | peering\_module\_depends\_on | List of modules or resources peering module depends on. | `list(any)` | `[]` | no |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 | tfc\_org\_name | Name of the TFC organization. | `string` | `""` | no |
 
diff --git a/4-projects/business_unit_1/production/README.md b/4-projects/business_unit_1/production/README.md
index e1fa6e324..25eaa0408 100644
--- a/4-projects/business_unit_1/production/README.md
+++ b/4-projects/business_unit_1/production/README.md
@@ -8,6 +8,7 @@
 | location\_gcs | Case-Sensitive Location for GCS Bucket (Should be same region as the KMS Keyring) | `string` | `null` | no |
 | location\_kms | Case-Sensitive Location for KMS Keyring (Should be same region as the GCS Bucket) | `string` | `null` | no |
 | peering\_module\_depends\_on | List of modules or resources peering module depends on. | `list(any)` | `[]` | no |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 | tfc\_org\_name | Name of the TFC organization. | `string` | `""` | no |
 
diff --git a/4-projects/business_unit_1/shared/README.md b/4-projects/business_unit_1/shared/README.md
index 9515329eb..011c44625 100644
--- a/4-projects/business_unit_1/shared/README.md
+++ b/4-projects/business_unit_1/shared/README.md
@@ -5,6 +5,7 @@
 |------|-------------|------|---------|:--------:|
 | default\_region | Default region to create resources where applicable. | `string` | `"us-central1"` | no |
 | project\_budget | Budget configuration.<br>  budget\_amount: The amount to use as the budget.<br>  alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br>  alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.<br>  alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | <pre>object({<br>    budget_amount        = optional(number, 1000)<br>    alert_spent_percents = optional(list(number), [1.2])<br>    alert_pubsub_topic   = optional(string, null)<br>    alert_spend_basis    = optional(string, "FORECASTED_SPEND")<br>  })</pre> | `{}` | no |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 | tfc\_org\_name | Name of the TFC organization | `string` | `""` | no |
 
diff --git a/4-projects/modules/base_env/README.md b/4-projects/modules/base_env/README.md
index 70d08bc55..b64447262 100644
--- a/4-projects/modules/base_env/README.md
+++ b/4-projects/modules/base_env/README.md
@@ -20,6 +20,7 @@
 | peering\_iap\_fw\_rules\_enabled | Toggle creation of optional IAP firewall rules: SSH, RDP. | `bool` | `false` | no |
 | peering\_module\_depends\_on | List of modules or resources peering module depends on. | `list(any)` | `[]` | no |
 | project\_budget | Budget configuration.<br>  budget\_amount: The amount to use as the budget.<br>  alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br>  alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.<br>  alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | <pre>object({<br>    budget_amount        = optional(number, 1000)<br>    alert_spent_percents = optional(list(number), [1.2])<br>    alert_pubsub_topic   = optional(string, null)<br>    alert_spend_basis    = optional(string, "FORECASTED_SPEND")<br>  })</pre> | `{}` | no |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 | subnet\_ip\_range | IP range for the peered subnetwork. If "peering\_iap\_fw\_rules\_enabled" is true, this field should not be null. | `string` | `null` | no |
 | subnet\_region | Region which the peered subnet will be created. If "peering\_iap\_fw\_rules\_enabled" is true, this field should not be null. | `string` | `null` | no |
diff --git a/4-projects/modules/single_project/README.md b/4-projects/modules/single_project/README.md
index b92f4b388..80758abb9 100644
--- a/4-projects/modules/single_project/README.md
+++ b/4-projects/modules/single_project/README.md
@@ -15,6 +15,7 @@
 | org\_id | The organization id for the associated services | `string` | n/a | yes |
 | primary\_contact | The primary email contact for the project | `string` | n/a | yes |
 | project\_budget | Budget configuration.<br>  budget\_amount: The amount to use as the budget.<br>  alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br>  alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.<br>  alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | <pre>object({<br>    budget_amount        = optional(number, 1000)<br>    alert_spent_percents = optional(list(number), [1.2])<br>    alert_pubsub_topic   = optional(string, null)<br>    alert_spend_basis    = optional(string, "FORECASTED_SPEND")<br>  })</pre> | `{}` | no |
+| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | project\_prefix | Name prefix to use for projects created. | `string` | `"prj"` | no |
 | project\_suffix | The name of the GCP project. Max 16 characters with 3 character business unit code. | `string` | n/a | yes |
 | sa\_roles | A list of roles to give the Service Account from App Infra Pipeline. | `map(list(string))` | `{}` | no |
diff --git a/test/setup/main.tf b/test/setup/main.tf
index 7b85df91d..cb8cdfd9d 100644
--- a/test/setup/main.tf
+++ b/test/setup/main.tf
@@ -46,7 +46,7 @@ resource "google_folder" "test_folder" {
 
 module "project" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 15.0"
+  version = "~> 17.0"
 
   name                     = "ci-foundation-${random_string.suffix.result}"
   random_project_id        = true
@@ -54,6 +54,7 @@ module "project" {
   org_id                   = var.org_id
   folder_id                = var.folder_id
   billing_account          = var.billing_account
+  deletion_policy          = "DELETE"
 
   activate_apis = [
     "cloudresourcemanager.googleapis.com",
diff --git a/test/setup/outputs.tf b/test/setup/outputs.tf
index bff0125e8..4b19fdbc2 100644
--- a/test/setup/outputs.tf
+++ b/test/setup/outputs.tf
@@ -109,3 +109,8 @@ output "create_unique_tag_key" {
   description = "Set to true to avoid tag key name colision during integrated tests. Tag keys are organization-wide unique names."
   value       = true
 }
+
+output "project_deletion_policy" {
+  description = "The deletion policy for the project created. Set to `DELETE` during integrated tests so that projects can be destroyed."
+  value       = "DELETE"
+}

From 7f29131603a246f6faa08d1906d31a000f2873b3 Mon Sep 17 00:00:00 2001
From: Daniel Andrade <dandrade@ciandt.com>
Date: Mon, 4 Nov 2024 21:20:34 -0300
Subject: [PATCH 04/19] chore: upgrade modules to terraform provider v6

---
 0-bootstrap/README.md                            |  1 +
 0-bootstrap/main.tf                              |  5 +++--
 0-bootstrap/variables.tf                         |  6 ++++++
 1-org/envs/shared/README.md                      |  1 +
 1-org/envs/shared/folders.tf                     | 10 ++++++----
 1-org/envs/shared/variables.tf                   |  6 ++++++
 2-environments/envs/development/README.md        |  1 +
 2-environments/envs/development/main.tf          |  3 ++-
 2-environments/envs/development/variables.tf     |  6 ++++++
 2-environments/envs/nonproduction/README.md      |  1 +
 2-environments/envs/nonproduction/main.tf        |  3 ++-
 2-environments/envs/nonproduction/variables.tf   |  6 ++++++
 2-environments/envs/production/README.md         |  1 +
 2-environments/envs/production/main.tf           |  3 ++-
 2-environments/envs/production/variables.tf      |  5 +++++
 2-environments/modules/env_baseline/README.md    |  1 +
 2-environments/modules/env_baseline/folders.tf   |  5 +++--
 2-environments/modules/env_baseline/variables.tf |  6 ++++++
 4-projects/business_unit_1/development/README.md |  1 +
 4-projects/business_unit_1/development/main.tf   |  1 +
 .../business_unit_1/development/variables.tf     |  6 ++++++
 .../business_unit_1/nonproduction/README.md      |  1 +
 4-projects/business_unit_1/nonproduction/main.tf |  1 +
 .../business_unit_1/nonproduction/variables.tf   |  6 ++++++
 4-projects/business_unit_1/production/README.md  |  1 +
 4-projects/business_unit_1/production/main.tf    |  1 +
 .../business_unit_1/production/variables.tf      |  6 ++++++
 4-projects/modules/base_env/README.md            |  1 +
 .../modules/base_env/business_unit_folder.tf     |  5 +++--
 4-projects/modules/base_env/variables.tf         |  6 ++++++
 .../foundation-deployer/global.tfvars.example    |  2 ++
 helpers/foundation-deployer/stages/apply.go      | 14 +++++++++++---
 helpers/foundation-deployer/stages/data.go       | 16 +++++++++++++---
 test/setup/main.tf                               |  5 +++--
 test/setup/outputs.tf                            |  6 ++++++
 35 files changed, 128 insertions(+), 21 deletions(-)

