diff --git a/helpers/foundation-deployer/gcp/gcp.go b/helpers/foundation-deployer/gcp/gcp.go
index eeba7cb78..21b60c796 100644
--- a/helpers/foundation-deployer/gcp/gcp.go
+++ b/helpers/foundation-deployer/gcp/gcp.go
@@ -15,15 +15,22 @@
 package gcp
 
 import (
+	"context"
+	"encoding/json"
 	"fmt"
+	"regexp"
 	"strings"
 	"time"
 
 	"github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/gcloud"
+	"github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/utils"
 	"github.com/mitchellh/go-testing-interface"
 	"github.com/tidwall/gjson"
 
 	"github.com/terraform-google-modules/terraform-example-foundation/test/integration/testutils"
+
+	"google.golang.org/api/cloudbuild/v1"
+	"google.golang.org/api/option"
 )
 
 const (
@@ -34,23 +41,78 @@ const (
 	StatusCancelled = "CANCELLED"
 )
 
+type RetryOp struct {
+	Type  string `json:"@type"`
+	Build Build  `json:"build"`
+}
+type Build struct {
+	ID         string `json:"id"`
+	Status     string `json:"status"`
+	CreateTime string `json:"createTime"`
+}
+
+var (
+	retryRegexp = map[*regexp.Regexp]string{}
+	// ctx         = context.Background()
+)
+
+func init() {
+	for e, m := range testutils.RetryableTransientErrors {
+		r, err := regexp.Compile(fmt.Sprintf("(?s)%s", e)) //(?s) enables dot (.) to match newline.
+		if err != nil {
+			panic(fmt.Sprintf("failed to compile regex %s: %s", e, err.Error()))
+		}
+		retryRegexp[r] = m
+	}
+}
+
 type GCP struct {
-	Runf      func(t testing.TB, cmd string, args ...interface{}) gjson.Result
-	sleepTime time.Duration
+	Runf            func(t testing.TB, cmd string, args ...interface{}) gjson.Result
+	RunCmd          func(t testing.TB, cmd string, args ...interface{}) string
+	TriggerNewBuild func(t testing.TB, ctx context.Context, buildName string) (string, error)
+	sleepTime       time.Duration
+}
+
+// runCmd is a wrapper around gcloud.RunCmd because the original function has an input with a private type
+func runCmd(t testing.TB, cmd string, args ...interface{}) string {
+	return gcloud.RunCmd(t, utils.StringFromTextAndArgs(append([]interface{}{cmd}, args...)...))
+}
+
+// triggerNewBuild triggers a new build based on the build provided
+func triggerNewBuild(t testing.TB, ctx context.Context, buildName string) (string, error) {
+
+	buildService, err := cloudbuild.NewService(ctx, option.WithScopes(cloudbuild.CloudPlatformScope))
+	if err != nil {
+		return "", fmt.Errorf("failed to create Cloud Build service: %w", err)
+	}
+	retryOperation, err := buildService.Projects.Locations.Builds.Retry(buildName, &cloudbuild.RetryBuildRequest{}).Do()
+	if err != nil {
+		return "", fmt.Errorf("failed to retry build: %w", err)
+	}
+
+	var data RetryOp
+	err = json.Unmarshal(retryOperation.Metadata, &data)
+	if err != nil {
+		return "", fmt.Errorf("error unmarshaling retry operation metadata: %v", err)
+	}
+
+	return data.Build.ID, nil
 }
 
 // NewGCP creates a new wrapper for Google Cloud Platform CLI.
 func NewGCP() GCP {
 	return GCP{
-		Runf:      gcloud.Runf,
-		sleepTime: 20,
+		Runf:            gcloud.Runf,
+		RunCmd:          runCmd,
+		TriggerNewBuild: triggerNewBuild,
+		sleepTime:       20,
 	}
 }
 
 // IsComponentInstalled checks if a given gcloud component is installed
 func (g GCP) IsComponentInstalled(t testing.TB, componentID string) bool {
-	filter := fmt.Sprintf("\"id='%s'\"",componentID)
-    components := g.Runf(t, "components list --filter %s", filter).Array()
+	filter := fmt.Sprintf("\"id='%s'\"", componentID)
+	components := g.Runf(t, "components list --filter %s", filter).Array()
 	if len(components) == 0 {
 		return false
 	}
@@ -70,8 +132,13 @@ func (g GCP) GetBuilds(t testing.TB, projectID, region, filter string) map[strin
 }
 
 // GetLastBuildStatus gets the status of the last build form a project and region that satisfy the given filter.
-func (g GCP) GetLastBuildStatus(t testing.TB, projectID, region, filter string) string {
-	return g.Runf(t, "builds list --project %s --region %s --limit 1 --sort-by ~createTime --filter %s", projectID, region, filter).Array()[0].Get("status").String()
+func (g GCP) GetLastBuildStatus(t testing.TB, projectID, region, filter string) (string, string) {
+	builds := g.Runf(t, "builds list --project %s --region %s --limit 1 --sort-by ~createTime --filter %s", projectID, region, filter).Array()
+	if len(builds) == 0 {
+		return "", ""
+	}
+	build := builds[0]
+	return build.Get("status").String(), build.Get("id").String()
 }
 
 // GetBuildStatus gets the status of the given build
@@ -91,8 +158,13 @@ func (g GCP) GetRunningBuildID(t testing.TB, projectID, region, filter string) s
 	return ""
 }
 
