GCP Terraform Setup for Django App

$750-1500 USD

In Progress

Posted 5 days ago

$750-1500 USD

Paid on delivery

Project Overview We are seeking an expert GCP/DevOps Engineer to build a secure, multi-tenant "Hub-and-Spoke" architecture for Steward, a AI application processing sensitive information. The goal is to create a "Gold Image" Terraform template that allows us to spin up completely isolated, HIPAA-compliant client environments (Spokes) that securely connect to a centralized dictionary server (Hub). Technical Stack Infrastructure: Google Cloud Platform (GCP) IaC: Terraform (Modular, reusable scripts) Compute: Google Cloud Run (Serverless containers) Database: Cloud SQL for PostgreSQL (with pgvector enabled) Networking: VPC, Private Service Connect (PSC), Cloud NAT, Identity-Aware Proxy (IAP) Security: Cloud KMS (CMEK), IAM Workload Identity, Security Command Center (SCC) Scope of Work Master Hub Build: Configure the central project containing the master PostgreSQL dictionary and the Artifact Registry for Docker images. The "Spoke" Template: Develop a highly modular Terraform template for client onboarding. Each Spoke must be a standalone GCP project with a private VPC, isolated database, and serverless compute. Secure Connectivity: Implement Private Service Connect (PSC) to allow Spoke-to-Hub communication without traversing the public internet. Security Hardening: Ensure the architecture has Zero Public IPs. Configure all resources to meet the GCP HIPAA compliance baseline. Documentation: Provide a simple "Deployment Guide" so a non-engineer can execute the Terraform plan to onboard new clients. Required Qualifications Proven experience deploying HIPAA-compliant workloads on GCP. Expertise in Terraform (specifically creating reusable modules for multi-tenant environments). Deep understanding of GCP Networking (VPC Peering vs. Private Service Connect). Experience with Workload Identity and managing service accounts with the Principle of Least Privilege. Ability to validate work against the GCP Security Command Center HIPAA posture.

DevOps

Google Cloud Platform

Project ID: 40440857

About the project

34 proposals

Remote project

Active 4 days ago

Looking to make some money?

Email address

Benefits of bidding on Freelancer

Set your budget and timeframe

Get paid for your work

Outline your proposal

It's free to sign up and bid on jobs

Awarded to:

@nabeelqamar06

$0 USD in 14 days

5.0

(14 reviews)

3.8

34 freelancers are bidding on average $1,146 USD for this job

@OscarMozo

Hi, I can help you You want a safe, locked-down setup on Google Cloud for your app. One main place holds shared data and images, and each client gets their own separate space that talks to the main place in a safe, private way. You want a ready-to-run template, no public doors, clear steps to launch, and proof it meets health data rules. This will take a few days, I've been doing this type of work for years. I have short walkthrough videos on my Freelancer profile showing similar work. 1) What do you have now in GCP and Terraform, if anything? 2) What should a new client environment include when finished, step by step? Ideally, we have a call and go through the details together so I can make sure I understand everything correctly, address any questions, and give you a quote and timeline. Would that work? Best, Nicolas

$1,125 USD in 7 days

5.0

(5 reviews)

5.3

@ahmadpiran

Hey, You need every client's data fully walled off from other tenants, with a clean repeatable process to spin up new environments without ever touching the public internet. I will build the Hub project with the shared Artifact Registry and master Cloud SQL instance, then create a modular Spoke Terraform template that provisions an isolated GCP project, private VPC, Cloud Run service, and pgvector-enabled PostgreSQL, all connected to the Hub through Private Service Connect with zero public IPs. I will validate the full setup against the GCP Security Command Center HIPAA posture and deliver a plain-language deployment guide a non-engineer can follow Will the Spoke projects live inside the same GCP Organization as the Hub, or do you anticipate onboarding clients who require cross-organization service attachments? Best, Ahmad

$1,500 USD in 30 days

5.0

(14 reviews)

5.4

@teodorgeorge

Hello, I can help build the GCP hub-and-spoke Terraform setup for Steward with isolated client projects, private VPCs, Cloud Run, Cloud SQL PostgreSQL with pgvector, PSC connectivity, CMEK, IAP, Workload Identity, and least-privilege IAM. I have strong experience with reusable Terraform modules, secure GCP networking, PostgreSQL, Linux, and deploying private cloud environments where sensitive data and compliance controls are central. I will keep the template clean and repeatable so each new Spoke can be onboarded safely, with zero public IP exposure and a simple deployment guide that a non-engineer can follow. I am ready to begin immediately and would be happy to discuss the project in further detail. Thanks, Teo

$1,000 USD in 7 days

5.0

(5 reviews)

4.8

@HamparProd

Hi, This is a good fit for a modular Terraform-first GCP architecture rather than a one-off deployment. I’d approach this by separating the Hub and Spoke infrastructure into reusable modules for projects, networking, Cloud Run, Cloud SQL, Artifact Registry, IAM, KMS, logging, and private connectivity. That way each new client environment can be deployed consistently without manually rebuilding the security model every time. The most important area here is private networking and tenant isolation. PSC, private VPC access, Cloud SQL private IP, IAM boundaries, Workload Identity, CMEK, and zero-public-IP controls need to be designed together, not patched in later. I’ve worked on cloud infrastructure, Terraform automation, secure backend deployments, PostgreSQL systems, containerized workloads, CI/CD, and production DevOps environments where repeatability and compliance were critical. I can help build a clean Gold Image structure with practical documentation so new client environments can be onboarded safely and predictably.

$1,200 USD in 10 days