The correct answer is D because it meets the following requirements:
Each internal project has its own Google Cloud project, which can be easily created and deleted by Terraform using the google_project resource1.
Each internal project has its own Google Cloud project owner, which can be assigned by Terraform using the google_project_iam_member resource1.
The deployment is simple and the code is reusable with centralized management, because the Shared VPC allows you to connect multiple service projects to a single host project that contains the network resources2. This way, you can use Terraform modules to create and manage the network resources in the host project, and then reference them in the service projects3.
Option A is incorrect because it does not create separate Google Cloud projects for each internal project, which makes it harder to delete the infrastructure and assign project owners. Option B is incorrect because it does not create separate Google Cloud projects for each internal project, and also because it attaches the service projects to a Shared VPC, which is not recommended for short-lived projects2. Option C is incorrect because it does not use a Shared VPC, which means that each internal project has to create and manage its own network resources, which increases complexity and reduces reusability.
Reference:
google_project - Terraform Registry
Managing infrastructure as code with Terraform, Cloud Build, and GitOps | Google Cloud Automating your automation by Creating Google Cloud Projects Automatically