+// GetBuildLogs get the execution logs of the given build
+func (g GCP) GetBuildLogs(t testing.TB, projectID, region, buildID string) string {
+	return g.RunCmd(t, "builds log %s --project %s --region %s", buildID, projectID, region)
+}
+
 // GetFinalBuildState gets the terminal status of the given build. It will wait if build is not finished.
-func (g GCP) GetFinalBuildState(t testing.TB, projectID, region, buildID string, maxRetry int) (string, error) {
+func (g GCP) GetFinalBuildState(t testing.TB, projectID, region, buildID string, maxBuildRetry int) (string, error) {
 	var status string
 	count := 0
 	fmt.Printf("waiting for build %s execution.\n", buildID)
@@ -100,7 +172,7 @@ func (g GCP) GetFinalBuildState(t testing.TB, projectID, region, buildID string,
 	fmt.Printf("build status is %s\n", status)
 	for status != StatusSuccess && status != StatusFailure && status != StatusCancelled {
 		fmt.Printf("build status is %s\n", status)
-		if count >= maxRetry {
+		if count >= maxBuildRetry {
 			return "", fmt.Errorf("timeout waiting for build '%s' execution", buildID)
 		}
 		count = count + 1
@@ -112,29 +184,66 @@ func (g GCP) GetFinalBuildState(t testing.TB, projectID, region, buildID string,
 }
 
 // WaitBuildSuccess waits for the current build in a repo to finish.
-func (g GCP) WaitBuildSuccess(t testing.TB, project, region, repo, commitSha, failureMsg string, maxRetry int) error {
-	var filter string
+func (g GCP) WaitBuildSuccess(t testing.TB, project, region, repo, commitSha, failureMsg string, maxBuildRetry, maxErrorRetries int, timeBetweenErrorRetries time.Duration) error {
+	var filter, status, build string
+	var timeoutErr, err error
+	ctx := context.Background()
+
 	if commitSha == "" {
 		filter = fmt.Sprintf("source.repoSource.repoName:%s", repo)
 	} else {
 		filter = fmt.Sprintf("source.repoSource.commitSha:%s", commitSha)
 	}
-	build := g.GetRunningBuildID(t, project, region, filter)
-	if build != "" {
-		status, err := g.GetFinalBuildState(t, project, region, build, maxRetry)
-		if err != nil {
-			return err
+
+	build = g.GetRunningBuildID(t, project, region, filter)
+	for i := 0; i < maxErrorRetries; i++ {
+		if build != "" {
+			status, timeoutErr = g.GetFinalBuildState(t, project, region, build, maxBuildRetry)
+			if timeoutErr != nil {
+				return timeoutErr
+			}
+		} else {
+			status, build = g.GetLastBuildStatus(t, project, region, filter)
+			if build == "" {
+				return fmt.Errorf("no build found for filter: %s", filter)
+			}
 		}
+
 		if status != StatusSuccess {
-			return fmt.Errorf("%s\nSee:\nhttps://console.cloud.google.com/cloud-build/builds;region=%s/%s?project=%s\nfor details", failureMsg, region, build, project)
+			if !g.IsRetryableError(t, project, region, build) {
+				return fmt.Errorf("%s\nSee:\nhttps://console.cloud.google.com/cloud-build/builds;region=%s/%s?project=%s\nfor details", failureMsg, region, build, project)
+			}
+			fmt.Println("build failed with retryable error. a new build will be triggered.")
+		} else {
+			return nil // Build succeeded
 		}
-	} else {
-		status := g.GetLastBuildStatus(t, project, region, filter)
-		if status != StatusSuccess {
-			return fmt.Errorf("%s\nSee:\nhttps://console.cloud.google.com/cloud-build/builds;region=%s/%s?project=%s\nfor details", failureMsg, region, build, project)
+
+		// Trigger a new build
+		build, err = g.TriggerNewBuild(t, ctx, fmt.Sprintf("projects/%s/locations/%s/builds/%s", project, region, build))
+		if err != nil {
+			return fmt.Errorf("failed to trigger new build (attempt %d/%d): %w", i+1, maxErrorRetries, err)
+		}
+		fmt.Printf("triggered new build with ID: %s (attempt %d/%d)\n", build, i+1, maxErrorRetries)
+		if i < maxErrorRetries-1 {
+			time.Sleep(timeBetweenErrorRetries) // Wait before retrying
+		}
+	}
+	return fmt.Errorf("%s\nbuild failed after %d retries.\nSee Cloud Build logs for details", failureMsg, maxErrorRetries)
+}
+
+// IsRetryableError checks the logs of a failed Cloud Build build
+// and verify if the error is a transient one and can be retried
+func (g GCP) IsRetryableError(t testing.TB, projectID, region, build string) bool {
+	logs := g.GetBuildLogs(t, projectID, region, build)
+	found := false
+	for pattern, msg := range retryRegexp {
+		if pattern.MatchString(logs) {
+			found = true
+			fmt.Printf("error '%s' is worth of a retry\n", msg)
+			break
 		}
 	}
-	return nil
+	return found
 }
 
 // HasSccNotification checks if a Security Command Center notification exists
@@ -158,12 +267,12 @@ func (g GCP) HasTagKey(t testing.TB, orgID, tag string) bool {
 }
 
 // EnableApis enables the apis in the given project
-func (g GCP) EnableApis(t testing.TB, project string, apis []string) {
+func (g GCP) EnableAPIs(t testing.TB, project string, apis []string) {
 	g.Runf(t, "services enable %s --project %s", strings.Join(apis, " "), project)
 }
 