diff --git a/0-bootstrap/README.md b/0-bootstrap/README.md
index dd93e13b7..a9941e367 100644
--- a/0-bootstrap/README.md
+++ b/0-bootstrap/README.md
@@ -361,6 +361,7 @@ Each step has instructions for this change.
 | default\_region\_2 | Secondary default region to create resources where applicable. | `string` | `"us-west1"` | no |
 | default\_region\_gcs | Case-Sensitive default region to create gcs resources where applicable. | `string` | `"US"` | no |
 | default\_region\_kms | Secondary default region to create kms resources where applicable. | `string` | `"us"` | no |
+| folder\_deletion\_protection | Prevent Terraform from destroying or recreating the folder. | `string` | `true` | no |
 | folder\_prefix | Name prefix to use for folders created. Should be the same in all steps. | `string` | `"fldr"` | no |
 | groups | Contain the details of the Groups to be created. | <pre>object({<br>    create_required_groups = optional(bool, false)<br>    create_optional_groups = optional(bool, false)<br>    billing_project        = optional(string, null)<br>    required_groups = object({<br>      group_org_admins     = string<br>      group_billing_admins = string<br>      billing_data_users   = string<br>      audit_data_users     = string<br>    })<br>    optional_groups = optional(object({<br>      gcp_security_reviewer    = optional(string, "")<br>      gcp_network_viewer       = optional(string, "")<br>      gcp_scc_admin            = optional(string, "")<br>      gcp_global_secrets_admin = optional(string, "")<br>      gcp_kms_admin            = optional(string, "")<br>    }), {})<br>  })</pre> | n/a | yes |
 | initial\_group\_config | Define the group configuration when it is initialized. Valid values are: WITH\_INITIAL\_OWNER, EMPTY and INITIAL\_GROUP\_CONFIG\_UNSPECIFIED. | `string` | `"WITH_INITIAL_OWNER"` | no |
diff --git a/0-bootstrap/main.tf b/0-bootstrap/main.tf
index 03a500605..1063e58fe 100644
--- a/0-bootstrap/main.tf
+++ b/0-bootstrap/main.tf
@@ -35,8 +35,9 @@ locals {
 }
 
 resource "google_folder" "bootstrap" {
-  display_name = "${var.folder_prefix}-bootstrap"
-  parent       = local.parent
+  display_name        = "${var.folder_prefix}-bootstrap"
+  parent              = local.parent
+  deletion_protection = var.folder_deletion_protection
 }
 
 module "seed_bootstrap" {
diff --git a/0-bootstrap/variables.tf b/0-bootstrap/variables.tf
index ee20bba69..db7e27c65 100644
--- a/0-bootstrap/variables.tf
+++ b/0-bootstrap/variables.tf
@@ -96,6 +96,12 @@ variable "project_deletion_policy" {
   default     = "PREVENT"
 }
 
+variable "folder_deletion_protection" {
+  description = "Prevent Terraform from destroying or recreating the folder."
+  type        = string
+  default     = true
+}
+
 /* ----------------------------------------
     Specific to Groups creation
    ---------------------------------------- */
diff --git a/1-org/envs/shared/README.md b/1-org/envs/shared/README.md
index 8fe1ace97..e12dc5bcf 100644
--- a/1-org/envs/shared/README.md
+++ b/1-org/envs/shared/README.md
@@ -12,6 +12,7 @@
 | enforce\_allowed\_worker\_pools | Whether to enforce the organization policy restriction on allowed worker pools for Cloud Build. | `bool` | `false` | no |
 | essential\_contacts\_domains\_to\_allow | The list of domains that email addresses added to Essential Contacts can have. | `list(string)` | n/a | yes |
 | essential\_contacts\_language | Essential Contacts preferred language for notifications, as a ISO 639-1 language code. See [Supported languages](https://cloud.google.com/resource-manager/docs/managing-notification-contacts#supported-languages) for a list of supported languages. | `string` | `"en"` | no |
+| folder\_deletion\_protection | Prevent Terraform from destroying or recreating the folder. | `string` | `true` | no |
 | gcp\_groups | Groups to grant specific roles in the Organization.<br>  platform\_viewer: Google Workspace or Cloud Identity group that have the ability to view resource information across the Google Cloud organization.<br>  security\_reviewer: Google Workspace or Cloud Identity group that members are part of the security team responsible for reviewing cloud security<br>  network\_viewer: Google Workspace or Cloud Identity group that members are part of the networking team and review network configurations.<br>  scc\_admin: Google Workspace or Cloud Identity group that can administer Security Command Center.<br>  audit\_viewer: Google Workspace or Cloud Identity group that members are part of an audit team and view audit logs in the logging project.<br>  global\_secrets\_admin: Google Workspace or Cloud Identity group that members are responsible for putting secrets into Secrets Manage | <pre>object({<br>    audit_viewer         = optional(string, null)<br>    security_reviewer    = optional(string, null)<br>    network_viewer       = optional(string, null)<br>    scc_admin            = optional(string, null)<br>    global_secrets_admin = optional(string, null)<br>    kms_admin            = optional(string, null)<br>  })</pre> | `{}` | no |
 | log\_export\_storage\_force\_destroy | (Optional) If set to true, delete all contents when destroying the resource; otherwise, destroying the resource will fail if contents are present. | `bool` | `false` | no |
 | log\_export\_storage\_location | The location of the storage bucket used to export logs. | `string` | `null` | no |
diff --git a/1-org/envs/shared/folders.tf b/1-org/envs/shared/folders.tf
index eff64af4e..484589573 100644
--- a/1-org/envs/shared/folders.tf
+++ b/1-org/envs/shared/folders.tf
@@ -19,11 +19,13 @@
  *****************************************/
 
 resource "google_folder" "common" {
-  display_name = "${local.folder_prefix}-common"
-  parent       = local.parent
+  display_name        = "${local.folder_prefix}-common"
+  parent              = local.parent
+  deletion_protection = var.folder_deletion_protection
 }
 
 resource "google_folder" "network" {
-  display_name = "${local.folder_prefix}-network"
-  parent       = local.parent
+  display_name        = "${local.folder_prefix}-network"
+  parent              = local.parent
+  deletion_protection = var.folder_deletion_protection
 }
diff --git a/1-org/envs/shared/variables.tf b/1-org/envs/shared/variables.tf
index 7c261c109..b39073d7d 100644
--- a/1-org/envs/shared/variables.tf
+++ b/1-org/envs/shared/variables.tf
@@ -199,3 +199,9 @@ variable "project_deletion_policy" {
   type        = string
   default     = "PREVENT"
 }
+
+variable "folder_deletion_protection" {
+  description = "Prevent Terraform from destroying or recreating the folder."
+  type        = string
+  default     = true
+}
diff --git a/2-environments/envs/development/README.md b/2-environments/envs/development/README.md
index cf01bc7f7..883e0f0bc 100644
--- a/2-environments/envs/development/README.md
+++ b/2-environments/envs/development/README.md
@@ -3,6 +3,7 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| folder\_deletion\_protection | Prevent Terraform from destroying or recreating the folder. | `string` | `true` | no |
 | project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 | tfc\_org\_name | Name of the TFC organization | `string` | `""` | no |
diff --git a/2-environments/envs/development/main.tf b/2-environments/envs/development/main.tf
index 2f66c50dc..3be567bae 100644
--- a/2-environments/envs/development/main.tf
+++ b/2-environments/envs/development/main.tf
@@ -22,5 +22,6 @@ module "env" {
   remote_state_bucket = var.remote_state_bucket
   tfc_org_name        = var.tfc_org_name
 
