Landing Zone Console

Landing zone workspace

SAMA Regulated Hub-Spoke

Configure enterprise landing zones, hydrate live Google Cloud options, and inspect workflow state from a single console-style workspace.

idle

API: /api/control-plane

State: bigid-lz-state

Console Setup

Templates & Settings

Prepare reusable inputs, save blueprint state, and tune runtime behavior from one control strip.

Wizard Step

Identity & Access

Credentials and control-plane access.

Verification cadence: Daily drift detectionExecution: Temporal durable workflowShared VPC: Create New

Statebigid-lz-state / tenant-or-project prefixes

TopologyHub Spoke / Regulated Hub Spoke

Shared VPCCreate New / network-host

Step Status

Step is ready for review

Validate the current inputs to hydrate dependent options and confirm readiness before continuing.

Tenant ID

Optional. If omitted, the project ID is used as the tenant namespace.

Project ID

Deployment ID

Optional. Leave blank to generate a new run-scoped deployment ID automatically.

Organization ID

Billing Account ID

Primary Admin Email

Credential Mode

Credential Readiness

Credentials are not configured yet.

No supported runtime identity, ADC source, or explicit backend credentials are available yet, so local dry-runs will stop before OpenTofu plan execution.

Runtime Identity

Backend environment mode uses the runtime identity first

Use the backend runtime identity instead of pasting secrets into the browser. For local runs, configure GOOGLE_APPLICATION_CREDENTIALS, GOOGLE_CREDENTIALS, GOOGLE_OAUTH_ACCESS_TOKEN, or CLOUDSDK_AUTH_ACCESS_TOKEN in the backend container.

No browser token

Set NEXT_PUBLIC_GOOGLE_OAUTH_CLIENT_ID to enable browser sign-in for live catalog discovery.