Managing GCP Compute Engine with Terraform
Learn how to provision and manage Google Cloud Platform Compute Engine instances using Terraform
In this guide, we’ll explore how to manage Google Cloud Platform (GCP) Compute Engine using Terraform.
Video Tutorial
Prerequisites
- Google Cloud SDK installed and configured
- Terraform installed (version 1.0.0 or later)
- Basic understanding of GCP concepts
- A GCP project with billing enabled
Project Structure
.
├── main.tf # Main Terraform configuration file
├── variables.tf # Variable definitions
├── outputs.tf # Output definitions
├── terraform.tfvars # Variable values
└── modules/
└── compute/
├── main.tf # Compute Engine specific configurations
├── variables.tf # Module variables
├── instances.tf # Instance configurations
└── outputs.tf # Module outputsProvider Configuration
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "~> 4.0"
}
}
}
provider "google" {
project = var.project_id
region = var.region
zone = var.zone
}Variables
variable "project_id" {
description = "The ID of the GCP project"
type = string
}
variable "region" {
description = "The region to deploy resources to"
type = string
default = "us-central1"
}
variable "zone" {
description = "The zone to deploy resources to"
type = string
default = "us-central1-a"
}
variable "instance_name" {
description = "Name for the compute instance"
type = string
}
variable "machine_type" {
description = "The machine type to use"
type = string
default = "e2-medium"
}Network Configuration
resource "google_compute_network" "vpc_network" {
name = "terraform-network"
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "subnet" {
name = "terraform-subnet"
ip_cidr_range = "10.0.1.0/24"
network = google_compute_network.vpc_network.id
region = var.region
}
resource "google_compute_firewall" "allow_ssh" {
name = "allow-ssh"
network = google_compute_network.vpc_network.name
allow {
protocol = "tcp"
ports = ["22"]
}
source_ranges = ["0.0.0.0/0"]
}Compute Instance
resource "google_compute_instance" "vm_instance" {
name = var.instance_name
machine_type = var.machine_type
zone = var.zone
boot_disk {
initialize_params {
image = "debian-cloud/debian-11"
}
}
network_interface {
subnetwork = google_compute_subnetwork.subnet.id
access_config {
// Ephemeral public IP
}
}
metadata = {
ssh-keys = "debian:${file("~/.ssh/id_rsa.pub")}"
}
tags = ["ssh-allowed"]
}Outputs
output "instance_ip" {
description = "The public IP of the compute instance"
value = google_compute_instance.vm_instance.network_interface[0].access_config[0].nat_ip
}
output "instance_name" {
description = "The name of the compute instance"
value = google_compute_instance.vm_instance.name
}Best Practices
-
Security:
- Use custom service accounts
- Implement least privilege access
- Use secure boot options
-
Networking:
- Use private Google Access
- Implement proper firewall rules
- Use VPC Service Controls
-
Cost Optimization:
- Use preemptible instances when possible
- Right-size instances
- Use committed use discounts
-
Maintenance:
- Enable automatic updates
- Use startup scripts
- Implement proper backup strategies
Common Operations
Creating Resources
terraform init
terraform plan
terraform applyDestroying Resources
terraform destroyUpdating Instance
# Modify the configuration
terraform plan
terraform applyBest Practices and Tips
-
Resource Management:
- Use labels for better organization
- Implement proper backup strategies
- Monitor resource usage
-
Security:
- Implement proper IAM roles
- Use secure communications
- Regular security audits
-
Performance:
- Choose appropriate machine types
- Monitor performance metrics
- Use SSD persistent disks
Conclusion
You’ve learned how to set up and manage GCP Compute Engine using Terraform. This setup provides:
- Automated infrastructure deployment
- Consistent environment configuration
- Easy scaling and management
- Secure and efficient compute resources