-  project_deletion_policy = var.project_deletion_policy
+  project_deletion_policy    = var.project_deletion_policy
+  folder_deletion_protection = var.folder_deletion_protection
 }
diff --git a/2-environments/envs/development/variables.tf b/2-environments/envs/development/variables.tf
index db3da85da..d2ab8ccc1 100644
--- a/2-environments/envs/development/variables.tf
+++ b/2-environments/envs/development/variables.tf
@@ -30,3 +30,9 @@ variable "project_deletion_policy" {
   type        = string
   default     = "PREVENT"
 }
+
+variable "folder_deletion_protection" {
+  description = "Prevent Terraform from destroying or recreating the folder."
+  type        = string
+  default     = true
+}
diff --git a/2-environments/envs/nonproduction/README.md b/2-environments/envs/nonproduction/README.md
index cf01bc7f7..883e0f0bc 100644
--- a/2-environments/envs/nonproduction/README.md
+++ b/2-environments/envs/nonproduction/README.md
@@ -3,6 +3,7 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| folder\_deletion\_protection | Prevent Terraform from destroying or recreating the folder. | `string` | `true` | no |
 | project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 | tfc\_org\_name | Name of the TFC organization | `string` | `""` | no |
diff --git a/2-environments/envs/nonproduction/main.tf b/2-environments/envs/nonproduction/main.tf
index 350e72ec0..74efd1376 100644
--- a/2-environments/envs/nonproduction/main.tf
+++ b/2-environments/envs/nonproduction/main.tf
@@ -22,5 +22,6 @@ module "env" {
   remote_state_bucket = var.remote_state_bucket
   tfc_org_name        = var.tfc_org_name
 
-  project_deletion_policy = var.project_deletion_policy
+  project_deletion_policy    = var.project_deletion_policy
+  folder_deletion_protection = var.folder_deletion_protection
 }
diff --git a/2-environments/envs/nonproduction/variables.tf b/2-environments/envs/nonproduction/variables.tf
index db3da85da..d2ab8ccc1 100644
--- a/2-environments/envs/nonproduction/variables.tf
+++ b/2-environments/envs/nonproduction/variables.tf
@@ -30,3 +30,9 @@ variable "project_deletion_policy" {
   type        = string
   default     = "PREVENT"
 }
+
+variable "folder_deletion_protection" {
+  description = "Prevent Terraform from destroying or recreating the folder."
+  type        = string
+  default     = true
+}
diff --git a/2-environments/envs/production/README.md b/2-environments/envs/production/README.md
index 19cb9a2f1..ba77099ab 100644
--- a/2-environments/envs/production/README.md
+++ b/2-environments/envs/production/README.md
@@ -3,6 +3,7 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| folder\_deletion\_protection | Prevent Terraform from destroying or recreating the folder. | `string` | `true` | no |
 | project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
 | tfc\_org\_name | Name of the TFC organization | `string` | `""` | no |
diff --git a/2-environments/envs/production/main.tf b/2-environments/envs/production/main.tf
index deba01685..4f4845146 100644
--- a/2-environments/envs/production/main.tf
+++ b/2-environments/envs/production/main.tf
@@ -22,7 +22,8 @@ module "env" {
   remote_state_bucket = var.remote_state_bucket
   tfc_org_name        = var.tfc_org_name
 
-  project_deletion_policy = var.project_deletion_policy
+  project_deletion_policy    = var.project_deletion_policy
+  folder_deletion_protection = var.folder_deletion_protection
 
   assured_workload_configuration = {
     enabled           = false
diff --git a/2-environments/envs/production/variables.tf b/2-environments/envs/production/variables.tf
index 1cb41ac55..d2ab8ccc1 100644
--- a/2-environments/envs/production/variables.tf
+++ b/2-environments/envs/production/variables.tf
@@ -31,3 +31,8 @@ variable "project_deletion_policy" {
   default     = "PREVENT"
 }
 
+variable "folder_deletion_protection" {
+  description = "Prevent Terraform from destroying or recreating the folder."
+  type        = string
+  default     = true
+}
diff --git a/2-environments/modules/env_baseline/README.md b/2-environments/modules/env_baseline/README.md
index de489bdbc..4a35926e3 100644
--- a/2-environments/modules/env_baseline/README.md
+++ b/2-environments/modules/env_baseline/README.md
@@ -6,6 +6,7 @@
 | assured\_workload\_configuration | Assured Workload configuration. See https://cloud.google.com/assured-workloads ."<br>  enabled: If the assured workload should be created.<br>  location: The location where the workload will be created.<br>  display\_name: User-assigned resource display name.<br>  compliance\_regime: Supported Compliance Regimes. See https://cloud.google.com/assured-workloads/docs/reference/rest/Shared.Types/ComplianceRegime .<br>  resource\_type: The type of resource. One of CONSUMER\_FOLDER, KEYRING, or ENCRYPTION\_KEYS\_PROJECT. | <pre>object({<br>    enabled           = optional(bool, false)<br>    location          = optional(string, "us-central1")<br>    display_name      = optional(string, "FEDRAMP-MODERATE")<br>    compliance_regime = optional(string, "FEDRAMP_MODERATE")<br>    resource_type     = optional(string, "CONSUMER_FOLDER")<br>  })</pre> | `{}` | no |
 | env | The environment to prepare (ex. development) | `string` | n/a | yes |
 | environment\_code | A short form of the folder level resources (environment) within the Google Cloud organization (ex. d). | `string` | n/a | yes |
+| folder\_deletion\_protection | Prevent Terraform from destroying or recreating the folder. | `string` | `true` | no |
 | project\_budget | Budget configuration for projects.<br>  budget\_amount: The amount to use as the budget.<br>  alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br>  alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.<br>  alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | <pre>object({<br>    base_network_budget_amount                  = optional(number, 1000)<br>    base_network_alert_spent_percents           = optional(list(number), [1.2])<br>    base_network_alert_pubsub_topic             = optional(string, null)<br>    base_network_budget_alert_spend_basis       = optional(string, "FORECASTED_SPEND")<br>    restricted_network_budget_amount            = optional(number, 1000)<br>    restricted_network_alert_spent_percents     = optional(list(number), [1.2])<br>    restricted_network_alert_pubsub_topic       = optional(string, null)<br>    restricted_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br>    secret_budget_amount                        = optional(number, 1000)<br>    secret_alert_spent_percents                 = optional(list(number), [1.2])<br>    secret_alert_pubsub_topic                   = optional(string, null)<br>    secret_budget_alert_spend_basis             = optional(string, "FORECASTED_SPEND")<br>    kms_budget_amount                           = optional(number, 1000)<br>    kms_alert_spent_percents                    = optional(list(number), [1.2])<br>    kms_alert_pubsub_topic                      = optional(string, null)<br>    kms_budget_alert_spend_basis                = optional(string, "FORECASTED_SPEND")<br>  })</pre> | `{}` | no |
 | project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
 | remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
diff --git a/2-environments/modules/env_baseline/folders.tf b/2-environments/modules/env_baseline/folders.tf
index 7e05471ce..61c8f6c64 100644
--- a/2-environments/modules/env_baseline/folders.tf
+++ b/2-environments/modules/env_baseline/folders.tf
@@ -19,8 +19,9 @@
 *****************************************/
 
 resource "google_folder" "env" {
-  display_name = "${local.folder_prefix}-${var.env}"
-  parent       = local.parent
+  display_name        = "${local.folder_prefix}-${var.env}"
+  parent              = local.parent
+  deletion_protection = var.folder_deletion_protection
 }
 
