terraform-google-cloud-workflows icon indicating copy to clipboard operation
terraform-google-cloud-workflows copied to clipboard

Manage Workflows with optional Scheduler or Event Arc triggers


This module is used to create a Workflow and trigger can be set on it either using a Cloud Scheduler or a Event Arc Trigger

The resources/services/activations/deletions that this module will create/trigger are:

  • Creates a Workflow
  • Creates either a Cloud Scheduler OR Event Arc Trigger


  • Usage of this module for scheduling a Workflows using a Cloud Scheduler:
module "cloud_workflow" {
  source  = "GoogleCloudPlatform/cloud-workflows/google"
  version = "~> 0.1"

  workflow_name         = "wf-sample"
  region                = "us-central1"
  service_account_email = "<svc_account>"
  workflow_trigger = {
    cloud_scheduler = {
      name                  = "workflow-job"
      cron                  = "*/3 * * * *"
      time_zone             = "America/New_York"
      deadline              = "320s"
      service_account_email = "<svc_account>"
  workflow_source       = <<-EOF
  - getCurrentTime:
      call: http.get
          url: https://us-central1-workflowsample.cloudfunctions.net/datetime
      result: CurrentDateTime
  - readWikipedia:
      call: http.get
          url: https://en.wikipedia.org/w/api.php
              action: opensearch
              search: $${CurrentDateTime.body.dayOfTheWeek}
      result: WikiResult
  - returnOutput:
      return: $${WikiResult.body[1]}
  • Usage of this module to trigger Workflow using Event Arc Trigger:
module "cloud_workflow" {
  source  = "GoogleCloudPlatform/cloud-workflows/google"
  version = "~> 0.1"

  workflow_name         = "wf-sample"
  region                = "us-central1"
  service_account_email = "<svc_account>"
  workflow_trigger = {
    event_arc = {
      name                  = "trigger-pubsub-workflow-tf"
      service_account_email = "<svc_account>"
      matching_criteria = [{
        attribute = "type"
        value     = "google.cloud.pubsub.topic.v1.messagePublished"
  workflow_source       = <<-EOF
  - getCurrentTime:
      call: http.get
          url: https://us-central1-workflowsample.cloudfunctions.net/datetime
      result: CurrentDateTime
  - readWikipedia:
      call: http.get
          url: https://en.wikipedia.org/w/api.php
              action: opensearch
              search: $${CurrentDateTime.body.dayOfTheWeek}
      result: WikiResult
  - returnOutput:
      return: $${WikiResult.body[1]}

Functional examples are included in the examples directory.


Name Description Type Default Required
project_id The project ID to deploy to string n/a yes
region The name of the region where workflow will be created string n/a yes
service_account_create Auto-create service account. bool false no
service_account_email Service account email. Unused if service account is auto-created. string null no
workflow_description Description for the cloud workflow string "Sample workflow Description" no
workflow_labels A set of key/value label pairs to assign to the workflow map(string) {} no
workflow_name The name of the cloud workflow to create string n/a yes
workflow_source Workflow YAML code to be executed. The size limit is 32KB. string n/a yes
workflow_trigger Trigger for the Workflow . Cloud Scheduler OR Event Arc
cloud_scheduler = optional(object({
name = string
cron = string
time_zone = string
deadline = string
argument = optional(string)
service_account_email = string
event_arc = optional(object({
name = string
service_account_email = string
matching_criteria = set(object({
attribute = string
operator = optional(string)
value = string
pubsub_topic_id = optional(string)
n/a yes


Name Description
event_arc_id Google Event Arc id
scheduler_job_id Google Cloud scheduler job id
workflow_id Workflow identifier for the resource with format projects/{{project}}/locations/{{region}}/workflows/{{name}}
workflow_region The region of the workflow.
workflow_revision_id The revision of the workflow. A new one is generated if the service account or source contents is changed.


These sections describe requirements for using this module.


The following dependencies must be available:

Service Account

A service account with the following roles must be used to provision the resources of this module:

  • Storage Admin: roles/storage.admin

The Project Factory module and the IAM module may be used in combination to provision a service account with the necessary roles applied.


A project with the following APIs enabled must be used to host the resources of this module:

  • Google Cloud Storage JSON API: storage-api.googleapis.com

The Project Factory module can be used to provision a project with the necessary APIs enabled.


Refer to the contribution guidelines for information on contributing to this module.

Security Disclosures

Please see our security disclosure process.