Azure DevOps (ADO)Pipeline YAMLAgent Pool (GCP-Self-Hosted)

GCP VM (Self-Hosted Agent)Terraform Installedgcloud SDK InstalledConnected to ADO as build agent

Service Account (SA)terraform-bootstrap@&lt;project&gt;.iamIAM Roles: resourcemanager, storage, etc.

Terraform BootstrapCreate GCS bucket (state backend)Create org folders (dev/stg/prod)Create service accounts

Terraform Environment SetupSeparate folders: dev, stg, prodEach with independent statePromotion via ADO pipeline stages