 resource "time_sleep" "wait_60_seconds" {
diff --git a/2-environments/modules/env_baseline/variables.tf b/2-environments/modules/env_baseline/variables.tf
index 6aa14afc4..81ab12a83 100644
--- a/2-environments/modules/env_baseline/variables.tf
+++ b/2-environments/modules/env_baseline/variables.tf
@@ -87,3 +87,9 @@ variable "project_deletion_policy" {
   type        = string
   default     = "PREVENT"
 }
+
+variable "folder_deletion_protection" {
+  description = "Prevent Terraform from destroying or recreating the folder."
+  type        = string
+  default     = true
+}
diff --git a/4-projects/business_unit_1/development/README.md b/4-projects/business_unit_1/development/README.md
index 25eaa0408..9d723d711 100644
--- a/4-projects/business_unit_1/development/README.md
+++ b/4-projects/business_unit_1/development/README.md
@@ -3,6 +3,7 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| folder\_deletion\_protection | Prevent Terraform from destroying or recreating the folder. | `string` | `true` | no |
 | gcs\_custom\_placement\_config | Configuration of the bucket's custom location in a dual-region bucket setup. If the bucket is designated a single or multi-region, the variable are null. | <pre>object({<br>    data_locations = list(string)<br>  })</pre> | `null` | no |
 | instance\_region | Region which the peered subnet will be created (Should be same region as the VM that will be created on step 5-app-infra on the peering project). | `string` | `null` | no |
 | location\_gcs | Case-Sensitive Location for GCS Bucket (Should be same region as the KMS Keyring) | `string` | `null` | no |
diff --git a/4-projects/business_unit_1/development/main.tf b/4-projects/business_unit_1/development/main.tf
index edc631b99..1ad8a4131 100644
--- a/4-projects/business_unit_1/development/main.tf
+++ b/4-projects/business_unit_1/development/main.tf
@@ -35,4 +35,5 @@ module "env" {
   subnet_region                = coalesce(var.instance_region, local.default_region)
   subnet_ip_range              = "10.3.64.0/21"
   project_deletion_policy      = var.project_deletion_policy
+  folder_deletion_protection   = var.folder_deletion_protection
 }
diff --git a/4-projects/business_unit_1/development/variables.tf b/4-projects/business_unit_1/development/variables.tf
index 435a765cc..7add57dfc 100644
--- a/4-projects/business_unit_1/development/variables.tf
+++ b/4-projects/business_unit_1/development/variables.tf
@@ -62,3 +62,9 @@ variable "project_deletion_policy" {
   type        = string
   default     = "PREVENT"
 }
+
+variable "folder_deletion_protection" {
+  description = "Prevent Terraform from destroying or recreating the folder."
+  type        = string
+  default     = true
+}
diff --git a/4-projects/business_unit_1/nonproduction/README.md b/4-projects/business_unit_1/nonproduction/README.md
index 25eaa0408..9d723d711 100644
--- a/4-projects/business_unit_1/nonproduction/README.md
+++ b/4-projects/business_unit_1/nonproduction/README.md
@@ -3,6 +3,7 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| folder\_deletion\_protection | Prevent Terraform from destroying or recreating the folder. | `string` | `true` | no |
 | gcs\_custom\_placement\_config | Configuration of the bucket's custom location in a dual-region bucket setup. If the bucket is designated a single or multi-region, the variable are null. | <pre>object({<br>    data_locations = list(string)<br>  })</pre> | `null` | no |
 | instance\_region | Region which the peered subnet will be created (Should be same region as the VM that will be created on step 5-app-infra on the peering project). | `string` | `null` | no |
 | location\_gcs | Case-Sensitive Location for GCS Bucket (Should be same region as the KMS Keyring) | `string` | `null` | no |
diff --git a/4-projects/business_unit_1/nonproduction/main.tf b/4-projects/business_unit_1/nonproduction/main.tf
index f39ee8313..b8a4514b7 100644
--- a/4-projects/business_unit_1/nonproduction/main.tf
+++ b/4-projects/business_unit_1/nonproduction/main.tf
@@ -35,4 +35,5 @@ module "env" {
   subnet_region                = coalesce(var.instance_region, local.default_region)
   subnet_ip_range              = "10.3.128.0/21"
   project_deletion_policy      = var.project_deletion_policy
+  folder_deletion_protection   = var.folder_deletion_protection
 }
diff --git a/4-projects/business_unit_1/nonproduction/variables.tf b/4-projects/business_unit_1/nonproduction/variables.tf
index 435a765cc..7add57dfc 100644
--- a/4-projects/business_unit_1/nonproduction/variables.tf
+++ b/4-projects/business_unit_1/nonproduction/variables.tf
@@ -62,3 +62,9 @@ variable "project_deletion_policy" {
   type        = string
   default     = "PREVENT"
 }
+
+variable "folder_deletion_protection" {
+  description = "Prevent Terraform from destroying or recreating the folder."
+  type        = string
+  default     = true
+}
diff --git a/4-projects/business_unit_1/production/README.md b/4-projects/business_unit_1/production/README.md
index 25eaa0408..9d723d711 100644
--- a/4-projects/business_unit_1/production/README.md
+++ b/4-projects/business_unit_1/production/README.md
@@ -3,6 +3,7 @@
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
+| folder\_deletion\_protection | Prevent Terraform from destroying or recreating the folder. | `string` | `true` | no |
 | gcs\_custom\_placement\_config | Configuration of the bucket's custom location in a dual-region bucket setup. If the bucket is designated a single or multi-region, the variable are null. | <pre>object({<br>    data_locations = list(string)<br>  })</pre> | `null` | no |
 | instance\_region | Region which the peered subnet will be created (Should be same region as the VM that will be created on step 5-app-infra on the peering project). | `string` | `null` | no |
 | location\_gcs | Case-Sensitive Location for GCS Bucket (Should be same region as the KMS Keyring) | `string` | `null` | no |
diff --git a/4-projects/business_unit_1/production/main.tf b/4-projects/business_unit_1/production/main.tf
index a60881e93..4bf4b9f74 100644
--- a/4-projects/business_unit_1/production/main.tf
+++ b/4-projects/business_unit_1/production/main.tf
@@ -35,4 +35,5 @@ module "env" {
   subnet_region                = coalesce(var.instance_region, local.default_region)
   subnet_ip_range              = "10.3.192.0/21"
   project_deletion_policy      = var.project_deletion_policy
+  folder_deletion_protection   = var.folder_deletion_protection
 }
diff --git a/4-projects/business_unit_1/production/variables.tf b/4-projects/business_unit_1/production/variables.tf
index 435a765cc..7add57dfc 100644
--- a/4-projects/business_unit_1/production/variables.tf
+++ b/4-projects/business_unit_1/production/variables.tf
@@ -62,3 +62,9 @@ variable "project_deletion_policy" {
   type        = string
   default     = "PREVENT"
 }
+
+variable "folder_deletion_protection" {
+  description = "Prevent Terraform from destroying or recreating the folder."
+  type        = string
+  default     = true
+}
diff --git a/4-projects/modules/base_env/README.md b/4-projects/modules/base_env/README.md
index b64447262..25653ac3c 100644
--- a/4-projects/modules/base_env/README.md
+++ b/4-projects/modules/base_env/README.md
@@ -7,6 +7,7 @@
 | business\_unit | The business (ex. business\_unit\_1). | `string` | n/a | yes |
 | env | The environment to prepare (ex. development). | `string` | n/a | yes |
 | firewall\_enable\_logging | Toggle firewall logging for VPC Firewalls. | `bool` | `true` | no |
+| folder\_deletion\_protection | Prevent Terraform from destroying or recreating the folder. | `string` | `true` | no |
 | folder\_prefix | Name prefix to use for folders created. Should be the same in all steps. | `string` | `"fldr"` | no |
 | gcs\_bucket\_prefix | Name prefix to be used for GCS Bucket | `string` | `"bkt"` | no |
 | gcs\_custom\_placement\_config | Configuration of the bucket's custom location in a dual-region bucket setup. If the bucket is designated a single or multi-region, the variable are null. | <pre>object({<br>    data_locations = list(string)<br>  })</pre> | n/a | yes |
diff --git a/4-projects/modules/base_env/business_unit_folder.tf b/4-projects/modules/base_env/business_unit_folder.tf
index 68a98ea2f..a379e82d9 100644
--- a/4-projects/modules/base_env/business_unit_folder.tf
+++ b/4-projects/modules/base_env/business_unit_folder.tf
@@ -19,6 +19,7 @@ locals {
 }
 
 resource "google_folder" "env_business_unit" {
-  display_name = local.env_business_unit_folder_name
-  parent       = local.env_folder_name
+  display_name        = local.env_business_unit_folder_name
+  parent              = local.env_folder_name
+  deletion_protection = var.folder_deletion_protection
 }
diff --git a/4-projects/modules/base_env/variables.tf b/4-projects/modules/base_env/variables.tf
index e8ee1845b..a734b678e 100644
--- a/4-projects/modules/base_env/variables.tf
+++ b/4-projects/modules/base_env/variables.tf
@@ -186,3 +186,9 @@ variable "project_deletion_policy" {
   type        = string
   default     = "PREVENT"
 }
+
+variable "folder_deletion_protection" {
+  description = "Prevent Terraform from destroying or recreating the folder."
+  type        = string
+  default     = true
+}
diff --git a/helpers/foundation-deployer/global.tfvars.example b/helpers/foundation-deployer/global.tfvars.example
index 0347e625e..f86186d01 100644
--- a/helpers/foundation-deployer/global.tfvars.example
+++ b/helpers/foundation-deployer/global.tfvars.example
@@ -27,6 +27,8 @@ foundation_code_path = "FULL_PATH_TO_FOLDER_WHERE_THE_EXAMPLE_FOUNDATION_CODE_WA
 // See https://cloud.google.com/sdk/gcloud/reference/config/set#EXAMPLES
 validator_project_id = "EXISTING_PROJECT_ID"
 
