Migration Guide

This guide helps you migrate GCP organization onboarding to include/exclude parameters

Sysdig has deprecated the legacy management_group_ids parameter used in older GCP Organization onboarding configurations.

To maintain compatibility, update your configuration to use the supported include/exclude parameters:

  • include_folders
  • exclude_folders
  • include_projects
  • exclude_projects

This migration does not change how Sysdig integrates with your GCP Organization. It only updates your Terraform configuration to use the supported parameters.

Before You Begin

Review your existing onboarding method.

If you previously used:

  • management_group_ids (legacy)
  • folders/123456789

You must migrate to the include/exclude format.

Terraform Migration

Scenario A: Keep the Same GCP Organization Structure

Use this procedure if you only want to replace deprecated parameters without changing which folders or projects Sysdig monitors.

Foundational/CSPM Only

  1. Map existing values. Copy values from management_group_ids into include_folders.
  • management_group_ids values use the prefix folders/<id>.
  • include_folders must contain only the numeric folder ID. Example
  • Old: folders/123456789
  • New: 123456789 If the list was empty, leave include_folders empty.

  1. Update the Terraform configuration.

    Replace this line

    management_group_ids = ["folders/123456789"]

    with

    include_folders   = ["123456789"]
exclude_folders   = []
include_projects  = []
exclude_projects  = []

  2. Use the supported provider versions.

    • Update the Sysdig Terraform provider to version 1.48 or later.
    • Use onboarding module version 1.0.0 or later.

  3. Apply the changes.

    Run the following commands:

    terraform init --upgrade
terraform apply

Optional: Change the Organization Structure After Migration

Once you migrate, you can adjust which folders or projects are included or excluded.

Example Configurations

Include Specific Folders

include_folders = ["123456789", "987654321"]

Exclude Specific Folders

exclude_folders = ["987654321"]

Include Projects Directly

include_projects = ["my-gcp-project-123456789"]

Exclude Specific Projects

exclude_projects = ["legacy-project-22"]

After You Migrate

  • Remove all references to management_group_ids.
  • Use only include_folders, exclude_folders, include_projects, and exclude_projects.
  • Your onboarding will continue to function normally.
  • You can now safely modify which parts of your Organization Sysdig monitors.