Authenticating your google cloud infra in terraform using service accounts
Step 1:How to create a service account to authenticate your google cloud
Login to google cloud console -> Search for IAM, then click on service accounts in the left side and follow as per the image for creating new service account
Step 1.1:
Step 1.2: Enter Service account name and Service account id will be automatically populated and then click on create and continue
Step 1.3:
Select Role as Owner as per the below picture
Step 1.4 Keep the values as it is and click on continue
Step 1.5: Select the service account created
Step 1.6: Click on keys
Step 1.7: Create new keys
Step 1.8:
Step 1.9: It will download json file with the key information, save it where needed it to be
Step 1.10: finally message after saving key in your system
Step 2:Provision Google cloud storage
List of files in my IAC code
GCP_Infra(Folder name)
- storage.tf
- provider.tf
- svc.json [This is the key downloaded from Step 1.9 and renamed file]
- variable.tf
Step 2.1: provider.tf file code snippet
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = "6.12.0"
}
}
}
provider "google" {
# Configuration options
project = "Project_ID"
region = "us-central1"
zone = "us-central1-c"
credentials = "svc.json"
}
Note : Replace Project_ID by taking the value from google console.
region, zone are to be updated as per your project needs
Step 2.2: storage.tf file code snippet
resource "google_storage_bucket" "my_bucket" {
name = "srinivas-letterkenny-ireland"
location = "US"
force_destroy = true
lifecycle_rule {
action {
type = "Delete"
}
condition {
age = 30
}
}
}
Step 2.3: variable.tf file code snippet
variable "gcp_project" {
type = string
}
variable "gcp_region" {
type = string
default = "US"
}
variable "gcp_svc_key" {
type = string
default = "svc.json"
}
Step 3:Provision Google cloud VM
List of files in my IAC code
GCP_Infra(Folder name)
- vm.tf
- provider.tf
- svc.json [This is the key downloaded from Step 1.9 and renamed file]
- variable.tf
Step 3.1: vm.tf file code snippet
resource "google_compute_instance" "vm_instance" {
name = "terraform-instance"
machine_type = "e2-micro"
boot_disk {
initialize_params {
image = "debian-cloud/debian-11"
}
}
network_interface {
# A default network is created for all GCP projects
network = "default"
access_config {
}
}
}
Note : provider.tf, svc.json and variable.tf can be copied from storage
Conclusion : How To Authenticate GCP Cloud Infra using Service Account with IAC Terraform. Shared terraform code for google cloud storage and vm.
💬 If you enjoyed reading this blog post and found it informative, please take a moment to share your thoughts by leaving a review and liking it 😀 and follow me in dev.to , linkedin
Top comments (0)