+project_deletion_policy    = "DELETE"
+folder_deletion_protection = false
 
 // 0-bootstrap inputs
 // https://github.com/terraform-google-modules/terraform-example-foundation/blob/master/0-bootstrap/README.md#inputs
diff --git a/helpers/foundation-deployer/stages/apply.go b/helpers/foundation-deployer/stages/apply.go
index 90b6a9537..0e9d26648 100644
--- a/helpers/foundation-deployer/stages/apply.go
+++ b/helpers/foundation-deployer/stages/apply.go
@@ -45,6 +45,8 @@ func DeployBootstrapStage(t testing.TB, s steps.Steps, tfvars GlobalTFVars, c Co
 		BucketTfstateKmsForceDestroy: tfvars.BucketTfstateKmsForceDestroy,
 		Groups:                       tfvars.Groups,
 		InitialGroupConfig:           tfvars.InitialGroupConfig,
+		FolderDeletionProtection:     tfvars.FolderDeletionProtection,
+		ProjectDeletionPolicy:        tfvars.ProjectDeletionPolicy,
 	}
 
 	err := utils.WriteTfvars(filepath.Join(c.FoundationPath, BootstrapStep, "terraform.tfvars"), bootstrapTfvars)
@@ -205,6 +207,8 @@ func DeployOrgStage(t testing.TB, s steps.Steps, tfvars GlobalTFVars, outputs Bo
 		LogExportStorageForceDestroy:          tfvars.LogExportStorageForceDestroy,
 		LogExportStorageLocation:              tfvars.LogExportStorageLocation,
 		BillingExportDatasetLocation:          tfvars.BillingExportDatasetLocation,
+		FolderDeletionProtection:              tfvars.FolderDeletionProtection,
+		ProjectDeletionPolicy:                 tfvars.ProjectDeletionPolicy,
 	}
 	orgTfvars.GcpGroups = GcpGroups{}
 	if tfvars.HasOptionalGroupsCreation() {
@@ -247,7 +251,9 @@ func DeployOrgStage(t testing.TB, s steps.Steps, tfvars GlobalTFVars, outputs Bo
 func DeployEnvStage(t testing.TB, s steps.Steps, tfvars GlobalTFVars, outputs BootstrapOutputs, c CommonConf) error {
 
 	envsTfvars := EnvsTfvars{
-		RemoteStateBucket: outputs.RemoteStateBucket,
+		RemoteStateBucket:        outputs.RemoteStateBucket,
+		FolderDeletionProtection: tfvars.FolderDeletionProtection,
+		ProjectDeletionPolicy:    tfvars.ProjectDeletionPolicy,
 	}
 	err := utils.WriteTfvars(filepath.Join(c.FoundationPath, EnvironmentsStep, "terraform.tfvars"), envsTfvars)
 	if err != nil {
@@ -338,8 +344,10 @@ func DeployProjectsStage(t testing.TB, s steps.Steps, tfvars GlobalTFVars, outpu
 	}
 	//for each environment
 	envTfvars := ProjEnvTfvars{
-		ProjectsKMSLocation: tfvars.ProjectsKMSLocation,
-		ProjectsGCSLocation: tfvars.ProjectsGCSLocation,
+		ProjectsKMSLocation:      tfvars.ProjectsKMSLocation,
+		ProjectsGCSLocation:      tfvars.ProjectsGCSLocation,
+		FolderDeletionProtection: tfvars.FolderDeletionProtection,
+		ProjectDeletionPolicy:    tfvars.ProjectDeletionPolicy,
 	}
 	for _, envfile := range []string{
 		"development.auto.tfvars",
diff --git a/helpers/foundation-deployer/stages/data.go b/helpers/foundation-deployer/stages/data.go
index 6a40fed9f..d1289aa46 100644
--- a/helpers/foundation-deployer/stages/data.go
+++ b/helpers/foundation-deployer/stages/data.go
@@ -159,6 +159,8 @@ type GlobalTFVars struct {
 	ValidatorProjectId                    *string         `hcl:"validator_project_id"`
 	Groups                                Groups          `hcl:"groups"`
 	InitialGroupConfig                    *string         `hcl:"initial_group_config"`
+	FolderDeletionProtection              bool            `hcl:"folder_deletion_protection"`
+	ProjectDeletionPolicy                 string          `hcl:"project_deletion_policy"`
 }
 
 // HasValidatorProj checks if a Validator Project was provided
@@ -205,6 +207,8 @@ type BootstrapTfvars struct {
 	BucketTfstateKmsForceDestroy *bool   `hcl:"bucket_tfstate_kms_force_destroy"`
 	Groups                       Groups  `hcl:"groups"`
 	InitialGroupConfig           *string `hcl:"initial_group_config"`
+	FolderDeletionProtection     bool    `hcl:"folder_deletion_protection"`
+	ProjectDeletionPolicy        string  `hcl:"project_deletion_policy"`
 }
 
 type OrgTfvars struct {
@@ -220,10 +224,14 @@ type OrgTfvars struct {
 	LogExportStorageLocation              string    `hcl:"log_export_storage_location"`
 	BillingExportDatasetLocation          string    `hcl:"billing_export_dataset_location"`
 	GcpGroups                             GcpGroups `hcl:"gcp_groups"`
+	FolderDeletionProtection              bool      `hcl:"folder_deletion_protection"`
+	ProjectDeletionPolicy                 string    `hcl:"project_deletion_policy"`
 }
 
 type EnvsTfvars struct {
-	RemoteStateBucket string `hcl:"remote_state_bucket"`
+	RemoteStateBucket        string `hcl:"remote_state_bucket"`
+	FolderDeletionProtection bool   `hcl:"folder_deletion_protection"`
+	ProjectDeletionPolicy    string `hcl:"project_deletion_policy"`
 }
 
 type NetCommonTfvars struct {
@@ -250,8 +258,10 @@ type ProjSharedTfvars struct {
 }
 
 type ProjEnvTfvars struct {
-	ProjectsKMSLocation string `hcl:"projects_kms_location"`
-	ProjectsGCSLocation string `hcl:"projects_gcs_location"`
+	ProjectsKMSLocation      string `hcl:"projects_kms_location"`
+	ProjectsGCSLocation      string `hcl:"projects_gcs_location"`
+	FolderDeletionProtection bool   `hcl:"folder_deletion_protection"`
+	ProjectDeletionPolicy    string `hcl:"project_deletion_policy"`
 }
 
 type AppInfraCommonTfvars struct {
diff --git a/test/setup/main.tf b/test/setup/main.tf
index cb8cdfd9d..976fba60b 100644
--- a/test/setup/main.tf
+++ b/test/setup/main.tf
@@ -40,8 +40,9 @@ resource "random_string" "two_alphanumeric" {
 }
 
 resource "google_folder" "test_folder" {
-  display_name = "test_foundation_folder_${random_string.suffix.result}"
-  parent       = "folders/${var.folder_id}"
+  display_name        = "test_foundation_folder_${random_string.suffix.result}"
+  parent              = "folders/${var.folder_id}"
+  deletion_protection = false
 }
 
 module "project" {
diff --git a/test/setup/outputs.tf b/test/setup/outputs.tf
index 4b19fdbc2..59df276d9 100644
--- a/test/setup/outputs.tf
+++ b/test/setup/outputs.tf
@@ -114,3 +114,9 @@ output "project_deletion_policy" {
   description = "The deletion policy for the project created. Set to `DELETE` during integrated tests so that projects can be destroyed."
   value       = "DELETE"
 }
+
+variable "folder_deletion_protection" {
+  description = "Prevent Terraform from destroying or recreating the folder. Set to `false` during integrated tests so that folders can be destroyed."
+  type        = string
+  default     = false
+}

