DEV Community

Srinivasulu Paranduru for cloudteachable

Posted on β€’ Edited on

1

How To Authenticate GCP Cloud Infra using Service Account with IAC Terraform

Authenticating your google cloud infra in terraform using service accounts

Step 1:How to create a service account to authenticate your google cloud
Login to google cloud console -> Search for IAM, then click on service accounts in the left side and follow as per the image for creating new service account

Step 1.1:

Image description

Step 1.2: Enter Service account name and Service account id will be automatically populated and then click on create and continue

Image description

Step 1.3:

Select Role as Owner as per the below picture

Image description

Image description

Step 1.4 Keep the values as it is and click on continue

Image description

Step 1.5: Select the service account created

Image description

Step 1.6: Click on keys

Image description

Step 1.7: Create new keys

Image description

Step 1.8:

Image description

Step 1.9: It will download json file with the key information, save it where needed it to be

Image description

Step 1.10: finally message after saving key in your system

Image description

Step 2:Provision Google cloud storage

List of files in my IAC code

GCP_Infra(Folder name)

  • storage.tf
  • provider.tf
  • svc.json [This is the key downloaded from Step 1.9 and renamed file]
  • variable.tf

Step 2.1: provider.tf file code snippet

terraform {
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "6.12.0"
    }
  }
}

provider "google" {
  # Configuration options  
  project     = "Project_ID"
  region      = "us-central1"
  zone        = "us-central1-c"
  credentials = "svc.json"
}

Enter fullscreen mode Exit fullscreen mode

Note : Replace Project_ID by taking the value from google console.
region, zone are to be updated as per your project needs

Step 2.2: storage.tf file code snippet

resource "google_storage_bucket" "my_bucket" {
  name          = "srinivas-letterkenny-ireland"
  location      = "US"
  force_destroy = true

  lifecycle_rule {
    action {
      type = "Delete"
    }

    condition {
      age = 30
    }
  }
}



Enter fullscreen mode Exit fullscreen mode

Step 2.3: variable.tf file code snippet

variable "gcp_project" {
  type    = string
}

variable "gcp_region" {
  type    = string
  default = "US"
}

variable "gcp_svc_key" {
  type    = string
  default = "svc.json"
}
Enter fullscreen mode Exit fullscreen mode

Step 3:Provision Google cloud VM
List of files in my IAC code

GCP_Infra(Folder name)

  • vm.tf
  • provider.tf
  • svc.json [This is the key downloaded from Step 1.9 and renamed file]
  • variable.tf

Step 3.1: vm.tf file code snippet

resource "google_compute_instance" "vm_instance" {
  name         = "terraform-instance"
  machine_type = "e2-micro"

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-11"
    }
  }

  network_interface {
    # A default network is created for all GCP projects
    network = "default"
    access_config {
    }
  }
}
Enter fullscreen mode Exit fullscreen mode

Note : provider.tf, svc.json and variable.tf can be copied from storage

Other ways to authenticate gcp cloud

Image description

Conclusion : How To Authenticate GCP Cloud Infra using Service Account with IAC Terraform. Shared terraform code for google cloud storage and vm.
πŸ’¬ If you enjoyed reading this blog post and found it informative, please take a moment to share your thoughts by leaving a review and liking it πŸ˜€ and follow me in dev.to , linkedin

Image of Timescale

Timescale – the developer's data platform for modern apps, built on PostgreSQL

Timescale Cloud is PostgreSQL optimized for speed, scale, and performance. Over 3 million IoT, AI, crypto, and dev tool apps are powered by Timescale. Try it free today! No credit card required.

Try free

Top comments (0)

Retry later
πŸ‘‹ Kindness is contagious

Please leave a ❀️ or a friendly comment on this post if you found it helpful!

Okay