-// IsApiEnabled checks if the api is enabled in the given project
-func (g GCP) IsApiEnabled(t testing.TB, project, api string) bool {
+// IsAPIEnabled checks if the api is enabled in the given project
+func (g GCP) IsAPIEnabled(t testing.TB, project, api string) bool {
 	filter := fmt.Sprintf("config.name=%s", api)
 	return len(g.Runf(t, "services list --enabled --project %s --filter %s", project, filter).Array()) > 0
 }
diff --git a/helpers/foundation-deployer/gcp/gcp_test.go b/helpers/foundation-deployer/gcp/gcp_test.go
index 58e63b335..b18c073c3 100644
--- a/helpers/foundation-deployer/gcp/gcp_test.go
+++ b/helpers/foundation-deployer/gcp/gcp_test.go
@@ -15,13 +15,17 @@
 package gcp
 
 import (
+	"context"
 	"fmt"
 	"os"
 	"path/filepath"
+	"time"
+
 	gotest "testing"
 
 	"github.com/mitchellh/go-testing-interface"
 	"github.com/stretchr/testify/assert"
+
 	"github.com/tidwall/gjson"
 )
 
@@ -71,12 +75,12 @@ func TestGetLastBuildStatus(t *gotest.T) {
 		},
 		sleepTime: 1,
 	}
-	status := gcp.GetLastBuildStatus(t, "prj-b-cicd-0123", "us-central1", "filter")
+	status, _ := gcp.GetLastBuildStatus(t, "prj-b-cicd-0123", "us-central1", "filter")
 	assert.Equal(t, StatusSuccess, status)
 
 	current, err = os.ReadFile(filepath.Join(".", "testdata", "failure_build.json"))
 	assert.NoError(t, err)
-	status = gcp.GetLastBuildStatus(t, "prj-b-cicd-0123", "us-central1", "filter")
+	status, _ = gcp.GetLastBuildStatus(t, "prj-b-cicd-0123", "us-central1", "filter")
 	assert.Equal(t, StatusFailure, status)
 }
 
@@ -132,10 +136,13 @@ func TestWaitBuildSuccess(t *gotest.T) {
 			callCount = callCount + 1
 			return resp
 		},
+		RunCmd: func(t testing.TB, cmd string, args ...interface{}) string {
+			return ""
+		},
 		sleepTime: 1,
 	}
 
-	err = gcp.WaitBuildSuccess(t, "prj-b-cicd-0123", "us-central1", "repo", "", "failed_test_for_WaitBuildSuccess", 40)
+	err = gcp.WaitBuildSuccess(t, "prj-b-cicd-0123", "us-central1", "repo", "", "failed_test_for_WaitBuildSuccess", 40, 2, 1*time.Second)
 	assert.Error(t, err, "should have failed")
 	assert.Contains(t, err.Error(), "failed_test_for_WaitBuildSuccess", "should have failed with custom info")
 	assert.Equal(t, callCount, 3, "Runf must be called three times")
@@ -164,11 +171,66 @@ func TestWaitBuildTimeout(t *gotest.T) {
 			callCount = callCount + 1
 			return resp
 		},
+		RunCmd: func(t testing.TB, cmd string, args ...interface{}) string {
+			return ""
+		},
 		sleepTime: 1,
 	}
 