From e888cef09ebdad82bd5e96b889076468df872e19 Mon Sep 17 00:00:00 2001
From: Daniel Andrade <dandrade@ciandt.com>
Date: Tue, 5 Nov 2024 10:27:55 -0300
Subject: [PATCH 05/19] comment usage of folder_deletion_protection until
 update of cloud function module

---
 1-org/envs/shared/folders.tf | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/1-org/envs/shared/folders.tf b/1-org/envs/shared/folders.tf
index 484589573..90c69454a 100644
--- a/1-org/envs/shared/folders.tf
+++ b/1-org/envs/shared/folders.tf
@@ -19,13 +19,13 @@
  *****************************************/
 
 resource "google_folder" "common" {
-  display_name        = "${local.folder_prefix}-common"
-  parent              = local.parent
-  deletion_protection = var.folder_deletion_protection
+  display_name = "${local.folder_prefix}-common"
+  parent       = local.parent
+  # deletion_protection = var.folder_deletion_protection // uncommnet after updating "GoogleCloudPlatform/cloud-functions/google" to provider v6
 }
 
 resource "google_folder" "network" {
-  display_name        = "${local.folder_prefix}-network"
-  parent              = local.parent
-  deletion_protection = var.folder_deletion_protection
+  display_name = "${local.folder_prefix}-network"
+  parent       = local.parent
+  # deletion_protection = var.folder_deletion_protection // uncommnet after updating "GoogleCloudPlatform/cloud-functions/google" to provider v6
 }

From 8cb3e2058cbe1e15f37c0cab8bfc2a6cd2792b58 Mon Sep 17 00:00:00 2001
From: Daniel Andrade <dandrade@ciandt.com>
Date: Tue, 5 Nov 2024 17:41:35 -0300
Subject: [PATCH 06/19] fix output type for folder_deletion_protection

---
 test/setup/outputs.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/setup/outputs.tf b/test/setup/outputs.tf
index 59df276d9..121f8560e 100644
--- a/test/setup/outputs.tf
+++ b/test/setup/outputs.tf
@@ -117,6 +117,6 @@ output "project_deletion_policy" {
 
 variable "folder_deletion_protection" {
   description = "Prevent Terraform from destroying or recreating the folder. Set to `false` during integrated tests so that folders can be destroyed."
-  type        = string
+  type        = bool
   default     = false
 }

From 6ddcfcaf5942ee548e399791facad1ac6567755b Mon Sep 17 00:00:00 2001
From: Daniel Andrade <dandrade@ciandt.com>
Date: Tue, 5 Nov 2024 17:43:36 -0300
Subject: [PATCH 07/19] update backends.balancingMode to CONNECTION for an
 INTERNAL backend service

---
 3-networks-hub-and-spoke/modules/transitivity/main.tf | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/3-networks-hub-and-spoke/modules/transitivity/main.tf b/3-networks-hub-and-spoke/modules/transitivity/main.tf
index 1b082e482..a84dad5ba 100644
--- a/3-networks-hub-and-spoke/modules/transitivity/main.tf
+++ b/3-networks-hub-and-spoke/modules/transitivity/main.tf
@@ -108,7 +108,11 @@ module "ilbs" {
   target_tags             = null
   create_backend_firewall = false
   backends = [
-    { group = module.migs[each.key].instance_group, description = "" },
+    {
+      group          = module.migs[each.key].instance_group,
+      description    = "",
+      balancing_mode = "CONNECTION"
+    },
   ]
 
   health_check = {

From 29cbefd879e9f5e8c8b00f74350e515bf14b1a2e Mon Sep 17 00:00:00 2001
From: Daniel Andrade <dandrade@ciandt.com>
Date: Tue, 5 Nov 2024 20:51:50 -0300
Subject: [PATCH 08/19] upgrade KMS module

---
 4-projects/modules/base_env/example_storage_cmek.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/4-projects/modules/base_env/example_storage_cmek.tf b/4-projects/modules/base_env/example_storage_cmek.tf
index ba86b0451..2256e2a54 100644
--- a/4-projects/modules/base_env/example_storage_cmek.tf
+++ b/4-projects/modules/base_env/example_storage_cmek.tf
@@ -20,7 +20,7 @@ data "google_storage_project_service_account" "gcs_account" {
 
 module "kms" {
   source  = "terraform-google-modules/kms/google"
-  version = "~> 2.1"
+  version = "~> 3.2"
 
   project_id          = local.kms_project_id
   keyring             = var.keyring_name

From ffce27bacbfaccf90f96f866cecbe202194d4557 Mon Sep 17 00:00:00 2001
From: Daniel Andrade <dandrade@ciandt.com>
Date: Tue, 5 Nov 2024 20:52:46 -0300
Subject: [PATCH 09/19] initialize workflows api service identity

---
 0-bootstrap/cb.tf | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/0-bootstrap/cb.tf b/0-bootstrap/cb.tf
index 6c971d5a5..bbb63ecbe 100644
--- a/0-bootstrap/cb.tf
+++ b/0-bootstrap/cb.tf
@@ -137,6 +137,15 @@ module "tf_source" {
   depends_on = [module.seed_bootstrap]
 }
 
+resource "google_project_service_identity" "workflows_identity" {
+  provider = google-beta
+
+  project = module.tf_source.cloudbuild_project_id
+  service = "workflows.googleapis.com"
+
+  depends_on = [module.tf_source]
+}
+
 module "tf_private_pool" {
   source = "./modules/cb-private-pool"
 

From 1c88d6081f5abd26954121fcec26c22ff64efe32 Mon Sep 17 00:00:00 2001
From: Daniel Andrade <dandrade@ciandt.com>
Date: Wed, 6 Nov 2024 09:55:31 -0300
Subject: [PATCH 10/19] upgrade lb-internal module version

---
 3-networks-hub-and-spoke/modules/transitivity/main.tf | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/3-networks-hub-and-spoke/modules/transitivity/main.tf b/3-networks-hub-and-spoke/modules/transitivity/main.tf
index a84dad5ba..496fc4244 100644
--- a/3-networks-hub-and-spoke/modules/transitivity/main.tf
+++ b/3-networks-hub-and-spoke/modules/transitivity/main.tf
@@ -91,7 +91,7 @@ module "migs" {
 
 module "ilbs" {
   source   = "GoogleCloudPlatform/lb-internal/google"
-  version  = "~> 6.0"
+  version  = "~> 7.0"
   for_each = toset(var.regions)
 
   region                  = each.key
@@ -110,8 +110,7 @@ module "ilbs" {
   backends = [
     {
       group          = module.migs[each.key].instance_group,
-      description    = "",
-      balancing_mode = "CONNECTION"
+      description    = ""
     },
   ]
 

From 7226225140c3e908fc7292d4f6fa90be0c4af6d4 Mon Sep 17 00:00:00 2001
From: Daniel Andrade <dandrade@ciandt.com>
Date: Wed, 6 Nov 2024 10:11:16 -0300
Subject: [PATCH 11/19] enable storage.googleapis.com in 4-projects base shared
 vpc project

---
 .../modules/base_env/example_base_shared_vpc_project.tf      | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/4-projects/modules/base_env/example_base_shared_vpc_project.tf b/4-projects/modules/base_env/example_base_shared_vpc_project.tf
index 297c10fe5..03741b6a2 100644
--- a/4-projects/modules/base_env/example_base_shared_vpc_project.tf
+++ b/4-projects/modules/base_env/example_base_shared_vpc_project.tf
@@ -49,7 +49,8 @@ module "base_shared_vpc_project" {
 
   activate_apis = [
     "iam.googleapis.com",
-    "cloudresourcemanager.googleapis.com"
+    "cloudresourcemanager.googleapis.com",
+    "storage.googleapis.com"
   ]
 
