diff --git a/.github/workflows/tf-deploy-gcp.yml b/.github/workflows/tf-deploy-gcp.yml
index 7e6133b0e..1c7311109 100644
--- a/.github/workflows/tf-deploy-gcp.yml
+++ b/.github/workflows/tf-deploy-gcp.yml
@@ -32,7 +32,8 @@ on: # yamllint disable-line rule:truthy
 
 permissions:
   contents: read
-
+  id-token: 'write'
+  
 jobs:
   gcp_vpc:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/tf-validate-gcp.yml b/.github/workflows/tf-validate-gcp.yml
index 3f5f30c59..b28de17d8 100644
--- a/.github/workflows/tf-validate-gcp.yml
+++ b/.github/workflows/tf-validate-gcp.yml
@@ -50,9 +50,9 @@ jobs:
 
     - uses: google-github-actions/auth@v2.1.2
       with:
-        project_id: portefaix-network-8f80
-        workload_identity_provider: 'projects/${{ secrets.GCP_PRJ_NETWORK_ID }}/locations/global/workloadIdentityPools/portefaix-gha-network/providers/portefaix-gha-network'
-        service_account: terraform-network@portefaix-network-8f80.iam.gserviceaccount.com
+        project_id: portefaix-bootstrap
+        workload_identity_provider: 'projects/1081501690701/locations/global/workloadIdentityPools/portefaix-gha-bootstrap/providers/portefaix-gha-bootstrap'
+        service_account: portefaix-boostrap@portefaix-bootstrap.iam.gserviceaccount.com
 
     - name: Terraform validate
       run: |
diff --git a/hack/scripts/terraform-validate.sh b/hack/scripts/terraform-validate.sh
index 4f5a9d029..dcfe8a538 100755
--- a/hack/scripts/terraform-validate.sh
+++ b/hack/scripts/terraform-validate.sh
@@ -88,13 +88,14 @@ function tf_validate() {
 
 function check_infra() {
     local dir=$1
+    local exclude=$2
 
     if [ ! -d "${dir}" ]; then
         echo_fail "Invalid directory: ${dir}"
         exit 1
     fi
     # Do not validate module: https://github.com/hashicorp/terraform/issues/28490
-    for tf_file in $(find "${dir}" -name "main.tf" | grep -v ".terraform" | grep -v modules | sort -u); do
+    for tf_file in $(find "${dir}" -name "main.tf" | grep -v ".terraform" | grep -v modules | grep -v -E "root|oidc" | sort -u); do
         tf_dir=${tf_file%/*}
         tf_validate "${tf_dir}"
     done
diff --git a/terraform/gcp/root/projects.tf b/terraform/gcp/root/projects.tf
index 39389a2fb..6c08c58f8 100644
--- a/terraform/gcp/root/projects.tf
+++ b/terraform/gcp/root/projects.tf
@@ -21,9 +21,11 @@ module "network" {
   name              = format("%s-network", var.organization_name)
   random_project_id = true
   org_id            = data.google_organization.this.id
-  billing_account   = var.billing_account
   folder_id         = module.folders.folders_map["Shared"].id
+  billing_account   = var.billing_account
+  # budget_amount     = 10
 
+  enable_shared_vpc_host_project = true
   default_service_account        = "deprivilege"
   default_network_tier           = var.default_network_tier