-	err = gcp.WaitBuildSuccess(t, "prj-b-cicd-0123", "us-central1", "repo", "", "failed_test_for_WaitBuildSuccess", 1)
+	err = gcp.WaitBuildSuccess(t, "prj-b-cicd-0123", "us-central1", "repo", "", "failed_test_for_WaitBuildSuccess", 1, 1, 1*time.Second)
 	assert.Error(t, err, "should have failed")
 	assert.Contains(t, err.Error(), "timeout waiting for build '736f4689-2497-4382-afd0-b5f0f50eea5b' execution", "should have failed with timeout error")
 	assert.Equal(t, callCount, 3, "Runf must be called three times")
 }
+
+func TestWaitBuildSuccessRetry(t *gotest.T) {
+
+	working, err := os.ReadFile(filepath.Join(".", "testdata", "working_build.json"))
+	assert.NoError(t, err)
+	failure, err := os.ReadFile(filepath.Join(".", "testdata", "failure_build.json"))
+	assert.NoError(t, err)
+	retry, err := os.ReadFile(filepath.Join(".", "testdata", "working_build_retry.json"))
+	assert.NoError(t, err)
+	success, err := os.ReadFile(filepath.Join(".", "testdata", "success_build.json"))
+	assert.NoError(t, err)
+
+	runCmdCallCount := 0
+	triggerNewBuildCallCount := 0
+	runfCallCount := 0
+	runfCalls := []gjson.Result{
+		{Type: gjson.JSON,
+			Raw: fmt.Sprintf("[%s]", string(working[:]))}, // builds list
+		{Type: gjson.JSON,
+			Raw: string(working[:])}, // builds describe
+		{Type: gjson.JSON,
+			Raw: string(failure[:])}, // builds describe
+		{Type: gjson.JSON,
+			Raw: string(retry[:])}, // builds describe
+		{Type: gjson.JSON,
+			Raw: string(success[:])}, // builds describe
+	}
+
+	gcp := GCP{
+		Runf: func(t testing.TB, cmd string, args ...interface{}) gjson.Result {
+			resp := runfCalls[runfCallCount]
+			runfCallCount = runfCallCount + 1
+			return resp
+		},
+		RunCmd: func(t testing.TB, cmd string, args ...interface{}) string {
+			runCmdCallCount = runCmdCallCount + 1
+			return "a\nError 403. Compute Engine API has not been used in project\nz" // get build logs
+		},
+		TriggerNewBuild: func(t testing.TB, ctx context.Context, buildName string) (string, error) {
+			triggerNewBuildCallCount = triggerNewBuildCallCount + 1
+			return "845f5790-2497-4382-afd0-b5f0f50eea5a", nil // buildService.Projects.Locations.Builds.Retry
+		},
+		sleepTime: 1,
+	}
+
+	err = gcp.WaitBuildSuccess(t, "prj-b-cicd-0123", "us-central1", "repo", "", "", 40, 2, 1*time.Second)
+
+	assert.Nil(t, err, "should have succeeded")
+	assert.Equal(t, runfCallCount, 5, "Runf must be called five times")
+	assert.Equal(t, runCmdCallCount, 1, "runCmd getLogs must be called once")
+	assert.Equal(t, triggerNewBuildCallCount, 1, "TriggerNewBuild must be called once")
+}
diff --git a/helpers/foundation-deployer/gcp/testdata/working_build_retry.json b/helpers/foundation-deployer/gcp/testdata/working_build_retry.json
new file mode 100644
index 000000000..a9e356549
--- /dev/null
+++ b/helpers/foundation-deployer/gcp/testdata/working_build_retry.json
@@ -0,0 +1,90 @@
+{
+    "artifacts": {
+        "objects": {
+            "location": "gs://bkt-prj-b-cicd-0123-gcp-org-build-artifacts/terraform/cloudbuild/plan/845f5790-2497-4382-afd0-b5f0f50eea5a/",
+            "paths": [
+                "cloudbuild-tf-plan.yaml",
+                "tmp_plan/*.tfplan"
+            ]
+        }
+    },
+    "buildTriggerId": "fc1de58c-1362-4568-9cd6-cf9d514ab559",
+    "createTime": "2023-03-07T19:08:08.946367Z",
+    "id": "845f5790-2497-4382-afd0-b5f0f50eea5a",
+    "logUrl": "https://console.cloud.google.com/cloud-build/builds;region=us-central1/845f5790-2497-4382-afd0-b5f0f50eea5a?project=123456789012",
+    "logsBucket": "gs://bkt-prj-b-cicd-0123-gcp-org-build-logs",
+    "name": "projects/123456789012/locations/us-central1/builds/845f5790-2497-4382-afd0-b5f0f50eea5a",
+    "options": {
+        "dynamicSubstitutions": true,
+        "logging": "LEGACY",
+        "pool": {
+            "name": "projects/prj-b-cicd-0123/locations/us-central1/workerPools/private-pool-ufz7"
+        },
+        "substitutionOption": "ALLOW_LOOSE"
+    },
+    "projectId": "prj-b-cicd-0123",
+    "queueTtl": "3600s",
+    "serviceAccount": "projects/prj-b-seed-0123/serviceAccounts/sa-terraform-org@prj-b-seed-0123.iam.gserviceaccount.com",
+    "source": {
+        "repoSource": {
+            "commitSha": "3dca5f9abb0f3050f505724e9e8976f53c58af4c",
+            "projectId": "prj-b-cicd-0123",
+            "repoName": "gcp-org"
+        }
+    },
+    "sourceProvenance": {
+        "resolvedRepoSource": {
+            "commitSha": "3dca5f9abb0f3050f505724e9e8976f53c58af4c",
+            "projectId": "prj-b-cicd-0123",
+            "repoName": "gcp-org"
+        }
+    },
+    "startTime": "2023-03-07T19:08:52.044670424Z",
+    "status": "WORKING",
+    "steps": [
+        {
+            "args": [
+                "-c",
+                "tf_sa_email=sa-terraform-org@prj-b-seed-0123.iam.gserviceaccount.com\nif [[ -n ${tf_sa_email} ]]; then\n  echo \"Setting up gcloud for impersonation\"\n  gcloud config set auth/impersonate_service_account $tf_sa_email\nfi\necho \"Adding bucket information to backends\"\nfor i in `find . -name 'backend.tf'`; do sed -r -i 's/UPDATE_ME|UPDATE_PROJECTS_BACKEND|UPDATE_APP_INFRA_BUCKET/bkt-prj-b-seed-0123-tfstate-84b7/' $i; done\n"
+            ],
+            "entrypoint": "/bin/bash",
+            "id": "setup",
+            "name": "us-central1-docker.pkg.dev/prj-b-cicd-0123/tf-runners/terraform:v1"
+        },
+        {
+            "args": [
+                "-c",
+                "./tf-wrapper.sh plan_validate_all plan /workspace/policy-library prj-b-cicd-0123 CLOUDSOURCE\n"
+            ],
+            "entrypoint": "/bin/bash",
+            "id": "tf plan validate all",
+            "name": "us-central1-docker.pkg.dev/prj-b-cicd-0123/tf-runners/terraform:v1"
+        }
+    ],
+    "substitutions": {
+        "BRANCH_NAME": "plan",
+        "COMMIT_SHA": "3dca5f9abb0f3050f505724e9e8976f53c58af4c",
+        "REF_NAME": "plan",
+        "REPO_NAME": "gcp-org",
+        "REVISION_ID": "3dca5f9abb0f3050f505724e9e8976f53c58af4c",
+        "SHORT_SHA": "3dca5f9",
+        "TRIGGER_BUILD_CONFIG_PATH": "cloudbuild-tf-plan.yaml",
+        "TRIGGER_NAME": "gcp-org-plan",
+        "_ARTIFACT_BUCKET_NAME": "bkt-prj-b-cicd-0123-gcp-org-build-artifacts",
+        "_BILLING_ID": "XXXXXX-XXXXXX-XXXXXX",
+        "_DOCKER_TAG_VERSION_TERRAFORM": "v1",
+        "_GAR_PROJECT_ID": "prj-b-cicd-0123",
+        "_GAR_REGION": "us-central1",
+        "_GAR_REPOSITORY": "tf-runners",
+        "_LOG_BUCKET_NAME": "bkt-prj-b-cicd-0123-gcp-org-build-logs",
+        "_ORG_ID": "0000000000000",
+        "_POLICY_REPO": "/workspace/policy-library",
+        "_PRIVATE_POOL": "projects/prj-b-cicd-0123/locations/us-central1/workerPools/private-pool-ufz7",
+        "_STATE_BUCKET_NAME": "bkt-prj-b-seed-0123-tfstate-84b7",
+        "_TF_SA_EMAIL": "sa-terraform-org@prj-b-seed-0123.iam.gserviceaccount.com"
+    },
+    "tags": [
+        "trigger-fc1de58c-1362-4568-9cd6-cf9d514ab559"
+    ],
+    "timeout": "1200s"
+}
diff --git a/helpers/foundation-deployer/go.mod b/helpers/foundation-deployer/go.mod
index 39b30a075..1eacdb529 100644
--- a/helpers/foundation-deployer/go.mod
+++ b/helpers/foundation-deployer/go.mod
@@ -1,6 +1,7 @@
 module github.com/terraform-google-modules/terraform-example-foundation/helpers/foundation-deployer
 