   # Metadata
@@ -60,5 +61,3 @@ module "base_shared_vpc_project" {
   secondary_contact = "example2@example.com"
   business_code     = var.business_code
 }
-
-

From 012b3b3bd1e74208242b8303bb1f20d603ce8006 Mon Sep 17 00:00:00 2001
From: Daniel Andrade <dandrade@ciandt.com>
Date: Wed, 6 Nov 2024 10:25:46 -0300
Subject: [PATCH 12/19] update provider restriction

---
 0-bootstrap/modules/gitlab-oidc/versions.tf           | 2 +-
 0-bootstrap/modules/tfc-agent-gke/versions.tf         | 2 +-
 5-app-infra/business_unit_1/development/versions.tf   | 4 ++--
 5-app-infra/business_unit_1/nonproduction/versions.tf | 4 ++--
 5-app-infra/business_unit_1/production/versions.tf    | 4 ++--
 5 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/0-bootstrap/modules/gitlab-oidc/versions.tf b/0-bootstrap/modules/gitlab-oidc/versions.tf
index dc2e4b617..0d9e65818 100644
--- a/0-bootstrap/modules/gitlab-oidc/versions.tf
+++ b/0-bootstrap/modules/gitlab-oidc/versions.tf
@@ -20,7 +20,7 @@ terraform {
 
     google = {
       source  = "hashicorp/google"
-      version = ">= 3.64, < 6"
+      version = ">= 3.64, < 7"
     }
   }
 
diff --git a/0-bootstrap/modules/tfc-agent-gke/versions.tf b/0-bootstrap/modules/tfc-agent-gke/versions.tf
index 2ccf6ddc9..c3c6eeced 100644
--- a/0-bootstrap/modules/tfc-agent-gke/versions.tf
+++ b/0-bootstrap/modules/tfc-agent-gke/versions.tf
@@ -20,7 +20,7 @@ terraform {
 
     google = {
       source  = "hashicorp/google"
-      version = ">= 4.3.0, < 6"
+      version = ">= 4.3.0, < 7"
     }
 
     kubernetes = {
diff --git a/5-app-infra/business_unit_1/development/versions.tf b/5-app-infra/business_unit_1/development/versions.tf
index baa38abbc..bbf8d82ce 100644
--- a/5-app-infra/business_unit_1/development/versions.tf
+++ b/5-app-infra/business_unit_1/development/versions.tf
@@ -21,12 +21,12 @@ terraform {
 
     google = {
       source  = "hashicorp/google"
-      version = ">= 3.77, < 6"
+      version = ">= 3.77, < 7"
     }
 
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 3.77, < 6"
+      version = ">= 3.77, < 7"
     }
 
     null = {
diff --git a/5-app-infra/business_unit_1/nonproduction/versions.tf b/5-app-infra/business_unit_1/nonproduction/versions.tf
index baa38abbc..bbf8d82ce 100644
--- a/5-app-infra/business_unit_1/nonproduction/versions.tf
+++ b/5-app-infra/business_unit_1/nonproduction/versions.tf
@@ -21,12 +21,12 @@ terraform {
 
     google = {
       source  = "hashicorp/google"
-      version = ">= 3.77, < 6"
+      version = ">= 3.77, < 7"
     }
 
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 3.77, < 6"
+      version = ">= 3.77, < 7"
     }
 
     null = {
diff --git a/5-app-infra/business_unit_1/production/versions.tf b/5-app-infra/business_unit_1/production/versions.tf
index baa38abbc..bbf8d82ce 100644
--- a/5-app-infra/business_unit_1/production/versions.tf
+++ b/5-app-infra/business_unit_1/production/versions.tf
@@ -21,12 +21,12 @@ terraform {
 
     google = {
       source  = "hashicorp/google"
-      version = ">= 3.77, < 6"
+      version = ">= 3.77, < 7"
     }
 
     google-beta = {
       source  = "hashicorp/google-beta"
-      version = ">= 3.77, < 6"
+      version = ">= 3.77, < 7"
     }
 
     null = {

From 1c93a04faebff4d28bedcbc48aa9d90f80d76bad Mon Sep 17 00:00:00 2001
From: Daniel Andrade <dandrade@ciandt.com>
Date: Wed, 6 Nov 2024 10:26:19 -0300
Subject: [PATCH 13/19] update modules

---
 0-bootstrap/groups.tf                     | 4 ++--
 0-bootstrap/modules/tfc-agent-gke/main.tf | 4 ++--
 5-app-infra/modules/env_base/main.tf      | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/0-bootstrap/groups.tf b/0-bootstrap/groups.tf
index 6f9a8d160..aadb18ece 100644
--- a/0-bootstrap/groups.tf
+++ b/0-bootstrap/groups.tf
@@ -34,7 +34,7 @@ data "google_organization" "org" {
 
 module "required_group" {
   source   = "terraform-google-modules/group/google"
-  version  = "~> 0.6"
+  version  = "~> 0.7"
   for_each = local.required_groups_to_create
 
   id                   = each.value
@@ -46,7 +46,7 @@ module "required_group" {
 
 module "optional_group" {
   source   = "terraform-google-modules/group/google"
-  version  = "~> 0.6"
+  version  = "~> 0.7"
   for_each = local.optional_groups_to_create
 
   id                   = each.value
diff --git a/0-bootstrap/modules/tfc-agent-gke/main.tf b/0-bootstrap/modules/tfc-agent-gke/main.tf
index 4100c3611..2e631e3fd 100644
--- a/0-bootstrap/modules/tfc-agent-gke/main.tf
+++ b/0-bootstrap/modules/tfc-agent-gke/main.tf
@@ -96,7 +96,7 @@ resource "google_service_account" "tfc_agent_service_account" {
 
 module "tfc_agent_cluster" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/beta-autopilot-private-cluster/"
-  version = "~> 31.0"
+  version = "~> 34.0"
 
   project_id         = var.project_id
   region             = var.region
@@ -394,7 +394,7 @@ resource "google_dns_policy" "default_policy" {
 
 module "hub" {
   source  = "terraform-google-modules/kubernetes-engine/google//modules/fleet-membership"
-  version = "~> 31.0"
+  version = "~> 34.0"
 
   project_id   = var.project_id
   location     = var.region
diff --git a/5-app-infra/modules/env_base/main.tf b/5-app-infra/modules/env_base/main.tf
index 6d7821183..e4fedfc8c 100644
--- a/5-app-infra/modules/env_base/main.tf
+++ b/5-app-infra/modules/env_base/main.tf
@@ -61,7 +61,7 @@ resource "google_service_account" "compute_engine_service_account" {
 
 module "instance_template" {
   source  = "terraform-google-modules/vm/google//modules/instance_template"
-  version = "~> 11.0"
+  version = "~> 12.0"
 
   machine_type = var.machine_type
   region       = var.region
@@ -80,7 +80,7 @@ module "instance_template" {
 
 module "compute_instance" {
   source  = "terraform-google-modules/vm/google//modules/compute_instance"
-  version = "~> 11.0"
+  version = "~> 12.0"
 
   region                = var.region
   subnetwork            = local.subnetwork_self_link

From 50b9e58c20819702b980d6443119237ba38df400 Mon Sep 17 00:00:00 2001
From: Daniel Andrade <dandrade@ciandt.com>
Date: Wed, 6 Nov 2024 10:32:37 -0300
Subject: [PATCH 14/19] fix lint

---
 3-networks-hub-and-spoke/modules/transitivity/main.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/3-networks-hub-and-spoke/modules/transitivity/main.tf b/3-networks-hub-and-spoke/modules/transitivity/main.tf
index 496fc4244..f2e0cff90 100644
--- a/3-networks-hub-and-spoke/modules/transitivity/main.tf
+++ b/3-networks-hub-and-spoke/modules/transitivity/main.tf
@@ -109,8 +109,8 @@ module "ilbs" {
   create_backend_firewall = false
   backends = [
     {
-      group          = module.migs[each.key].instance_group,
-      description    = ""
+      group       = module.migs[each.key].instance_group,
+      description = ""
     },
   ]
 

