esgn/main.tf

## main.tf
resource "google_storage_bucket" "osm_dl_planet" {
  project                     = var.project-id
  name                        = var.bucket-name
  uniform_bucket_level_access = true
  location                    = var.project-region
  storage_class               = "REGIONAL"
  force_destroy               = true
}

resource "google_service_account" "scheduler" {
  project      = var.project-id
  account_id   = var.scheduler-service-account-name
  display_name = var.scheduler-service-account-name
}

resource "google_project_iam_member" "cloudscheduler_admin_binding" {
  project = var.project-id
  role    = "roles/cloudscheduler.admin"
  member  = "serviceAccount:${google_service_account.scheduler.email}"
}

resource "google_project_iam_member" "batch_job_editor_binding" {
  project = var.project-id
  role    = "roles/batch.jobsEditor"
  member  = "serviceAccount:${google_service_account.scheduler.email}"
}

resource "google_project_iam_member" "iam_sa_user_binding" {
  project = var.project-id
  role    = "roles/iam.serviceAccountUser"
  member  = "serviceAccount:${google_service_account.scheduler.email}"
}

resource "google_project_iam_member" "cloudscheduler_sa_binding" {
  project = var.project-id
  role    = "roles/cloudscheduler.serviceAgent"
  member  = "serviceAccount:${google_service_account.scheduler.email}"
}

resource "google_service_account" "batch" {
  project      = var.project-id
  account_id   = var.batch-service-account-name
  display_name = var.batch-service-account-name
}

resource "google_project_iam_member" "batch_agent_reporter_binding" {
  project = var.project-id
  role    = "roles/batch.agentReporter"
  member  = "serviceAccount:${google_service_account.batch.email}"
}

resource "google_project_iam_member" "logging_logwriter_binding" {
  project = var.project-id
  role    = "roles/logging.logWriter"
  member  = "serviceAccount:${google_service_account.batch.email}"
}

resource "google_project_iam_member" "storage_admin_binding" {
  project = var.project-id
  role    = "roles/storage.admin"
  member  = "serviceAccount:${google_service_account.batch.email}"
}

resource "google_cloud_scheduler_job" "job" {
  project          = var.project-id
  region           = "europe-west1"
  name             = "dl-osm-planet-scheduler"
  description      = "dl-osm-planet-scheduler"
  schedule         = "0 1 * * 2"
  time_zone        = "Europe/Paris"
  attempt_deadline = "300s"

  http_target {
    http_method = "POST"
    uri         = "https://batch.googleapis.com/v1/projects/${var.project-number}/locations/${var.project-region}/jobs"
    headers = {
      "Content-Type" = "application/json"
      "User-Agent"   = "Google-Cloud-Scheduler"
    }
    # Batch job definition
    body = base64encode(<<EOT
    {
        "name": "projects/${var.project-id}/locations/${var.project-region}/jobs/${var.batch-job-name}",
        "taskGroups": [
            {
            "taskCount": "1",
            "parallelism": "1",
            "taskSpec": {
                "computeResource": {
                "cpuMilli": "2000",
                "memoryMib": "4096"
                },
                "runnables": [
                {
                    "script": {
                    "text": "wget \"https://planet.openstreetmap.org/pbf/planet-latest.osm.pbf\" -O \"/output/planet.pbf\""
                    }
                }
                ],
                "volumes": [
                {
                    "gcs": {
                      "remotePath": "${google_storage_bucket.osm_dl_planet.name}"
                    },
                    "mountPath": "/output"
                }
                ]
            }
            }
        ],
        "allocationPolicy": {
            "instances": [
            {
                "policy": {
                "provisioningModel": "STANDARD",
                "machineType": "e2-medium",
                "bootDisk": {
                    "type": "pd-ssd",
                    "sizeGb": 150
                }
                }
            }
            ],
            "network": {
            "networkInterfaces": [
                {
                "network": "projects/${var.project-id}/global/networks/${var.vpc-network-name}",
                "subnetwork": "projects/${var.project-id}/regions/${var.project-region}/subnetworks/${var.vpc-subnetwork-name}"
                }
            ]
            },
            "serviceAccount": {
            "email": "${google_service_account.batch.email}"
            }
        },
        "logsPolicy": {
            "destination": "CLOUD_LOGGING"
        }
    }
    EOT
    )
    oauth_token {
      scope                 = "https://www.googleapis.com/auth/cloud-platform"
      service_account_email = google_service_account.scheduler.email
    }
  }
}
	resource "google_storage_bucket" "osm_dl_planet" {
	project = var.project-id
	name = var.bucket-name
	uniform_bucket_level_access = true
	location = var.project-region
	storage_class = "REGIONAL"
	force_destroy = true
	}