-go 1.22.7
+go 1.23.0
+
 toolchain go1.24.1
 
 require (
@@ -11,15 +12,26 @@ require (
 	github.com/stretchr/testify v1.10.0
 	github.com/terraform-google-modules/terraform-example-foundation/test/integration v0.0.0-20240808135927-5f1fd0f4104a
 	github.com/tidwall/gjson v1.18.0
+	google.golang.org/api v0.206.0
 )
 
 require (
+	cloud.google.com/go/auth v0.10.2 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.5 // indirect
 	cloud.google.com/go/compute/metadata v0.5.2 // indirect
 	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
 	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
+	github.com/google/s2a-go v0.1.8 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
+	github.com/googleapis/gax-go/v2 v2.14.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-getter/v2 v2.2.3 // indirect
@@ -41,6 +53,11 @@ require (
 	github.com/tmccombs/hcl2json v0.6.4 // indirect
 	github.com/ulikunitz/xz v0.5.11 // indirect
 	github.com/zclconf/go-cty v1.15.0 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
+	go.opentelemetry.io/otel v1.29.0 // indirect
+	go.opentelemetry.io/otel/metric v1.29.0 // indirect
+	go.opentelemetry.io/otel/trace v1.29.0 // indirect
 	golang.org/x/crypto v0.36.0 // indirect
 	golang.org/x/mod v0.22.0 // indirect
 	golang.org/x/net v0.38.0 // indirect
@@ -49,6 +66,9 @@ require (
 	golang.org/x/sys v0.31.0 // indirect
 	golang.org/x/text v0.23.0 // indirect
 	golang.org/x/tools v0.22.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 // indirect
+	google.golang.org/grpc v1.67.1 // indirect
+	google.golang.org/protobuf v1.35.1 // indirect
 	gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/helpers/foundation-deployer/go.sum b/helpers/foundation-deployer/go.sum
index 142f96ce5..29fa8a09f 100644
--- a/helpers/foundation-deployer/go.sum
+++ b/helpers/foundation-deployer/go.sum
@@ -1,5 +1,11 @@
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go/auth v0.10.2 h1:oKF7rgBfSHdp/kuhXtqU/tNDr0mZqhYbEh+6SiqzkKo=
+cloud.google.com/go/auth v0.10.2/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI=
+cloud.google.com/go/auth/oauth2adapt v0.2.5 h1:2p29+dePqsCHPP1bqDJcKj4qxRyYCcbzKpFyKGt3MTk=
+cloud.google.com/go/auth/oauth2adapt v0.2.5/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8=
 cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo=
 cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.17.3 h1:+lqTQyIdgr9XbI/onTPpwDnKR8I+MFKuIi6jeO8qDDQ=
 github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.17.3/go.mod h1:7uX+sVrlOPmrpkfuVSoO9qO0tWc23lVVCIQOL9GM5Qs=
 github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo=
@@ -8,12 +14,57 @@ github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew
 github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4=
 github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas=
 github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
+github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
+github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
+github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-test/deep v1.0.7 h1:/VSMRlnY/JSyqxQUzQLKVMAskpY/NZKFA5j2P+0pP2M=
 github.com/go-test/deep v1.0.7/go.mod h1:QV8Hv/iy04NyLBxAdO9njL0iVPN1S4d/A3NVv1V36o8=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
+github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM=
+github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA=
+github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw=
+github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA=
+github.com/googleapis/gax-go/v2 v2.14.0 h1:f+jMrjBPl+DL9nI4IQzLUxMq7XrAqFYB7hBPqMNIe8o=
+github.com/googleapis/gax-go/v2 v2.14.0/go.mod h1:lhBCnjdLrWRaPvLWhmc8IS24m9mr07qSYnHncrgo+zk=
 github.com/gruntwork-io/terratest v0.48.1 h1:pnydDjkWbZCUYXvQkr24y21fBo8PfJC5hRGdwbl1eXM=
 github.com/gruntwork-io/terratest v0.48.1/go.mod h1:U2EQW4Odlz75XJUH16Kqkr9c93p+ZZtkpVez7GkZFa4=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -52,8 +103,16 @@ github.com/mitchellh/go-testing-interface v1.14.2-0.20210821155943-2d9075ca8770
 github.com/mitchellh/go-testing-interface v1.14.2-0.20210821155943-2d9075ca8770/go.mod h1:SO/iHr6q2EzbqRApt+8/E9wqebTwQn5y+UlB04bxzo0=
 github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0=
 github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
 github.com/terraform-google-modules/terraform-example-foundation/test/integration v0.0.0-20240808135927-5f1fd0f4104a h1:4Ih0BauwdUTF+YuA55/qY8Q+d5brYKPpae0YWkB9D2A=
@@ -76,26 +135,97 @@ github.com/zclconf/go-cty v1.15.0 h1:tTCRWxsexYUmtt/wVxgDClUe+uQusuI443uL6e+5sXQ
 github.com/zclconf/go-cty v1.15.0/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE=
 github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo=
 github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940/go.mod h1:CmBdvvj3nqzfzJ6nTCIwDTPZ56aVGvDrmztiO5g3qrM=
+go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
+go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 h1:TT4fX+nBOA/+LUkobKGW1ydGcn+G3vRw9+g5HwCphpk=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0/go.mod h1:L7UH0GbB0p47T4Rri3uHjbpCFYrVrwc1I25QhNPiGK8=
+go.opentelemetry.io/otel v1.29.0 h1:PdomN/Al4q/lN6iBJEN3AwPvUiHPMlt93c8bqTG5Llw=
+go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8=
+go.opentelemetry.io/otel/metric v1.29.0 h1:vPf/HFWTNkPu1aYeIsc98l4ktOQaL6LeSoeV2g+8YLc=
+go.opentelemetry.io/otel/metric v1.29.0/go.mod h1:auu/QWieFVWx+DmQOUMgj0F8LHWdgalxXqvp7BII/W8=
+go.opentelemetry.io/otel/trace v1.29.0 h1:J/8ZNK4XgR7a21DZUAsbF8pZ5Jcw1VhACmnYt39JTi4=
+go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
 golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
 golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
 golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE=
 golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
 golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
 golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
 golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
 golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA=
 golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/api v0.206.0 h1:A27GClesCSheW5P2BymVHjpEeQ2XHH8DI8Srs2HI2L8=
+google.golang.org/api v0.206.0/go.mod h1:BtB8bfjTYIrai3d8UyvPmV9REGgox7coh+ZRwm0b+W8=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f h1:zDoHYmMzMacIdjNe+P2XiTmPsLawi/pCbSPfxt6lTfw=
+google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g=
+google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:dguCy7UOdZhTvLzDyt15+rOrawrpM4q7DD9dQ1P11P4=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 h1:XVhgTWWV3kGQlwJHR3upFWZeTsei6Oks1apkZSeonIE=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
+google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E=
+google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
+google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
diff --git a/helpers/foundation-deployer/main.go b/helpers/foundation-deployer/main.go
index 9d0df9d8a..ba84985f9 100644
--- a/helpers/foundation-deployer/main.go
+++ b/helpers/foundation-deployer/main.go
@@ -112,20 +112,20 @@ func main() {
 