From 254edb931b0375d48523b5f411bb617cc577d83e Mon Sep 17 00:00:00 2001
From: Daniel Andrade <dandrade@ciandt.com>
Date: Wed, 6 Nov 2024 13:57:02 -0300
Subject: [PATCH 15/19] set deletion protection to false

---
 test/integration/bootstrap/bootstrap_test.go | 2 ++
 test/integration/envs/envs_test.go           | 4 +++-
 test/integration/org/org_test.go             | 2 ++
 test/integration/projects/projects_test.go   | 4 +++-
 4 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/test/integration/bootstrap/bootstrap_test.go b/test/integration/bootstrap/bootstrap_test.go
index 41e46466b..aef67be44 100644
--- a/test/integration/bootstrap/bootstrap_test.go
+++ b/test/integration/bootstrap/bootstrap_test.go
@@ -49,6 +49,8 @@ func TestBootstrap(t *testing.T) {
 	vars := map[string]interface{}{
 		"bucket_force_destroy":             true,
 		"bucket_tfstate_kms_force_destroy": true,
+		"folder_deletion_protection":       false,
+		"project_deletion_policy":          "DELETE",
 	}
 
 	temp := tft.NewTFBlueprintTest(t,
diff --git a/test/integration/envs/envs_test.go b/test/integration/envs/envs_test.go
index ed06d1786..15de28f31 100644
--- a/test/integration/envs/envs_test.go
+++ b/test/integration/envs/envs_test.go
@@ -40,7 +40,9 @@ func TestEnvs(t *testing.T) {
 	backend_bucket := bootstrap.GetStringOutput("gcs_bucket_tfstate")
 
 	vars := map[string]interface{}{
-		"remote_state_bucket": backend_bucket,
+		"remote_state_bucket":        backend_bucket,
+		"folder_deletion_protection": false,
+		"project_deletion_policy":    "DELETE",
 	}
 
 	backendConfig := map[string]interface{}{
diff --git a/test/integration/org/org_test.go b/test/integration/org/org_test.go
index 00c6b7b85..8b4b942cc 100644
--- a/test/integration/org/org_test.go
+++ b/test/integration/org/org_test.go
@@ -41,6 +41,8 @@ func TestOrg(t *testing.T) {
 	vars := map[string]interface{}{
 		"remote_state_bucket":              backend_bucket,
 		"log_export_storage_force_destroy": "true",
+		"folder_deletion_protection":       false,
+		"project_deletion_policy":          "DELETE",
 	}
 
 	backendConfig := map[string]interface{}{
diff --git a/test/integration/projects/projects_test.go b/test/integration/projects/projects_test.go
index 27cb910be..f630045d5 100644
--- a/test/integration/projects/projects_test.go
+++ b/test/integration/projects/projects_test.go
@@ -128,7 +128,9 @@ func TestProjects(t *testing.T) {
 			sharedCloudBuildSA := terraform.OutputMap(t, shared.GetTFOptions(), "terraform_service_accounts")[tt.repo]
 
 			vars := map[string]interface{}{
-				"remote_state_bucket": backend_bucket,
+				"remote_state_bucket":        backend_bucket,
+				"folder_deletion_protection": false,
+				"project_deletion_policy":    "DELETE",
 			}
 
 			projects := tft.NewTFBlueprintTest(t,

From e7009c62765d6139d896dba35ba08b7271d11e0d Mon Sep 17 00:00:00 2001
From: Daniel Andrade <dandrade@ciandt.com>
Date: Fri, 8 Nov 2024 18:02:49 -0300
Subject: [PATCH 16/19] fix subnetwork_project validation issue

---
 5-app-infra/modules/env_base/main.tf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/5-app-infra/modules/env_base/main.tf b/5-app-infra/modules/env_base/main.tf
index e4fedfc8c..078743720 100644
--- a/5-app-infra/modules/env_base/main.tf
+++ b/5-app-infra/modules/env_base/main.tf
@@ -39,6 +39,7 @@ locals {
 
   env_project_id        = local.env_project_ids[var.project_suffix]
   subnetwork_self_link  = local.env_project_subnets[var.project_suffix]
+  subnetwork_project    = element(split("/", local.subnetwork_self_link), index(split("/", local.subnetwork_self_link), "projects") + 1, )
   resource_manager_tags = local.env_project_resource_manager_tags[var.project_suffix]
 }
 
@@ -84,6 +85,7 @@ module "compute_instance" {
 
   region                = var.region
   subnetwork            = local.subnetwork_self_link
+  subnetwork_project    = local.subnetwork_project
   num_instances         = var.num_instances
   hostname              = var.hostname
   instance_template     = module.instance_template.self_link

From 7b81b9b922470c15198fcafeef030cbafe03bd3a Mon Sep 17 00:00:00 2001
From: Daniel Andrade <dandrade@ciandt.com>
Date: Fri, 8 Nov 2024 22:22:05 -0300
Subject: [PATCH 17/19] configure deletion_policy for env network projects

---
 1-org/modules/network/main.tf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/1-org/modules/network/main.tf b/1-org/modules/network/main.tf
index 0d4c108ed..d1b22bd52 100644
--- a/1-org/modules/network/main.tf
+++ b/1-org/modules/network/main.tf
@@ -29,6 +29,7 @@ module "base_shared_vpc_host_project" {
   billing_account             = var.billing_account
   folder_id                   = var.folder_id
   disable_services_on_destroy = false
+  deletion_policy             = var.project_deletion_policy
 
   activate_apis = [
     "compute.googleapis.com",
@@ -65,6 +66,7 @@ module "restricted_shared_vpc_host_project" {
   billing_account             = var.billing_account
   folder_id                   = var.folder_id
   disable_services_on_destroy = false
+  deletion_policy             = var.project_deletion_policy
 
   activate_apis = [
     "compute.googleapis.com",

From 46cab67ff2a1ff4406ab18cf4077a7bd6fb59fda Mon Sep 17 00:00:00 2001
From: Daniel Andrade <dandrade@ciandt.com>
Date: Mon, 11 Nov 2024 16:28:46 -0300
Subject: [PATCH 18/19] Update 0-bootstrap/cb.tf

Co-authored-by: Andrew Peabody <andrewpeabody@google.com>
---
 0-bootstrap/cb.tf | 1 -
 1 file changed, 1 deletion(-)

diff --git a/0-bootstrap/cb.tf b/0-bootstrap/cb.tf
index bbb63ecbe..ef7e922b4 100644
--- a/0-bootstrap/cb.tf
+++ b/0-bootstrap/cb.tf
@@ -98,7 +98,6 @@ module "tf_source" {
 
   project_deletion_policy = var.project_deletion_policy
 
-
   activate_apis = [
     "serviceusage.googleapis.com",
     "servicenetworking.googleapis.com",

From 07ef96ed3297f64c450fbc62f93751d4fa972002 Mon Sep 17 00:00:00 2001
From: Daniel Andrade <dandrade@ciandt.com>
Date: Mon, 11 Nov 2024 20:18:54 -0300
Subject: [PATCH 19/19] pin google version to v6.10 until fix in bootstrap
 module

---
 0-bootstrap/versions.tf | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/0-bootstrap/versions.tf b/0-bootstrap/versions.tf
index ee8f24e58..17dac8a60 100644
--- a/0-bootstrap/versions.tf
+++ b/0-bootstrap/versions.tf
@@ -20,7 +20,13 @@ terraform {
     google = {
       // version 4.31.0 removed because of issue https://github.com/hashicorp/terraform-provider-google/issues/12226
       source  = "hashicorp/google"
-      version = ">= 3.50, != 4.31.0"
+      version = ">= 3.50, != 4.31.0, <= 6.10"
+    }
+
+    google-beta = {
+      // version 4.31.0 removed because of issue https://github.com/hashicorp/terraform-provider-google/issues/12226
+      source  = "hashicorp/google-beta"
+      version = ">= 3.50, != 4.31.0, <= 6.10"
     }
 
     // Un-comment gitlab required_providers when using gitlab CI/CD