	resource "google_service_account" "scheduler" {
	project = var.project-id
	account_id = var.scheduler-service-account-name
	display_name = var.scheduler-service-account-name
	}

	resource "google_project_iam_member" "cloudscheduler_admin_binding" {
	project = var.project-id
	role = "roles/cloudscheduler.admin"
	member = "serviceAccount:${google_service_account.scheduler.email}"
	}

	resource "google_project_iam_member" "batch_job_editor_binding" {
	project = var.project-id
	role = "roles/batch.jobsEditor"
	member = "serviceAccount:${google_service_account.scheduler.email}"
	}

	resource "google_project_iam_member" "iam_sa_user_binding" {
	project = var.project-id
	role = "roles/iam.serviceAccountUser"
	member = "serviceAccount:${google_service_account.scheduler.email}"
	}

	resource "google_project_iam_member" "cloudscheduler_sa_binding" {
	project = var.project-id
	role = "roles/cloudscheduler.serviceAgent"
	member = "serviceAccount:${google_service_account.scheduler.email}"
	}

	resource "google_service_account" "batch" {
	project = var.project-id
	account_id = var.batch-service-account-name
	display_name = var.batch-service-account-name
	}

	resource "google_project_iam_member" "batch_agent_reporter_binding" {
	project = var.project-id
	role = "roles/batch.agentReporter"
	member = "serviceAccount:${google_service_account.batch.email}"
	}

	resource "google_project_iam_member" "logging_logwriter_binding" {
	project = var.project-id
	role = "roles/logging.logWriter"
	member = "serviceAccount:${google_service_account.batch.email}"
	}

	resource "google_project_iam_member" "storage_admin_binding" {
	project = var.project-id
	role = "roles/storage.admin"
	member = "serviceAccount:${google_service_account.batch.email}"
	}

	resource "google_cloud_scheduler_job" "job" {
	project = var.project-id
	region = "europe-west1"
	name = "dl-osm-planet-scheduler"
	description = "dl-osm-planet-scheduler"
	schedule = "0 1 * * 2"
	time_zone = "Europe/Paris"
	attempt_deadline = "300s"

	http_target {
	http_method = "POST"
	uri = "https://batch.googleapis.com/v1/projects/${var.project-number}/locations/${var.project-region}/jobs"
	headers = {
	"Content-Type" = "application/json"
	"User-Agent" = "Google-Cloud-Scheduler"
	}
	# Batch job definition
	body = base64encode(<<EOT
	{
	"name": "projects/${var.project-id}/locations/${var.project-region}/jobs/${var.batch-job-name}",
	"taskGroups": [
	{
	"taskCount": "1",
	"parallelism": "1",
	"taskSpec": {
	"computeResource": {
	"cpuMilli": "2000",
	"memoryMib": "4096"
	},
	"runnables": [
	{
	"script": {
	"text": "wget \"https://planet.openstreetmap.org/pbf/planet-latest.osm.pbf\" -O \"/output/planet.pbf\""
	}
	}
	],
	"volumes": [
	{
	"gcs": {
	"remotePath": "${google_storage_bucket.osm_dl_planet.name}"
	},
	"mountPath": "/output"
	}
	]
	}
	}
	],
	"allocationPolicy": {
	"instances": [
	{
	"policy": {
	"provisioningModel": "STANDARD",
	"machineType": "e2-medium",
	"bootDisk": {
	"type": "pd-ssd",
	"sizeGb": 150
	}
	}
	}
	],
	"network": {
	"networkInterfaces": [
	{
	"network": "projects/${var.project-id}/global/networks/${var.vpc-network-name}",
	"subnetwork": "projects/${var.project-id}/regions/${var.project-region}/subnetworks/${var.vpc-subnetwork-name}"
	}
	]
	},
	"serviceAccount": {
	"email": "${google_service_account.batch.email}"
	}
	},
	"logsPolicy": {
	"destination": "CLOUD_LOGGING"
	}
	}
	EOT
	)
	oauth_token {
	scope = "https://www.googleapis.com/auth/cloud-platform"
	service_account_email = google_service_account.scheduler.email
	}
	}
	}