 	// only enable services if they are not already enabled
 	if globalTFVars.HasValidatorProj() {
-		conf.ValidatorProject = *globalTFVars.ValidatorProjectId
+		conf.ValidatorProject = *globalTFVars.ValidatorProjectID
 		var apis []string
 		gcpConf := gcp.NewGCP()
 		if globalTFVars.EnableSccResourcesInTerraform != nil && *globalTFVars.EnableSccResourcesInTerraform {
 			validatorApis = append(validatorApis, "securitycenter.googleapis.com")
 		}
 		for _, a := range validatorApis {
-			if !gcpConf.IsApiEnabled(t, *globalTFVars.ValidatorProjectId, a) {
+			if !gcpConf.IsAPIEnabled(t, *globalTFVars.ValidatorProjectID, a) {
 				apis = append(apis, a)
 			}
 		}
 		if len(apis) > 0 {
-			fmt.Printf("# Enabling APIs: %s in validator project '%s'\n", strings.Join(apis, ", "), *globalTFVars.ValidatorProjectId)
-			gcpConf.EnableApis(t, *globalTFVars.ValidatorProjectId, apis)
+			fmt.Printf("# Enabling APIs: %s in validator project '%s'\n", strings.Join(apis, ", "), *globalTFVars.ValidatorProjectID)
+			gcpConf.EnableAPIs(t, *globalTFVars.ValidatorProjectID, apis)
 			fmt.Println("# waiting for API propagation")
 			for i := 0; i < 20; i++ {
 				time.Sleep(10 * time.Second)
diff --git a/helpers/foundation-deployer/stages/apply.go b/helpers/foundation-deployer/stages/apply.go
index 4eb1970b7..f83aeb877 100644
--- a/helpers/foundation-deployer/stages/apply.go
+++ b/helpers/foundation-deployer/stages/apply.go
@@ -74,8 +74,8 @@ func DeployBootstrapStage(t testing.TB, s steps.Steps, tfvars GlobalTFVars, c Co
 		Logger:                   c.Logger,
 		NoColor:                  true,
 		RetryableTerraformErrors: testutils.RetryableTransientErrors,
-		MaxRetries:               MaxRetries,
-		TimeBetweenRetries:       TimeBetweenRetries,
+		MaxRetries:               MaxErrorRetries,
+		TimeBetweenRetries:       TimeBetweenErrorRetries,
 	}
 	// terraform deploy
 	err = applyLocal(t, options, "", c.PolicyPath, c.ValidatorProject)
@@ -132,7 +132,7 @@ func DeployBootstrapStage(t testing.TB, s steps.Steps, tfvars GlobalTFVars, c Co
 	msg.PrintBuildMsg(cbProjectID, defaultRegion, c.DisablePrompt)
 
 	// Check if image build was successful.
-	err = gcp.NewGCP().WaitBuildSuccess(t, cbProjectID, defaultRegion, "tf-cloudbuilder", "", "Terraform Image builder Build Failed for tf-cloudbuilder repository.", MaxBuildRetries)
+	err = gcp.NewGCP().WaitBuildSuccess(t, cbProjectID, defaultRegion, "tf-cloudbuilder", "", "Terraform Image builder Build Failed for tf-cloudbuilder repository.", MaxBuildRetries, MaxErrorRetries, TimeBetweenErrorRetries)
 	if err != nil {
 		return err
 	}
@@ -184,8 +184,8 @@ func DeployBootstrapStage(t testing.TB, s steps.Steps, tfvars GlobalTFVars, c Co
 			Logger:                   c.Logger,
 			NoColor:                  true,
 			RetryableTerraformErrors: testutils.RetryableTransientErrors,
-			MaxRetries:               MaxRetries,
-			TimeBetweenRetries:       TimeBetweenRetries,
+			MaxRetries:               MaxErrorRetries,
+			TimeBetweenRetries:       TimeBetweenErrorRetries,
 		}
 		_, err := terraform.InitE(t, options)
 		return err
@@ -471,8 +471,8 @@ func deployStage(t testing.TB, sc StageConf, s steps.Steps, c CommonConf) error
 				Logger:                   c.Logger,
 				NoColor:                  true,
 				RetryableTerraformErrors: testutils.RetryableTransientErrors,
-				MaxRetries:               MaxRetries,
-				TimeBetweenRetries:       TimeBetweenRetries,
+				MaxRetries:               MaxErrorRetries,
+				TimeBetweenRetries:       TimeBetweenErrorRetries,
 			}
 
 			err := s.RunStep(fmt.Sprintf("%s.%s.apply-%s", sc.Stage, bu, localStep), func() error {
@@ -561,7 +561,7 @@ func planStage(t testing.TB, conf utils.GitRepo, project, region, repo string) e
 		return err
 	}
 
-	return gcp.NewGCP().WaitBuildSuccess(t, project, region, repo, commitSha, fmt.Sprintf("Terraform %s plan build Failed.", repo), MaxBuildRetries)
+	return gcp.NewGCP().WaitBuildSuccess(t, project, region, repo, commitSha, fmt.Sprintf("Terraform %s plan build Failed.", repo), MaxBuildRetries, MaxErrorRetries, TimeBetweenErrorRetries)
 }
 
 func saveBootstrapCodeOnly(t testing.TB, sc StageConf, s steps.Steps, c CommonConf) error {
@@ -625,10 +625,10 @@ func applyEnv(t testing.TB, conf utils.GitRepo, project, region, repo, environme
 		return err
 	}
 
-	return gcp.NewGCP().WaitBuildSuccess(t, project, region, repo, commitSha, fmt.Sprintf("Terraform %s apply %s build Failed.", repo, environment), MaxBuildRetries)
+	return gcp.NewGCP().WaitBuildSuccess(t, project, region, repo, commitSha, fmt.Sprintf("Terraform %s apply %s build Failed.", repo, environment), MaxBuildRetries, MaxErrorRetries, TimeBetweenErrorRetries)
 }
 
-func applyLocal(t testing.TB, options *terraform.Options, serviceAccount, policyPath, validatorProjectId string) error {
+func applyLocal(t testing.TB, options *terraform.Options, serviceAccount, policyPath, validatorProjectID string) error {
 	var err error
 
 	if serviceAccount != "" {
@@ -648,8 +648,8 @@ func applyLocal(t testing.TB, options *terraform.Options, serviceAccount, policy
 	}
 
 	// Runs gcloud terraform vet
-	if validatorProjectId != "" {
-		err = TerraformVet(t, options.TerraformDir, policyPath, validatorProjectId)
+	if validatorProjectID != "" {
+		err = TerraformVet(t, options.TerraformDir, policyPath, validatorProjectID)
 		if err != nil {
 			return err
 		}
diff --git a/helpers/foundation-deployer/stages/data.go b/helpers/foundation-deployer/stages/data.go
index d4150d86b..867f3df17 100644
--- a/helpers/foundation-deployer/stages/data.go
+++ b/helpers/foundation-deployer/stages/data.go
@@ -29,22 +29,23 @@ import (
 )
 
 const (
-	PoliciesRepo       = "gcp-policies"
-	BootstrapRepo      = "gcp-bootstrap"
-	OrgRepo            = "gcp-org"
-	EnvironmentsRepo   = "gcp-environments"
-	NetworksRepo       = "gcp-networks"
-	ProjectsRepo       = "gcp-projects"
-	AppInfraRepo       = "bu1-example-app"
-	BootstrapStep      = "0-bootstrap"
-	OrgStep            = "1-org"
-	EnvironmentsStep   = "2-environments"
-	HubAndSpokeStep    = "3-networks-hub-and-spoke"
-	SvpcStep           = "3-networks-svpc"
-	ProjectsStep       = "4-projects"
-	AppInfraStep       = "5-app-infra"
-	MaxRetries         = 2
-	TimeBetweenRetries = 2 * time.Minute
+	PoliciesRepo            = "gcp-policies"
+	BootstrapRepo           = "gcp-bootstrap"
+	OrgRepo                 = "gcp-org"
+	EnvironmentsRepo        = "gcp-environments"
+	NetworksRepo            = "gcp-networks"
+	ProjectsRepo            = "gcp-projects"
+	AppInfraRepo            = "bu1-example-app"
+	BootstrapStep           = "0-bootstrap"
+	OrgStep                 = "1-org"
+	EnvironmentsStep        = "2-environments"
+	HubAndSpokeStep         = "3-networks-hub-and-spoke"
+	SvpcStep                = "3-networks-svpc"
+	ProjectsStep            = "4-projects"
+	AppInfraStep            = "5-app-infra"
+	MaxErrorRetries         = 2
+	TimeBetweenErrorRetries = 2 * time.Minute
+	MaxBuildRetries         = 40
 )
 
 type CommonConf struct {
@@ -162,7 +163,7 @@ type GlobalTFVars struct {
 	LocationGCS                           string          `hcl:"location_gcs"`
 	CodeCheckoutPath                      string          `hcl:"code_checkout_path"`
 	FoundationCodePath                    string          `hcl:"foundation_code_path"`
-	ValidatorProjectId                    *string         `hcl:"validator_project_id"`
+	ValidatorProjectID                    *string         `hcl:"validator_project_id"`
 	Groups                                Groups          `hcl:"groups"`
 	InitialGroupConfig                    *string         `hcl:"initial_group_config"`
 	FolderDeletionProtection              *bool           `hcl:"folder_deletion_protection"`
@@ -171,7 +172,7 @@ type GlobalTFVars struct {
 
 // HasValidatorProj checks if a Validator Project was provided
 func (g GlobalTFVars) HasValidatorProj() bool {
-	return g.ValidatorProjectId != nil && *g.ValidatorProjectId != "" && *g.ValidatorProjectId != "EXISTING_PROJECT_ID"
+	return g.ValidatorProjectID != nil && *g.ValidatorProjectID != "" && *g.ValidatorProjectID != "EXISTING_PROJECT_ID"
 }
 
 // HasGroupsCreation checks if Groups creation is enabled
diff --git a/helpers/foundation-deployer/stages/destroy.go b/helpers/foundation-deployer/stages/destroy.go
index 7543b877d..6d70e74b3 100644
--- a/helpers/foundation-deployer/stages/destroy.go
+++ b/helpers/foundation-deployer/stages/destroy.go
@@ -27,10 +27,6 @@ import (
 	"github.com/terraform-google-modules/terraform-example-foundation/test/integration/testutils"
 )
 
-const (
-	MaxBuildRetries = 40
-)
-
 func DestroyBootstrapStage(t testing.TB, s steps.Steps, c CommonConf) error {
 
 	if err := forceBackendMigration(t, BootstrapRepo, "envs", "shared", c); err != nil {
@@ -64,8 +60,8 @@ func forceBackendMigration(t testing.TB, repo, groupUnit, env string, c CommonCo
 			Logger:                   c.Logger,
 			NoColor:                  true,
 			RetryableTerraformErrors: testutils.RetryableTransientErrors,
-			MaxRetries:               MaxRetries,
-			TimeBetweenRetries:       TimeBetweenRetries,
+			MaxRetries:               MaxErrorRetries,
+			TimeBetweenRetries:       TimeBetweenErrorRetries,
 		}
 		_, err := terraform.InitE(t, options)
 		if err != nil {
@@ -166,8 +162,8 @@ func destroyStage(t testing.TB, sc StageConf, s steps.Steps, c CommonConf) error
 					Logger:                   c.Logger,
 					NoColor:                  true,
 					RetryableTerraformErrors: testutils.RetryableTransientErrors,
-					MaxRetries:               MaxRetries,
-					TimeBetweenRetries:       TimeBetweenRetries,
+					MaxRetries:               MaxErrorRetries,
+					TimeBetweenRetries:       TimeBetweenErrorRetries,
 				}
 				conf := utils.CloneCSR(t, sc.Repo, gcpPath, sc.CICDProject, c.Logger)
 				branch := e
@@ -200,8 +196,8 @@ func destroyStage(t testing.TB, sc StageConf, s steps.Steps, c CommonConf) error
 				Logger:                   c.Logger,
 				NoColor:                  true,
 				RetryableTerraformErrors: testutils.RetryableTransientErrors,
-				MaxRetries:               MaxRetries,
-				TimeBetweenRetries:       TimeBetweenRetries,
+				MaxRetries:               MaxErrorRetries,
+				TimeBetweenRetries:       TimeBetweenErrorRetries,
 			}
 			conf := utils.CloneCSR(t, ProjectsRepo, gcpPath, sc.CICDProject, c.Logger)
 			err := conf.CheckoutBranch("production")
diff --git a/helpers/foundation-deployer/stages/vet.go b/helpers/foundation-deployer/stages/vet.go
index 7e243a363..c435fd4d9 100644
--- a/helpers/foundation-deployer/stages/vet.go
+++ b/helpers/foundation-deployer/stages/vet.go
@@ -44,8 +44,8 @@ func TerraformVet(t testing.TB, terraformDir, policyPath, project string) error
 		NoColor:                  true,
 		PlanFilePath:             filepath.Join(os.TempDir(), "plan.tfplan"),
 		RetryableTerraformErrors: testutils.RetryableTransientErrors,
-		MaxRetries:               MaxRetries,
-		TimeBetweenRetries:       TimeBetweenRetries,
+		MaxRetries:               MaxErrorRetries,
+		TimeBetweenRetries:       TimeBetweenErrorRetries,
 	}
 	_, err := terraform.PlanE(t, options)
 	if err != nil {